Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thinking the Impossible “Modern Cryptography”

Published byErik Hines Modified over 6 years ago

Similar presentations

Presentation on theme: "Thinking the Impossible “Modern Cryptography”"— Presentation transcript:

1 Thinking the Impossible “Modern Cryptography”
September 4, 1997 Thinking the Impossible “Modern Cryptography” Jeremy R. Johnson

2 September 4, 1997 Introduction Objective: To see how to securely communicate on the internet without giving up privacy. To understand what a public key cryptosystem is and how the RSA algorithm works. To do impossible things. Modern cryptography Solutions to some “impossible problems” Public Key Cryptosystems Modular Arithmetic RSA Algorithm References: Rivest, Shamir, Adelman CS Unplugged

3 Importance of the Area Did you buy anything online recently? Use an ATM machine? If so, whether you know it or not, you used cryptography. Cryptography (in the guise of the SSL protocol) protects your credit card information as it whizzes across the Internet, and ensures that others can't withdraw money from your account. The ubiquitous use of tools such as SSL and SSH shows that cryptography, once an esoteric military concern, has now burst into the mainstream. Yet, this is only the beginning of a coming flood.

4 “Impossible” Problem One
September 4, 1997 “Impossible” Problem One How can you determine the outcome of a vote on the intenet without revealing individual votes?

5 Classical Cryptography
Basic problem: Secure communication over an insecure channel Solution: private key encryption m  E(k,m) = c  D(k,c) = m Shannon provided a rigorous theory of perfect secrecy based on information theory Adversary has unlimited computational resources, but key must be as long as message

6 September 4, 1997 Substitution Cypher HELLO ALL HAIL CEASAR

7 September 4, 1997 Substitution Cypher KHOOR DOO KDLO FHDVDU

8 September 4, 1997 Frequency Analysis en.wikipedia.org/wiki/Frequency_analysis_(cryptanalysis) scottbryce.com/cryptograms

9 One Time Pad Pad = b1  bn  {0,1}* chosen randomly m = m1  mn
E(Pad,m) = c = m  Pad D(Pad,c) = c  Pad = (m  Pad)  Pad = m m,c PrPad[E(Pad,m) = c] = 1/2n No information gained from seeing c However, E(Pad,m)  E(Pad,m’) = m  m’

10 “Impossible” Problem Two
September 4, 1997 “Impossible” Problem Two How can you send a secret over the internet without previously sending a courier to distribute the secret key? Is your method secure? The answer comes from modern cryptography and relies on public key cryptography Whitfield Diffie and Martin E. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, Vol. IT-22, No. 6, Nov

11 Public Key Cryptosystem
September 4, 1997 Public Key Cryptosystem Let M be a message and let C be the encrypted message (ciphertext). A public key cryptosystem has a separate method E() for encrypting and D() decrypting. D(E(M)) = M Both E() and D() are easy to compute Publicly revealing E() does not make it easy to determine D() E(D(M)) = M - needed for signatures The collection of E()’s are made publicly available but the D()’s remain secret. Called a one-way trap-door function (hard to invert, but easy if you have the secret information)

12 Public Key Encryption Map (From CS Unplugged)

13 Public Key Encryption Map
Come up with 10 numbers that add up to your ASCII value. Label your vertices with the values. Take each vertex and its neighbors, compute the sum, and replace the vertex value with that sum. Erase the old values!!! The Map What To Do

14 ASCII Table

15 Private Key Encryption Map

16 Private Key Encryption Map
Just add up the values of each bold vertex from the public map you were given. The Private Key What To Do

17 Modern Cryptography Adversary’s resources are computationally bounded
Probabilistic polynomial time algorithm Impossibility of breaking the encryption system  Infeasibility of breaking Rely on gap between efficient algorithms for encryption and computational infeasibility of decryption by adversary

18 Dominating Sets & NP Completeness
Given a graph G = (V,E) D  V is a Dominating Set If v  D is adjacent to some vertex in D Determining the number of vertices in a minimal dominating set is NP Complete An Independent Set is set of vertices such that no two are adjacent Max ind set (not subset of any other ind set) is a dominating set Smallest ind dom set  smallest max ind set Determining a maximal ind set is NP Hard

19 September 4, 1997 Creating Private Keys

20 “Impossible” Problem Three
September 4, 1997 “Impossible” Problem Three How can you flip a coin over the phone? The answer comes from modern cryptography and is the key to secure communication over the internet, provides privacy, authentication and digital signatures

21 Public Key Cryptosystem
September 4, 1997 Public Key Cryptosystem Let M be a message and let C be the encrypted message (ciphertext). A public key cryptosystem has a separate method E() for encrypting and D() decrypting. D(E(M)) = M Both E() and D() are easy to compute Publicly revealing E() does not make it easy to determine D() E(D(M)) = M - needed for signatures The collection of E()’s are made publicly available but the D()’s remain secret. Called a one-way trap-door function (hard to invert, but easy if you have the secret information)

22 “Impossible” Problem Four
September 4, 1997 “Impossible” Problem Four How can you prove you know something to an adversary without revealing your secret? The answer comes from the area of zero knowledge proofs

23 Where’s Waldo

24 Open Sesame Jean-Jacques Quisquater, Louis C. Guillou, Thomas A. Berson. How to Explain Zero-Knowledge Protocols to Your Children. Advances in Cryptology - CRYPTO '89: Proceedings, v.435, p , 1990.

25 Zero Knowledge Proof Completeness: if the statement is true, the honest verifier (that is, one following the protocol properly) will be convinced of this fact by an honest prover. Soundness: if the statement is false, no cheating prover can convince the honest verifier that it is true, except with some small probability. Zero-knowledge: if the statement is true, no cheating verifier learns anything other than this fact. This is formalized by showing that every cheating verifier has some simulator that, given only the statement to be proven (and no access to the prover), can produce a transcript that "looks like" an interaction between the honest prover and the cheating verifier.

26 Secure Passwords Every users stores a statement of a theorem in a publicly readable directory Upon login, the user engages in a zero-knowledge proof of the correctness of the theorem If the proof is convincing access is granted Guarantees that an adversary who overhears the proof can not learn enough to gain access

27 RSA Public Key Cryptosystem
September 4, 1997 RSA Public Key Cryptosystem

28 Public Key Cryptosystem
September 4, 1997 Public Key Cryptosystem Let M be a message and let C be the encrypted message (ciphertext). A public key cryptosystem has a separate method E() for encrypting and D() decrypting. D(E(M)) = M Both E() and D() are easy to compute Publicly revealing E() does not make it easy to determine D() E(D(M)) = M - needed for signatures The collection of E()’s are made publicly available but the D()’s remain secret. Called a one-way trap-door function (hard to invert, but easy if you have the secret information)

29 RSA Public Key Cryptosystem
September 4, 1997 RSA Public Key Cryptosystem Based on the idea that it is hard to factor large numbers. First encode M as an integer (e.g. use ASCII). Large messages will need to be blocked. Choose n = p*q, the product of two large prime numbers. Choose e such that gcd(e,phi(n)) = 1. Choose d such that de  1 (mod  (n)) E = (e,n) and E(M) = Me mod n D = (d,n) and D(M) = Md mod n

30 Correctness of the RSA Algorithm
September 4, 1997 Correctness of the RSA Algorithm Theorem: D(E(M)) = E(D(M)) = M. Proof. D(E(M)) = (Me)d (mod n) = Med (mod n). Since ed  1 (mod  (n)), ed = k*  (n) + 1, for some integer k. Mk* (n)+1  (Mk* (n)+1 mod p, Mk* (n)+1 mod q) = (Mk* (n) * M mod p, Mk* (n) * M mod q) = (M(p-1)*(q-1)*k * M mod p, M(q-1)*(p-1)*k * M mod q) [since n = pq] = ((M(p-1))(q-1)*k * M mod p, (M(q-1))(p-1)*k * M mod q) = (M mod p, M mod q) [By Fermat’s theorem] Therefore, by the CRT, Mk* (n)+1  M (mod n).

Download ppt "Thinking the Impossible “Modern Cryptography”"

Similar presentations

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.

Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, A Public-Key Cryptosystem and a Signature Scheme.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.

RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS 4362 - CIS 5357 Network Security.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Midterm Review Cryptography & Network Security

Midterm Review Cryptography & Network Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.

Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Darci Miyashiro Math 480 April 29, 2013

Darci Miyashiro Math 480 April 29, 2013
1 Public-Key Cryptography and Message Authentication.

1 Public-Key Cryptography and Message Authentication.
Computer and Network Security Rabie A. Ramadan Lecture 6.

Computer and Network Security Rabie A. Ramadan Lecture 6.

Similar presentations

Ads by Google