Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011."— Presentation transcript:

1 The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011

2 Modern Cryptography 7/20/2011Cliff McCullough2

3 Multi-Precision Calculator 7/20/2011Cliff McCullough3

4 That’s a lot of digits 7/20/2011Cliff McCullough4

5 Modular Arithmetic The Division Algorithm a = m b + r “Any integer a can be divided by b in such a way that the remainder is smaller than b.” (Burton, 2007, p. 17) 7/20/2011Cliff McCullough5

6 Examples 13 = 1 * 12 + 1 ◦ 13 ≡ 1 mod 12 9 = 0 * 12 + 9 ◦ 9 ≡ 9 mod 12 7/20/2011Cliff McCullough6

7 Addition First express the numbers in modular form Add the numbers and collect the terms Adjust the multiplier if needed so that the residue is positive and less than the modulus 7/20/2011Cliff McCullough7

8 Subtraction First express the numbers in modular form Subtract the numbers and collect the terms Adjust the multiplier if needed so that the residue is positive and less than the modulus 7/20/2011Cliff McCullough8

9 Multiplication Multiplication is merely repeated addition Adjust the multiplier so that the residue is positive and less than the modulus 7/20/2011Cliff McCullough9

10 Division Division is tricky Instead of c ---- = e d We write c = d * e Ask by what number, e, can we multiply d to result in c, in modular arithmetic? 7/20/2011Cliff McCullough10

11 Division by Multiplicative Inverse Another way to divide is to multiply by the MMI c * d -1 = e MMI: d * d -1 = 1 mod modulus Ask by what number, d -1, can we multiply d such that the result is 1 in modular arithmetic? 7/20/2011Cliff McCullough11

12 Useful Functions Euclidean Algorithm ◦ Greatest Common Divisor ◦ Modular Multiplicative Inverse Modular Exponentiation Chinese Remainder Theorem Euler’s Totient Function 7/20/2011Cliff McCullough12

13 Greatest Common Divisor Compare the smaller number to the larger Find the quotient of the two numbers Multiply the smaller by the quotient and subtract Now compare the residue with the previous smaller number Continue until the residue is zero 7/20/2011Cliff McCullough13

14 GCD Example Example from (Euclidean algorithm, 2011) 7/20/2011Cliff McCullough14

15 GCD Results AE = 3 * CF CD = 2 * AE + CF = 2 * 3 * CF + CF = 7 * CF AB = CD + AE = 7 * CF + 3 * CF = 10 * CF 7/20/2011Cliff McCullough15

16 Extended Euclidean Algorithm Use Extended Euclidean Algorithm Basically keep track of the coefficients 1. Start by writing the two numbers 2. Find the quotient 3. Multiply the second equation by the quotient and subtract from the first 4. Repeat steps 2 and 3 until the residue is zero 7/20/2011Cliff McCullough16

17 Extended Euclid Example 50 = 50 ( 1) + 35 ( 0) 35 = 50 ( 0) + 35 ( 1), q = 1 15 = 50 ( 1) + 35 ( -1), q = 2 5 = 50 ( -2) + 35 ( 3), q = 3 0 = 50 ( 7) + 35 (-10) 7/20/2011Cliff McCullough17

18 Finding the MMI 13 = 13 ( 1) + 4 ( 0) 4 = 13 ( 0) + 4 ( 1), q = 3 1 = 13 ( 1) + 4 ( -3) 1 = 13 (1) + 4 (-3) + 13 (-4) + 4 (13) 1 = 13 (1 - 4) + 4 (-3 + 13) 1 = 13 (-3) + 4 (10) 7/20/2011Cliff McCullough18

19 Modular Exponentiation Initiate X = base, E = exponent, Y = 1 If E is odd ◦ Replace Y = X * Y ◦ Replace E = E - 1 E is now even ◦ Replace X = X * X ◦ Replace E = E ÷ 2 When E = 0, Y is the answer (Garrett, 2004, p. 123) 7/20/2011Cliff McCullough19

20 Exponentiation Example 7/20/2011Cliff McCullough20 E = 11 = 8 + 2 + 1 Y = 3 8 * 3 2 * 3 1 = 6561 * 9 * 3 = 177147 NotesXEY Initialization3111 E is odd103 E is even95 E is odd427 E is even812 E is even65611 E is odd0177147

21 Modular Exponentiation Example E = 11 = 8 + 2 + 1 Y = 3 8 * 3 2 * 3 1 = 237 * 9 * 3 mod 527 7/20/2011Cliff McCullough21 NotesXEY Initialization3111 E is odd103 E is even95 E is odd427 E is even812 E is even2371 E is odd075

22 Consider Multiplication 1111 11 x 1111 x 11 ---------------- -------- 1111 11 1111 + 11 1111 -------- + 1111 1001 ---------------- 11100001 7/20/2011Cliff McCullough22

23 Chinese Remainder Theorem Reduces calculation time by dealing with smaller numbers Some elements may be pre-calculated and used repeatedly for subsequent calculations 7/20/2011Cliff McCullough23

24 How To CRT Pre-calculations ◦ Know the Factors of M = m 1 * m 2 ◦ Calculate each M i ◦ Calculate MMI of each M i mod m i ◦ Calculate A i Perform the operation Combine the results (Stallings, 2011, pp. p 254-257) 7/20/2011Cliff McCullough24

25 CRT Pre-calculations Chose m 1 and m 2 M = m 1 * m 2 = 37 * 49 = 1813 Calculate M i = M ÷ m i M 1 = 1813 ÷ 37 = 49 M 2 = 1813 ÷ 49 = 37 Calculate M i -1 mod m i M 1 -1 mod m 1 = 49 -1 mod 37 ≡ 34 M 2 -1 mod m 2 = 37 -1 mod 49 ≡ 4 7/20/2011Cliff McCullough25

26 CRT Pre-calculations too Calculate A i A 1 = M 1 * M 1 -1 mod M = 49 * 34 mod 1813 ≡ 1666 A 2 = M 2 * M 2 -1 mod M = 37 * 4 mod 1813 ≡ 148 7/20/2011Cliff McCullough26

27 CRT Addition Compute x + y = z i mod m i for each m i 973 mod 37 = 11 973 mod 49 = 42 + 678 mod 37 = 12 + 678 mod 49 = 41 ----------------- z 1 = 23 mod 37 z 2 = 34 mod 49 Combine results (x + y) mod M = (z 1 * A 1 + z 2 * A 2 ) mod M (973 + 678) mod 1813 = (23 * 1666 + 34 * 148) mod 1813 ≡ 1651 7/20/2011Cliff McCullough27

28 CRT Multiplication Compute x * y = z i mod m i for each m i 1651 mod 37 = 23 1651 mod 49 = 34 * 73 mod 37 = 36 * 73 mod 49 = 24 ----------------- z 1 = 14 mod 37 z 2 = 32 mod 49 Combine results (x * y) mod M = (z 1 * A 1 + z 2 * A 2 ) mod M (973 + 678) mod 1813 = (14 * 1666 + 32 * 148) mod 1813 ≡ 865 7/20/2011Cliff McCullough28

29 Euler’s Totient Function Euler’s totient function, Φ(n), identifies the number of integers, less than n, that are relatively prime to n. A good treatment of Euler’s Totient function can be found in (Burton, 2007, pp. 131-135). Φ(n)=(p i )*(q j )=(p i - p i-1 )*(q j - q j-1 ) (Burton, 2007, pp. 131-135) 7/20/2011Cliff McCullough29

30 Phi Examples 21 = 3 * 7 Φ(21)=(3 - 1) * (7 - 1) = 2 * 6 = 12 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are the 12 numbers less than 21 that are coprime to 21 20 = 4 * 5 Φ(21)=(2 2 -2 1 ) * (5 1 -5 0 ) = (4-2)*(5-1)=2*4=8 The 8 integers less than 20 coprime to 20 are 1, 3, 7, 9, 11, 13, 17, 19 7/20/2011Cliff McCullough30

31 Public Key Cryptography - RSA RSA uses Euler’s theorem If a and n are coprime then a Φ(n) ≡ 1 mod n (Burton, 2007, p. 137) 7/20/2011Cliff McCullough31

32 How to RSA Chose two prime numbers p and q Form n = p * q and find Φ(n) Choose encryption exponent e coprime to Φ(n) Find MMI of e mod Φ(n) Encrypt: C = M e mod n Decrypt: M = C d mod n Public key (e, n) Private key d and p, q if using CRT 7/20/2011Cliff McCullough32

33 Why Does RSA Work C = M e mod n M = (C) d = M e*d mod n e and d were chosen such that e * d ≡ 1 mod Φ(n), therefore: e * d = m * Φ(n) + 1 Remember the Euler’s Theorem M Φ(n) ≡ 1 mod n M e*d = M m Φ(n)+1 = (M Φ(n) ) m * M ≡ 1 m * M mod n 7/20/2011Cliff McCullough33

34 RSA and CRT To use CRT, we need to know the factors of n Thus, we only use CRT to decrypt 7/20/2011Cliff McCullough34

35 RSA Example Let: p = 17 q = 31 e = 11 message: M = 3 n = p * q = 17 * 31 = 527 Φ(n) = 16 * 30 = 480 d = e -1 mod Φ(n) ≡ 131 7/20/2011Cliff McCullough35

36 RSA-CRT Pre-calculations P = n ÷ p = 31 P -1 mod p ≡ 11 A p = P * P -1 mod n = 31 * 11 mod 527 ≡ 341 Q = n ÷ q = 17 Q -1 mod q ≡ 11 A q = Q * Q -1 mod n = 17 * 11 mod 527 ≡ 187 d p = d mod Φ(p) = 131 mod 16 ≡ 3 d q = d mod Φ(q) = 131 mod 30 ≡ 11 7/20/2011Cliff McCullough36

37 RSA Encrypt Encrypt is standard C = M e mod n = 3 11 mod 527 ≡ 75 7/20/2011Cliff McCullough37

38 RSA-CRT Decrypt Decrypt uses CRT ◦ Complete the operation M p = C dp mod p = 75 3 mod 17 ≡ 3 M q = C dq mod q = 75 11 mod 31 ≡ 3 ◦ Combine the results M = (M p * A p + M q * A q ) mod n = (3 * 341 + 3 * 187) mod 527 ≡ 3 7/20/2011Cliff McCullough38

39 How to Share a Secret (Shamir, November, 1979) describes how to share a secret A simple way of looking at this is to use a curve described by a polynomial function f(x) = a t x t + a t-1 x t-1... a 1 x + a 0 Typically a 0 is the secret information a 1 through a t are chosen randomly 7/20/2011Cliff McCullough39

40 Why It Remains a Secret We have t + 1 unknowns ◦ the t + 1 coefficients We need t + 1 points on the curve to identify all the coefficients The secret shares are points on the curve ◦ x, f(x) number pairs ◦ x can be an index. Only f(x) must be secret 7/20/2011Cliff McCullough40

41 Paillier Cryptography Carmichael function is very similar to Euler’s totient function λ(n) = lcm(p-1, q-1) Useful properties w λ ≡ 1 mod n w λn ≡ 1 mod n 2 Which implies w λ = an + 1 w λn = bn 2 + 1 (Paillier, 1999) 7/20/2011Cliff McCullough41

42 How to Paillier Choose two safe primes p and q Calculate n = p * q and λ(n) Define the function u - 1 L(u) = ---------- n Choose a generator value g such that L(g λ mod n 2 ) and n are coprime Public key is (g, n) Private key is λ 7/20/2011Cliff McCullough42

43 Paillier Encrypt For plaintext message m < n Chose a random number r < n Encrypt message m c = g m r n mod n 2 7/20/2011Cliff McCullough43

44 Paillier Decrypt Decrypt L(c λ mod n 2 ) m = ------------------ mod n L(g λ mod n 2 ) 7/20/2011Cliff McCullough44

45 The Generator g Start from the Carmichael function g λ = 1 + an g λx = (1 + an) x Use binomial expansion (1+an) x = 1 + x(an) + n 2... Result g λx = (1 + an) x = (1 + xan) mod n 2 7/20/2011Cliff McCullough45

46 Decrypt Numerator c λ - 1 g λm r λ n - 1 L(c λ mod n 2 ) = -------- mod n 2 = -------------- mod n 2 n n Applying the Generator g Result and Carmichael function (1 + man) (1) - 1 L(c λ mod n 2 ) = ----------------------- mod n 2 = ma mod n 2 n 7/20/2011Cliff McCullough46

47 Decrypt Denominator g λ - 1 (1 + an) - 1 L(g λ mod n 2 ) = -------- mod n 2 = -------------- mod n 2 n n L(c λ mod n 2 ) = a mod n 2 7/20/2011Cliff McCullough47

48 The Decrypt Result Combining the results gives L(c λ mod n 2 ) ma mod n 2 m = ------------------ mod n = ---------------- mod n L(g λ mod n 2 ) a mod n 2 7/20/2011Cliff McCullough48

49 Cryptographic Blinding Cryptographic blinding allows for a message to be multiplied by a specially treated random number, while still allowing the message to be decrypted without knowledge of the random number. (Blinding (cryptography), 2011) 7/20/2011Cliff McCullough49

50 Paillier Blinding We can apply any succession of blinding factors without affecting the successful decryption c = g m * r 1 n r 2 n... r k n mod n 2 = g m * (r 1 r 2... r k ) n mod n 2 = g m * r n mod n 2 7/20/2011Cliff McCullough50

51 Tallying the Vote Paillier cryptography is well suited to voting due to its homomorphic property The multiplication of two ciphertexts is equivalent to the addition of the respective paintexts. (Paillier, 1999, p. 13) This way, the votes may be tallied without decrypting the ciphertext. 7/20/2011Cliff McCullough51

52 Homomorphic Paillier Start with two messages and encrypt c 1 = g m1 r 1 n mod n 2 c 2 = g m2 r 2 n mod n 2 Now multiply the two ciphertexts c 1 * c 2 = g m1 r 1 n * g m2 r 2 n mod n 2 = g m1 g m2 * r 1 n r 2 n mod n 2 = g m1 + m2 * (r 1 r 2 ) n mod n 2 = g m3 * r 3 n mod n 2 7/20/2011Cliff McCullough52

53 References Cited Blinding (cryptography). (2011, June 3). Retrieved July 10, 2011, from Wikipedia: http://en.wikipedia.org/wiki/Blinding_(cryptography) Burton, D. M. (2007). Elementary Number Theory, Sixth Edition. New York, New York 10020: McGraw-Hill Higher Education. Euclidean algorithm. (2011, June 30). Retrieved July 7, 2011, from Wikipedia: http://en.wikipedia.org/wiki/Euclid_algorithm Garrett, P. (2004). The Mathematics of Coding Theory. Upper Saddle River, New Jersey: Pearson Prentice Hall. MPIR home page. (n.d.). Retrieved July 9, 2011, from MPIR: http://www.mpir.org/ Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity Clases. Advances in Cryptology - Eurocrypt '99, pp. 223-238. 7/20/2011Cliff McCullough53

54 References continued Safe prime. (2010, August 24). Retrieved July 9, 2011, from Wikipedia: http://en.wikipedia.org/wiki/Safe_prime Shamir, A. (November, 1979). How to Share a Secret. Communications of the ACM, 612-613. Stallings, W. (2011). Cryptography and Network Security, Principles and Practice, Fifth Edition. Prentice Hall. The GNU Muliple Precision Arithmetic Library. (n.d.). Retrieved July 9, 2011, from GNU: http://gmplib.org/ 7/20/2011Cliff McCullough54

Download ppt "The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011."

Similar presentations

Cryptography and Network Security

Cryptography and Network Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.

Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.
hap8.html#chap8ex5.

hap8.html#chap8ex5.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.

 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
The RSA Algorithm Rocky K. C. Chang, March 2014 1.

The RSA Algorithm Rocky K. C. Chang, March
Introduction to Modular Arithmetic and Public Key Cryptography.

Introduction to Modular Arithmetic and Public Key Cryptography.

Similar presentations

Ads by Google