Ma/CS 6a Class 3: The RSA Algorithm

Similar documents
Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Ma/CS 6a Class 2: Congruences

Ma/CS 6a Class 2: Congruences

Ma/CS 6a Class 4: Primality Testing

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Ma/CS 6a Class 4: Primality Testing

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

ECE596C: Handout #11

Congruence of Integers

Chapter 8 Public-key Cryptography and Digital Signatures

Encryption: The RSA Public Key Cipher

Public Key Cryptography

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

10 Modular Arithmetic and Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

dit-upm RSA Cybersecurity Cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Math.3336: Discrete Mathematics. Mathematical Induction

Mathematics of Cryptography

Discrete mathematics I - Number theory

CIS 551 / TCOM 401 Computer and Network Security

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Introduction to Cryptography. Lecture 6

Number Theory & Modern Cryptography

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

RSA RSA public key cryptosystem

Topics in Cryptography. Lecture 5: Basic Number Theory

basics of security/cryptography

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Number Theory. Modular Arithmetic

CPSC 467: Cryptography and Computer Security

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Math 412: Number Theory Lecture 13 Applications of

Discrete Mathematics GCD, LCM, RSA Algorithm

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

The security of RSA (part 1) The security of RSA (part 1)

CPSC 467b: Cryptography and Computer Security

Solution to Midterm Examination

10 Public Key Cryptography : RSA

Mathematical Foundations of Public-Key Cryptography

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Ma/CS 6a Class 1. Course Details

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Public Key Cryptography

THE RSA ENCRYPTION SCHEME

Number theory (Chapter 4)

Theory of Computation Chapter 12: Cryptography

CPSC 467b: Cryptography and Computer Security

Cryptography: Joining the RSA Cryptosystem

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

RSA. Ramki Thurimella

Week 7 An Application to Cryptography

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

CS483 Design and Analysis of Algorithms

Lecture V : Public Key Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

ICS141: Discrete Mathematics for Computer Science I

Asymmetric Encryption

CRYPTOGRAPHY AND NUMBER THEORY

Introduction to Public-Key Cryptosystems:

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Public-Key Cryptosystems CHAPTER 4

The RSA cryptosystem and primality tests

NUMBER THEORY FOR CRYPTOGRAPHY

A Readable Introduction to Real Mathematics

Public Key Algorithms

Carmen s Core Concepts (Math 135)

CPSC 467b: Cryptography and Computer Security

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Practice Assignment 2 Discussion 24/02/ /02/2018

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Simple Math: Cryptography

A Few Facts from Number Theory and the RSA Cryptosystem OVERVIEW. RSA Producing Big Primes. Table of Contents. Overview Basic Facts of Number Theory

CS March 17, 2009

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Introduction to Modern Cryptography. Benny Chor

ECE 646 Lecture 9. RSA: Genesis, operation & security

Lecture 1: Introduction to Public key cryptography

Cryptography. pieces from work by Gordon Royle

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Elementary Number Theory Review. Franz Luef

OWO Lecture: Modular Arithmetic with Algorithmic Applications

NET 311D INFORMATION SECURITY

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

MATH 3240Q Introduction to Number Theory Homework 5

MATHEMATICS EXTENDED ESSAY

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

W3203 Discrete Mathema1cs. Number Theory. Spring 2015 Instructor: Ilia Vovsha. hcp://

Transcription:

Ma/CS 6a Class 3: The RSA Algorithm By Adam Sheffer Reminder: Putnam Competition Signup ends Wednesday 10/08. Signup sheets available in all Sloan classrooms, Math office, or contact Kathy Carreon, kcarreon@caltech.edu. Math 17 is the Caltech Prep workshop. Liubomir Chiriac Instructor. http://math.scu.edu/putnam/prizecjan.html 1

Reminder: Public Key Cryptography Idea. Use a public key which is used for encryption and a private key used for decryption. Alice encrypts her message with Bob s public key and sends it. Encrypts Message to Bob Decrypts Alice Bob Reminder #2: Congruences If r = a mod m and r = b mod m, we say that a is congruent to b modulo m, and write a b mod m. Equivalently, m a b. The numbers 3, 10, 17, 73, 1053 are all congruent modulo 7. 2

Reminder: Some Congruent Properties Addition. If a b mod m and c d mod m, then a + c b + d mod m. Products. If a b mod m and c d mod m, then ac bd mod m. Cancellation. If GCD k, m = 1 and ak bk mod m, then a b mod m. Inverse. If GCD a, m = 1, then there exists b Z such that ab 1 mod m. Warm-up: Division by Nine Claim. A number a N is divisible by 9 if and only if the sum of its digits is divisible by 9. Is 123456789 divisible by 9? 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 = 45 4 + 5 = 9 3

Warm-up: Division by Nine (2) Claim. A number a N is divisible by 9 if and only if the sum of its digits is divisible by 9. Proof. Write a as a k a k;1 a 1 a 0 where a i is the (i + 1) th rightmost digit of a. a a 0 + a 1 + + a k = a 0 10 0 + a 1 10 1 + a 2 10 2 + a 0 + + a k = a 1 9 + a 2 99 + a 3 999 + That is, 9 a a 0 + a 1 + + a k Warm-up: Division by Nine (3) Claim. A number a N is divisible by 9 if and only if the sum of its digits is divisible by 9. Proof. Write a as a k a k;1 a 1 a 0 where a i is the (i 1) th rightmost digit of a. We have: 9 a a 0 + a 1 + + a k. Equivalently, a a 0 + a 1 + + a k mod 9. 4

Casting Out Nines Problem. Is the following correct? 54,321 98,765 = 5,363,013,565. If this is correct, then 54,321 98,765 5,363,013,565 mod 9. 5 + 4 + 3 + 2 + 1 6 mod 9 9 + 8 + 7 + 6 + 5 2 mod 9 5 + 3 + 6 + 3 + 0 + 1 + 3 + 5 + 6 + 5 1 mod 9. 6 2 1 mod 9 x Casting Out Nines (cont.) Is the casting out nines technique always correct in verifying whether a b = c? If the calculation mod 9 is wrong, the original calculation must be wrong. If the calculation mod 9 is correct, the original calculation might still be wrong! 1 2 11 mod 9. 5

Casting Out Nines Crank In the 1980 s, a crank wrote a 124-page book explaining the law of conservations of numbers that he developed for 24 years. This law was perfected with 100% effectiveness. The book is basically 124 pages about the casting out nines trick. It does not mention that the method can sometimes fail. Fermat s Little Theorem Theorem. For any prime p and integer a, a p a mod p. Examples: 15 7 15 1 mod 7 20 53 20 mod 53 2 1009 2 mod 1009 Pierre de Fermat 6

Fermat s Little Theorem Theorem. For any prime p and integer a, a p a mod p. Proof. By induction on a: We now prove only the case of a 0. Induction basis: Obviously holds for a = 0. Induction step: Assume that the claim holds for a. In a later lecture we prove a + b p a p + b p mod p. Thus: a + 1 p a p + 1 a + 1 mod p. A Corollary Corollary. If a N is not divisible by a prime p then a p;1 1 mod p. Proof. We have GCD a, p = 1. Fermat s little theorem: a p a mod p. Combine with cancelation property: If GCD k, m = 1 and ak bk mod m, then a b mod m. 7

Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N 0, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is the number of natural numbers 1 x n such that x and n are relatively prime. φ 12 = 1,5,7,11 = 4 Leonhard Euler The Totient of a Prime Observation. If p is a prime number, then φ p = p 1. The first thousand values of φ n : 8

Euler s Theorem Theorem. For any pair a, n N such that GCD a, n = 1, we have φ n a 1 mod n. This is a generalization of the claim a p;1 1 mod p (when p is prime). The RSA Algorithm Public key cryptosystem. Discovered in 1977 by Rivest, Shamir, and Adleman. Still extremely common! Ron Rivest Adi Shamir Leonard Adleman 9

RSA Public and Private Keys 1. Choose two LARGE primes p, q (say, 500 digits). 2. Set n = pq. 3. Compute φ n, and choose 1 < e < φ n such that GCD e, φ n = 1. 4. Find d such that de 1 mod φ n. Public key. n and e. Private information. p, q, and d. Preparing for Secure Communication Bob generates p, q, n, d, e, and transmits only e and n. This is my public key (e, n) Alice Eve Bob 10

Encrypting a Message Alice wants to send Bob the number m < n without Eve deciphering it. Alice uses n, e to calculate X = m e mod n, and sends X to Bob. m e mod n Alice Eve Bob Decrypting a Message Bob receives message X = m e mod n from Alice. Then he calculates: X d mod n m ed mod n m 1:k φ n mod n m mod n. de 1 mod φ n Euler s Theorem: m φ(n) 1 mod n Slightly cheating since the theorem requires GCD m, n = 1 11

RSA in One Slide Bob wants to generate keys: Arbitrarily chooses primes p and q. sets n = pq and finds φ n. Chooses e such that GCD φ n, e = 1. Find d such that de 1 mod φ n. Alice wants to pass bob m. Receives n, e from Bob. Returns X m e mod n. Bob receives X. Calculates X d mod n. Example: RSA (with small numbers) Bob wants to generate keys: Arbitrarily chooses primes p = 61 and q = 53. n = 61 52 = 3233. φ 3233 = 3120. Chooses e = 17 (GCD 3120,17 = 1). For de 1 mod 3120, we have d = 2753. Alice wants to pass bob m = 65. Receives n, e from Bob. Returns m e = 65 17 2790 mod 3233. Bob receives X 2790 mod 3233. Calculates X d = 2790 3233 65 mod 3233. 12

Some Details Bob needs to: Find two large primes p, q. Calculate n, d, e. Alice needs to Use n, e to calculate X = m e mod n. Eve must not be able to Use n, e, X to find m. Bob needs to: Use n, d, X to find m. That is: Easy to compute a large power mod n. Hard to compute a large root mod n. Taking Large Roots Eve has n, e, and Alice s message X m e mod n. If Eve can compute X 1/e mod n, she can read the message! (i.e., if she can factor n). So far nobody knows how to compute this in a reasonable time. Or do they? 13

Computing a Large Power Problem. How can we compute A naïve approach: 65 24000 mod 9721? 65 2 4225 mod 9721 65 3 65 65 2 2437 mod 9721 65 4 65 65 3 2869 mod 9721 This approach requires 2 4000 (about 1.3 10 1204 ) steps. Impossible! Computing a Large Power Fast! Problem. How can we compute 65 24000 mod 9721? 65 2 4225 mod 9721 65 4 65 2 65 2 2869 mod 9721 65 8 65 4 65 4 7195 mod 9721 65 16 65 8 65 8 3700 mod 9721 Only 4000 steps. Easy! 14

A Small Technical Issue What if we calculate a b where b is not a power of two? We calculate a, a 2, a 4, a 8, a 16, a 32, Every number can be expressed as a sum of distinct powers of 2. 57 = 32 + 16 + 8 + 1 a 57 = a 32 a 16 a 8 a What is Left to Do? Bob wants to generate keys: Arbitrarily chooses primes p and q.? n = pq find φ n.? Chooses e such that GCD φ n, e = 1. Find d such that de 1 mod φ n. Alice wants to pass bob m. Receives n, e from Bob. Returns X m e mod n. Bob receives X. Calculates X d mod n.? 15

The End 16

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback