170 likes | 183 Views
ONE WAY FUNCTIONS. SECURITY PROTOCOLS CLASS PRESENTATION. INTRODUCTION. A One - Way function is a function which is easy to compute but difficult to invert. Two conditions for function f - Easy to compute - Difficult to invert. INTRODUCTION.
E N D
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION
INTRODUCTION • A One - Way function is a function which is easy to compute but difficult to invert. • Two conditions for function f - Easy to compute - Difficult to invert
INTRODUCTION • A One - Way function is a function which is easy to compute but difficult to invert. • Two conditions for function f - Easy to compute There exists a polynomial-time algorithm that on input x outputs f (x) - Difficult to invert Every probabilistic polynomial-time algorithm trying, on input y to find an inverse of y under f , may succeed only with negligible probability.
TYPES OF ONE - WAY FUNCTIONS • Strong One - Way Functions: These are easy to compute and hard to invert functions. Any efficient algorithm has negligible success in inverting such functions. • Weak One - Way Functions: These are easy to compute and slightly hard to invert functions. All efficient inverting algorithms fail to invert such functions with some non-negligible probability.
TYPES OF ONE - WAY FUNCTIONS • Fixed Length One - Way functions • Variable Length One - Way Functions
CANDIDATES OF ONE - WAY FUNCTIONS • Integer Factorization: The time required to factorize an integer N runs into a very high order dependent on the second biggest prime factor P of the given integer N. The function f mult = x. y which is the product of the integers x and y, can be computed in polynomial time. But assuming the intractability of factoring and the “density of primes “theorem it follows that f mult is at least weakly One - Way. Using more sophisticated arguments, it can be shown that f mult is strongly One - Way. • Decoding of Random Linear Codes
VARIATIONS OF ONE - WAY FUNCTIONS • Universal One - Way Functions • One - Way Functions as Collections • The RSA function • The Rabin function • Discrete Logarithms • Trapdoor One - Way Functions • Clawfree One - Way Functions
VARIATIONS OF ONE - WAY FUNCTIONS • Universal One - Way Functions There exist One - Way functions if and only if there exists One - Way functions which can be evaluated by a quadratic time algorithm (the existence of such a specific time bound is important). Such One - Way functions are called Universal One - Way functions.
VARIATIONS OF ONE - WAY FUNCTIONS • One - Way Functions as Collections Instead of viewing One - Way functions as functions operating on an infinite domain, infinite collections of functions each operating on a finite domain are considered. The functions in the collection share a single evaluating algorithm which when inputted a succinct representation of a function and an element in its domain return the value of the specified function at the given point. • The RSA function • The Rabin function • Discrete Logarithms
VARIATIONS OF ONE - WAY FUNCTIONS • Trapdoor One - Way Functions These are collections of functions, {fi}, with the extra property that fi is efficiently inverted once given as auxiliary input a “trapdoor” for the index i. The trapdoor of index I, denoted by t(i), cannot be efficiently computed from i. e.g. the RSA trapdoor: The algorithm of the RSA collection is modified to output the index (N.e) and the trapdoor (N,d), where d = e-1mod (P-1)*(Q-1). FRSA ((N,d), FRSA ((N,e),x)) = xed mod N
VARIATIONS OF ONE - WAY FUNCTIONS • Clawfree One - Way Functions A Clawfree collection of functions consists of a set of pairs of functions which are easy to evaluate, both have the same range, and yet it is infeasible to find a range element together with pre-images of it under each of these functions. E.g. the DLP Clawfree collection, the Factoring Clawfree collection
EXAMPLES OF ONE - WAY FUNCTIONS • Hash Function A hash function H accepts a variable-size message M as input and outputs a fixed-size representation H(M) of M. • RSA Function 1977 by Ron Rivest, Adi Shamir and L. Adleman
HASH FUNCTION - A Hash Value is generated by a function H of the form h = H(M), where M is the variable length message and h is the fixed length Hash Value. • This hash value is appended to the message at the source at a time when the message is assumed or known to be correct. • The receiver authenticates the message by recomputing the Hash value.
HASH FUNCTION… PROPERTIES • H can be applied to a block data of any size. • H produces a fixed-length output. • H(x) is relatively easy to compute for any given x. • For any given code h, it is computationally infeasible to find x such that H(x) = h -> ONE - WAY property. • For any given block x, it is computationally infeasible to find y≠x with H(y)=H(x) ->Weak Collision Resistance. • It is computationally infeasible to find any pair (x,y) such that H(x)=H(y) ->Strong Collision Resistance.
RSA ENCRYPTION Steps: • The first task is to select n. n is normally very large (approx 200 digits) and is a product of two large primes p and q (typically 100 digits each). • Next a large integer e is chosen such that e is relatively prime to (p-1) * (q-1). e is usually picked as a prime larger than both (p-1) and (q-1). 3. Next d is selected such that: e * d = 1 mod (p-1) * (q-1) The message is then encrypted using the encryption formula mentioned above. e and d are called public and private exponents.
RSA ENCRYPTION… AN EXAMPLE 1. p = 11 and q = 13 ---both primes n = p*q = 143 and (p-1).(q-1) = 120 • Choose e such that it is relatively prime to (p-1).(q-1) Say e = 11. • d = e-1mod (p-1) * (q-1) = 11. Let message to be encrypted be letter ‘H’ -> number 7 if we map A to Z from 0 to 25. Encryption: E(‘H’) = E(7) => 711 mod 143 = 106 Decryption: D(106) => 10611 mod 143 = 7 => ‘H’
RSA ENCRYPTION… AN EXAMPLE C = Me mod n M = Cd mod n Public key: (5,119) Private key: (77,119) 195 = 2476099 = 20807 with -------------- remainder 119 of 66 Plain Text 19 Cipher text 6677 = 6677 = remainder -------- of 19 119 Plain Text 19