TMA4155 Cryptography, Intro

Size: px
Start display at page:

Download "TMA4155 Cryptography, Intro"

Transcription

1 Trondheim, December 12, TMA4155 Cryptography, Intro Problem 1 a. We need to find an inverse of 403 modulo (19 1)(31 1) = 540: 540 = = = = = = = = = = = It is easy to verify that = 1, so 67 is a suitable inverse and the private key is (589, 67). b. Key generation: We generate a key pair by finding two primes p and q of suitable size, compute the product n = pq, then find a pair of inverses e, d modulo (p 1)(q 1). The public (verification) key is (n, e), the private (signing) key is (n, d). Signing: The signing process takes as input the signing key (n, d) and the message to be signed m {0, 1,..., n 1}. It computes t = m d mod n, which is the signature on m. Verify: We verify that t is a valid signature on m under the public key (n, e) by checking that t e m (mod n). We know that m ed m (mod n), so any properly generated signature will be a valid signature. We compute t 2 67 (2 33 ) (mod 589). One problem is that we can easily come up with many forgeries: Any 0 t < n is a valid signature on the message t e mod n. Another problem is that if we are given two signature t 1 and t 2 on the messages m 1 and m 2, then t 1 t 2 mod n is a signature on m 1 m 2 mod n. An attacker can exploit this if he can craft two innocent-looking messages whose product is not innocent-looking. (The theory is that the user will sign innocentlooking messages.) Problem 2 a. We compute ẽ 2 = 3 5 = 15, e 2 = 15, ẽ 3 = 2 5 = 10, e 3 = 10 and ẽ 5 = 2 3 = 6, e 5 = 6. (Note that ẽ j 1 (mod j) for j = 2, 3, 5.) A solution is then x (mod 30). It is easy to check that 53 1 (mod 2), 53 2 (mod 3) and 53 3 (mod 5). 1

2 b. We compute g 2 = 3 15 mod 31 = 30 and a 2 = mod (mod 31). Therefore a 2 g2 1 (mod 31) and we get x 1 (mod 2). Next we compute g 3 = 3 10 mod 31 = 25 and a 3 = mod 31 = 6 2 mod 31 = 5. Since the discrete logarithm of 5 to the base 25 can only take the values 0, 1 and 2, and we can exclude 0 and 1, we get x 2 (mod 3). Next we compute g 5 = 3 6 mod 31 = 16 and a 5 = 11 6 mod 31 = 4. We search for the discrete logarithm: 16 2 mod 31 = 8 mod 31, 16 3 mod 31 = (16 8) mod 31 = 4, and we get x 3 (mod 5). From the answer to the previous problem, we get that log 3 11 = 23. c. We start with 2 and compute 2 4! mod 253 = 2 24 mod 253 = 27. Then we compute gcd(2 4! 1, 253): 253 = = = = = Since this did not work, we compute 2 5! mod 253 = 27 5 mod 253 = 12, and compute gcd(2 5! 1, 253): 253 = The prime factors of 253 are 23 and 11. Problem 3 a. The Diffie-Hellman key agreement protocol establishes a shared key between two parties without any previous interaction. Two nice properties is that both parties contribute equally to the randomness in the shared secret, and once the randomness used in the protocols has been erased, no future compromises of the parties will compromise the shared key (so-called forward security). The protocol has as shared, public parameters a prime p and an element g of order n. Party A chooses a number a randomly from {0, 1,..., n 1}, computes x = g a mod p and sends x to party B. Party B chooses a number b randomly from {0, 1,..., n 1}, computes y = g b mod p and z = x b mod p, erases b, and sends y to party A. Party A computes z = y a mod p and erases a. A and B now share z. 2

3 With p = 17, g = 2: a 3 x 2 3 mod 17 = 8 z 15 3 mod 17 = 9 8 b 5 15 y 2 5 mod 17 = 15 z 8 5 mod 17 = 9 b. The man-in-the-middle attack on Diffie-Hellman is possible since there is no authentication in Diffie-Hellman. Party A cannot know if the message y comes from party B or from some other attacker. Party E simply inserts himself in the middle of the protocol, pretending to be party B to party A, and party A to party B, running two copies of the Diffie-Hellman protocol: a 3 x 8 z A a 7, b 4 x 2 7 mod 17 = 9 y 2 4 mod 17 = 16 z A 8 4 mod 17 = 16 z B 15 7 mod 17 = 8 9 b 5 15 y 15 z B 8 One simple counter-measure against this attack is for each party to sign the messages in the protocol. Problem 4 a. A hash function is a function h from bit strings of arbitrary length to bit strings of fixed length. Preimage resistance Given a hash value y, it should be hard to find some x such that h(x) = y. Second preimage resistance Given a bit string x 1, it should be hard to find some x 2 x 1 such that h(x 1 ) = h(x 2 ). Collision resistance It should be hard to find x 1 x 2 such that h(x 1 ) = h(x 2 ). Hash functions should also be easy to compute (cost is linear in the length of the input). 3

4 b. We evaluate the Feistel structure S S S S S 1 S and get f( ) = c. We make two observations: From the above Feistel diagram, the bits 0, 1 and 2 in the output depend only on bits 0, 1, 2, 9, 10 and 11 in the input, 3, 4 and 5 depend on 3, 4, 5, 12, 13 and 14, and 6, 7 and 8 depend on 6, 7, 8, 15, 16 and 17. The message is essentially split into three parts, each part is processed separately, and the outputs are concatenated. The second observation is that Feistel structures can be reversed, and the final left-hand side is not included in the output. The first observation says that we could apply the birthday paradox to one part. The second observation says that we could make a change in the final lefthand side, reverse the Feistel and have a collision. Combining the two observations, we know that if we make a small change in one part of the left-hand side and reverse the much smaller Feistel structure that computes this part, we find a collision. 4

5 We change the first bit of the left hand side to 1 and compute: Therefore, and are collisions for f. TMA4155 Cryptography, Intro Problem 1 a. We need to find an inverse of 417 modulo (23 1)(29 1) = 616: 616 = = = = = = = = = = = It is easy to verify that = 1, so 65 is a suitable inverse and the private key is (667, 65). b. Key generation: We generate a key pair by finding two primes p and q of suitable size, compute the product n = pq, then find a pair of inverses e, d modulo (p 1)(q 1). The public (verification) key is (n, e), the private (signing) key is (n, d). Encryption: The encryption of a message m {0, 1,..., n 1} under the public key (n, e) is m e mod n. 5

6 Verify: The decryption of a ciphertext c {0, 1..., n 1} under the private key (n, d) is c d mod n. We know that m ed m (mod n), so decrypting an encryption of m will yield m. We compute t 2 65 (2 32 ) (mod 667). One problem is that for messages smaller than the eth root of n, the decryption is easy to compute without the secret key. Another problem is that if we are given two ciphertexts c 1 and c 2 that are encryptions of the messages m 1 and m 2, respectively, then c = c 1 c 2 mod n is an encryption of m 1 m 2 mod n. An attacker can exploit this if he can fool the user into decrypting c. (The theory is that the user may be willing to reveal the decryption of messages if they seem meaningless.) Problem 2 a. Modulo 71, 7 can have orders: We compute: (mod 71) (mod 71) (mod 71) (mod 71) Therefore the order of 7 modulo 71 is 70. b. Since , we compute the table (mod 71) (mod 71) (mod 71) (mod 71) (mod 71) (mod 71) (mod 71) (mod 71) We compute (mod 71) and find an inverse: 71 = = = = = = = = = =

7 Our inverse is 50. Now we compute: (mod 71) (mod 71) (mod 71) (mod 71) (mod 71) This gives us and log 7 57 = (7 8 ) (mod 71) c. We compute: (mod 253) ( ) (mod 253) gcd(21, 253) = (mod 253) ( ) (mod 253) gcd(121, 253) = 11 We find that 253 = Problem 3 a. Key generation: From the system parameters p and g (order of g is for simplicity p 1), we choose a {0, 1,..., p 2} at random and compute x = g a mod p. The public key is x, the private key is a. Encryption: We choose k {0, 1,..., p 2} at random and compute y = g k mod p, z = x k mod p. The ciphertext is c = (y, zm mod p). Decryption: The decryption of c = (y, w) is w(y a ) 1 mod p. Since w(y a ) 1 (g a ) k m((g k ) a ) 1 m (mod p), decryption of encryptions of m always yields m. For the secret key a = 11, we compute x = 2 11 mod p = 18 as the public key. Decryption of c = (3, 15): We compute (3 11 ) (mod 29), and m = 15 2 mod 29 = 1. b. We know that a 7 (mod 29), so (24 a ) (mod 29). The decryption of (24, 3) is m 3 (24 a ) (mod 29). We know that 25 4 (mod 29), and ( 4) (mod 29), so m (mod 29). 7

8 Problem 4 a. A key stream generator is an algorithm that on input of a key and an initialization vector outputs a given number of bits. A stream cipher encrypts a message m of length L with key k as follows: It chooses a random initialization vector iv, uses the key stream generator with input iv and k to generate L bits z, and outputs the ciphertext c = iv (m z). To decrypt the ciphertext c, it is first parsed as iv w, the key stream generator with input iv and k generates L bits z, and the message is w z. This works since m z z = m. Denote the output of the key stream generator with input iv and k as f(k, iv). If an initialization vector is used to encrypt m 1 two distinct messages m 2 (we may as well assume they are of equal length), we get two ciphertexts c 1 = iv w 1 and c 2 = iv w 2, where w 1 = m 1 f(k, iv, L) and w 2 = m 2 f(k, iv, L). Then w 1 w 2 = m 1 m 2 and from this information about m 1 and m 2 can often be recovered as in the two-time pad. b. We compute the output as shown in the following diagram: The bits in blue come from the initialization vector, the bits in red are key bits, the violet bit is the parity bit, and the bits in black are the bits generated by the LFSR feedback. The dots above describe the LFSR feedback. The dots below the line describe the filter function, where dots connected by lines should be anded together and the dots in one row should be added together. The output is c. From the above diagram, we see that the second output bit only depends on the bits from the initialization vector. Using the given initialization vector 0 0, we get that the second output bit is 1, which corresponds to the message being

The number theory behind cryptography

The number theory behind cryptography The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?

More information

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete

More information

ElGamal Public-Key Encryption and Signature

ElGamal Public-Key Encryption and Signature ElGamal Public-Key Encryption and Signature Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 10 ElGamal Cryptosystem and Signature Scheme Taher ElGamal, originally from Egypt,

More information

Public-key Cryptography: Theory and Practice

Public-key Cryptography: Theory and Practice Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 5: Cryptographic Algorithms Common Encryption Algorithms RSA

More information

Diffie-Hellman key-exchange protocol

Diffie-Hellman key-exchange protocol Diffie-Hellman key-exchange protocol This protocol allows two users to choose a common secret key, for DES or AES, say, while communicating over an insecure channel (with eavesdroppers). The two users

More information

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence. Section 4.4 Linear Congruences Definition: A congruence of the form ax b (mod m), where m is a positive integer, a and b are integers, and x is a variable, is called a linear congruence. The solutions

More information

Data security (Cryptography) exercise book

Data security (Cryptography) exercise book University of Debrecen Faculty of Informatics Data security (Cryptography) exercise book 1 Contents 1 RSA 4 1.1 RSA in general.................................. 4 1.2 RSA background.................................

More information

DUBLIN CITY UNIVERSITY

DUBLIN CITY UNIVERSITY DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study

More information

DUBLIN CITY UNIVERSITY

DUBLIN CITY UNIVERSITY DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone

More information

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical

More information

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator. Lecture 32 Instructor s Comments: This is a make up lecture. You can choose to cover many extra problems if you wish or head towards cryptography. I will probably include the square and multiply algorithm

More information

Block Ciphers Security of block ciphers. Symmetric Ciphers

Block Ciphers Security of block ciphers. Symmetric Ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 26 Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable

More information

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1 Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption

More information

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result. Example - Coin Toss Coin Toss: Alice and Bob want to toss a coin. Easy to do when they are in the same room. How can they toss a coin over the phone? Mutual Commitments Solution: Alice tosses a coin and

More information

Classical Cryptography

Classical Cryptography Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice

More information

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017 Name: Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017 INSTRUCTIONS Read Carefully Time: 50 minutes There are 5 problems. Write your name legibly at the top of this page. No calculators

More information

Network Security: Secret Key Cryptography

Network Security: Secret Key Cryptography 1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified

More information

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 1 Cryptography Module in Autumn Term 2016 University of Birmingham Lecturers: Mark D. Ryan and David Galindo Slides originally written

More information

Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic

More information

Chapter 4 The Data Encryption Standard

Chapter 4 The Data Encryption Standard Chapter 4 The Data Encryption Standard History of DES Most widely used encryption scheme is based on DES adopted by National Bureau of Standards (now National Institute of Standards and Technology) in

More information

Cryptanalysis on short messages encrypted with M-138 cipher machine

Cryptanalysis on short messages encrypted with M-138 cipher machine Cryptanalysis on short messages encrypted with M-138 cipher machine Tsonka Baicheva Miroslav Dimitrov Institute of Mathematics and Informatics Bulgarian Academy of Sciences 10-14 July, 2017 Sofia Introduction

More information

Fermat s little theorem. RSA.

Fermat s little theorem. RSA. .. Computing large numbers modulo n (a) In modulo arithmetic, you can always reduce a large number to its remainder a a rem n (mod n). (b) Addition, subtraction, and multiplication preserve congruence:

More information

V.Sorge/E.Ritter, Handout 2

V.Sorge/E.Ritter, Handout 2 06-20008 Cryptography The University of Birmingham Autumn Semester 2015 School of Computer Science V.Sorge/E.Ritter, 2015 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel

More information

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography Mathematics Explorers Club Fall 2012 Number Theory and Cryptography Chapter 0: Introduction Number Theory enjoys a very long history in short, number theory is a study of integers. Mathematicians over

More information

Ad Hoc Networks - Routing and Security Issues

Ad Hoc Networks - Routing and Security Issues Ad Hoc Networks - Routing and Security Issues Mahalingam Ramkumar Mississippi State University, MS January 25, 2005 1 2 Some Basic Terms Basic Terms Ad Hoc vs Infrastructured AHN MANET (Mobile Ad hoc NETwork)

More information

Cryptography, Number Theory, and RSA

Cryptography, Number Theory, and RSA Cryptography, Number Theory, and RSA Joan Boyar, IMADA, University of Southern Denmark November 2015 Outline Symmetric key cryptography Public key cryptography Introduction to number theory RSA Modular

More information

Math 319 Problem Set #7 Solution 18 April 2002

Math 319 Problem Set #7 Solution 18 April 2002 Math 319 Problem Set #7 Solution 18 April 2002 1. ( 2.4, problem 9) Show that if x 2 1 (mod m) and x / ±1 (mod m) then 1 < (x 1, m) < m and 1 < (x + 1, m) < m. Proof: From x 2 1 (mod m) we get m (x 2 1).

More information

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8) Merkle s Puzzles See: Merkle, Secrecy, Authentication, and Public Key Systems, UMI Research press, 1982 Merkle, Secure Communications Over Insecure Channels, CACM, Vol. 21, No. 4, pp. 294-299, April 1978

More information

MA/CSSE 473 Day 9. The algorithm (modified) N 1

MA/CSSE 473 Day 9. The algorithm (modified) N 1 MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for primality Pick positive integers a 1, a 2,, a k < N at random For each a i, check for a N 1 i 1 (mod N) Use the

More information

EE 418: Network Security and Cryptography

EE 418: Network Security and Cryptography EE 418: Network Security and Cryptography Homework 3 Solutions Assigned: Wednesday, November 2, 2016, Due: Thursday, November 10, 2016 Instructor: Tamara Bonaci Department of Electrical Engineering University

More information

Application: Public Key Cryptography. Public Key Cryptography

Application: Public Key Cryptography. Public Key Cryptography Application: Public Key Cryptography Suppose I wanted people to send me secret messages by snail mail Method 0. I send a padlock, that only I have the key to, to everyone who might want to send me a message.

More information

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary We spoke about defense challenges Crypto introduction o Secret, public algorithms o Symmetric, asymmetric crypto, one-way hashes Attacks on cryptography o Cyphertext-only, known, chosen, MITM, brute-force

More information

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext Cryptography Codes Lecture 4: The Times Cipher, Factors, Zero Divisors, and Multiplicative Inverses Spring 2014 Morgan Schreffler Office: POT 902 http://www.ms.uky.edu/~mschreffler New Cipher Times Enemy

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random

More information

4. Design Principles of Block Ciphers and Differential Attacks

4. Design Principles of Block Ciphers and Differential Attacks 4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and

More information

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers); 18.310 lecture notes September 2, 2013 Cryptography Lecturer: Michel Goemans 1 Public Key Cryptosystems In these notes, we will be concerned with constructing secret codes. A sender would like to encrypt

More information

Introduction to Cryptography

Introduction to Cryptography B504 / I538: Introduction to Cryptography Spring 2017 Lecture 10 Assignment 2 is due on Tuesday! 1 Recall: Pseudorandom generator (PRG) Defⁿ: A (fixed-length) pseudorandom generator (PRG) with expansion

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des

More information

Implementation and Performance Testing of the SQUASH RFID Authentication Protocol

Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 5b September 11, 2013 CPSC 467, Lecture 5b 1/11 Stream ciphers CPSC 467, Lecture 5b 2/11 Manual stream ciphers Classical stream ciphers

More information

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Symmetric-key encryption scheme based on the strong generating sets of permutation groups Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan

More information

Public Key Encryption

Public Key Encryption Math 210 Jerry L. Kazdan Public Key Encryption The essence of this procedure is that as far as we currently know, it is difficult to factor a number that is the product of two primes each having many,

More information

Stream Ciphers And Pseudorandomness Revisited. Table of contents

Stream Ciphers And Pseudorandomness Revisited. Table of contents Stream Ciphers And Pseudorandomness Revisited Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Stream Ciphers Stream ciphers & pseudorandom

More information

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext Cryptography Codes Lecture 3: The Times Cipher, Factors, Zero Divisors, and Multiplicative Inverses Spring 2015 Morgan Schreffler Office: POT 902 http://www.ms.uky.edu/~mschreffler New Cipher Times Enemy

More information

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh Public-Key Cryptosystem Based on Composite Degree Residuosity Classes aka Paillier Cryptosystem Harmeet Singh Harmeet Singh Winter 2018 1 / 26 Background s Background Foundation of public-key encryption

More information

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga. MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes.

More information

The Chinese Remainder Theorem

The Chinese Remainder Theorem The Chinese Remainder Theorem Theorem. Let m and n be two relatively prime positive integers. Let a and b be any two integers. Then the two congruences x a (mod m) x b (mod n) have common solutions. Any

More information

The Chinese Remainder Theorem

The Chinese Remainder Theorem The Chinese Remainder Theorem Theorem. Let n 1,..., n r be r positive integers relatively prime in pairs. (That is, gcd(n i, n j ) = 1 whenever 1 i < j r.) Let a 1,..., a r be any r integers. Then the

More information

EE 418 Network Security and Cryptography Lecture #3

EE 418 Network Security and Cryptography Lecture #3 EE 418 Network Security and Cryptography Lecture #3 October 6, 2016 Classical cryptosystems. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University

More information

CHAPTER 2. Modular Arithmetic

CHAPTER 2. Modular Arithmetic CHAPTER 2 Modular Arithmetic In studying the integers we have seen that is useful to write a = qb + r. Often we can solve problems by considering only the remainder, r. This throws away some of the information,

More information

Introduction to Cryptography

Introduction to Cryptography B504 / I538: Introduction to Cryptography Spring 2017 Lecture 11 * modulo the 1-week extension on problems 3 & 4 Assignment 2 * is due! Assignment 3 is out and is due in two weeks! 1 Secrecy vs. integrity

More information

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Conditional Cube Attack on Reduced-Round Keccak Sponge Function Conditional Cube Attack on Reduced-Round Keccak Sponge Function Senyang Huang 1, Xiaoyun Wang 1,2,3, Guangwu Xu 4, Meiqin Wang 2,3, Jingyuan Zhao 5 1 Institute for Advanced Study, Tsinghua University,

More information

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet. B. Substitution Ciphers, continued 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet. Non-periodic case: Running key substitution ciphers use a known text (in

More information

Number Theory and Public Key Cryptography Kathryn Sommers

Number Theory and Public Key Cryptography Kathryn Sommers Page!1 Math 409H Fall 2016 Texas A&M University Professor: David Larson Introduction Number Theory and Public Key Cryptography Kathryn Sommers Number theory is a very broad and encompassing subject. At

More information

LECTURE NOTES ON SUBLIMINAL CHANNEL & COMMUNICATION SYSTEM

LECTURE NOTES ON SUBLIMINAL CHANNEL & COMMUNICATION SYSTEM Department of Software The University of Babylon LECTURE NOTES ON SUBLIMINAL CHANNEL & COMMUNICATION SYSTEM By Dr. Samaher Hussein Ali College of Information Technology, University of Babylon, Iraq Samaher_hussein@yahoo.com

More information

A Blueprint for Civil GPS Navigation Message Authentication

A Blueprint for Civil GPS Navigation Message Authentication A Blueprint for Civil GPS Navigation Message Authentication Andrew Kerns, Kyle Wesson, and Todd Humphreys Radionavigation Laboratory University of Texas at Austin Applied Research Laboratories University

More information

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography. CS70: Lecture 9. Outline. 1. Public Key Cryptography 2. RSA system 2.1 Efficiency: Repeated Squaring. 2.2 Correctness: Fermat s Theorem. 2.3 Construction. 3. Warnings. Cryptography... m = D(E(m,s),s) Alice

More information

Cryptanalysis of Ladder-DES

Cryptanalysis of Ladder-DES Cryptanalysis of Ladder-DES Computer Science Department Technion - srael nstitute of Technology Haifa 32000, srael Email: biham@cs.technion, ac.il WWW: http://www.cs.technion.ac.il/-biham/ Abstract. Feistel

More information

Identity-based multisignature with message recovery

Identity-based multisignature with message recovery University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2013 Identity-based multisignature with message

More information

DTTF/NB479: Dszquphsbqiz Day 30

DTTF/NB479: Dszquphsbqiz Day 30 DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA Coin flipping over the phone RSA Signatures allow you to recover the message from the signature; ElGamal signatures

More information

Algorithmic Number Theory and Cryptography (CS 303)

Algorithmic Number Theory and Cryptography (CS 303) Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson 1 Introduction Objective: To understand what a public key cryptosystem is and

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper

More information

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS 44 Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS 45 CHAPTER 3 Chapter 3: LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING

More information

Lecture Notes in Computer Science,

Lecture Notes in Computer Science, JAIST Reposi https://dspace. Title A Multisignature Scheme with Message Order Flexibility and Order Verifiab Author(s)Mitomi, Shirow; Miyai, Atsuko Citation Lecture Notes in Computer Science, 298-32 Issue

More information

RSA hybrid encryption schemes

RSA hybrid encryption schemes RSA hybrid encryption schemes Louis Granboulan École Normale Supérieure Louis.Granboulan@ens.fr Abstract. This document compares the two published RSA-based hybrid encryption schemes having linear reduction

More information

Some Cryptanalysis of the Block Cipher BCMPQ

Some Cryptanalysis of the Block Cipher BCMPQ Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,

More information

Design of Message Authentication Code with AES and. SHA-1 on FPGA

Design of Message Authentication Code with AES and. SHA-1 on FPGA Design of Message uthentication Code with ES and SH-1 on FPG Kuo-Hsien Yeh, Yin-Zhen Liang Institute of pplied Information, Leader University, Tainan City, 709, Taiwan E-mail: khyeh@mail.leader.edu.tw

More information

Principles of Ad Hoc Networking

Principles of Ad Hoc Networking Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis November 12, 2007 Wireless security challenges Network type Wireless Mobility Ad hoc Sensor Challenge Open medium Handover implies

More information

Sequential Aggregate Signatures from Trapdoor Permutations

Sequential Aggregate Signatures from Trapdoor Permutations Sequential Aggregate Signatures from Trapdoor Permutations Anna Lysyanskaya Silvio Micali Leonid Reyzin Hovav Shacham Abstract An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and

More information

CS 261 Notes: Zerocash

CS 261 Notes: Zerocash CS 261 Notes: Zerocash Scribe: Lynn Chua September 19, 2018 1 Introduction Zerocash is a cryptocurrency which allows users to pay each other directly, without revealing any information about the parties

More information

DES Data Encryption standard

DES Data Encryption standard DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)

More information

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography CSC 580 Cryptography and Computer Security Math Basics for Cryptography January 25, 2018 Overview Today: Math basics (Sections 2.1-2.3) To do before Tuesday: Complete HW1 problems Read Sections 3.1, 3.2

More information

CS70: Lecture 8. Outline.

CS70: Lecture 8. Outline. CS70: Lecture 8. Outline. 1. Finish Up Extended Euclid. 2. Cryptography 3. Public Key Cryptography 4. RSA system 4.1 Efficiency: Repeated Squaring. 4.2 Correctness: Fermat s Theorem. 4.3 Construction.

More information

MA 111, Topic 2: Cryptography

MA 111, Topic 2: Cryptography MA 111, Topic 2: Cryptography Our next topic is something called Cryptography, the mathematics of making and breaking Codes! In the most general sense, Cryptography is the mathematical ideas behind changing

More information

Cryptography s Application in Numbers Station

Cryptography s Application in Numbers Station Cryptography s Application in Numbers Station Jacqueline - 13512074 1 Program Studi Teknik Informatika Sekolah Teknik Elektro dan Informatika Institut Teknologi Bandung, Jl. Ganesha 10 Bandung 40132, Indonesia

More information

Vernam Encypted Text in End of File Hiding Steganography Technique

Vernam Encypted Text in End of File Hiding Steganography Technique Vernam Encypted Text in End of File Hiding Steganography Technique Wirda Fitriani 1, Robbi Rahim 2, Boni Oktaviana 3, Andysah Putera Utama Siahaan 4 1,4 Faculty of Computer Science, Universitas Pembanguan

More information

Proceedings of Meetings on Acoustics

Proceedings of Meetings on Acoustics Proceedings of Meetings on Acoustics Volume 19, 213 http://acousticalsociety.org/ ICA 213 Montreal Montreal, Canada 2-7 June 213 Signal Processing in Acoustics Session 2pSP: Acoustic Signal Processing

More information

Colored Image Ciphering with Key Image

Colored Image Ciphering with Key Image EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 5/ August 2016 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) Colored Image Ciphering with Key Image ZAINALABIDEEN ABDULLASAMD

More information

Assignment 2. Due: Monday Oct. 15, :59pm

Assignment 2. Due: Monday Oct. 15, :59pm Introduction To Discrete Math Due: Monday Oct. 15, 2012. 11:59pm Assignment 2 Instructor: Mohamed Omar Math 6a For all problems on assignments, you are allowed to use the textbook, class notes, and other

More information

Random Bit Generation and Stream Ciphers

Random Bit Generation and Stream Ciphers Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.

More information

A Cryptosystem Based on the Composition of Reversible Cellular Automata

A Cryptosystem Based on the Composition of Reversible Cellular Automata A Cryptosystem Based on the Composition of Reversible Cellular Automata Adam Clarridge and Kai Salomaa Technical Report No. 2008-549 Queen s University, Kingston, Canada {adam, ksalomaa}@cs.queensu.ca

More information

Security Note. BBM Enterprise

Security Note. BBM Enterprise Security Note BBM Enterprise Published: 2017-10-31 SWD-20171031151244990 Contents Document revision history... 4 About this guide... 5 System requirements...6 Using BBM Enterprise... 8 How BBM Enterprise

More information

CDMA Physical Layer Built-in Security Enhancement

CDMA Physical Layer Built-in Security Enhancement CDMA Physical Layer Built-in Security Enhancement Jian Ren Tongtong Li 220 Engineering Building Department of Electrical & Computer Engineering Michigan State University East Landing, MI 48864-226 Email:

More information

Internet Engineering Task Force (IETF) ISSN: May 2013

Internet Engineering Task Force (IETF) ISSN: May 2013 Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 6955 Soaring Hawk Consulting Obsoletes: 2875 H. Prafullchandra Category: Standards Track HyTrust, Inc. ISSN: 2070-1721 May 2013 Abstract

More information

RSA hybrid encryption schemes

RSA hybrid encryption schemes RSA hybrid encryption schemes Louis Granboulan École Normale Supérieure Louis.Granboulan@ens.fr Abstract. This document compares the two published RSA-based hybrid encryption schemes having linear reduction

More information

Exploring Signature Schemes with Subliminal Channel

Exploring Signature Schemes with Subliminal Channel SCIS 2003 The 2003 Symposium on Cryptography and Information Security Hamamatsu,Japan, Jan.26-29,2003 The Institute of Electronics, Information and Communication Engineers Exploring Signature Schemes with

More information

Pseudorandom Number Generation and Stream Ciphers

Pseudorandom Number Generation and Stream Ciphers Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Secured Bank Authentication using Image Processing and Visual Cryptography

Secured Bank Authentication using Image Processing and Visual Cryptography Secured Bank Authentication using Image Processing and Visual Cryptography B.Srikanth 1, G.Padmaja 2, Dr. Syed Khasim 3, Dr. P.V.S.Lakshmi 4, A.Haritha 5 1 Assistant Professor, Department of CSE, PSCMRCET,

More information

Simple And Efficient Shuffling With Provable Correctness and ZK Privacy

Simple And Efficient Shuffling With Provable Correctness and ZK Privacy Simple And Efficient Shuffling With Provable Correctness and ZK Privacy Kun Peng, Colin Boyd and Ed Dawson Information Security Institute Queensland University of Technology {k.peng, c.boyd, e.dawson}@qut.edu.au

More information

FPGA Implementation of Secured Image STEGNOGRAPHY based on VIGENERE CIPHER and X BOX Mapping Techniques

FPGA Implementation of Secured Image STEGNOGRAPHY based on VIGENERE CIPHER and X BOX Mapping Techniques FPGA Implementation of Secured Image STEGNOGRAPHY based on VIGENERE CIPHER and X BOX Mapping Techniques Aniketkulkarni Sheela.c DhirajDeshpande M.Tech, TOCE Asst.Prof, TOCE Asst.prof,BKIT aniketoxc@gmail.com

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mar Zhandry Princeton University Spring 2017 Announcements Homewor 3 due tomorrow Homewor 4 up Tae- home midterm tentative dates: Posted 3pm am Monday 3/13 Due 1pm Wednesday

More information

Minimization of Jamming Attack in Wireless Broadcast Networks Using Neighboring Node Technique

Minimization of Jamming Attack in Wireless Broadcast Networks Using Neighboring Node Technique International Journal of Scientific and Research Publications, Volume 2, Issue 5, May 2012 1 Minimization of Jamming Attack in Wireless Broadcast Networks Using Neighboring Node Technique R.Priyadarshini,

More information

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction Successful Implementation of the Hill and Magic Square Ciphers: A New Direction ISSN:319-7900 Tomba I. : Dept. of Mathematics, Manipur University, Imphal, Manipur (INDIA) Shibiraj N, : Research Scholar

More information

Differential Cryptanalysis of REDOC III

Differential Cryptanalysis of REDOC III Differential Cryptanalysis of REDOC III Ken Shirriff Address: Sun Microsystems Labs, 2550 Garcia Ave., MS UMTV29-112, Mountain View, CA 94043. Ken.Shirriff@eng.sun.com Abstract: REDOC III is a recently-developed

More information

methods for subliminal channels Kazukuni Kobara and Hideki Imai Institute of Industrial Science, The University of Tokyo

methods for subliminal channels Kazukuni Kobara and Hideki Imai Institute of Industrial Science, The University of Tokyo In Proc. of International Conference on Information and Communications Security (ICICS'97) : LNCS 1334, pp.325{334,(1997) Self-synchronized message randomization methods for subliminal channels Kazukuni

More information

ENHANCED SECURITY SYSTEM USING SYMMETRIC ENCRYPTION AND VISUAL CRYPTOGRAPHY

ENHANCED SECURITY SYSTEM USING SYMMETRIC ENCRYPTION AND VISUAL CRYPTOGRAPHY ENHANCED SECURITY SYSTEM USING SYMMETRIC ENCRYPTION AND VISUAL CRYPTOGRAPHY Ranjan Kumar H S 1, Prasanna Kumar H R 1, Sudeepa K B 2 and Ganesh Aithal 2 1 Dept of CSE, NMAMIT, Nitte, Karnataka, India 2

More information

Primitive Roots. Chapter Orders and Primitive Roots

Primitive Roots. Chapter Orders and Primitive Roots Chapter 5 Primitive Roots The name primitive root applies to a number a whose powers can be used to represent a reduced residue system modulo n. Primitive roots are therefore generators in that sense,

More information

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10 Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu

More information

SHA-3 and permutation-based cryptography

SHA-3 and permutation-based cryptography SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Guido Bertoni 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Crypto summer school Šibenik,

More information

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury Security in Sensor Networks Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury Mobile Ad-hoc Networks (MANET) Mobile Random and perhaps constantly changing

More information