Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington.

Published byAgatha West Modified over 9 years ago

Similar presentations

Presentation on theme: "Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington."— Presentation transcript:

1 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington

2 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

3 What Is a Cryptosystem? A Sender B Receiver Cryptanalyst (bad guy) C = E AB (M)M = D AB (C)M M C K AB MessageEncryptionKey PlaintextCyphertext Cleartext K AB

4 What Is a Public Key Cryptosystem? A Sender B Receiver Cryptanalyst (bad guy) C = E AB (M)M = D AB (C)M M C K B E B MessageEncryption Private Key Public Key PlaintextCyphertext Cleartext K AB

5 The RSA Public Key Cryptosystem v Invented by Rivest, Shamir, and Adleman in 1977. v Has proven resistant to cryptanalytic attacks.

6 Receiver’s Set-Up v Choose 500-digit primes p and q, with p  2 (mod 3) and q  2 (mod 3) p = 5, q = 11 v Let n = pq. n = 55 v Let s = (1/3) (2(p - 1)(q - 1) + 1). s = (1/3) (2  4  10 + 1) = 27 v Publish n. Keep p, q, and s secret.

7 Note on the Version Presented Here v I have simplified RSA to make it clearer. v The version presented here is not considered secure, because of the small exponent 3 used in encryption. See http://crypto.stanford.edu/~dabo/pubs/papers/RSA- survey.pdf, Section 4.2, first two paragraphs for an explanation of the vulnerability of small exponents. http://crypto.stanford.edu/~dabo/pubs/papers/RSA- survey.pdf v See Rosen’s textbook for the secure version of RSA. v Thanks to Dimitrios Gklezakos for pointing out this vulnerability to me.

8 Encrypting a Message v Break the message into chunks. H I C H R I S … v Translate each chunk into an integer M (0 < M < n) by any convenient method. 8 9 3 8 18 9 19 … v Let E(M) = M 3 mod n. M = 8, n = 55 8 3 = 512 = 9×55 + 17 E(8) = 17

9 Decrypting a Cyphertext C v Let D(C) = C s mod n. C = 17, n = 55, s = 27 17 27 = 1,667,711,322,168,688,287,513,535,727,415,473 = 30,322,024,039,430,696,136,609,740,498,463 × 55 + 8 D(17) = 8 v Translate D(C) into letters. H

10 Decrypting a Cyphertext C Efficiently v C = 17, n = 55, s = 27 17 2  289  14 (mod 55) 17 4  17 2  17 2  14  14  196  31 (mod 55) 17 8  17 4  17 4  31  31  961  26 (mod 55) 17 16  17 8  17 8  26  26  676  16 (mod 55) 17 27  17 16  17 8  17 2  17 1  16  26  14  17  416  14  17  31  14  17  434  17  (-6)  17  -102  8 (mod 55) D(17) = 8

11 Why Does It Work? Euler’s Theorem (1736): Suppose v p and q are distinct primes, v n = pq, v 0 < M < n, and v k > 0. Then M k(p-1)(q-1)+1 mod n = M. (M 3 ) s = (M 3 ) (1/3)(2(p-1)(q-1)+1) = M 2(p-1)(q-1)+1  M (mod n)

12 Leonhard Euler 1707-1783

13 Why Is It Secure? v To find M = D(C), you seem to need s. v To find s, you seem to need p and q. v All the cryptanalyst has is n = pq. v How hard is it to factor a 1000-digit number n? With the grade school method, doing 1,000,000,000,000 steps per second it would take … 10 480 years.

14 State of the Art in Factoring v 1977: Inventors encrypt a challenge using “RSA129,” a 129-digit number n = pq. v 1981: Pomerance invents Quadratic Sieve factoring method. v 1994: Using Quadratic Sieve, RSA129 is factored over 8 months using 1000 computers on the Internet around the world. v 1999: Using Number Field Sieve, RSA140 is factored over one month using 200 computers, about 8.9 CPU-years. v 2009: Using Number Field Sieve, RSA-768, a 232- digit number, is factored over two years using hundreds of machines, about 1500 CPU-years.

15 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

16 Signed Messages v How A sends a secret message to B A B C = E B (M) M = D B (C) v How A sends a signed message to B A B C = D A (M) M = E A (C) C C

17 Signed and Secret Messages v How A sends a secret message to B... A B C = E B (M) M = D B (C) v How A sends a signed secret message to B... A B C = E B (D A (M)) M = E A (D B (C)) C C

18 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

19 Flipping a Coin Over the Phone y “even” “odd” x

Download ppt "Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington."

Similar presentations

Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
Public Key Encryption Algorithm

Public Key Encryption Algorithm
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Foundations of Network and Computer Security J J ohn Black Lecture #13 Sep 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #13 Sep 26 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
Public Encryption: RSA

Public Encryption: RSA
RSA Exponentiation cipher

RSA Exponentiation cipher
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google