Lecture 3.1: Public Key Cryptography I

Slides:



Advertisements
Similar presentations
1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Advertisements

Cryptography and Network Security
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Cryptography and Network Security Chapter 4
UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
Introduction to Modular Arithmetic and Public Key Cryptography.
Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8
RSA and its Mathematics Behind
Prelude to Public-Key Cryptography Rocky K. C. Chang, February
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Chapter 4 – Finite Fields
Data Security and Encryption (CSE348) 1. Lecture # 12 2.
RSA and its Mathematics Behind July Topics  Modular Arithmetic  Greatest Common Divisor  Euler’s Identity  RSA algorithm  Security in RSA.
Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.
Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena.
MA/CSSE 473 Day 08 Extended Euclid's Algorithm Modular Division Fermat's little theorem.
Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.
Ref: Pfleeger96, Ch.31 Properties of Arithmetic Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996.
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2012 Nitesh Saxena.
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.
Cryptography Lecture 14 Arpita Patra © Arpita Patra.
Chapter 4 With Question/Answer Animations 1. Chapter Motivation Number theory is the part of mathematics devoted to the study of the integers and their.
Revision. Cryptography depends on some properties of prime numbers. One of these is that it is rather easy to generate large prime numbers, but much harder.
MA/CSSE 473 Day 07 Extended Euclid's Algorithm Modular Division
Assignment 4 is due! Assignment 5 is out and is due in two weeks!
Mathematical Background : A quick approach to Group and Field Theory
Mathematical Background for Cryptography: Modular arithmetic and gcd
B504/I538: Introduction to Cryptography
Topic 12: Number Theory Basics (2)
Introduction to Cryptography
Prelude to Public-Key Cryptography
Advanced Algorithms Analysis and Design
Lecture 3.2: Public Key Cryptography II
Numerical Algorithms x x-1 Numerical Algorithms
Number-Theoretic Algorithms (UNIT-4)
Introduction to Number Theory
Quick reviews / corrections
MATH301- DISCRETE MATHEMATICS Copyright © Nahid Sultana Dr. Nahid Sultana Chapter 4: Number Theory and Cryptography.
Number Theory and Modular Arithmetic
Numerical Algorithms x x-1
Number Theory (Chapter 7)
Lecture 3: Public Key Cryptography
Computer Security Modular Arithmetic November 12, 2018
Number Theory and Euclidean Algorithm
Topic 6: Number Theory Basics
Prime and Relatively Prime Numbers
Lecture 20 Guest lecturer: Neal Gupta
Foundations of Network and Computer Security
Cryptography Lecture 21.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Modular Arithmetic and the RSA Cryptosystem
Classical Ciphers – 2 CSCI284 Spring 2004 GWU
Mathematical Background for Cryptography
Cryptology Design Fundamentals
Cryptography Lecture 17.
Cryptography Lecture 20.
Cryptography Lecture 16.
Cryptography Lecture 19.
Mathematical Background : A quick approach to Group and Field Theory
Mathematical Background: Extension Finite Fields
Presentation transcript:

Lecture 3.1: Public Key Cryptography I 1/17/2019 Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2014 Nitesh Saxena

Today’s Informative/Fun Bit – Acoustic Emanations 1/17/2019 Today’s Informative/Fun Bit – Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+emanations&btnG=Google+Search http://tau.ac.il/~tromer/acoustic/ 1/17/2019 Public Key Cryptography -- I

Course Administration 1/17/2019 Course Administration HW1 posted – due at 5pm on Jan 30 (Thu) Any questions? Regarding programming portion of the homework Submit the whole modified code that you used to measure timings Comment the portions in the code where you modified the code Include a small “readme” for us to understand this 1/17/2019 Public Key Cryptography -- I

Outline of Today’s Lecture 1/17/2019 Outline of Today’s Lecture Public Key Crypto Overview Number Theory Modular Arithmetic 1/17/2019 Public Key Cryptography -- I

Recall: Private Key/Public Key Cryptography 1/17/2019 Recall: Private Key/Public Key Cryptography Private Key: Sender and receiver share a common (private) key Encryption and Decryption is done using the private key Also called conventional/shared-key/single-key/ symmetric-key cryptography Public Key: Every user has a private key and a public key Encryption is done using the public key and Decryption using private key Also called two-key/asymmetric-key cryptography 1/17/2019 Public Key Cryptography -- I

Private key cryptography revisited. 1/17/2019 Private key cryptography revisited. Good: Quite efficient (as you’ll see from the HW#1 programming exercise on AES) Bad: Key distribution and management is a serious problem – for N users O(N2) keys are needed 1/17/2019 Public Key Cryptography -- I

Public key cryptography model 1/17/2019 Public key cryptography model Good: Key management problem potentially simpler Bad: Much slower than private key crypto (we’ll see later!) 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Public Key Encryption Two keys: public encryption key e private decryption key d Encryption easy when e is known Decryption easy when d is known Decryption hard when d is not known We’ll study such public key encryption schemes; first we need some number theory. 1/17/2019 Public Key Cryptography -- I

Public Key Encryption: Security Notions 1/17/2019 Public Key Encryption: Security Notions Very similar to what we studied for private key encryption What’s the difference? 1/17/2019 Public Key Cryptography -- I

1/17/2019 Group: Definition (G,.) (where G is a set and . : GxGG) is said to be a group if following properties are satisfied: Closure : for any a, b G, a.b G Associativity : for any a, b, c G, a.(b.c)=(a.b).c Identity : there is an identity element such that a.e = e.a = a, for any a G Inverse : there exists an element a-1 for every a in G, such that a.a-1 = a-1.a = e Abelian Group: Group which also satisfies commutativity , i.e., a.b = b.a

Public Key Cryptography -- I 1/17/2019 Groups: Examples Set of all integers with respect to addition --(Z,+) Set of all integers with respect to multiplication (Z,*) – not a group Set of all real numbers with respect to multiplication (R,*) Set of all integers modulo m with respect to modulo addition (Zm, “modular addition”) 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Divisors x divides y (written x | y) if the remainder is 0 when y is divided by x 1|8, 2|8, 4|8, 8|8 The divisors of y are the numbers that divide y divisors of 8: {1,2,4,8} For every number y 1|y y|y 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Prime numbers A number is prime if its only divisors are 1 and itself: 2,3,5,7,11,13,17,19, … Fundamental theorem of arithmetic: For every number x, there is a unique set of primes {p1, … ,pn} and a unique set of positive exponents {e1, … ,en} such that 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Common divisors The common divisors of two numbers x,y are the numbers z such that z|x and z|y common divisors of 8 and 12: intersection of {1,2,4,8} and {1,2,3,4,6,12} = {1,2,4} greatest common divisor: gcd(x,y) is the number z such that z is a common divisor of x and y no common divisor of x and y is larger than z gcd(8,12) = 4 1/17/2019 Public Key Cryptography -- I

Euclidean Algorithm: gcd(r0,r1) 1/17/2019 Euclidean Algorithm: gcd(r0,r1) Main idea: If y = ax + b then gcd(x,y) = gcd(x,b) 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Example – gcd(15,37) 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 gcd(15,37) = 1 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Relative primes x and y are relatively prime if they have no common divisors, other than 1 Equivalently, x and y are relatively prime if gcd(x,y) = 1 9 and 14 are relatively prime 9 and 15 are not relatively prime 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Modular Arithmetic Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: We work in Zm = {0, 1, 2, …, m-1}, the group of integers modulo m Example: Z9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write = instead of 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Addition in Zm : Addition is well-defined: 3 + 4 = 7 mod 9. 3 + 8 = 2 mod 9. 1/17/2019 Public Key Cryptography -- I

Additive inverses in Zm 1/17/2019 Additive inverses in Zm 0 is the additive identity in Zm Additive inverse of a is -a mod m = (m-a) Every element has unique additive inverse. 4 + 5= 0 mod 9. 4 is additive inverse of 5. 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Multiplication in Zm : Multiplication is well-defined: 3 * 4 = 3 mod 9. 3 * 8 = 6 mod 9. 3 * 3 = 0 mod 9. 1/17/2019 Public Key Cryptography -- I

Multiplicative inverses in Zm 1/17/2019 Multiplicative inverses in Zm 1 is the multiplicative identity in Zm Multiplicative inverse (x*x-1=1 mod m) SOME, but not ALL elements have unique multiplicative inverse. In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4-1=7, (mod 9) 1/17/2019 Public Key Cryptography -- I

Which numbers have inverses? 1/17/2019 Which numbers have inverses? In Zm, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 E.g., 4 in Z9 1/17/2019 Public Key Cryptography -- I

Extended Euclidian: a-1 mod n 1/17/2019 Extended Euclidian: a-1 mod n Main Idea: Looking for inverse of a mod n means looking for x such that x*a – y*n = 1. To compute inverse of a mod n, do the following: Compute gcd(a, n) using Euclidean algorithm. Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. So you can obtain linear combination of rm and rm-1 that yields 1. Work backwards getting linear combination of ri and ri-1 that yields 1. When you get to linear combination of r0 and r1 you are done as r0=n and r1= a. 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Example – 15-1 mod 37 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1 So, 15-1 mod 37 is 5. 1/17/2019 Public Key Cryptography -- I

Modular Exponentiation: Square and Multiply method 1/17/2019 Modular Exponentiation: Square and Multiply method Usual approach to computing xc mod n is inefficient when c is large. Instead, represent c as bit string bk-1 … b0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z2 mod n if bi = 1 then z = z* x mod n Show an example: x^64 will require 6 squarings (or 6 multiplications). 1000000 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Example: 3037 mod 77 z = z2 mod n if bi = 1 then z = z* x mod n i b z 5 1 30 =1*1*30 mod 77 4 53 =30*30 mod 77 3 37 =53*53 mod 77 2 29 =37*37*30 mod 77 71 =29*29 mod 77 2 =71*71*30 mod 77 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Other Definitions An element g in G is said to be a generator of a group if a = gi for every a in G, for a certain integer i A group which has a generator is called a cyclic group The number of elements in a group is called the order of the group Order of an element a is the lowest i (>0) such that ai = e (identity) A subgroup is a subset of a group that itself is a group 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Lagrange’s Theorem Order of an element in a group divides the order of the group 1/17/2019 Public Key Cryptography -- I

Euler’s totient function 1/17/2019 Euler’s totient function Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n Fact: If p is prime then {1,2,3,…,p-1} are relatively prime to p. 1/17/2019 Public Key Cryptography -- I

Euler’s totient function 1/17/2019 Euler’s totient function Fact: If p and q are prime and n=pq then Each number that is not divisible by p or by q is relatively prime to pq. E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} pq-p-(q-1) = (p-1)(q-1) 1/17/2019 Public Key Cryptography -- I

Euler’s Theorem and Fermat’s Theorem 1/17/2019 Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then If a is relatively prime to p then ap-1 = 1 mod p Proof : follows from Lagrange’s Theorem 1/17/2019 Public Key Cryptography -- I

Euler’s Theorem and Fermat’s Theorem 1/17/2019 Euler’s Theorem and Fermat’s Theorem EG: Compute 9100 mod 17: p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100  (916)6(9)4 (mod 17)  (1)6(9)4 (mod 17)  (81)2 (mod 17)  16 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Some questions 2-1 mod 4 =? What is the complexity of (a+b) mod m (a*b) mod m xc mod (n) Order of a group is 5. What can be the order of an element in this group? 1/17/2019 Public Key Cryptography -- I

Public Key Cryptography -- I 1/17/2019 Further Reading Chapter 4 of Stallings Chapter 2.4 of HAC 1/17/2019 Public Key Cryptography -- I