1 / 40

Cryptography

Cryptography. Lecture 14: Oct 29. (based on slides in MIT 6.042). Modular Arithmetic. Def : a  b (mod n) iff n|( a - b). For example, 15  29 (mod 7). Theorem. a  b (mod n) iff rem(a, n) = rem(b, n). a = qn + r b = q’n + r’ n | (a-b) iff r = r’.

holmes-adkins
Download Presentation

Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography Lecture 14: Oct 29 (based on slides in MIT 6.042)

  2. Modular Arithmetic Def:a  b (mod n) iff n|(a - b). For example, 15  29 (mod 7). Theorem. a  b (mod n) iff rem(a, n) = rem(b, n). • a = qn + r • b = q’n + r’ • n | (a-b) iff r = r’ Corollary. a  rem(a,n) (mod n)

  3. Modular Addition and Multiplication Addition: If a  a’ (mod n), and b  b’ (mod n) then a+b  a’+b’ (mod n). Multiplication: If a  a’ (mod n), and b  b’ (mod n) then ab  a’b’ (mod n). e.g. Let n=10, a=2, a’=12, b=3, b’=23

  4. Multiplicative Inverse The multiplicative inverse of a number a is another number a’ such that: a · a’ = 1 (mod n)

  5. Multiplication Inverse Theorem. If gcd(k,n)=1, then have k’ k·k’  1 (mod n). k’ is an inversemod n of k pf: sk + tn = 1. So tn = 1 - sk This means n | 1 - sk just let k’ = s . So we can use extended GCD algorithm to compute the inverse of k.

  6. Cancellation So  (mod n) a lot like =. main diff: can’t cancel 4·2  1·2 (mod 6) 4  1 (mod 6) Contrapositive: if i  j (mod n) and gcd(k,n)=1, then i·k  j·k (mod n). Cor: If i·k  j·k (mod n), andgcd(k,n) = 1, then i  j (mod n) • pf: Let k’ be the multiplicative inverse of k. • i·k  j·k (mod n), • i·k·k’  j·k·k’ (mod n), • i  j (mod n)

  7. Permutation If p is prime & k not a multiple of p, can cancel k. So k, 2k, …, (p-1)k are all different (mod p). So their remainders on division by p are all different (mod p). Cor: If i·k  j·k (mod n), andgcd(k,n) = 1, then i  j (mod n) This means that rem(k, p), rem(2k, p),…,rem((p-1)k, p) must be a permutation of 1, 2, ···, (p-1) Let k=3, p=7.

  8. Powers Series What is the pattern of x0 x1 x2 x3...? For n=7, the sequence starts cycling, and comes back to 1.

  9. Fermat’s Little Theorem Theorem: If p is prime & k not a multiple of p 1  kp-1 (mod p) Proof. 1·2···(p-1) = rem(k,p)·rem(2k,p)···rem((p-1)k,p)  (k)·(2k) ··· ((p-1)k) (mod p)  (kp-1)·1·2 ··· (p-1) (mod p) so 1  kp-1 (mod p) A permutation

  10. Cryptography Cryptography is the study of methods for sending and receiving secret messages. Alice Bob message adversary Goal: Even though an adversary can listen to your conversation, the adversary can not learn what the message was.

  11. Cryptography Goal: Even though an adversary can listen to your conversation, the adversary can not learn what the message was. f(message) Alice Bob encrypt the message decrypt the message adversary message -> f(message) f(message) -> message But the adversary has no clue how to obtain message from f(message) A difficult goal!

  12. Key Goal: Even though an adversary can listen to your conversation, the adversary can not learn what the message was. f(message, key) Alice Bob encrypt the message using the key decrypt the message using the key adversary message -> f(message,key) f(message,key) -> message But the adversary can not decrypt f(message,key) without the key Use number theory!

  13. Turing’s Code (Version 1.0) The first step is to translate a message into a number “v i c t o r y” -> 22 09 03 20 15 18 25 Beforehand The sender and receiver agree on a secret key, which is a large number k. Encryption The sender encrypts the message m by computing: m* = m · k Decryption The receiver decrypts m by computing: m*/k = m · k/k = m

  14. Turing’s Code (Version 1.0) mk Alice Bob m = message k = key encrypted message = mk mk = received message k = key decrypted message = mk/k=m adversary Why the adversary cannot figure out m? The adversary doesn’t have the key k, and so can only factor mk to figure out m, but factoring is a difficult task to do.

  15. Turing’s Code (Version 1.0) mk Alice Bob m = message k = key encrypted message = mk mk = received message k = key decrypted message = mk/k=m adversary So why don’t we use this Turing’s code today? Major flaw: if you use the same key to send two messages m and m’, then from mk and m’k, we can use gcd(mk,m’k) to figure out k, and then decrypt every message.

  16. Turing’s Code (Version 2.0) Beforehand The sender and receiver agree on a large prime p, which may be made public. (This will be the modulus for all our arithmetic.) They also agree on a secret key k in {1, 2, . . . , p − 1}. Encryption The message m can be any integer in the set {0, 1, 2, . . . , p − 1}. The sender encrypts the message m to produce m* by computing: m* = rem(mk, p) Decryption Let k’ be the multiplicative inverse of k under modulo p. m*  mk (mod p) m*k’  m (mod p) m*k’ = m

  17. Turing’s Code (Version 2.0) Public information p Alice Bob m* = rem(mk,p) m = message k = key encrypted message = rem(mk,p) m* = received message k = key decrypted message = m*k’ =m adversary Why the adversary cannot figure out m? Many m and k can produce m* as output, just impossible to determine m without k.

  18. Turing’s Code (Version 2.0) Public information p Alice Bob m* = rem(mk,p) m = message k = key encrypted message = rem(mk,p) m* = received message k = key decrypted message = m*k’ =m adversary So why don’t we use this Turing’s code today? If the adversary somehow knows m, then first compute m’ := multiplicative inverse of m m*  mk (mod p) m*m’  k (mod p) So the adversary can figure out k. plain-text attack

  19. Private Key Cryptosystem f(message, key) Alice Bob encrypt the message using the key decrypt the message using the key adversary message -> f(message,key) f(message,key) -> message But the adversary can not decrypt f(message,key) without the key Two parties have to agree on a secret key, which may be difficult in practice. If we buy books from Amazon, we don’t need to exchange a secret code. Why is it secure?

  20. Public Key Cryptosystem Public information: Key for Alice Public information: Key for Bob f(message, Bob’s key) Alice Bob encrypt the message using Bob’s key decrypt the message adversary f(message,Bob’s key) -> message message -> f(message,Bob’s key) But the adversary can not decrypt f(message, Bob’s key)! Only Bob can decrypt the message sent to him! There is no need to have a secret key between Alice and Bob. How is it possible???

  21. RSA Cryptosystem RSA are the initials of three Computer Scientists, Ron Rivest, Adi Shamir and Len Adleman, who discovered their algorithm when they were working together at MIT in 1977.

  22. How to Choose Public Key? (Use slides in HKUST COMP170.)

  23. How to Encrypt and Decrypt?

  24. Decryption

  25. Decryption

  26. Easy Case

  27. Interesting Case

  28. Decryption

  29. Decryption

  30. Prime Factors

  31. Decryption

  32. Correctness of RSA Cryptosystem

  33. Why is this Secret?

  34. RSA Example

  35. RSA Example

  36. Exponentiation mod n

  37. Exponentiation mod n

  38. Exponentiation mod n

  39. Repeated Squaring

  40. Classwork 2 Special office hours: Tomorrow (Oct 30) whole day.

More Related