410 likes | 549 Views
Computer Systems Security Cryptography Topic 1 Main Source: Pfleeger & Pfleeger, Chapter 10. Pirooz Saeidi. Notes and handouts available from:. http:www.fcet.staffs.ac.uk/ps1/CSS/css.html May Aaso be made available through Martin’s homepage. These notes will be updated occasionally.
E N D
Computer Systems SecurityCryptography Topic 1Main Source: Pfleeger & Pfleeger, Chapter 10 Pirooz Saeidi CSS Security in Networks-css-ps4
Notes and handouts available from: • http:\www.fcet.staffs.ac.uk/ps1/CSS/css.html • May Aaso be made available through Martin’s homepage. • These notes will be updated occasionally. CSS Security in Networks-css-ps4
Agenda • Mathematics of Cryptography • Symmetric Encryption • DES and AES Encryption Algorithms • Public Key encryption • RSA Encryption Algorithm CSS Security in Networks-css-ps4
Mathematics of Cryptography • Encryption algorithm should be based on a problem that is difficult to solve. • To find “hard problems” we need to study and analyse the inherent complexity of problems. • Most of the work in this area has been carried out in 1970’s by mathematicians under the general name of computational complexity. • An important investigation of problem complexity based on the notion of NP-complete problems was conducted by Cook and Karp. http://encyclopedia.thefreedictionary.com/Stephen%20Cook CSS Security in Networks-css-ps4
NP-Complete Problems • Before we introduce NP-complete problems we study three problems which happen to be NP-complete: • Satisfiability • Knapsack • Clique CSS Security in Networks-css-ps4
NP-Complete:Satisfiability Problem • An instance of the problem is defined by a Boolean expression written using only AND, OR, NOT, variables, and parentheses. • The question is: given the expression, is there some assignment of TRUE and FALSE values to the variables that will make the entire expression true? CSS Security in Networks-css-ps4
NP-Complete-Satisfiability problem • Example1: (k1).(k2|K3).(¬K3|¬K1) is satisfiable, while (k1).(K2|K3).(¬K3|¬K1).(¬K2) is not satisfiable “.” : AND “|” : OR “¬” : NOT CSS Security in Networks-css-ps4
NP-Complete Problems Knapsack Problem The name relates to the scenario of choosing treasures to fit inside a knapsack when you can only carry so much weight. Is there a way to select some of the items to be packed such that their sum equals the knapsack (target) capacity? CSS Security in Networks-css-ps4
NP-Complete Problems Knapsack Problem • Formally for a set s={a1, a2, …, an} and a target sum T, where ai >=0 we want to know if there is a selection V={v1,v2,…,vn}, each of whose elements is a binary 0 or 1, such that CSS Security in Networks-css-ps4
Example of Knapsack Problem • Set S= {4,7,1,12,10} • There is a solution for target sum T=17, because 17=4+1+12 and the selection vector is [1,0,1,1,0]. • But there is no possible solution for T=25. CSS Security in Networks-css-ps4
NP-Complete ProblemsClique • A clique in a undirected graph G, is a set of vertices V such that for every two vertices in V, there exists an edge connecting the two. • The clique problem refers to the finding of the largest clique in any graph G. • Impossible to find an efficient algorithm to find the largest clique (i.e. NP-complete) CSS Security in Networks-css-ps4
Example of a clique subgraph in a graph (v1,v2,v7,v8) forms a clique of size 4 v2 v3 v5 v8 v4 v1 v6 v7 CSS Security in Networks-css-ps4
Characteristics of NP-Complete Problem • Each problem is solvable • Can simply enumerate all possibilities: • all ways of assigning logical values ( satisfiablity) • All subsets of the set S( Knapsack) • All subsets of n vertices in G (clique) • If there is a solution, it will appear in the enumeration of all possibilities • Otherwise testing of all possibilities will demonstrate it CSS Security in Networks-css-ps4
Characteristics of NP-Complete Problem • There are 2n(n is the problem size) cases to consider when enumerating all possibilities. • So the time to examine all possibilities is proportional to n. • The problem types are apparently unrelated: • Logic (satisfiability) • Number Theory (Knapsack) • Graph Theory (clique) CSS Security in Networks-css-ps4
Characteristics of NP-Complete Problem • If it were possible to guessperfectly, we could solve the problem in little time! • For example to guess the correct sum or assignment to verify the knapsack has been solved or that the formula has been satisfied, etc. • This verification process could be carried out in ‘time’ bounded by a polynomial function of the size of the problem (i.e. n) CSS Security in Networks-css-ps4
Definition of NP • NP is the set of all problems that can be solved in time bounded by a polynomial function of size n (size of the problem), • Assuming the ability to guess perfectly. • This guessing is called non-determinism • NP stands for: • Non-deterministic Polynomial CSS Security in Networks-css-ps4
NP-CompleteNondeterminism • The idea is similar to a programming language in which IF statements could be replaced by GUESS statements: • The GUESS statement would cause the program to fork, following more than one path concurrently and so on. • Of course this guessing can not be done perfectly in real life! CSS Security in Networks-css-ps4
NP-Complete Problems • The problems we studied are NP-Complete. Karp& Cook define it as: • “If for even one of these problems it could be shown that there was no deterministic algorithm that ran in polynomial time, then no deterministic algorithm could exist for any of them” • Deterministic algorithm: it’s behaviour can be completely predicted from the input. • Polynomial-time algorithm - An algorithm that is guaranteed to terminate within a number of steps which is a polynomial function of the size of the problem.Polynomial function example: 3x³ − 2x² + 6x − 5 CSS Security in Networks-css-ps4
Polynomial time • “In computational complexity theory, polynomial time refers to the computation time of a problem where the time, m(n), is no greater than a polynomial function of the problem size, n.” Source: http://www.en.wikipedia.org/wiki/Polynomial_time CSS Security in Networks-css-ps4
NP-completeness and Cryptography • Hard-to-solve problems require the interceptor to carry out unusual amount of work to break the encryption. • Unfortunately this way of thinking has the following false impressions: • An NP-complete problem can not guarantee that there is no solution easier than exponential. • Every NP-complete problem has a deterministic exponential time solution. i.e. • A solution that runs in time proportional to 2n. • So for small values of n a brute force attack may become successful. • But for large values of n, 2n may be deterring. CSS Security in Networks-css-ps4
NP-completeness and Cryptography • The continuing improvement in computing hardware make problems of larger size tractable. • Parallel processing machine are being designed with finite but larger number of processors running together. • In a GUESS program, two processors can follow the paths from a GUESS point concurrently. • So with more processors it is possible to complete certain nondeterministic problems in deterministic mode in polynomial time. • Even if an encryption algorithm uses a hard problem, the interceptor does not always have to solve it to crack the encryption. • There may always be a secret, easy solution. • An interceptor may look for the easy solution instead of trying to solve the hard problem. • This type of exposure can happen with the Merkle-Hellman Knapsack algorithm. (will talk about it later on) CSS Security in Networks-css-ps4
Other Inherently Hard Problems • Number theory is another source of inherently hard problems that is used in cryptography. • Most of Number theory problems are not NP-complete, but the known algorithms are very time consuming. • Examples that form the basis of secure encryption are computation problems such as Galois fields and factoring large numbers. • A Field is a mathematical entity for which addition, subtraction, multiplication and division are well-defined • Galois (Finite) Field: • In this field every number other than 0 under * (multiplication) has an inverse. http://en.wikipedia.org/wiki/Galois_field • “In mathematics, the reciprocal, or multiplicative inverse, of a number x is the number which, when multiplied by x, yields 1. Source: http://en.wikipedia.org/wiki/Multiplicative_inverse CSS Security in Networks-css-ps4
Properties of Arithmetic • Number theory and hard problems involve arithmetic, algebra and a restricted area of arithmetic called “field”. • We shall look at some examples and in particular those with multiplication and division properties: • Inverses • E.g. in addition inverse of (a) is ( -a) • Primes- any number > 1 that is divisible only by itself. • E.g. 2, 3, 5, 7, 11, .. • Greatest Common Divisor • Euclidean Algorithm • Modular Arithmetic • Computing Inverses • Fermat’s Theorem • These topics have major implications in the implementation of secure encryption algorithms. CSS Security in Networks-css-ps4
Greatest Common Divisor • gcd (a,b) is the largest integer that divides both a and b. • Example: • E.g. gcd (15, 10) = 5 • 5 is the largest number that divides both 10 and 15. • If p is a prime number, for any q , gcd (p, q) = 1 • It is also clear that gcd (a,b) = gcd (b, a) CSS Security in Networks-css-ps4
Euclidean Algorithm • Computes the greatest common divisor of two given integers. • If xdivides a and b, x also divides a-(k*b) for everyk. This leads to a simple iterative algorithm for computing x= gcd (a, b); a>b. We can rewritea as: a= m * b +r; 0=< r <b If x= gcd (a,b), x divides a, x divides b, and x divides r:- gcd (a,b)=gcd (b,r) and a>b>r>=0 Therefore we can search for gcd by working with b and r Instead of a and b: b = m’ * r + r’ where m’= b/rwith remainderr’ This result leads to an iterative algorithm, which terminates when a remainder 0 is found. CSS Security in Networks-css-ps4
Euclidean Algorithm • computes the greatest common divisor of two given integers. • Example: to compute gcd(2322,654) we take the following steps: Let a = 2322, b = 654. 2322 = 654 * (3) + 360 gcd(2322, 654) = gcd(654, 360) 654 = 360 * (1) + 294 gcd(654, 360) = gcd(360, 294) 360 = 294 * (1) + 66 gcd(360, 294) = gcd(294, 66) 294 = 66 * (4) + 30 gcd(294, 66) = gcd(66, 30) 66 = 30 * (2) + 6 gcd(66, 30) = gcd(30, 6) 30 = 6 * (5) + 0 gcd(30, 6) = 6 Therefore, gcd(2322,654) = 6. CSS Security in Networks-css-ps4
Modular Arithmetic(Modulus operation) • Confines results to a limited range. • For example if a cryptographic algorithm performs some arithmetic on plaintext we can guarantee that the result will also be another character. It is also said to be 'clock arithmetic' • Remember inverses under multiplication produce a Galois Field. In particular, • The integer mod prime n are a Galois field. CSS Security in Networks-css-ps4
Modular Arithmetic(Modulus operation) • integers modulo n with addition and multiplication also form a commutative ring with the laws of • Associativity • (a+b)+c mod n = a+(b+c) mod n • Commutativity • a+b mod n = b+a mod n • Distributivity • a * (b + c) mod n = ((a*b) + (a * c)) mod n CSS Security in Networks-css-ps4
Modular Arithmetic • define modulo operatora mod n to be remainder when a is divided by n • use the term congruence for: a ≡ b mod n • when divided by n, a & b have the same remainder • eg. 100 ≡ 34 mod 11 • 100 mod 11 = 1 = 34 mod 11 • b is called the residue of a mod n • since with integers we can always write: a = qn + b CSS Security in Networks-css-ps4
Modular Arithmetic • Modulo 7 Example ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... CSS Security in Networks-css-ps4
Modular Arithmetic • Construction of these tables may be difficult for large values of the modulus • But applying the remainder technique is helpful particularly the commutative ring properties makes it easy to work through even complex expressions using modulo operator. CSS Security in Networks-css-ps4
We can find inverses by say inspecting a table. For example consider the following field of integers mod 5: Computing Inverses • The inverse of 1 is 1, • The inverse of 2 is 3 and since • Multiplication is commutative, • The inverse of 3 is also 2; • The inverse of 4 is 4 CSS Security in Networks-css-ps4
Computing Inverses • But with large numbers finding inverses in a finite field is not always easy. • To perform a secure encryption we need a procedure for finding say the inverse mod n of any element, even for very large values of n. • So an algorithm to find a-1 directly is usually faster than a table search. CSS Security in Networks-css-ps4
Computing Inverses • In the last example with a larger value for n it would not be easy to find a pattern or to generate the elements of particular row, looking for 1 each time we need an inverse. • So we need an algorithm for computing inverses. • But first lets look at the Fermat's Theorem. CSS Security in Networks-css-ps4
Fermat’s Theorem • In number theory, Fermat’s theorem states that for any prime p and any element a<p, apmod p = a Or ap-1mod p = 1 This leads to the inverse we want. The inverse of a is the element x so that ax mod p = 1 = ap-1mod p So that x = ap-2mod p This method computes inverses ONLY when p is a prime number and element a < p. CSS Security in Networks-css-ps4
Fermat’s Theorem • Example • We can use this formula to compute the inverse of 3 mod 5: x = ap-2 mod p • 3-1 mod 5 = 35-2 mod 5 [3-1: read as:Multiplicative inverse of 3] = 33 mod 5 = 27 mod 5 = 2 • As we determined earlier from the multiplication table! CSS Security in Networks-css-ps4
Knuth(1973) uses Euclid's algorithm for computing inverses by finding the greatest common divisor: /*Compute x = a-1 mod n}*/ c0 := n; c1:= a b0 := 0; b1 := 1; i := 1 Repeat ci+1 := ci-1 mod ci; t := ci-1DIV ci; bi+1 := bi-1 – t * bi; i := i +1; Until c i = 0 If (bi-1 >= 0) then x := bi-1 else x :=n + bi-1; Another algorithm to compute Inverse CSS Security in Networks-css-ps4
What next • These mathematical results will be used in the following topics when we examine the encryption algorithms based on the arithmetic in finite field. CSS Security in Networks-css-ps4
Affordable books for bed time reading! • Fermat’s Last Theorem by Simon Singh • …Andrew Wiles solved the 350-year-old problem in 1993… • Code Book • Also by Simon Singh FermatLast Theorem states that xn+ yn= zn has no non-zero integer solutions for x, y and z when n > 2. CSS Security in Networks-css-ps4