Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Applications of Number Theory CS/APMA 202 Rosen section 2.6 Aaron Bloomfield.

Published byAgatha Clarke Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Applications of Number Theory CS/APMA 202 Rosen section 2.6 Aaron Bloomfield."— Presentation transcript:

1 1 Applications of Number Theory CS/APMA 202 Rosen section 2.6 Aaron Bloomfield

2 2 About this lecture set We are only going to go over parts of section 2.6 Just the ones that deal directly with 2.6 Just the ones that deal directly with 2.6 Much of the underlying theory we will not be able to get to It’s beyond the scope of this course It’s beyond the scope of this course Much of why this all works won’t be taught It’s just an introduction to how it works It’s just an introduction to how it works

3 3 Private key cryptography The function and/or key to encrypt/decrypt is a secret (Hopefully) only known to the sender and recipient (Hopefully) only known to the sender and recipient The same key encrypts and decrypts How do you get the key to the recipient?

4 4 Public key cryptography Everybody has a key that encrypts and a separate key that decrypts They are not interchangable! They are not interchangable! The encryption key is made public The decryption key is kept private

5 5 Public key cryptography goals Key generation should be relatively easy Encryption should be easy Decryption should be easy With the right key! With the right key! Cracking should be very hard

6 6 Is that number prime? Use the Fermat primality test Given: n: the number to test for primality n: the number to test for primality k: the number of times to test (the certainty) k: the number of times to test (the certainty) The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime

7 7 End of lecture on 22 February 2005

8 8 Is that number prime? The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime Let n = 105 Iteration 1: a = 92: 92 104 mod 105 = 1 Iteration 1: a = 92: 92 104 mod 105 = 1 Iteration 2: a = 84: 84 104 mod 105 = 21 Iteration 2: a = 84: 84 104 mod 105 = 21 Therefore, 105 is composite Therefore, 105 is composite

9 9 Is that number prime? The algorithm is: repeat k times: pick a randomly in the range [1, n−1] if a n−1 mod n ≠ 1 then return composite return probably prime Let n = 101 Iteration 1: a = 55: 55 100 mod 100 = 1 Iteration 1: a = 55: 55 100 mod 100 = 1 Iteration 2: a = 60: 60 100 mod 100 = 1 Iteration 2: a = 60: 60 100 mod 100 = 1 Iteration 3: a = 14: 14 100 mod 100 = 1 Iteration 3: a = 14: 14 100 mod 100 = 1 Iteration 4: a = 73: 73 100 mod 100 = 1 Iteration 4: a = 73: 73 100 mod 100 = 1 At this point, 101 has a (½) 4 = 1/16 chance of still being composite At this point, 101 has a (½) 4 = 1/16 chance of still being composite

10 10 More on the Fermat primality test Each iteration halves the probability that the number is a composite Probability = (½) k Probability = (½) k If k = 100, probability it’s a composite is (½) 100 = 1 in 1.2  10 30 that the number is composite If k = 100, probability it’s a composite is (½) 100 = 1 in 1.2  10 30 that the number is composite Greater chance of having a hardware error! Thus, k = 100 is a good value Thus, k = 100 is a good value However, this is not certain! There are known numbers that are composite but will always report prime by this test There are known numbers that are composite but will always report prime by this test Source: http://en.wikipedia.org/wiki/Fermat_primality_test

11 11 Google’s latest recruitment campaign

12 12 RSA Stands for the inventors: Ron Rivest, Adi Shamir and Len Adleman Three parts: Key generation Key generation Encrypting a message Encrypting a message Decrypting a message Decrypting a message

13 13 Key generation steps 1.Choose two random large prime numbers p ≠ q, and n = p*q 2.Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) 3.Compute d such that d * e ≡ 1 (mod (p-1)(q-1)) Rephrased: d*e mod (p-1)(q-1) = 1 Rephrased: d*e mod (p-1)(q-1) = 1 4.Destroy all records of p and q

14 14 Key generation, step 1 Choose two random large prime numbers p ≠ q In reality, 2048 bit numbers are recommended In reality, 2048 bit numbers are recommended That’s  617 digits From last lecture: chance of a random odd 2048 bit number being prime is about 1/710 From last lecture: chance of a random odd 2048 bit number being prime is about 1/710 We can compute if a number is prime relatively quickly via the Fermat primality test We choose p = 107 and q = 97 Compute n = p*q n = 10379 n = 10379

15 15 Key generation, step 1 Java code to find a big prime number: BigInteger prime = new BigInteger (numBits, certainty, random); The number of bits of the prime Certainty that the number is a prime The random number generator

16 16 Key generation, step 1 Java code to find a big prime number: import java.math.*; import java.util.*; class BigPrime { static int numDigits = 617; static int certainty = 100; static final double LOG_2 = Math.log(10)/Math.log(2); static int numBits = (int) (numDigits * LOG_2); public static void main (String args[]) { Random random = new Random(); BigInteger prime = new BigInteger (numBits, certainty, random); random); System.out.println (prime); }}

17 17 Key generation, step 1 How long does this take? Keep in mind this is Java! Keep in mind this is Java! These tests done on a 850 Mhz Pentium machine These tests done on a 850 Mhz Pentium machine Average of 100 trials (certainty = 100) Average of 100 trials (certainty = 100) 200 digits (664 bits): about 1.5 seconds 200 digits (664 bits): about 1.5 seconds 617 digits (2048 bits): about 75 seconds 617 digits (2048 bits): about 75 seconds

18 18 Key generation, step 1 Practical considerations p and q should not be too close together p and q should not be too close together (p-1) and (q-1) should not have small prime factors (p-1) and (q-1) should not have small prime factors Use a good random number generator Use a good random number generator

19 19 Key generation, step 2 Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) There are algorithms to do this efficiently We aren’t going over them in this course We aren’t going over them in this course Easy way to do this: make e be a prime number It only has to be relatively prime to (p-1)(q-1), but can be fully prime It only has to be relatively prime to (p-1)(q-1), but can be fully prime

20 20 Key generation, step 2 Recall that p = 107 and q = 97 (p-1)(q-1) = 106*96 = 10176 = 2 6 *3*53 (p-1)(q-1) = 106*96 = 10176 = 2 6 *3*53 We choose e = 85 85 = 5*17 85 = 5*17 gcd (85, 10176) = 1 gcd (85, 10176) = 1 Thus, 85 and 10176 are relatively prime Thus, 85 and 10176 are relatively prime

21 21 Key generation, step 3 Compute d such that: d * e ≡ 1 (mod (p-1)(q-1)) Rephrased: d*e mod (p-1)(q-1) = 1 Rephrased: d*e mod (p-1)(q-1) = 1 There are algorithms to do this efficiently We aren’t going over them in this course We aren’t going over them in this course We choose d = 4669 4669*85 mod 10176 = 1 4669*85 mod 10176 = 1 Use the script at http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

22 22 Key generation, step 3 Java code to find d: import java.math.*; class FindD { public static void main (String args[]) { BigInteger pq = new BigInteger("10176"); BigInteger e = new BigInteger ("85"); System.out.println (e.modInverse(pq)); }} Result: 4669

23 23 Key generation, step 4 Destroy all records of p and q If we know p and q, then we can compute the private encryption key from the public decryption key d * e ≡ 1 (mod (p-1)(q-1))

24 24 The keys We have n = p*q = 10379, e = 85, and d = 4669 The public key is (n,e) = (10379, 85) The private key is (n,d) = (10379, 4669) Thus, n is not private Only d is private Only d is private In reality, d and e are 600 (or so) digit numbers Thus n is a 1200 (or so) digit number Thus n is a 1200 (or so) digit number

25 25 Encrypting messages To encode a message: 1.Encode the message m into a number 2.Split the number into smaller numbers m < n 3.Use the formula c = m e mod n c is the ciphertext, and m is the message Java code to do the last step: m.modPow (e, n) m.modPow (e, n) Where the object m is the BigInteger to encrypt Where the object m is the BigInteger to encrypt

26 26 Encrypting messages example 1.Encode the message into a number String is “Go Cavaliers!!” String is “Go Cavaliers!!” Modified ASCII codes: Modified ASCII codes: 41 81 02 37 67 88 67 78 75 71 84 85 03 03 2.Split the number into numbers < n 4181 0237 6788 6778 7571 8485 0303 4181 0237 6788 6778 7571 8485 0303 3.Use the formula c = m e mod n 4181 85 mod 10379 = 4501 4181 85 mod 10379 = 4501 0237 85 mod 10379 = 2867 0237 85 mod 10379 = 2867 6788 85 mod 10379 = 4894 6788 85 mod 10379 = 4894 Etc… Etc… Encrypted message: 4501 2867 4894 0361 3630 4496 6720 4501 2867 4894 0361 3630 4496 6720

27 27 Encrypting RSA messages Formula is c = m e mod n Formula is c = m e mod n

28 28 Decrypting messages 1.Use the formula m = c d mod n on each number 2.Split the number into individual ASCII character numbers 3.Decode the message into a string

29 29 Decrypting messages example Encrypted message: 4501 2867 4894 0361 3630 4496 6720 4501 2867 4894 0361 3630 4496 6720 1.Use the formula m = c d mod n on each number 4501 4669 mod 10379 = 4181 4501 4669 mod 10379 = 4181 2867 4669 mod 10379 = 0237 2867 4669 mod 10379 = 0237 4894 4669 mod 10379 = 6788 4894 4669 mod 10379 = 6788 Etc… Etc… 2.Split the numbers into individual characters 41 81 02 37 67 88 67 78 75 71 84 85 03 03 41 81 02 37 67 88 67 78 75 71 84 85 03 03 3.Decode the message into a string Modified ASCII codes: Modified ASCII codes: 41 81 02 37 67 88 67 78 75 71 84 85 03 03 Retrieved String is “Go Cavaliers!!” Retrieved String is “Go Cavaliers!!”

30 30 modPow computation 1.How to compute c = m e mod n or m = c d mod n? Example: 4501 4669 mod 10379 = 4181 Example: 4501 4669 mod 10379 = 4181 Use the script at http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow Other means: Java: use the BigInteger.modPow() method Java: use the BigInteger.modPow() method Perl: use the bmodpow function in the BigInt library Perl: use the bmodpow function in the BigInt library Etc… Etc…

31 31 Why this works m = c d mod n c = m e mod n c d ≡ (m e ) d ≡ m ed (mod n) Recall that: ed ≡ 1 (mod p-1) ed ≡ 1 (mod p-1) ed ≡ 1 (mod q-1) ed ≡ 1 (mod q-1)Thus, m ed ≡ m (mod p) m ed ≡ m (mod p) m ed ≡ m (mod q) m ed ≡ m (mod q) m ed ≡ m (mod pq) m ed ≡ m (mod n)

32 32 Cracking a message In order to decrypt a message, we must compute m = c d mod n n is known (part of the public key) n is known (part of the public key) c is known (the ciphertext) c is known (the ciphertext) e is known (the encryption key) e is known (the encryption key) Thus, we must compute d with no other information Recall: choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) Recall: choose an integer 1 < e < n which is relatively prime to (p-1)(q-1) Recall: Compute d such that d * e ≡ 1 (mod (p-1)(q-1)) Recall: Compute d such that d * e ≡ 1 (mod (p-1)(q-1)) Thus, we must factor the composite n into it’s component primes There is no efficient way to do this! There is no efficient way to do this! We can tell that n is composite very easily, but we can’t tell what its factors are We can tell that n is composite very easily, but we can’t tell what its factors are Once n is factored into p and q, we compute d as above Then we can decrypt c to obtain m Then we can decrypt c to obtain m

33 33 Cracking a message example In order to decrypt a message, we must compute m = c d mod n n = 10379 n = 10379 c is the ciphertext being cracked c is the ciphertext being cracked e = 85 e = 85 In order to determine d, we need to factor n d * e ≡ 1 (mod (p-1)(q-1)) d * e ≡ 1 (mod (p-1)(q-1)) We factor n into p and q: 97 and 107 We factor n into p and q: 97 and 107 d * 85 ≡ 1 (mod (96)(106)) d * 85 ≡ 1 (mod (96)(106)) This would not have been feasible with two large prime factors!!! This would not have been feasible with two large prime factors!!! We then compute d as above, and crack the message

34 34 Signing a message Recall that we computed d*e mod (p-1)(q-1) = 1 Note that d and e are interchangable! You can use either for the encryption key You can use either for the encryption key You can encrypt with either key! Thus, you must use the other key to decrypt Thus, you must use the other key to decrypt

35 35 Signing a message To “sign” a message: 1.Write a message, and determine the MD5 hash 2.Encrypt the hash with your private (encryption) key 3.Anybody can verify that you created the message because ONLY the public (encryption) key can decrypt the hash 4.The hash is then verified against the message

36 36 PGP and GnuPG Two applications which implement the RSA algorithm GnuPG Is open-source (thus it’s free) GnuPG Is open-source (thus it’s free) PGP was first, and written by Phil Zimmerman PGP was first, and written by Phil Zimmerman The US gov’t didn’t like PGP…

37 37 The US gov’t and war munitions

38 38 How to “crack” PGP Factoring n is not feasible Thus, “cracking” PGP is done by other means Intercepting the private key Intercepting the private key “Hacking” into the computer, stealing the computer, etc. Man-in-the-middle attack Man-in-the-middle attack Etc. Etc.

39 39 Other public key encryption methods Modular logarithms Developed by the US government, therefore not widely trusted Developed by the US government, therefore not widely trusted Elliptic curves

40 40 Quantum computers A quantum computer could (in principle) factor n in reasonable time This would make RSA obsolete! This would make RSA obsolete! Shown (in principle) by Peter Shor in 1993 Shown (in principle) by Peter Shor in 1993 You would need a new (quantum) encryption algorithm to encrypt your messages You would need a new (quantum) encryption algorithm to encrypt your messages This is like saying, “in principle, you could program a computer to correctly predict the weather” IBM recently created a quantum computer that successfully factored 15 into 3 and 5 I bet the NSA is working on such a computer, also

41 41 Sources Wikipedia article has a lot of info on RSA and the related algorithms Those articles use different variable names Those articles use different variable names Link at http://en.wikipedia.org/wiki/RSA Link at http://en.wikipedia.org/wiki/RSAhttp://en.wikipedia.org/wiki/RSA

42 42 Quick survey I felt I understood the material in this slide set… I felt I understood the material in this slide set… a) Very well b) With some review, I’ll be good c) Not really d) Not at all

43 43 Quick survey The pace of the lecture for this slide set was… The pace of the lecture for this slide set was… a) Fast b) About right c) A little slow d) Too slow

44 44 Quick survey How interesting was the material in this slide set? Be honest! How interesting was the material in this slide set? Be honest! a) Wow! That was SOOOOOO cool! b) Somewhat interesting c) Rather borting d) Zzzzzzzzzzz

Download ppt "1 Applications of Number Theory CS/APMA 202 Rosen section 2.6 Aaron Bloomfield."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.

Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
RSA Encryption William Lu. RSA Background  Basic technique first discovered in 1973 by Clifford Cocks of CESG (part of British GCHQ)  Invented in 1977.

RSA Encryption William Lu. RSA Background  Basic technique first discovered in 1973 by Clifford Cocks of CESG (part of British GCHQ)  Invented in 1977.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 The Pigeonhole Principle CS/APMA 202 Rosen section 4.2 Aaron Bloomfield.

1 The Pigeonhole Principle CS/APMA 202 Rosen section 4.2 Aaron Bloomfield.
1 Integers and Division CS/APMA 202 Rosen section 2.4 Aaron Bloomfield.

1 Integers and Division CS/APMA 202 Rosen section 2.4 Aaron Bloomfield.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography

Similar presentations

Ads by Google