Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Similar documents
Public Key Algorithms

CIS 551 / TCOM 401 Computer and Network Security

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Public Key Algorithms

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

10 Modular Arithmetic and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

RSA. Ramki Thurimella

Introduction to Elliptic Curve Cryptography. Anupam Datta

Introduction to Modern Cryptography. Benny Chor

CS483 Design and Analysis of Algorithms

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Public Key Cryptography

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public-key Cryptography and elliptic curves

Number theory (Chapter 4)

CRYPTOGRAPHY AND NUMBER THEORY

Number Theory & Modern Cryptography

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Public Key Cryptography

MATH 158 FINAL EXAM 20 DECEMBER 2016

Lecture V : Public Key Cryptography

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Topics in Cryptography. Lecture 5: Basic Number Theory

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Overview. Public Key Algorithms II

Encryption: The RSA Public Key Cipher

basics of security/cryptography

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Discrete Mathematics GCD, LCM, RSA Algorithm

Chapter 8 Public-key Cryptography and Digital Signatures

Mathematical Foundations of Public-Key Cryptography

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Great Theoretical Ideas in Computer Science

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

Lecture 1: Introduction to Public key cryptography

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

10 Public Key Cryptography : RSA

Elliptic Curve Cryptography

Cryptography. pieces from work by Gordon Royle

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

8 Elliptic Curve Cryptography

The RSA cryptosystem and primality tests

Asymmetric Encryption

Notes 10: Public-key cryptography

Introduction to Modern Cryptography. Benny Chor

Homework 4 for Modular Arithmetic: The RSA Cipher

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

A Knapsack Cryptosystem Secure Against Attacks Using Basis Reduction and Integer Programming

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Ti Secured communications

Lecture Notes, Week 6

Public Key Cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Introduction to Cryptography. Lecture 6

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Crypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.

Elliptic Curves. Giulia Mauri. Politecnico di Milano website:

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

Public-key Cryptography and elliptic curves

Simple Math: Cryptography

Winter 2011 Josh Benaloh Brian LaMacchia

Cryptography. P. Danziger. Transmit...Bob...

Digital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

Chapter 4 Asymmetric Cryptography

Ma/CS 6a Class 3: The RSA Algorithm

Asymmetric Cryptography

CPSC 467b: Cryptography and Computer Security

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Fundamentals of Modern Cryptography

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Lecture 10. Public Key Cryptography: Encryption + Signatures. Identification

The Elliptic Curve in https

NET 311D INFORMATION SECURITY

CPSC 467b: Cryptography and Computer Security

dit-upm RSA Cybersecurity Cryptography

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R.

Cryptography IV: Asymmetric Ciphers

One can use elliptic curves to factor integers, although probably not RSA moduli.

Introduction to Elliptic Curve Cryptography

CPSC 467b: Cryptography and Computer Security

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Practice Assignment 2 Discussion 24/02/ /02/2018

Efficient Leak Resistant Modular Exponentiation in RNS

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

ECE596C: Handout #11

Elliptic Curve Cryptography

Discrete mathematics I - Number theory

Transcription:

Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each participant has two keys, public and private, and most of them are based on modular arithmetic. Modular Arithmetic x mod n is the remainder of x when divided by n. e.g., 8 mod 10 = 8, 18 mod 10 = 8, 24 mod 10 = 4 8 mod 7 = 1, 18 mod 7 = 4, 24 mod 7 = 3 Addition: Example: addition mod 10 8 + 8 = 6, 1 + 9 = 0, 7 + 6 = 3 See Fig. 6-1 for addition mod 10 Table:

Addition mod 10 can be used for encryption of digits: add k (between 1-9) to each digit, k is the secret key. Example: if k = 7, then 1987 is encrypted to 8654. decryption is done by adding the -k, the additive inverse of k, to each digit. An additive inverse of x is the number you'd have to add to x to get 0. Example: if k = 7, then -k is 3 since 7+3 = 0 and thus 8654 will is decrypted to 1987. In the above table (Fig. 6-1), each "0" is the intersection of k and -k, e.g., 0 is the intersection of 3 and 7. Multiplication: Example: multiplication mod 10 8 x 8 = 4, 1 x 9 = 9, 7 x 6 = 2 See Fig. 6-2 for multiplication mod 10 Table:

Multiplication by 1, 3, 7 and 9 works as a cipher since it performs 1-1 mapping. Example: if k = 7, then 1987 is encrypted to 7369 decryption is done by multiplying each digit by k -1, the multiplicative inverse of k. A multiplicative inverse of k is the number to multiply by k to get 1. Example: if k = 7, then k -1 is 3 since 7x3 = 1 In the above table (Fig. 6-2), each "1" is the intersection of k and k -1. Only the numbers {1,3,7,9} have multiplicative inverse mod 10. Euclide's Algorithm: efficiently find multiplicative inverses mod n. Given x and n, it finds a number y such that x.y mod n = 1 (if there is such y). What is so special about the set {1,3,7,9}? These numbers are relatively prime to 10, i.e., they do not share with 10 any common factors other than 1. Note that 9 is not a prime number but it is relatively prime to 10. How many numbers less than n are relatively prime to n? This quantity is referred to as Ø(n) and is called the totient function. o If n is prime: then {1,2,..., n-1} are all relatively prime and thus Ø(n) = n-1. o If n = p.q where p and q are two distinct primes, then Ø(n) = (p-1)(q-1). Example: for n = 10 = 2.5, Ø(10) =(2-1).(5-1)=1.4=4, which is the set {1,3,7,9}. Exponentation:

Example: exponentiation mod 10 4 2 = 6, 8 8 = 6, 1 9 = 9, 7 6 = 9 See Fig. 6-3 for exponentiation mod 10 Table: Amazing fact about Ø(n): x m mod n = x m mod Ø(n) mod n Fig. 6-3: since Ø(10)=4, the i th column is the same as the i+4 th column, e.g., 3rd = 7th =11th & 1st=5th=9th=11th & 2nd=6th=10th. Special case: if m = 1 mod Ø(n), then for any number x, x m mod n = x mod n. Example: For n =10, Ø(10)=4: m = 5 = 1 mod 4: x = 3: 3 5 mod 10 = 3 & x = 6: 6 5 mod 10 = 6 & in general: x 5 mod 10 = x mod 10 m = 9 = 1 mod 4: x = 3: 3 9 mod 10 = 3 & x = 6: 6 9 mod 10 = 6 & in general: x 9 mod 10 = x mod 10

An exponentiative inverse of e is the number d such that: e.d = 1 mod Ø(n) Example: For n= 10, Ø(10)=4: e=3 and d=7 are exponentiative inverses since 3.7=21= 1 mod 4 Encrypt/Decrypt: To encrypt m: compute c = m e mod n To decrypt c: compute m = c d mod n Example: encrypt m = 8: c = 8 3 = 2 decrypt c=2: m = 2 7 = 8 Sign/Verify: To sign m: compute s = m d mod n To verify s: compute m = s e mod n Example: sign m = 8: s = 8 7 = 2 verify s=2: m = 2 3 = 8 In public cryptography: <e, n> is public key & <d,n> is private key RSA: Rivist, Shamir & Adleman Key length: variable (long for security, short for efficiency), most common value is 512 bits.

Block size: plain text is variable less than key length & cipher text length equals key length. Thus RSA is used for encrypting small amount of data like secret key & then we use secret key cryptography for encrypting/decrypting large amount of data. RSA Algorithm: generate public & private keys pair: 1. choose two large primes p and q. (typically 256 bits each & keep them secret). 2. compute n = p.q & Ø(n) = (p-1)(q-1). (it is very hard to factor n into p & q). 3. choose a number e that is relatively prime to Ø(n). 4. find a number d that is the multiplicative inverse of e mod Ø(n), i.e., e.d = 1 mod Ø(n). 5. your public key: <e,n> & private key: <d,n>. encrypt/decrypt: To encrypt a message m (<n): c = m e mod n & To decrypt c: m = c d mod n This works since: c d mod n = (m e ) d mod n = m e.d mod n = m mod n // since e.d = 1 mod Ø(n) = m // since m < n sign/verify:

To sign a message m (<n): s = m d mod n & To verify s: m = s e mod n This also works since: s e mod n = m e.d mod n = m mod n = m Why is RSA Secure: Every one knows the public key: <e, n>. To find the private key <d,n> you need to know Ø(n) since e.d = 1 mod Ø(n). To know Ø(n) you need to p and q since Ø(n) = (p-1).(q-1). Thus to break RSA you should know how to factor n to find p and q. Factoring a big number like n is hard. (the best technique to factor 512 bit number will take 30,000 MIPS-years!) Efficiency of RSA Operations: Exponentiation How to compute 123 54 mod 678? 123 2 = 123.123 = 15129 = 213 mod 678 123 3 = 123.213 = 26199 = 435 mod 678 123 4 = 123.435 = 53505 = 621 mod 678... 123 54 =... = 87 mod 678 This requires 54 small number multiplications and 54 small number divisions. How to compute 123 32 mod 678? 123 2 = 123.123 = 15129 = 213 mod 678 123 4 = 213.213 = 45369 = 621 mod 678

123 8 = 621.621 = 385641 = 537 mod 678 123 16 = 537.537 = 288369 = 219 mod 678 123 32 = 219.219 = 47961 = 501 mod 678 This requires 5 multiplications and 5 divisions. To efficiently compute 123 54 : 54 is represented in binary as: 1 1 0 1 1 0 (((( (123 2 )123 ) 2 ) 2 123 ) 2 123 ) 2 This requires 8 multiplications and 8 divisions. Each 1 requires two multipliactions and two divisions and each 0 requires one multipliaction and one division. Thus in the above we have three 1s and two 0s that yeilds 3.2+2.1=8 (we ignore the leading 1). Another example: y 14, 14 is represented in binary as: 1 1 1 0 (( ( y 2 ) y ) 2 y ) 2 This requires 5 multiplication's and 5 divisions. Generating RSA Keys Finding big prime number: Choose a random number n and test if it is a prime. (for a 100 digit number the chances of success is 1 in 230). test: pick a < n if (a n-1 mod n)!= 1

then else n is not prime n is prime // the probability of being wrong is 1 in 10 13 Finding d, n & e: Finding e: Instead of selecting p, q and then e (see RSA algorithm ), we will select e first then p and q. Two popular values for e are: 3 and 65537 (2 16 + 1). These makes public key operations on message m faster (encryption and signature verification is m e ): Finding n: m 3 requires 2 multiplications & 2 divisions. m 65537 requires 17 multiplactions & 17 divisions (binary value of e is 1. 15 0s.1). If e = 3: how to choose p & q so that 3 is relatively prime to Ø(n) = (p-1)(q-1)? Choose random numbers x and y then: p = (2x+1)*3+2 & q = (2y+1)*3+2 Why? To ensure that (p-1) relatively prime to 3 we choose (p-1) = 1 mod 3 or p = 2 mod 3. Hence choose p as k*3+2 and to make sure that p is odd let k=2x+1. Thus p = (2x+1)*3 + 2. If e = 65537: randomly choose p and q and and make sure that they are not 1 mod 65537 (the probability of rejection is 1 in 2 16 ). Once we selected p and q, then n = p.q and Ø(n) = (p-1)(q-1). Finding d:

How to fine d such that e.d = 1 mod Ø(n)? Use Euclid algorithm (see Section 7.4, page 187 of textbook). The RSA keys: public key: <3 65537, n> private key: <d, n>. Diffie-Hellman Alice and Bob agree on: p (large prime) & g < p. Alice Bob Pick S A (512-bit random number) Pick S B (512-bit random number) Compute T A = ( gs A ) mod p Compute T B = (gs B ) mod p T A >>> <<< T B Compute X = T B S A mod p Compute Y = T S A B mod p X is the same as Y! why? X = T B S A = g S B S A Y = T A S B = g S A S B No one can compute g (S A S B ) by knowing g (S A ) & g (S B ) The bucket Brigade/Man-in-theMiddle Attach Alice Mr. X Bob Pick S A Pick S X Pick S B

Compute: T A = g S A mod p T X = g S X mod p T B = g S B mod p T A >> T A.. T X >> T X T X << T X.. T B << T B Compute: K AX = T S X A mod p K AX = T S A X mod p K BX = T X S B mod p K BX = T S B X mod p Possible Defense Each person i picks S i and computes T i = g S i mod p and Keeps S i private and makes T i public If Alice like to communicate with Bob, she finds T B and computes: K AB = T S B A mod p Then tells Bob she likes to communicate with him. Bob finds T A and hen computes: K BA = T S A B mod p This requires PKI (public Key Infrastructure) to manage T i Knowledge Proof Systems Example: Graph isomorphism problem: We consider two graphs isomorphic if we can rename the vertices of one to get a graph identical to the other. This is a well known NP-complete problem.

Alice specify a large graph G A and rename the vertices to produce another isomorphic graph G B. Public Key: ( G A, G B ) Private Key: G A <---> G B To prove to Bob that she is Alice: she renames the vertices to produce a set of isomorphic graphs: G 1 G 2... G k and send them to Bob. Bob asks Alice for each i to show him the mapping between G i and either G A or G B (not both, otherwise he knows her private key!)

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback