Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh.

Published byPatience Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh

2 Dan Boneh Easy problems Given composite N and x in Z N find x -1 in Z N Given prime p and polynomial f(x) in Z p [x] find x in Z p s.t. f(x) = 0 in Z p (if one exists) Running time is linear in deg(f). … but many problems are difficult

3 Dan Boneh Intractable problems with primes Fix a prime p>2 and g in (Z p ) * of order q. Consider the function: x g x in Z p Now, consider the inverse function: Dlog g (g x ) = x where x in {0, …, q-2} Example: in : 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Dlog 2 ( ⋅ ) : 0, 1, 8, 2, 4, 9, 7, 3, 6, 5

4 Dan Boneh DLOG: more generally Let G be a finite cyclic group and g a generator of G G = { 1, g, g 2, g 3, …, g q-1 } ( q is called the order of G ) Def: We say that DLOG is hard in G if for all efficient alg. A: Pr gG, x Z q [ A( G, q, g, g x ) = x ] < negligible Example candidates: (1) (Z p ) * for large p, (2) Elliptic curve groups mod p

5 Dan Boneh Computing Dlog in (Z p ) * (n-bit prime p) Best known algorithm (GNFS): run time exp( ) cipher key sizemodulus size 80 bits 1024 bits 128 bits 3072 bits 256 bits (AES)15360 bits As a result: slow transition away from (mod p) to elliptic curves Elliptic Curve group size 160 bits 256 bits 512 bits

6 Dan Boneh An application: collision resistance Choose a group G where Dlog is hard (e.g. (Z p ) * for large p) Let q = |G| be a prime. Choose generators g, h of G For x,y ∈ {1,…,q} define H(x,y) = g x ⋅ h y in G Lemma: finding collision for H(.,.) is as hard as computing Dlog g (h) Proof: Suppose we are given a collision H(x 0,y 0 ) = H(x 1,y 1 ) then g x 0 ⋅ h y 0 = g x 1 ⋅ h y 1 ⇒ g x 0 -x 1 = h y 1 -y 0 ⇒ h = g x 0 -x 1 /y 1 -y 0

7 Dan Boneh Intractable problems with composites Consider the set of integers: (e.g. for n=1024) Problem 1: Factor a random N in (e.g. for n=1024) Problem 2: Given a polynomial f(x) where degree(f) > 1 and a random N in find x in s.t. f(x) = 0 in := { N = p ⋅ q where p,q are n-bit primes }

8 Dan Boneh The factoring problem Gauss (1805): Best known alg. (NFS): run time exp( ) for n-bit integer Current world record: RSA-768 (232 digits) Work: two years on hundreds of machines Factoring a 1024-bit integer: about 1000 times harder ⇒ likely possible this decade “The problem of distinguishing prime numbers from composite numbers and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic.”

9 Dan Boneh Further reading A Computational Introduction to Number Theory and Algebra, V. Shoup, 2008 (V2), Chapter 1-4, 11, 12 Available at //shoup.net/ntb/ntb-v2.pdf

10 Dan Boneh End of Segment

Download ppt "Dan Boneh Intro. Number Theory Intractable problems Online Cryptography Course Dan Boneh."

Similar presentations

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
ElGamal Security Public key encryption from Diffie-Hellman

ElGamal Security Public key encryption from Diffie-Hellman
Trusted 3rd parties Basic key exchange

Trusted 3rd parties Basic key exchange
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.

Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE 311 1.

CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

Similar presentations

Ads by Google