Data security (Cryptography) exercise book

Similar documents
6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Cryptography, Number Theory, and RSA

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

EE 418: Network Security and Cryptography

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Number Theory/Cryptography (part 1 of CSC 282)

Primitive Roots. Chapter Orders and Primitive Roots

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Introduction to Modular Arithmetic

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Solutions for the Practice Final

DUBLIN CITY UNIVERSITY

Assignment 2. Due: Monday Oct. 15, :59pm

The number theory behind cryptography

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

ElGamal Public-Key Encryption and Signature

L29&30 - RSA Cryptography

CHAPTER 2. Modular Arithmetic

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Number Theory. Konkreetne Matemaatika

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

Sheet 1: Introduction to prime numbers.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

NUMBER THEORY AMIN WITNO

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Foundations of Cryptography

Public-key Cryptography: Theory and Practice

Public Key Encryption

Algorithmic Number Theory and Cryptography (CS 303)

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Diffie-Hellman key-exchange protocol

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Numbers (8A) Young Won Lim 5/24/17

Solutions for the Practice Questions

Numbers (8A) Young Won Lim 6/21/17

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Numbers (8A) Young Won Lim 5/22/17

Problem Set 6 Solutions Math 158, Fall 2016

Discrete Square Root. Çetin Kaya Koç Winter / 11

Number Theory and Public Key Cryptography Kathryn Sommers

1 Introduction to Cryptology

MA 111, Topic 2: Cryptography

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Algorithmic Number Theory and Cryptography (CS 303)

DUBLIN CITY UNIVERSITY

Math 319 Problem Set #7 Solution 18 April 2002

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

MAT Modular arithmetic and number theory. Modular arithmetic

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Modular Arithmetic. Kieran Cooney - February 18, 2016

Math 255 Spring 2017 Solving x 2 a (mod n)

The Chinese Remainder Theorem

Discrete Math Class 4 ( )

Wilson s Theorem and Fermat s Theorem

Modular Arithmetic. claserken. July 2016

The Chinese Remainder Theorem

Distribution of Primes

ALGEBRA: Chapter I: QUESTION BANK

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

University of British Columbia. Math 312, Midterm, 6th of June 2017

Classical Cryptography

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

TMA4155 Cryptography, Intro

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

EE 418 Network Security and Cryptography Lecture #3

Applications of Fermat s Little Theorem and Congruences

Math 412: Number Theory Lecture 6: congruence system and

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

CS70: Lecture 8. Outline.

The Chinese Remainder Theorem

Solutions for the 2nd Practice Midterm

Fermat s little theorem. RSA.

Number Theory and Security in the Digital Age

Application: Public Key Cryptography. Public Key Cryptography

Multiples and Divisibility

Number-Theoretic Algorithms

Math 127: Equivalence Relations

Modular Arithmetic and Doomsday

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

Final exam. Question Points Score. Total: 150

Drill Time: Remainders from Long Division

A4M33PAL, ZS , FEL ČVUT

x 8 (mod 15) x 8 3 (mod 5) eli 2 2y 6 (mod 10) y 3 (mod 5) 6x 9 (mod 11) y 3 (mod 11) So y = 3z + 3u + 3w (mod 990) z = (990/9) (990/9) 1

Modular arithmetic Math 2320

MAT199: Math Alive Cryptography Part 2

Transcription:

University of Debrecen Faculty of Informatics Data security (Cryptography) exercise book 1

Contents 1 RSA 4 1.1 RSA in general.................................. 4 1.2 RSA background................................. 5 1.2.1 Euclidean algorithm........................... 5 1.2.2 Extended Euclidean algorithm...................... 5 1.2.3 Fast modular exponentiation (FME)................... 6 1.2.4 Fermat-test................................ 8 1.2.5 Miller-Rabin primality test (compositeness test)............. 9 1.2.6 Chinese Remainder Theorem....................... 10 1.3 RSA exercises................................... 13 2 Discrete logarithm problem 14 2.1 Primitive root and discrete logarithm....................... 14 2.2 ElGamal encryption................................ 15 2.2.1 ElGamal exercises............................ 16 2.3 Diffie-Hellman Key Exchange.......................... 16 2.3.1 Diffie-Hellman key exchange exercises................. 17 3 Solutions 18 3.1 RSA solutions................................... 18 3.1.1 Euclidean algorithm solutions...................... 18 3.1.2 Fast exponentiation solutions....................... 18 3.1.3 Fermat-test solutions........................... 18 3.1.4 Miller-Rabin solutions.......................... 19 3.1.5 Chinese Remainder Theorem solutions................. 19 2

3.1.6 RSA solutions.............................. 19 3.2 Solutions of exercises based on the Discrete logarithm problem......... 20 3.2.1 ElGamal solutions............................ 20 3.2.2 Diffie-Hellman key exchange solutions................. 20 3

Chapter 1 RSA 1.1 RSA in general I. Key generation Let p and q are randomly generated large prime numbers. Let n = p q. Let e be a small odd number such that e and φ(n) are relative primes (or coprimes) (and 1 < e < φ(n)). Calculate number d, where e d 1 mod φ(n) (and 1 < d < φ(n)). (d is the inverse of e modφ(n)) The public key of RSA is the pair: PK = (e, n). The secret key of RSA is: S K = d. The set of the plaintexts (messages): Z n. In this scheme the set of encrypted messages (ciphertext): Z n = {0, 1,..., n 1}. (Denote the message with m, 0 m < n.) II. Encryption with the public key PK = (e, n): Enc PK (m) = c = m e (mod n). III. Decryption with the secret key S K = d: Dec S K (c) = m = c d (mod n). 4

1.2 RSA background 1.2.1 Euclidean algorithm The division with remainder For every two integers a and b 0 there exist uniquely determined q and r such that: a = b q + r and 0 r < b. (By the quotient remainder theorem.) Greatest common divisor The greatest common divisor of a and b is d, if d a, d b; and if there exists a c such that c a and c b then c d. Notation: d = (a, b) or d = gcd(a, b) or d = gcd{a, b}. If a = b = 0 then the greatest common divisor is 0 (by definition). Euclidean algorithm There exists a greatest common divisor of any two integer numbers. Proof: Euclidean algorithm. Algorithm: We use long division until we get the zero remainder. (Divide r k by r k+1, set q k+1 as the quotient and set r k+2 as the remainder of the division, and so on.) k 0 1 2 3 4 r k 139 14 13 1 0 q k - 9 1 13 1.2.2 Extended Euclidean algorithm Theorem: The greatest common divisor (gcd) of two integers a and b can be written in form gcd(a, b) = ax + by where x and y are integers. 5

x 0 =1, x 1 =0, y 0 =0, y 1 =1 (by definition) x k+1 = x k r k +x k 1 y k+1 = y k r k +y k 1 x=( 1) n x n y=( 1) n+1 y n k 0 1 2 3 (n) 4 q k 139 14 13 1 0 r k - 9 1 13 x k 1 0 1 1 y k 0 1 9 10 gcd(a, b) = ax + by x = ( 1) 3 1 = 1 y = ( 1) 4 10 = 10 1 = 139 ( 1) + 14 10 Exercises Find the greatest common divisor of 45 and 211! Use the extended euclidean algorithm and check the result! We have two numbers a = 2340 and b = 113. Determine the greatest common divisor of a and b, coefficients x and y in gcd(a,b)= ax+by! Solve the following equation (use the EEA): gcd(1491, 23) = 1491 x + 23 y! 1.2.3 Fast modular exponentiation (FME) In many cases for example in the RSA algorithm (see it later) it is necessary to determine the remainder of some integer powers in modular arithmetic. Using the following method we can get value a b modulo m (by taking relatively few steps), where a is an integer, b > 1 is an integer and m is a positive integer. Algorithm: 1. We write the exponent as the sum of the powers of 2: b = 2 b 1 + 2 b 2 +... + 2 b r 6

2. We calculate the following values with repeated square operations: a 20 (mod m), a 21 (mod m),... a 2r (mod m) /Using: a 2k+1 (mod m) = a 2k 2 (mod m) = (a 2k ) 2 (mod m)/ 3. We get the solution: a b (mod m) = [a 2b 1 (mod m) * a 2b 2 (mod m) *... * a 2br (mod m)] (mod m) Example Calculate the value 6 73 (mod 100)! The exponent as the sum of the powers of 2: 73 = 2 6 + 2 3 + 2 0 Repeated squares: 6 20 6 (mod 100) 6 21 36 (mod 100) 6 22 96 (mod 100) 6 23 16 (mod 100) 6 24 56 (mod 100) 6 25 36 (mod 100) 6 26 96 (mod 100) The solution: 6 73 (mod 100) = [6 26 (mod 100)* 6 23 (mod 100) * 6 20 (mod 100)] (mod 100) = 96 16 6 (mod 100) = 9216 (mod 100) = 16 6 73 16 (mod 100) Exercises Calculate the following values with FME: 9 22 (mod 79), 129 97 (mod 171), 23 209 (mod 211). 7

1.2.4 Fermat-test Probabilistic primality test based on Fermat s Little Theorem. Theorem: If (a, p) = 1 then a p 1 1 (mod p). Algorithm: The input is an integer n. We chose integer a where a and n are co-primes. We calculate the value a n 1 (mod n). If a n 1 1 (mod n) n is composite. If it is 1, then n may or may not be prime. If a n 1 1 (mod n) but n is not a prime n is called a pseudoprime to base-a. If n is a pseudoprime to the base a for all integers with gcd(a, n) = 1 n is called a Carmichael number. Example Use Fermat-test on number 341 (the bases are 2 and 3)! What can we tell about this number? Let the base be 2! 2 340 1 (mod 341)? Let the base be 3! 3 340 3 28 3 26 3 24 3 21 56 (mod 341) 341 is composite. 3 20 3 (mod 341) 3 21 9 (mod 341) 3 22 81 (mod 341) 3 23 82 (mod 341) 3 24 245 (mod 341) 8

3 25 9 (mod 341) 3 26 81 (mod 341) 3 27 82 (mod 341) 3 28 245 (mod 341)) Exercise Use Fermat-test on number 181, if the base is 7-! What can we tell about the number? Use Fermat-test on number 127, if the base is 5-! What can we tell about the number? 1.2.5 Miller-Rabin primality test (compositeness test) This test works when the value n is greater than 1 and is an odd number. Algorithm: Determine values s and d: s = max{r : 2 r (n 1)} and d = (n 1)/2 s Test: Choose some positive integer a such that a < n. If a d 1 (mod n) and a 2r d 1 (mod n) for all r {0,..., s 1} then n is composite and a is the witness for compositeness. Otherwise n may or may not be prime. Exercise With using two-rounds Miller-Rabin test decide about the number 561 (let the bases are: 2, 13)! From n 1 = 2 s d (where d is an odd number): 560 = 2 2 2 2 35 = 2 4 35 s = 4 r = 0, r = 1, r = 2, r = 3 d = 35 In case of a = 2: 9

2 20 d 263 (mod 561) 2 21 d 166 (mod 561) 2 22 d 67 (mod 561) 2 23 d 1 (mod 561) n composite In case of a = 13: 13 20 d 208 (mod 561) 13 21 d 67 (mod 561) 13 22 d 1 (mod 561) 13 23 d 1 (mod 561) n composite Exercise What can you tell about the compositeness of the number 197 by using two-rounds Miller- Rabin test (where the bases are: 7, 12)! What can you tell about the compositeness of the number 243 by using two-rounds Miller- Rabin test (where the bases are: 11, 15)! 1.2.6 Chinese Remainder Theorem Let the modulus m 1,..., m k are pairwise co-primes. Then x c 1 (mod m 1 ) x c 2 (mod m 2 )... x c k (mod m k ) linear congruence system has a simultaneous solution for any integers c 1,..., c k where the modulo is m 1 m 2... m k. In details: M = m 1... m k 10

M i = M/m i where i = 1, 2,..., k Let the integer y i be the solution of the following equation y i M i 1 (mod m i ) where i = 1,..., k x c i y i M i (mod M) Example x 0 (mod 5) M 1 = 60/5 = 12 x 1 (mod 3) M 2 = 60/3 = 20 x 2 (mod 4) M 3 = 60/4 = 15 M = 5 4 3 = 60 12 y 1 1 (mod 5) 20 y 2 1 (mod 3) 15 y 3 1 (mod 4) 2 y 1 1 (mod 5) 2 y 2 1 (mod 3) 3 y 3 1 (mod 4) 2 y 1 6 (mod 5) 2 y 2 4 (mod 3) 3 y 3 9 (mod 4) y 1 3 (mod 5) y 2 2 (mod 3) y 3 3 (mod 4) x c i y i M i (mod M) x 0 3 12 + 1 2 20 + 2 3 15 130 10 (mod 60) RSA example In case of decrypt the RSA ciphertext we apply the chinese remainder theorem on the following congruence system: m c d(mod(p 1)) (mod p) m p m c d(mod(q 1)) (mod q) m q n = p q 1 = y p p + y q q 11

m m p y q q + m q y p p (mod n) Example. We know the following values: p = 5 random prime q = 11 random prime n = 55 modulo φ(n) = 40 m = 20 plaintext e = 7 public key c = 15 ciphertext d = 23 decryption (secret) key x c 1 (mod m 1 ) x c 2 (mod m 2 ) x = 15 23 (mod 4) (mod 5)=0 x = 15 23 (mod 10) (mod 11)=9 M 1 = q = 11 M 2 = p = 5 M = 55 y 1 5 1 (mod 11) y 2 11 1 (mod 5) EEA k 0 1 2 qk 11 5 1 0 rk - 2 5 xk 1 0 1 yk 0 1 2 x(y 1 )= ( 1) 2 1 = 1 y(y 2 )= ( 1) 3 2 = 2 x c i y i M i (mod M) 0 1 11 + 9 2 5 90 20 (mod 55) 12

Exercises The RSA secret key: primes 7 and 13, and the secret exponent is 70. Decrypt the ciphertext 9 using the chinese remainder theorem! Decrypt the RSA encrypted ciphertext 5 using the chinese remainder theorem, if we know the primes:7,13 and the decryption exponent is 70! 1.3 RSA exercises Generate public and secret keys for RSA encryption where the two primes are 463 and 547, and the encryption exponent is one of the following values according to the conditions: 12,47,76,93. Decrypt the RSA ciphertext 10 with the chinese remainder theorem where the primes are: 7, 13 and the decryption exponent is 70! Prove that if we encrypt a plaintext with the public key (n,e) and with the public key (n,f) where e and f are co-primes, then the with the public information the plaintext is retrievable! 13

Chapter 2 Discrete logarithm problem 2.1 Primitive root and discrete logarithm Multiplicative subgroup: Z p = {(1) p,..., (p 1) p } The order of an element a is k if for i : 1 i < k : a i 1 (mod n) and a k 1 (mod n) holds, where a Z n, (a, n) = 1, k Z +. Notation: ord(a) = k. Let g Z p is a primitive root modulo p, if the order of g is φ(p). Comment: The primitive root generates the whole group. Example: Z 5 = {(1) 5, (2) 5, (3) 5, (4) 5 } Primitive root: (2) 5 2 1 2 (mod 5) 2 2 4 (mod 5) 2 3 3 (mod 5) ord 5 (2) = 4 2 4 1 (mod 5) The discrete logarithm probleme provides several system s security (ElGamal encryption, Diffie- Hellman key exchange). Let p is a prime and g Z p is a primitive root. Then any A Z p can be written in form A g a (mod p). The discrete logarithm of element A with base g considering the modulus p: a Z p 1. 14

There is not exists (at least we don t know) a polinomial time algorithm for calculating the discrete logarithm problem where p is an appropriate large prime. (A, p, g) a "hard" problem 2.2 ElGamal encryption asymmetric encryption The set of plaintexts: P = Z p, p large prime The set of ciphertexts: C = Z p Z p set of ordered pairs 1. Key generation: Give values (p, g, h, a) p: large prime g Z p primitive root h g a (mod p) S K = a PK = (p, g, h) 2. Encryption: Enc PK (m) = (c 1, c 2 ) c 1 g k (mod p), where k is a secret random value (k {2, 2,..., p 2}) c 2 m h k (mod p) 3. Decryption: Dec S K (c 1, c 2 ) = m m c 2 (c 1 a ) 1 c 2 (c 1 p 1 a ) (mod p) Example: p = 47, g = 13, a = 42, m = 20 Key generation: h g a (mod p) h = 13 42 25 (mod 47) SK = a = 42 PK = (p, g, h) = (47, 13, 25) 15

Encryption: k = 17 (c 1, c 2 ) = (31, 22) c 1 = 13 17 31 (mod 47) c 2 = 20 25 17 22 (mod 47) Decryption: m = c 2 c 1 a = 22 31 42 22 31 4 22 18 20 (mod 47) 2.2.1 ElGamal exercises Let 23 be the public prime and 5 be the primitive root. Let 13 be the secret key. Encrypt with ElGamal system the plaintext message 18! (Choose other parameters if it is necessary!) Encrypt with ElGamal encryption the plaintext message 83, if the pritmitive root is 2, the prime is 103 and the secret key is 47! Decrypt the calculated ciphertext! (Choose other parameters if it is necessary!) 2.3 Diffie-Hellman Key Exchange We chose a large prime: p (public), We chose a primitive root: g Z p (public), Alice choses a secret random value a {0,..., p 1}, Bob choses a secret random value b {0,..., p 1}, Alice calculates A g a (mod p) and sends it to Bob, Bob calculates B g b (mod p) and sends it to Alice, Alice and Bob calculate the symmetric key: K g ba g ab (mod p). 16

A A=g a (modp) K=g ba B B=g b (modp) (g a ) (modp) K=g ab (modp) (g b ) (modp) 2.3.1 Diffie-Hellman key exchange exercises Calculate the shared key with Diffie-Hellman KE, if the public prime is 149, and the public primitive root is 21. (Choose other parameters if it is necessary!) Let the public prime be 41, the public primitive root be 22 and the chosen secrets are: 17 and 9. Calculate the shared key with the Diffie-Hellman KE! 17

Chapter 3 Solutions 3.1 RSA solutions 3.1.1 Euclidean algorithm solutions (a, b)= ax+by 1= 211 16+45 75, 1= 2340 ( 24)+113 497, 1= 1491 ( 6)+23 389. 3.1.2 Fast exponentiation solutions 9 22 73 (mod 79), 129 97 108 (mod 171), 23 209 156 (mod 211). 3.1.3 Fermat-test solutions 7 180 1 (mod 181) may or may not be a prime 5 126 1 (mod 127) may or may not be a prime 18

3.1.4 Miller-Rabin solutions s = 2, d = 49 r = 0, r = 1 In case of a = 7: 7 49 196 (mod 197) ( 1 (mod 197)) may or may not be a prime In case of a = 12: 12 49 14 (mod 197) 12 21 49 196 (mod 197) may or may not be a prime s = 1, d = 121 r = 0 In case of a = 11: 11 121 47 (mod 243) composite In case of a = 15: 15 121 0 (mod 197) composite 3.1.5 Chinese Remainder Theorem solutions 9 51 3.1.6 RSA solutions n = 253261, φ(n) = 252252, e = 47, d = 166379 PK = (253261, 47) S K = (253261, 166379) n = 91 Linear congruences: m 10 70(mod6) (mod 7) m 10 70(mod12) (mod 13) m c 1 y 1 M 1 + c 2 y 2 M 2 = 4 ( 1) 13 + 3 2 7 81 (mod 91) 19

3.2 Solutions of exercises based on the Discrete logarithm problem 3.2.1 ElGamal solutions Let k = 3. h = 21, (c1, c2) = (10, 17), m = 18 Let k = 4. h = 58, (c1, c2) = (16, 14), m = 83 3.2.2 Diffie-Hellman key exchange solutions Let the secret parameters are 3 and 5. The shared key is 139. The shared key is 15. 20

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback