Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Aspects of Modern Cryptography

Published byLasse MΓ€ki Modified over 6 years ago

Similar presentations

Presentation on theme: "Practical Aspects of Modern Cryptography"β€” Presentation transcript:

1 Practical Aspects of Modern Cryptography
Assignment 2 Solutions

2 Problem 1 October 18, 2016 Practical Aspects of Modern Cryptography

3 Problem 1a 𝑋 mod 𝑃=π‘Œ mod 𝑃 ⇒𝑋 ≑ 𝑝 π‘Œ (by HW1#2a) β‡’π‘‹βˆ’π‘Œ=𝑒𝑃 for some π‘’βˆˆβ„€ (def. of ≑ 𝑝 from HW1#2a) Similarly, 𝑋 mod 𝑄=π‘Œ mod 𝑄 β‡’(π‘‹βˆ’π‘Œ)=𝑣𝑄 for some π‘£βˆˆβ„€. Since (π‘‹βˆ’π‘Œ) is a multiple of prime 𝑃 and also a multiple of (distinct) prime 𝑄, (π‘‹βˆ’π‘Œ) is a multiple of 𝑃𝑄. Hence, 𝑋 ≑ 𝑃𝑄 π‘Œ, and thus 𝑋 mod 𝑃𝑄 =π‘Œ mod (𝑃𝑄) (by HW1#2b). October 18, 2016 Practical Aspects of Modern Cryptography

4 Problem 1b Find a counterexample for the case when 𝑃 and 𝑄 are not both primes. We want (π‘‹βˆ’π‘Œ) is a multiple of 𝑃 and π‘‹βˆ’π‘Œ is a multiple of 𝑄, but (π‘‹βˆ’π‘Œ) is not a multiple of (𝑃𝑄). E.g. 𝑃=6=2Γ—3, 𝑄=10=2Γ—5; 30 is a multiple of both 6 and 10, but not a multiple of 60. So, for example, 73 mod 6=1=43 mod 6 and 73 mod 10=3=43 mod 10. But 73 mod 60=13β‰ 43=43 mod 60. October 18, 2016 Practical Aspects of Modern Cryptography

5 Problem 2 October 18, 2016 Practical Aspects of Modern Cryptography

6 Problem 2 We know that π‘Œ 𝑃 mod 𝑃=π‘Œ mod 𝑃 for all π‘Œβˆˆβ„€, prime 𝑃. Show that π‘Œ π‘˜ π‘ƒβˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃 for all π‘˜β‰₯0. π‘˜=0: π‘Œ π‘˜ π‘ƒβˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃. οƒΌ π‘˜=1: π‘Œ 𝑃 mod 𝑃=π‘Œ mod 𝑃 (from Fermat). οƒΌ Assume π‘Œ π‘˜ π‘ƒβˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃. Show that π‘Œ π‘˜+1 π‘ƒβˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃. π‘Œ π‘˜+1 π‘ƒβˆ’1 +1 mod 𝑃= π‘Œ π‘˜ π‘ƒβˆ’1 π‘Œ π‘ƒβˆ’1 +1 mod 𝑃 October 18, 2016 Practical Aspects of Modern Cryptography

7 Problem 2 π‘Œ π‘˜+1 π‘ƒβˆ’1 +1 mod 𝑃 = π‘Œ π‘˜ π‘ƒβˆ’1 + π‘ƒβˆ’1 +1 mod 𝑃 = π‘Œ π‘˜ π‘ƒβˆ’1 π‘Œ π‘ƒβˆ’1 +1 mod 𝑃 = π‘Œ π‘˜ π‘ƒβˆ’1 π‘Œ 𝑃 mod 𝑃 mod 𝑃 = π‘Œ π‘˜ π‘ƒβˆ’1 π‘Œ mod 𝑃 mod 𝑃 (by Fermat) = π‘Œ π‘˜ π‘ƒβˆ’1 +1 mod 𝑃 =π‘Œ mod 𝑃 (by inductive hypothesis) October 18, 2016 Practical Aspects of Modern Cryptography

8 Problem 3 October 18, 2016 Practical Aspects of Modern Cryptography

9 Problem 3 We now know that π‘Œ π‘˜ 1 π‘ƒβˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃 π‘Œ π‘˜ 2 π‘„βˆ’1 +1 mod 𝑄=π‘Œ mod 𝑄 for π‘˜ 1 , π‘˜ 2 β‰₯0, π‘Œβˆˆβ„€, and primes 𝑃 and 𝑄. Let π‘˜ 1 =𝐾(π‘„βˆ’1) and π‘˜ 2 =𝐾(π‘ƒβˆ’1) for 𝐾β‰₯0. π‘Œ 𝐾 π‘ƒβˆ’1 π‘„βˆ’1 +1 mod 𝑃=π‘Œ mod 𝑃 π‘Œ 𝐾 π‘ƒβˆ’1 π‘„βˆ’1 +1 mod 𝑄=π‘Œ mod 𝑄 By problem 1, if 𝑃 and 𝑄 are distinct primes, then π‘Œ 𝐾 π‘ƒβˆ’1 π‘„βˆ’1 +1 mod 𝑃𝑄 =π‘Œ mod 𝑃Q . October 18, 2016 Practical Aspects of Modern Cryptography

10 Problem 4 October 18, 2016 Practical Aspects of Modern Cryptography

11 Problem 4a 𝑍 1 = π‘Œ 1 𝑋 mod 𝑁 and 𝑍 2 = π‘Œ 2 𝑋 mod 𝑁 𝑍 1 𝑍 2 mod N = π‘Œ 1 𝑋 mod 𝑁 π‘Œ 2 𝑋 mod 𝑁 mod 𝑁 = π‘Œ 1 𝑋 π‘Œ 2 𝑋 mod 𝑁 = π‘Œ 1 π‘Œ 2 𝑋 mod 𝑁 = π‘Œ 1 π‘Œ 2 mod 𝑁 𝑋 mod 𝑁 October 18, 2016 Practical Aspects of Modern Cryptography

12 Problem 4b 𝑓 𝑋 1 βŠ•π‘“ 𝑋 2 =𝑓( 𝑋 1 + 𝑋 2 mod 𝑀) Let 𝑓 𝑋 = π‘Œ 𝑋 mod 𝑃 and let βŠ• be multiplication mod 𝑃. Then 𝑓 𝑋 1 βŠ•π‘“ 𝑋 2 = (π‘Œ 𝑋 1 mod 𝑃) (π‘Œ 𝑋 2 mod 𝑃) mod 𝑃 = π‘Œ 𝑋 1 + 𝑋 2 mod 𝑃. Now Fermat (and prob. 2) tell us that if (𝑋 1 + 𝑋 2 )β‰₯𝑃, we can subtract multiples of (π‘ƒβˆ’1) from the exponent without changing the result. So, 𝑓 𝑋 1 βŠ•π‘“ 𝑋 2 = π‘Œ 𝑋 1 + 𝑋 2 mod 𝑃 = π‘Œ 𝑋 1 + 𝑋 2 mod π‘ƒβˆ’1 mod 𝑃 October 18, 2016 Practical Aspects of Modern Cryptography

13 Problem 5 October 18, 2016 Practical Aspects of Modern Cryptography

14 Problem 5 π‘Ž and 𝑏 are the long-term private keys of Alice and Bob. 𝐴 and 𝐡 are the long-term public keys of Alice and Bob. π‘Ž and 𝑏 are the ephemeral private keys of Alice and Bob. 𝐴 and 𝐡 are the ephemeral public keys of Alice and Bob. 𝐴 = π‘Œ π‘Ž mod 𝑃 𝐡 = π‘Œ 𝑏 mod 𝑃 𝐴= π‘Œ π‘Ž mod 𝑃 𝐡= π‘Œ 𝑏 mod 𝑃 𝐾= 𝐴 𝑏 𝐴 𝑏 mod 𝑃= 𝐡 π‘Ž 𝐡 π‘Ž mod 𝑃 𝐾= 𝐴 𝑏 𝐡 π‘Ž mod 𝑃 This protocol does not achieve forward secrecy! October 18, 2016 Practical Aspects of Modern Cryptography

15 Problem 5a 𝐾= 𝐴 𝑏 𝐴 𝑏 mod 𝑃= 𝐡 π‘Ž 𝐡 π‘Ž mod 𝑃= π‘Œ π‘Ž 𝑏 +π‘Žπ‘ mod 𝑃 instead of 𝐾= 𝐴 𝑏 𝐴 𝑏 mod 𝑃= 𝐡 π‘Ž 𝐡 π‘Ž mod 𝑃= π‘Œ π‘Ž 𝑏 + π‘Ž 𝑏 mod 𝑃 New protocol: 𝐾= π‘Œ π‘Ž 𝑏 +π‘Žπ‘ mod 𝑃= π‘Œ π‘Ž 𝑏 π‘Œ π‘Žπ‘ mod 𝑃 This is (long-term shared key)Γ—(ephemeral shared key). Knowledge of long-term keys does not reveal ephemeral keys. This protocol does achieve forward secrecy. October 18, 2016 Practical Aspects of Modern Cryptography

16 Problem 5b Alice has certified 𝐴 = π‘Œ π‘Ž mod 𝑃, but Bob has no certified public key. If Bob generates ephemeral 𝐡= π‘Œ 𝑏 mod 𝑃, 𝐾= π‘Œ π‘Ž 𝑏 mod 𝑃 produces a (one-sided) authenticated secret key exchange, but not forward secrecy. Alice can also generate an ephemeral key 𝐴= π‘Œ π‘Ž mod 𝑃. 𝐾= 𝐴 𝐴 𝑏 mod 𝑃= π‘Œ π‘Ž +π‘Ž 𝑏 mod 𝑃= 𝐡 π‘Ž +π‘Ž mod 𝑃 seems to produce a (one-sided) authenticated secret key exchange that achieves forward secrecy. Or does it? October 18, 2016 Practical Aspects of Modern Cryptography

17 Problem 5b An attack by Eve on 𝐾= 𝐴 𝐴 𝑏 mod 𝑃= π‘Œ π‘Ž +π‘Ž 𝑏 mod 𝑃= 𝐡 π‘Ž +π‘Ž mod 𝑃 Eve selects random 𝑒 and produces 𝐸= π‘Œ 𝑒 mod 𝑃. Eve then sends to Bob: Alice’s certified 𝐴 and her ephemeral public key 𝐸 = 𝐸÷ 𝐴 mod 𝑃. [ 𝐸 = π‘Œ π‘’βˆ’ π‘Ž mod 𝑃 – even though Eve doesn’t know π‘Ž .] Bob computes 𝐾= 𝐴 𝐸 𝑏 mod 𝑃= π‘Œ 𝑒𝑏 mod 𝑃. Eve computes 𝐾= 𝐡 𝑒 mod 𝑃= π‘Œ 𝑏𝑒 mod 𝑃. October 18, 2016 Practical Aspects of Modern Cryptography

18 Problem 5b Instead of 𝐾= (π‘Œ π‘Ž 𝑏 Γ— π‘Œ π‘Žπ‘ ) mod 𝑃, one option is 𝐾= π‘Œ π‘Ž 𝑏 + π‘Œ π‘Žπ‘ mod 𝑃. Bob computes 𝐾= 𝐴 𝑏 + 𝐴 𝑏 mod 𝑃. Alice computes 𝐾= 𝐡 π‘Ž + 𝐡 π‘Ž mod 𝑃. This does (we believe) provide a secret key exchange with (one-sided) authentication and forward secrecy. October 18, 2016 Practical Aspects of Modern Cryptography

Download ppt "Practical Aspects of Modern Cryptography"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
7. Asymmetric encryption-

7. Asymmetric encryption-
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Homework #4 Solutions Brian A. LaMacchia Portions Β© 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions Β© , Brian A. LaMacchia. This material is provided without.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography & Number Theory

Cryptography & Number Theory
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Codes, Ciphers, and Cryptography-RSA Encryption

Codes, Ciphers, and Cryptography-RSA Encryption
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography
Rachana Y. Patil 1 1.

Rachana Y. Patil 1 1.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, A Public-Key Cryptosystem and a Signature Scheme.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Lecture 7b: The Diffie-Hellman Secret Sharing Scheme Wayne Patterson SYCS 653 Fall 2009.

Lecture 7b: The Diffie-Hellman Secret Sharing Scheme Wayne Patterson SYCS 653 Fall 2009.
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.

RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.

Similar presentations

Ads by Google