1 Applications of Number Theory CS 202 Epp section 10.4 Aaron Bloomfield.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Public Key Encryption Algorithm
Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.
Great Theoretical Ideas in Computer Science.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
Foundations of Network and Computer Security J J ohn Black Lecture #12 Sep 23 rd 2009 CSCI 6268/TLEN 5550, Fall 2009.
Public Key Cryptography
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
RSA Encryption William Lu. RSA Background  Basic technique first discovered in 1973 by Clifford Cocks of CESG (part of British GCHQ)  Invented in 1977.
Chapter 3 Encryption Algorithms & Systems (Part C)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Lecture 6: Public Key Cryptography
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
Foundations of Network and Computer Security J J ohn Black Lecture #14 Oct 1 st 2007 CSCI 6268/TLEN 5831, Fall 2007.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
The RSA Algorithm Rocky K. C. Chang, March
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Prime Numbers Prime numbers only have divisors of 1 and self
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz
RSA Public Key Algorithm. RSA Algorithm history  Invented in 1977 at MIT  Named for Ron Rivest, Adi Shamir, and Len Adleman  Based on 2 keys, 1 public.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Encryption Coursepak little bit in chap 10 of reed.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
MA/CSSE 473 Day 11 Primality testing summary Data Encryption RSA.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Cryptography Lecture 7: RSA Primality Testing Piotr Faliszewski.
Introduction to Algorithms Second Edition by Cormen, Leiserson, Rivest & Stein Chapter 31.
Public Key Encryption CS432 – Security in Computing Copyright © 2005, 2008 by Scott Orr and the Trustees of Indiana University.
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Algebra of RSA codes Yinduo Ma Tong Li. Ron Rivest, Adi Shamir and Leonard Adleman.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Lecture 8 Overview. Analysis of Algorithms Algorithms – Time Complexity – Space Complexity An algorithm whose time complexity is bounded by a polynomial.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.
Public Key Cryptosystems RSA Diffie-Hellman Department of Computer Engineering Sharif University of Technology 3/8/2006.
ENCRYPTION TAKE 2: PRACTICAL DETAILS David Kauchak CS52 – Spring 2015.
Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular.
RSA cryptosystem--preview Suppose n=p  q and  (n)=(p-1)(q-1), where p and q are big primes. Select (find) a and b, such that a  b=1 mod  (n). K=(n,p,q,a,b),
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Applications of Number Theory CS/APMA 202 Rosen section 2.6 Aaron Bloomfield.
Week 4 - Wednesday.  What did we talk about last time?  Finished DES  AES.
Primality Testing. Introduction The primality test provides the probability of whether or not a large number is prime. Several theorems including Fermat’s.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number.
Elgamal Public Key Encryption CSCI 5857: Encoding and Encryption.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Public Key Encryption Major topics The RSA scheme was devised in 1978
Public Key Encryption and Digital Signatures
Some basic terminology
Cryptography.
PART VII Security.
Presentation transcript:

1 Applications of Number Theory CS 202 Epp section 10.4 Aaron Bloomfield

2 About this lecture set I want to introduce RSA –The most commonly used cryptographic algorithm today Much of the underlying theory we will not be able to get to –It’s beyond the scope of this course Much of why this all works won’t be taught –It’s just an introduction to how it works

3 Private key cryptography The function and/or key to encrypt/decrypt is a secret –(Hopefully) only known to the sender and recipient The same key encrypts and decrypts How do you get the key to the recipient?

4 Public key cryptography Everybody has a key that encrypts and a separate key that decrypts –They are not interchangable! The encryption key is made public The decryption key is kept private

5 Public key cryptography goals Key generation should be relatively easy Encryption should be easy Decryption should be easy –With the right key! Cracking should be very hard

6 Is that number prime? Use the Fermat primality test Given: –n: the number to test for primality –k: the number of times to test (the certainty) The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime

7 Is that number prime? The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime Let n = 105 –Iteration 1: a = 92: mod 105 = 1 –Iteration 2: a = 84: mod 105 = 21 –Therefore, 105 is composite

8 Is that number prime? The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime Let n = 101 –Iteration 1: a = 55: mod 101 = 1 –Iteration 2: a = 60: mod 101 = 1 –Iteration 3: a = 14: mod 101 = 1 –Iteration 4: a = 73: mod 101 = 1 –At this point, 101 has a (½) 4 = 1/16 chance of still being composite

9 More on the Fermat primality test Each iteration halves the probability that the number is a composite –Probability = (½) k –If k = 100, probability it’s a composite is (½) 100 = 1 in 1.2  that the number is composite Greater chance of having a hardware error! –Thus, k = 100 is a good value However, this is not certain! –There are known numbers that are composite but will always report prime by this test Source:

10 Google’s recruitment campaign

11 RSA Stands for the inventors: Ron Rivest, Adi Shamir and Len Adleman Three parts: –Key generation –Encrypting a message –Decrypting a message

12 Key generation steps 1.Choose two random large prime numbers p ≠ q, and n = p*q 2.Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) 3.Compute d such that d * e ≡ 1 (mod (p-1)(q-1)) –Rephrased: d*e mod (p-1)(q-1) = 1 4.Destroy all records of p and q

13 Key generation, step 1 Choose two random large prime numbers p ≠ q –In reality, 2048 bit numbers are recommended That’s  617 digits –From last lecture: chance of a random odd 2048 bit number being prime is about 1/710 We can compute if a number is prime relatively quickly via the Fermat primality test We choose p = 107 and q = 97 Compute n = p*q –n = 10379

14 Key generation, step 1 Java code to find a big prime number: BigInteger prime = new BigInteger (numBits, certainty, random); The number of bits of the prime Certainty that the number is a prime The random number generator

15 Key generation, step 1 Java code to find a big prime number: import java.math.*; import java.util.*; class BigPrime { static int numDigits = 617; static int certainty = 100; static final double LOG_2 = Math.log(10)/Math.log(2); static int numBits = (int) (numDigits * LOG_2); public static void main (String args[]) { Random random = new Random(); BigInteger prime = new BigInteger (numBits, certainty, random); System.out.println (prime); } }

16 Key generation, step 1 How long does this take? –Keep in mind this is Java! –These tests done on a 850 Mhz Pentium machine –Average of 100 trials (certainty = 100) –200 digits (664 bits): about 1.5 seconds –617 digits (2048 bits): about 75 seconds

17 End of lecture on 23 March 2007  In the later class; the earlier class did the next 3 slides

18 Key generation, step 1 Practical considerations –p and q should not be too close together –(p-1) and (q-1) should not have small prime factors –Use a good random number generator

19 Key generation, step 2 Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) There are algorithms to do this efficiently –We aren’t going over them in this course Easy way to do this: make e be a prime number –It only has to be relatively prime to (p-1)(q-1), but can be fully prime

20 Key generation, step 2 Recall that p = 107 and q = 97 –(p-1)(q-1) = 106*96 = = 2 6 *3*53 We choose e = 85 –85 = 5*17 –gcd (85, 10176) = 1 –Thus, 85 and are relatively prime

21 Key generation, step 3 Compute d such that: d * e ≡ 1 (mod (p-1)(q-1)) –Rephrased: d*e mod (p-1)(q-1) = 1 There are algorithms to do this efficiently –We aren’t going over them in this course We choose d = 4669 –4669*85 mod = 1 Use the script at

22 Key generation, step 3 Java code to find d: import java.math.*; class FindD { public static void main (String args[]) { BigInteger pq = new BigInteger("10176"); BigInteger e = new BigInteger ("85"); System.out.println (e.modInverse(pq)); } } Result: 4669

23 Key generation, step 4 Destroy all records of p and q If we know p and q, then we can compute the private encryption key from the public decryption key d * e ≡ 1 (mod (p-1)(q-1))

24 The keys We have n = p*q = 10379, e = 85, and d = 4669 The public key is (n,e) = (10379, 85) The private key is (n,d) = (10379, 4669) Thus, n is not private –Only d is private In reality, d and e are 600 (or so) digit numbers –Thus n is a 1200 (or so) digit number

25 Encrypting messages To encode a message: 1.Encode the message m into a number 2.Split the number into smaller numbers m < n 3.Use the formula c = m e mod n c is the ciphertext, and m is the message Java code to do the last step: –m.modPow (e, n) –Where the object m is the BigInteger to encrypt

26 Encrypting messages example 1.Encode the message into a number –String is “Go Cavaliers!!” –Modified ASCII codes: Split the number into numbers < n –Recall that n = – Use the formula c = m e mod n – mod = 4501 – mod = 2867 – mod = 4894 –Etc… Encrypted message: –

27 Encrypting RSA messages Formula is c = m e mod n Formula is c = m e mod n

28 Decrypting messages 1.Use the formula m = c d mod n on each number 2.Split the number into individual ASCII character numbers 3.Decode the message into a string

29 Decrypting messages example Encrypted message: – Use the formula m = c d mod n on each number – mod = 4181 – mod = 0237 – mod = 6788 –Etc… 2.Split the numbers into individual characters – Decode the message into a string –Modified ASCII codes: –Retrieved String is “Go Cavaliers!!”

30 modPow computation 1.How to compute c = m e mod n or m = c d mod n? –Example: mod = 4181 Use the script at Other means: –Java: use the BigInteger.modPow() method –Perl: use the bmodpow function in the BigInt library –Etc…

31 Why this works m = c d mod n c = m e mod n c d ≡ (m e ) d ≡ m ed (mod n) Recall that: –ed ≡ 1 (mod p-1) –ed ≡ 1 (mod q-1) Thus, –m ed ≡ m (mod p) –m ed ≡ m (mod q) m ed ≡ m (mod pq) m ed ≡ m (mod n)

32 Cracking a message In order to decrypt a message, we must compute m = cd mod n –n is known (part of the public key) –c is known (the ciphertext) –e is known (the encryption key) Thus, we must compute d with no other information –Recall: choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) –Recall: Compute d such that: d*e mod (p-1)(q-1) = 1 Thus, we must factor the composite n into it’s component primes –There is no efficient way to do this! –We can, very easily, tell that n is composite, but we can’t tell what its factors are Once n is factored into p and q, we compute d as above –Then we can decrypt c to obtain m

33 Cracking a message example In order to decrypt a message, we must compute m = c d mod n –n = –c is the ciphertext being cracked –e = 85 In order to determine d, we need to factor n –d*e mod (p-1)(q-1) = 1 –We factor n into p and q: 97 and 107 –This would not have been feasible with two large prime factors!!! –d * 85 (mod (96)(106)) = 1 We then compute d as above, and crack the message

34 Signing a message Recall that we computed: d*e mod (p-1)(q-1) = 1 Note that d and e are interchangable! –You can use either for the encryption key You can encrypt with either key! –Thus, you must use the other key to decrypt

35 Signing a message To “sign” a message: 1.Write a message, and determine the MD5 hash 2.Encrypt the hash with your private (encryption) key 3.Anybody can verify that you created the message because ONLY the public (encryption) key can decrypt the hash 4.The hash is then verified against the message

36 PGP and GnuPG Two applications which implement the RSA algorithm –GnuPG Is open-source (thus it’s free) –PGP was first, and written by Phil Zimmerman The US gov’t didn’t like PGP…

37 The US gov’t and war munitions

38 How to “crack” PGP Factoring n is not feasible Thus, “cracking” PGP is done by other means –Intercepting the private key “Hacking” into the computer, stealing the computer, etc. –Man-in-the-middle attack (next 2 slides) –Etc.

39 Man-in-the-middle attack: “Normal” RSA communication What is your public key? My public key is 12345… What is your public key? My public key is 67890… Here’s message encrypted with 12345… Here’s a response encrypted with 67890…

40 What is your public key? My public key is 12345… My public key is abcde… What is your public key? My public key is 67890… My public key is vwxyz… Here’s message encrypted w/ abcde… Decrypts message with corresponding private key to abcde…; re-encrypts message with blue’s public key (12345…) Here’s message encrypted w/ 12345… Here’s response encrypted w /vwxyz… Decrypts message with corresponding private key to vwxyz…; re-encrypts message with yellow’s public key (67890…) Here’s response encrypted w/ 67890… Black has the private decryption key for abcde… Black has the private decryption key for vwxyz…

41 Other public key encryption methods Modular logarithms –Developed by the US government, therefore not widely trusted Elliptic curves

42 Quantum computers A quantum computer could (in principle) factor n in reasonable time –This would make RSA obsolete! –Shown (in principle) by Peter Shor in 1993 –You would need a new (quantum) encryption algorithm to encrypt your messages This is like saying, “in principle, you could program a computer to correctly predict the weather” A few years ago, IBM created a quantum computer that successfully factored 15 into 3 and 5 I bet the NSA is working on such a computer, also

43 Sources Wikipedia article has a lot of info on RSA and the related algorithms –Those articles use different variable names –Link at