1 / 29

CS363

Week 3 - Friday. CS363. Last time. What did we talk about last time? AES Public key cryptography. Questions?. Assignment 1. Project 1. Security Presentation. Matt Shank. Number Theory. Prime.

marin
Download Presentation

CS363

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 3 - Friday CS363

  2. Last time • What did we talk about last time? • AES • Public key cryptography

  3. Questions?

  4. Assignment 1

  5. Project 1

  6. Security Presentation Matt Shank

  7. Number Theory

  8. Prime • RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes) • Recall that an integer p is prime if • p > 1 • p is not divisible by any positive integers other than 1 and itself • Trivia: The largest prime currently known is 257885161– 1 • It has 17,425,170 digits in base 10

  9. Fundamental theorem of arithmetic • Any integer greater than 1 can be factored into a unique series of prime factors: • Example: 52 = 22 ∙ 13 • Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b

  10. Rabin-Miller primality testing • We won't get into the number theory behind this (yet) • A Rabin-Miller primality test works as follows: • Let n be the number you want to prove if it's prime or not • n must be odd, thus n – 1 is even • (n – 1) = 2sd where s and d are positive integers and d is odd • If n is prime, then for any integer 1 < a < n, exactly one of the two is true: • ad 1 (mod n) or • a2rd  -1 (mod n), 1 ≤ r < s • Pick several a values, see if either of the two cases hold • If it ever doesn't, you know you have a composite

  11. Rabin-Miller example • What if we want to see if 221 is prime? • n – 1 = 220 = 22∙55 • s = 2 • d = 55 • Attempt 1: Let a = 174 • a20·d mod n = 17455 mod 221 = 47 ≠ 1, n − 1 • a21·d mod n = 174110 mod 221 = 220 = n − 1 Check! • Attempt 2: Let a = 137 • a20·d mod n = 13755 mod 221 = 188 ≠ 1, n − 1 • a21·d mod n = 137110 mod 221 = 205 ≠ n − 1 Oh no! • Every successful attempt means there is only a 25% chance that the number is composite • So, after k attempts, there is a 4-k chance that the number is composite

  12. Greatest common divisor • The greatest common divisor or GCD of two numbers gives the largest factor they have in common • Example: • GCD( 12, 18 ) = • GCD( 42, 56 ) = • For small numbers, we can determine GCD by doing a complete factorization

  13. Euclid's algorithm • For large numbers, we can use Euclid's algorithm to determine the GCD of two numbers • Algorithm GCD( a, b) • If b = 0 • Return a • Else • temp = a mod b • a = b • b = temp • Goto Step 1 • Example: GCD( 1970, 1066)

  14. Extended Euclid's algorithm • We can extend Euclid's algorithm to give us the multiplicative inverse for modular arithmetic • Example: Find the inverse of 120 mod 23 • Let a be the number • Let b be the modular base • Find Inverse(a, b) • x = 0 • lastx = 1 • y = 1 • lasty = 0 • while b ≠ 0 • quotient = a div b • temp = b • b = a mod b • a = temp • temp = x • x = lastx-quotient*x • lastx = temp • temp = y • y = lasty-quotient*y • lasty = temp • Return lastx

  15. More Number Theory!

  16. Fermat’s Little Theorem • If p is prime and a is a positive integer not divisible by p, then: ap –1 1 (mod p)

  17. Proof of Fermat's Theorem • Assume a is positive and less than p • Consider the sequence a, 2a, 3a, …, (p – 1)a • If these are taken mod p, we will get: • 1, 2, 3, …, p – 1 • This bit is the least obvious part of the proof • However (because p is prime) if you add any non-zero element repeatedly, you will eventually get back to the starting point, covering all values (except 0) once • Multiplying this sequence together gives: • a ∙ 2a ∙ 3a ∙ … ∙ (p – 1)a 1 ∙ 2 ∙ 3 ∙ … ∙ (p – 1) (mod p) • ap – 1(p – 1)!  (p – 1)! (mod p) • ap – 1 1 (mod p)

  18. Euler's in the mix too • Euler’s totient function (n) • (n) = the number of positive integers less than n and relatively prime to n (including 1) • If p is prime, then (p) = p – 1 • If we have two primes p and q (which are different), then: (pq) = (p)∙(q) = (p – 1)(q – 1)

  19. Take that, Fermat • Euler’s Theorem: For every a and n that are relatively prime, a(n)  1 (mod n) • This generalizes Fermat’s Theorem because (p) = p – 1 if p is prime • Proof is messier

  20. RSA

  21. RSA Algorithm • Named for Rivest, Shamir, and Adleman • Take a plaintext M converted to an integer • Create an ciphertextC as follows: C = Me mod n • Decrypt C back into M as follows: M = Cd mod n = (Me)d mod n = Med mod n

  22. The pieces

  23. How it Works • To encrypt: C = Me mod n • e is often 3, but is always publically known • To decrypt: M = Cd mod n = Med mod n • We get d by finding the multiplicative inverse of e mod (n) • So, ed  1 (mod (n))

  24. Why it Works • We know that ed  1 (mod (n)) • This means that ed = k(n) + 1 for some nonnegative integer k • Med= Mk(n) + 1  M∙(M(n))k (mod n) • By Euler’s Theorem M(n)  1 (mod n) • So, M∙(M(n))k  M (mod n)

  25. An example • M = 26 • p = 17, q= 11, n = 187, e = 3 • C = M3 mod 187 = 185 • (n) = (p – 1)(q – 1) = 160 • d = e-1 mod 160 = 107 • Cd= 185107 mod 187 = 26 • If you can trust my modular arithmetic

  26. Why it’s safe • You can’t compute the multiplicative inverse of e mod (n) unless you know what (n) is • If you know p and q, finding (n) is easy • Finding (n) is equivalent to finding p and q by factoring n • No one knows an efficient way to factor a large composite number

  27. Upcoming

  28. Next time… • Key management issues • Cryptographic hash functions • Yuki Gage presents

  29. Reminders • Finish reading Section 2.7 and 12.3 • Start reading Section 2.8 • Finish Assignment 1 • Due tonight by midnight

More Related