Public Key Cryptography and Cryptographic Hashes

1. Public Key Cryptography and Cryptographic Hashes CS461/ECE422 1

2. Reading Computer Security: Art and Science � Chapter 9 Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ 2

3. 3

4. 4

5. 5

6. 6

7. Modular Arithmetic a mod n = b if for some k >= 0, (k*n)+ b = a Associativity, Commutativity, and Distributivity hold in Modular Arithmetic Inverses also exist in modular arithmetic For every a there exists another element (denoted -a) such that a + (-a) mod n = 0 For every a there exists another element (denoted a�) such that ( a*a� ) mod n = 1 Note that - does not mean �negative� in the usual sense 7

8. Modular Arithmetic Reducibility also holds (a + b) mod n = (a mod n + b mod n) mod n (a * b) mod n = ((a mod n) * b mod n) mod n Fermat�s Thm: if p is any prime integer and a (a< p)is an integer, then ap mod p = a Corollary: ap-1 mod p = 1 if a != 0 8

9. 9

10. 10

11. 11

12. 12

13. 13

14. 14

15. 15

16. 16

17. Background Euler generalized Fermat�s Thm for composite numbers. Recall Fermat's Thm (ap-1 mod p) = 1 if a != 0 Euler�s Thm: (x?(n) mod n) =1 Where q and p are primes n = pq then ?(n) = (p�1)(q�1) 17

18. 18

19. The RSA problem (how strong is RSA?) Given public key (e,n) and cipher text c = me mod n , find m n = p*q , both unknown, both primes But suppose you could factor n quickly, and discover p and q The RSA algorithm for computing d (the private portion of (e,n) ) is � Compute d such that e*d mod ?(n) = 1 � and was executed using the same known set of inputs : n,p,q, e So by factoring n into p and q we can compute d, and thus use the RSA decryption formula to compute m 19

20. Working through the equations C = F(m, e) = me mod n (C is ciphertext) Now decipher� F(F(m, e), d) (given C, this is the decipher step) = (me mod n)d mod n (symbol substitution) = me*d mod n (rules of modular arithmetic) e*d mod ?(n) = 1 (by construction of d) k* ?(n) + 1 = e*d (k exists by definition of mod function) = (m1 mod n * m k*?(n) mod n) mod n (by substitution) By Euler�s theorem X?(n) mod n = 1 = m mod n = m 20

21. 21

22. 22

23. 23

24. 24

25. 25

26. 26

27. 27 Sign then encrypt. Otherwise bob can substitute message and claim that Alice signed some other message.Sign then encrypt. Otherwise bob can substitute message and claim that Alice signed some other message.

28. 28

29. 29

30. 30

31. 31

32. 32

33. 33

34. 34

35. 35

36. 36

37. 37

38. Birthday Paradox What is the probability that someone in the room has the same birthday as me? What is the probability that two people in the room have the same birthday? Think of it as each of n people randomly choosing numbers and requiring each draw to be unique 1st draw unique from others with probability 1 2nd draw unique from first with probability (1-1/365) 3rd draw unique from first 2 with probability (1-2/365) Etc Prob{n unique draws} = 1 (1-1/365)(1- 2/356)(1 - 3/365) � (1- (n-1)/365) Prob{at least 1 match} = 1 - (365!/(365n*(365-n)!) Turns out that probability of at least one match is > 0.5 if n >=23. In generalization of N outcomes, chance of a match in n tries exceeds 0.5 if n exceeds 1.17 sqrt(N) http://en.wikipedia.org/wiki/Birthday_paradox 38

39. 39

40. 40

41. 41

42. 42

43. 43

44. 44

45. 45

46. 46

47. 47

48. 48

49. 49

50. 50

51. 51

52. 52