Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Similar documents
Chapter 8 Public-key Cryptography and Digital Signatures

Lecture 1: Introduction to Public key cryptography

Introduction to Public-Key Cryptosystems:

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Public Key Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

basics of security/cryptography

The RSA cryptosystem and primality tests

Math.3336: Discrete Mathematics. Mathematical Induction

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Topics in Cryptography. Lecture 5: Basic Number Theory

Applied Cryptography and Computer Security CSE 664 Spring 2017

dit-upm RSA Cybersecurity Cryptography

Congruence of Integers

Carmen s Core Concepts (Math 135)

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Basic elements of number theory

Basic elements of number theory

CIS 551 / TCOM 401 Computer and Network Security

5199/IOC5063 Theory of Cryptology, 2014 Fall

ECE596C: Handout #11

Number Theory and Algebra: A Brief Introduction

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

CS March 17, 2009

10 Modular Arithmetic and Cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

CRYPTOGRAPHY AND NUMBER THEORY

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Discrete Mathematics GCD, LCM, RSA Algorithm

Introduction to Modern Cryptography. Benny Chor

Simple Math: Cryptography

CPSC 467: Cryptography and Computer Security

Lecture Notes, Week 6

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture 22: RSA Encryption. RSA Encryption

CPSC 467b: Cryptography and Computer Security

Mathematical Foundations of Public-Key Cryptography

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

RSA Cryptosystem and Factorization

NUMBER THEORY FOR CRYPTOGRAPHY

CPSC 467b: Cryptography and Computer Security

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

THE CUBIC PUBLIC-KEY TRANSFORMATION*

ICS141: Discrete Mathematics for Computer Science I

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Number Theory & Modern Cryptography

Question: Total Points: Score:

Cryptography. P. Danziger. Transmit...Bob...

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

Introduction to Cryptography. Lecture 6

Ma/CS 6a Class 3: The RSA Algorithm

Encryption: The RSA Public Key Cipher

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

The security of RSA (part 1) The security of RSA (part 1)

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Cryptography. pieces from work by Gordon Royle

Number theory (Chapter 4)

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Introduction to Cryptography. Lecture 8

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Iterated Encryption and Wiener s attack on RSA

Cryptography IV: Asymmetric Ciphers

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Introduction to Cybersecurity Cryptography (Part 5)

Elementary Number Theory MARUCO. Summer, 2018

Introduction to Modern Cryptography. Benny Chor

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

My brief introduction to cryptography

MATH3302 Cryptography Problem Set 2

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

download instant at

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

RSA RSA public key cryptosystem

An Introduction to Probabilistic Encryption

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Discrete Logarithm Problem

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Public-Key Cryptosystems CHAPTER 4

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Admin. ! Will post sample questions soon. 1. Choose a bit-length k. 2. Choose two primes p and q which can be represented with at most k bits

Homework Problems, Math 134, Spring 2007 (Robert Boltje)

Cryptography & Data Security - Comp 547. Assignment 5. Maxime CHAMBREUIL McGill ID:

MATH 145 Algebra, Solutions to Assignment 4

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

For your quiz in recitation this week, refer to these exercise generators:

Elementary Number Theory Review. Franz Luef

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Public Key Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Transcription:

Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot be broken if the function f is used only once (or very few times). Disadvantage: The two parties need a secure channel to agree on secrete keys. 1

Public Key Cryptossystem Bob needs to send a secrete message to Alice: Alice generates two functions P A () and S A (), such that 1. For any legal message M, S A (P A (M)) = M. 2. S A () and P A () are easy to compute. 3. It is computationally hard to compute P 1 A (). Alice publishes the function P A (). Bob sends Alice the message P A (M). Alice computes M = S A (P A (M)). To decrypt the message without the function S A () one needs to compute P 1 A (). 2

Digital Signatures Bob needs to verify (and be able to prove) that Alice sent him a message M: Alice generates two functions P A () and S A (), such that 1. For any legal message M, P A (S A (M)) = M. 2. S A () and P A () are easy to compute. 3. It is computationally hard to compute P 1 A (). Alice publishes the function P A (). Alice sends the message (M,S A (M)) to Bob. Bob verifies that P A (S A (M)) = M To forge Alice s signature one needs to compute P 1 A (). 3

Challenge How to generate a pair of functions (S A (),P A ()) such that for any M: S A (P A (M)) = M and P A (S A (M)) = M and it is easy to compute. Without the function S A (), the function P A () is hard to invert ( one-way function ). Almost all cryptosystems today use public-key. We ll study one such method: RSA. 4

The RSA Cryptosystem 1. Select at random two LARGE prime numbers p and q (100-200 decimal digits). 2. Compute n = pq. 3. Select a small odd integer e relatively prime to φ(n) =(p 1)(q 1). =. number nontrivial factors of n 4. Compute d such that ed =1mod φ(n) (d exists and is unique!!!). 5. Publish the public key function P A (M) = M e mod n (the pair (e, n)). 6. Keep secret the secrete key function S A (C) = C d mod n. 5

Theorem 1. The RSA system is correct, i.e. S A (P A (M)) = M; P A (S A (M)) = M 6

Divisibility Integer a divides integer b iff b a is an integer. The greatest common divisor of a and b, d = gcd(a, b) is the largest integer that divides both a and b. Integers a and b are relatively prime if gcd(a, b) =1 Integer p is a prime number if for any a<p, gcd(p, a) =1. 7

Theorem 2. If d = gcd(a, b) then there are integers x and y such that d = ax + by Proof. Let s be the smallest positive integer such that s = ax + by for some integers x and y. Let q = a s. amods = a qs = a q(ax + by) = a(1 qx)+b( qy) b. Thus amodsis also a linear combination of a and 8

Since amods<s and s is the smallest linear combination of a and b, amods=0, and s divides a. Similarly s divides b, and gcd(a, b) s. But gcd(a, b) divides s, thus s = gcd(a, b). 9

Theorem 3. the equation If e and m = φ(n) are relatively prime ed =1mod m has a unique solution for d. Proof. Since gcd(e, m) =1there are integers x and y such that ex + my =1 or ex 1=0mod m 10

Fermat s Theorem Theorem 4. divide a : For any integer a and prime pb, a p 1 mod p =1 that a> does 0 not ha 11

The Chinese Reminder Theorem Corollary 1. If n 1,n 2,...,n k are pairwise relatively prime and n = n 1 n 2 n k,thenforallintegera and b, for all i =1,...,k iff a = bmodn i a = bmodn 12

Theorem 5. Let gcd(p, q) =1and assume that M ed = Mmodp, and M ed = Mmodq. Let n = pq then M ed = Mmodn Proof. There are integers k 1 and k 2 such that M ed = M + k 1 p, and M ed = M + k 2 q. Thus, k 1 p = k 2 q. If k 1 = k 2 =0,thenM ed = M = Mmodn Else, since gcd(p, q) =1, q divides k 1 and Thus, Let k M ed 3 = k 1 = M + k 3 k(pq) =Mmodn. q 1 p,= k 1 then = q (pq) = k 3 (pq) M ed = M + k 3 (pq) =Mmodn. 13

Theorem 6. The RSA system is correct, i.e. S A (P A (M)) = M and P A (S A (M)) = M. Proof. The RSA system n = pq. φ(n) =(p 1)(q 1). P A (S A (M)) = S A (P A (M)) = M ed mod n. We need to show that M ed mod n = M. Since ed = 1 mod φ(n), ed =1+k(p 1)(q 1). for some integer k If M =0mod p then M ed = Mmodp, If M 0mod p then M p 1 =1 mod p M ed = M 1+k(p 1)(q 1) mod p = M(M p 1 ) k(q 1) mod p = Mmodp 14

Similarly M ed = Mmodq. We have M ed = Mmodp M ed = Mmodq n = pq, thusbythechineseremindertheoremfor all M: M ed = Mmodn 15

Complexity Theorem 7. Encrypting and decrypting using the RSA method takes O(log n) multiplication steps. 16

Security If an adversary can factor n it can guess S A (). Conjecture: Factoring a large number is hard. Conjecture: If factoring is hard breaking RSA is hard. 17

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback