Lecture 10: HMAC and Number Theory

Similar documents
Lecture 10: NMAC, HMAC and Number Theory

Lecture 10: NMAC, HMAC and Number Theory

Lecture 11: Number Theoretic Assumptions

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

Lecture 3.1: Public Key Cryptography I

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Public Key Cryptography

Lecture 1: Introduction to Public key cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

ENEE 459-C Computer Security. Message authentication (continue from previous lecture)

Discrete Mathematics GCD, LCM, RSA Algorithm

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

CIS 551 / TCOM 401 Computer and Network Security

Cryptography. pieces from work by Gordon Royle

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Public Key Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Introduction to Cryptography. Lecture 6

Number theory (Chapter 4)

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Chapter 8 Public-key Cryptography and Digital Signatures

Numbers. Çetin Kaya Koç Winter / 18

CPSC 467b: Cryptography and Computer Security

Public Key Algorithms

Leftovers from Lecture 3

Carmen s Core Concepts (Math 135)

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

For your quiz in recitation this week, refer to these exercise generators:

Introduction to Number Theory. The study of the integers

Introduction to Cybersecurity Cryptography (Part 5)

Mathematical Foundations of Public-Key Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Algorithmic Number Theory and Public-key Cryptography

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

CRYPTOGRAPHY AND NUMBER THEORY

Number Theory & Modern Cryptography

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Public Key Encryption

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Integers and Division

Simple Math: Cryptography

Introduction to Cryptology. Lecture 19

Public-Key Cryptosystems CHAPTER 4

CS483 Design and Analysis of Algorithms

Public Key Cryptography

Introduction to Public-Key Cryptosystems:

basics of security/cryptography

CPSC 467: Cryptography and Computer Security

Asymmetric Encryption

Introduction to Cryptography Lecture 4

CS March 17, 2009

Applied Cryptography and Computer Security CSE 664 Spring 2017

Encryption: The RSA Public Key Cipher

ICS141: Discrete Mathematics for Computer Science I

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Number Theory. Modular Arithmetic

Cryptography IV: Asymmetric Ciphers

Lecture 7: ElGamal and Discrete Logarithms

A new security notion for asymmetric encryption Draft #8

ENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions

Lecture 14: Hardness Assumptions

1 Number Theory Basics

Ma/CS 6a Class 2: Congruences

ECE596C: Handout #11

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

3 The fundamentals: Algorithms, the integers, and matrices

Security II: Cryptography exercises

Pseudo-random Number Generation. Qiuliang Tang

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Arithmetic Algorithms, Part 1

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

A Readable Introduction to Real Mathematics

CIS 6930/4930 Computer and Network Security. Topic 4. Cryptographic Hash Functions

CSC 5930/9010 Modern Cryptography: Number Theory

An Introduction to Cryptography

Notes for Lecture 17

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Hashes and Message Digests Alex X. Liu & Haipeng Dai

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Mathematics of Public Key Cryptography

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Cryptography. P. Danziger. Transmit...Bob...

4 Number Theory and Cryptography

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Introduction to Cryptography. Lecture 8

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Transcription:

CS 6903 Modern Cryptography April 15, 2010 Lecture 10: HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Bidla, Samiksha Saxena,Varun Sanghvi 1 HMAC A Hash-based Message Authentication Code (HMAC) can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. The sender computes the hash value for the original data and sends both the original data and the HMAC as a single message. The receiver recomputes the hash value on the received message and checks that the computed hash value matches the transmitted hash value. HMAC can be used with any iterative cryptographic hash function, such as MD5 or SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. The real life example of HMAC is SSL. Figure 1: HMAC where HMAC K (m) = NMAC k1,k2 (m) 10-1

k1 = h(k opad) and k2 = h(k ipad) The default values for ipad is 0110110(0x36) and opad is 1011100(0x5c) repeated b/8 times where b is Block size. So, Here, k= pad(k). HMAC K (m) = H(k opad, H(k ipad, m)) Note that HMAC is quite efficient as it only requires 3 more compression calls than H(x). This makes HMAC a very fast construction. 2 Public Key Cryptography In case of Public Key Cryptography both the sender and receiver has a pair of secret key and public key(s KA, P KB ) and it is assumed that everybody knows each other public key. Here A sends the encrypted message to B using B s public key and B can decrypt Figure 2: HMAC the message by using his/her private key. The mechanism of Pubic Key encryption is opposite to that of Digital Signature, in case of Digital Signature A signs the message using his/her private key and sends the signed message along with the original message to B where B can verify using A s public key. Here the public key is a function of Private key/secret key for every entity. If having the knowledge of public key it should be hard for someone to know its corresponding private key. 10-2

In order to understand Public Key Encryption we must have the knowledge of Basic Number Theory. 2.1 Number Theory 2.1.1 Groups Definition 1 (G, ) (where G is a set and : G G G) is called a group if the following properties are satisfied: 1. Closure: a,b G, a b G 2. Associativity: a,b,c G, (a b) c = a (b c) 3. Identity: an identity element e G such that a G, a b = b a = a 4. Inverse: an element a 1 G such that a G, a a 1 = a 1 a = e 2.1.2 Group: Examples We know Z= Set of all integers Z m = Set of all whole numbers (modulo m) Z p = Set of all natural numbers(modulo p) which are relatively prime to p. Z n= Set of all numbers which are relatively prime to n, where n=p*q. Let us consider whether or not the following sets are groups: 1. (Z, addition ) is a group. 2. (Z, multiplication ) isn t a group because not all integers have a multiplicative inverse. 3. (Z m, modular addition ) is a group. 4. (Z m, modular multiplication ) isn t a group, again due to the lack of inverses for all integers in the set. 5. (Z p, modular multiplication ) is a group. 10-3

6. (Z n, modular addition ) isn t a group because the addition of two integers that are relatively prime to n may produce an integer which is not relatively prime to n. Thus the set lacks closure. 7. (Z n, modular multiplication ) is a group. 2.1.3 Modular Arithmetic 1. Modulo: (a mod N) where a = (a p 1, a p 2,..., a 1, a 0 ) Thus, N = (N q 1, N q 2,..., N 1, N 0 ) a = (a p 1 2 p 1 + a p 2 2 p 2 +... + a 1 2 1 + a 0 2 0 ) N = (N q 1 2 q 1 + N q 2 2 q 2 +... + N 1 2 1 + N 0 2 0 ) So the runtime complexity of (a mod N) is O( a N ). 2. Modular Addition: (a + b) mod N has time complexity of O(max( a, b )) + O(max( a, b ) N ); using addition and then modulo operation. In modular addition a < N, b < N and thus a + b < 2N. So, (a + b) mod N = (a + b N) Taking a = b = N, runtime complexity of (a + b) mod N is O( N ). 3. Modular Multiplication: (ab mod N) has running time complexity of O( a b )+O(( a + b ) N ). In modular multiplication, a < N, b < N and thus ab < N 2. Taking a = b = N, the runtime complexity of (ab mod N) is O( N 2 ). 4. Modular Exponentiation: (a n mod N) has a runtime complexity of O( n a N ) Taking a = N, the runtime complexity of (a n mod N) is O( n N 2 ) The usual approach to computing a n mod N is inefficient when n is large. Instead, n can be represented as a bit string n= [n k 1, n k 2, n k 3,..., n 1, n 0 ] and input to the square-and-multiply algorithm below to efficiently compute the result of a modular exponentiation operation. 10-4

z = 1 for i = k 1 down to 0 do z = z 2 mod N if (n i == 1) z = (z a mod N) This algorithm has a runtime complexity of O( n a N ). Taking a = N, the runtime complexity becomes O( n N 2 ) This can further be explained as: Z=a 64 modn Z1=a.amodN Z2=Z1.Z1modN=a 4 Z3=Z2.Z2modN=a 8 Z4=Z3.Z3modN=a 16 Z5=Z4.Z4modN=a 32 Z6=Z6.Z6modN=a 64 5. Greatest Common Divisor: Given a,b N, gcd(a, b) represents the greatest common divisor that these two numbers share. The naive solution to this problem would be to simply try all values from 1 to max(a/2, b/2 ). For numbers that may be hundreds of digits long, this is not feasible. Therefore, we will improve upon this al- gorithm by using the Euclidean Algorithm. Before we introduce this algorithm, we must prove a related fact. Claim: gcd(a, b) = gcd(a - b, b) Proof: To show this, we will break the proof into 2 parts. We show that (1)gcd(a, b) gcd(a- b, b) (2)gcd(a, b) gcd(a- b, b) Proof of (1) We define CD a,b = (k belongs to N : k a and k b), this is the set of all common divisors of a and b. Similarly, CD a b,b = (k belongs to N : k (a -b) and k b). Consider some k in CD a,b. We know that: a = ka b = kb for some A,B belongs to N. We therefore know that: a-b = ka-kb = k(a-b) We can therefore conclude that k belongs to CD a b,b. Therefore,CD a,b /subseteq CD a b,b. We therefore see that the largest elements of CD a,b must be at most as large as the largest element of CD a b,b. We therefore conclude Equation 1 is true. b) Proof of (2) 10-5

We now consider some element k belongs to CD a b,b. We know that a-b = ka b = kb Therefore we can see that: a = ka + kb = k(a + B ) We therefore know that if some element k is in CD a b,b, then it is also in CD a,b, meaning CD a b,b is a subset of CD a,b. We can therefore conclude Equation 2 is true. From (1) and (2), we know that CD a,b = CD a b,b and we also see that: gcd(a, b) = gcd(a- b, b) We see a corollary of this result is: gcd(a, b) = gcd(amod b, b) fora > b. In order to find the gcd of two arbitrary numbers, we will recursively use the a above formula. Example: We will use the Euclidean algorithm to find gcd(37, 15). We see that 37 mod 15 = 7. So, gcd(37, 15) = gcd(7,15) And 15 mod 7 = 1 hence, gcd(7, 15) = gcd(7, 1) = 1 The running time of this algorithm will be O(N 2 ). We do not provide a complete analysis here, but we can see that we will be recursively cutting the size of the input in half at every step (one can easily show that a (mod b) a=2). And we see that we are doing O(N 2 ) work, because each step requires a gcd computation. 6. Modular Inverse: We are given (a which belongs to N), and we want to find a 1 modn.because we trying to find Z=a 1 modn this is equivalent to saying Za=1modN. Which can futher be resloved as Za= KN +1 also stated as Za-Kn=1 Note: Such an inverse only occurs when a and N are relatively prime, so gcd(a,n) =1. To find the inverse, we use the extended Euclidean algorithm, as we will demonstrate in the following example. Example:15 1 1mod37 We begin as we would with the standard Euclidean algorithm for gcd: gcd(37,15) (a) 37 = 2 *15 + 7 (b) 15 = 2 * 7 + 1 This is the step we are interested in, because the remainder is 1. 15 = 2*7+1 = 15-2*7=1 = 7 = 37-15*2 (from step 1) 1. 5 *15-2 * 37 = 1 This is the form we described before (xa - kn = 1), so we conclude that x = 15 1 mod37=5. Example: 13 1 mod44 10-6

(a) 44 = 3*13 +5 (b) 13 = 2*5 + 3 (c) 5 = 1*3 +2 (d) 3 = 1*2 +1 Now we have got remainder 1 so 3-1*2 = 1 3-1*(5-1*3) = 1 (5-1*3 = 2 from c) 2*3-1*5 = 1 2*(13-2*5) - 1*5 = 1 (13-2*5 = 3 from b) 2*13-5*5 = 1 2*13-5*(44-3*13) = 1 (44-3*13 = 5 from a) 17*13-5*44 = 1 now we can describe the above equation in the form: xa - kn = 1, so we can conclude that x = 13 1 mod44 = 17 The Compexity of modular inverse is same as that of GCD algorithm as we are running GCD first and than backtracking it. 10-7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback