1. Revision

2. Cryptography depends on some properties of prime numbers. One of these is that it is rather easy to generate large prime numbers, but much harder to factor large numbers into primes. prime numbers – For example, in RSA, the security of the system depends on the fact that in order to find d, phi must be known, and this in turn requires knowledge of p and q. It is believed that there is no efficient way of factoring (for large values) and so private key cannot be deduced from the public key.

3. Testing for a prime

4. Illustration

5. Fermat Test

7. Square Root Test What are the square roots of 1 mod n if n is 7 (a prime)? Example 9.21 Solution The only square roots are 1 and −1. We can see that

9. n-1 = m * 2 k a n-1 = a m*2^k 2321 --- is it a prime number? 2321-1 = 2320 = 1160 *2 = 580 *2 2 = 260 * 2 3 = 130 * 2 4 = 65 * 2 5 M= 65, k = 5, a = 2

10. n-1 = m * 2 k a n-1 = a m*2^k M= 65, k = 5, a = 2 Initialisation: T= 2 65 mod 2321 = 560 mod 2321 K=1:T = 5602 mod 2321 = 265 mod 2321 K=2: T = 2652 mod 2321 = 595 mod 2321 K=3:T = 5952 mod 2321 = 1233 mod 2321 K=4:T= 12332 mod 2321 = 34 mod 2321 => Composite (11*211)

12. The Extended Euclidean Algorithm The Euclidean algorithm is an efficient way of computing the greatest common divisor of two numbers. It also provides a way of finding numbers a, b, such that (x,y) = ax + by.

13. Gcd(853,199)

14. For each pair of integers (a, b) below, find d = gcd(a, b) and find a pair of numbers j and k such that d = j * a + k * b. (Use the Extended Euclidean algorithm.) (a) 90 and 56 (b) 91 and 89 (c) 711 and 75 (d) 815 and 75 (e) 112 and 196 (f) 366 and 150

15. Having made the recursive function calls, we’re now able to fill in the values of j and k from right to left. The last column (as shown)will always be 1 and 0 (assuming that a and b are not both 0, of course). To get the values of j and k in a column, we use the values of j and k from the previous column (the one to its right, as we’re filling in the table from right to left) and the value of q that is in the same column that we’re currently filling in.

16. Thus we have gcd(90, 56) = 2 and 2 = (5) · 90 + (−8) · 56. You can double check your work at each step, as for each column, using those values of a, b, j, and k, you should always get a linear combination that equals the GCD. For example, we have:  2 = (−1) · 22 + (2) · 10  2 = (2) · 34 + (−3) · 22

17. Fermat’s Little Theorem First Version a p ≡ a mod p a p − 1 ≡ 1 mod p Second Version

18. Find the result of 6 10 mod 11. Example 1 Solution We have 6 10 mod 11 = 1. This is the first version of Fermat’s little theorem where p = 11. Find the result of 3 12 mod 11. Example 2 Solution Here the exponent (12) and the modulus (11) are not the same. With substitution this can be solved using Fermat’s little theorem.

19. Euler’s Theorem First Version a  (n) ≡ 1 (mod n) Second Version a k ×  (n) + 1 ≡ a (mod n) The second version of Euler’s theorem is used in the RSA cryptosystem. Note

20. Find the result of 6 24 mod 35. Example 1 Solution We have 6 24 mod 35 = 6  (35) mod 35 = 1. Find the result of 20 62 mod 77. Example 2 Solution If we let k = 1 on the second version, we have 20 62 mod 77 = (20 mod 77) (20  (77) + 1 mod 77) mod 77 = (20)(20) mod 77 = 15.

22. ASCII

23. Plain Text

24. RSA  Let p and q be two large prime numbers  Let N = pq be the modulus  Choose e relatively prime to (p  1)(q  1) = Φ(n)  Find d so that ed = 1 (mod (p  1)(q  1))  Public key is (N,e)  Private key is d

25. RSA  To encrypt M compute: C = M e (mod N)  To decrypt C compute: M = C d (mod N)  Recall that e and N are public  If attacker can factor N, can use e to easily find d since ed = 1 (mod (p  1)(q  1))  Factoring the modulus breaks RSA!

26. RSA  Let p and q be two large prime numbers  Let N = pq be the modulus  Choose e relatively prime to (p  1)(q  1) = Φ(n)  Find d so that ed = 1 (mod (p  1)(q  1))  Public key is (N,e)  Private key is d

27. 1. p = 3 and q = 11 2. n = p * q = 3 * 11 = 33 3. z = (p-1)(q-1) = (3-1)*(11-1) = 20 4. Choose prime number e such e and z are co prime e: 2, 3, 5, 7, 11, 13, 17, 19  e * d = 1(mod z) 3 * d = 1(mod 20)  d = 7 Simple RSA Example

28.  Public key: (N, e) = (33, 3)  Private key: d = 7  Suppose message M = 8  Ciphertext C is computed as C = M e ( mod N) = 8 3 = 512 = 17 (mod 33)  Decrypt C to recover message: M = C d (mod N) = 17 7 = 410,338,673 = 12,434,505  33 + 8 = 8 (mod 33)

29. RSA Conclusions  RSA is the “gold standard” in public key crypto  Provides encryption and signatures  Has stood the test of time o Virtually unchanged since its invention  We look closely at RSA attacks in later section (implementation attacks)

30. Assignments 1.Perform encryption and decryption using RSA algorithm, as in Figure 1, for the following: ① p = 3; q = 11, e = 7; M = 5 ② p = 5; q = 11, e = 3; M = 9 2.In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5, n = 35. What is the plaintext M? EncryptionDecryption Plaintext 88 Ciphertext 11 Plaintext 88 7 mod187=11 23 mod187=88 KU=7,187KR=23,187 Example of RSA Algorithm