Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Similar documents
Data security (Cryptography) exercise book

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

The number theory behind cryptography

Algorithmic Number Theory and Cryptography (CS 303)

L29&30 - RSA Cryptography

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

EE 418 Network Security and Cryptography Lecture #3

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Cryptography, Number Theory, and RSA

1 Introduction to Cryptology

Applications of Fermat s Little Theorem and Congruences

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Fermat s little theorem. RSA.

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

ElGamal Public-Key Encryption and Signature

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Introduction to Modular Arithmetic

Assignment 2. Due: Monday Oct. 15, :59pm

Sheet 1: Introduction to prime numbers.

Classical Cryptography

MA 111, Topic 2: Cryptography

EE 418: Network Security and Cryptography

Public Key Encryption

Solutions for the Practice Final

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

CHAPTER 2. Modular Arithmetic

NUMBER THEORY AMIN WITNO

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

DUBLIN CITY UNIVERSITY

Diffie-Hellman key-exchange protocol

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Distribution of Primes

Math 319 Problem Set #7 Solution 18 April 2002

Modular Arithmetic. claserken. July 2016

Final exam. Question Points Score. Total: 150

DUBLIN CITY UNIVERSITY

The Chinese Remainder Theorem

Application: Public Key Cryptography. Public Key Cryptography

Solutions for the Practice Questions

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

The Chinese Remainder Theorem

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Number Theory and Public Key Cryptography Kathryn Sommers

Algorithmic Number Theory and Cryptography (CS 303)

MAT199: Math Alive Cryptography Part 2

Public-key Cryptography: Theory and Practice

Number Theory/Cryptography (part 1 of CSC 282)

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

CS70: Lecture 8. Outline.

TMA4155 Cryptography, Intro

Modular Arithmetic. Kieran Cooney - February 18, 2016

Primitive Roots. Chapter Orders and Primitive Roots

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Carmen s Core Concepts (Math 135)

MAT Modular arithmetic and number theory. Modular arithmetic

1.6 Congruence Modulo m

Modular arithmetic Math 2320

Math 1111 Math Exam Study Guide

Math 1111 Math Exam Study Guide

Practice Midterm 2 Solutions

The Chinese Remainder Theorem

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

Drill Time: Remainders from Long Division

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Numbers (8A) Young Won Lim 5/22/17

Number Theory and Security in the Digital Age

Public Key Cryptography

Numbers (8A) Young Won Lim 6/21/17

Numbers (8A) Young Won Lim 5/24/17

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

Introduction to Cryptography CS 355

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Chapter 4 The Data Encryption Standard

Two congruences involving 4-cores

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Math 412: Number Theory Lecture 6: congruence system and

Wilson s Theorem and Fermat s Theorem

Discrete Math Class 4 ( )

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

6.2 Modular Arithmetic

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Number Theory. Konkreetne Matemaatika

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Block Ciphers Security of block ciphers. Symmetric Ciphers

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER

Transcription:

7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical cryptography consists of two schemes: the encryption scheme and the decryption scheme. The sender uses encryption scheme to encode the plaintext, and the encrypted message, called ciphertext, looks nonsense to a third person. Upon receiving a ciphertext, the receiver applies the decryption scheme to decrypt the ciphertext, and receive the plaintext. Cryptography has a long history, and design of modern cryptographic protocols are based on computational complexity theory. We first look at some simple encryption/decrpytion schemes. Assume that Alice wants to send the plaintext s Σ n to Bob, where Σ = {A, B,..., Z}. Instead of sending the string s to Bob directly, Alice could create a random permutation π : Σ Σ, and send π(s 1 ), π(s 2 ),..., π(s n ) to Bob. After Bob receives the ciphertext, he can use the same permutation to recover the plain text. This is one of the cryptography systems widely used before the computer era. The drawback of this system is the security: Although any person without knowing the permutation π couldn t get the plaintext directly, the encryption scheme does not change the frequency of the letters in Σ, and letters in a meaningful text follow certain frequency rules. Hence a third person could recover partial (or even complete) information of the plaintext after receiving enough encrypted text. To overcome this, we can use another way for the encryption. Instead of creating a random permutation over Σ, Alice uses a dictionary of length the same as the plaintext to encrypt the plaintext: take module operation between the ith letter of the plaintext and the ith letter of the dictionary to obtain the ciphertext. The receiver uses the same dictionary to take the inverse operation and get the plaintext from the ciphertext. Through this way, the same letter in Σ maps to different letters, and it becomes more difficult for an adversary to decrypt the ciphertext. However, certain problems remain: the dictionary, the key of the cryptography system, has the same size as the plaintext, and sharing the key in a secure way may be as difficult as sharing the plaintext in a secure way. In these two examples above, Alice and Bob use the same key to encrypt and decrypt the text. This kind of systems is the oldest cryptography techniques, and called the Symmetric Encryption. One general problem of Symmetric Encryption is the secure exchanging of the 1

2 Public Key Cryptography key over the Internet or large networks is difficult: Anyone who get the key can decrypt the ciphertext. In 1976, Whitfield Diffe and Martin Hellman created public key cryptography. Instead of a single shared, secrete key, they propose to used two separate key in a cryptography system. One key is called the private key, and is held by only on party. The second key is called the public key, and is not a secret and can be shared widely. These two keys form a pair, and can be used together in encryption and decryption operations. Moreover, a public key and its corresponding private key are paired together and are related to no other keys. This pairing is possible because of a special mathematical relationship between the algorithms for the public keys and private keys. The key pairs are mathematically related to one another such that using the key pair together achieves the same result as using a symmetrical key twice. The keys must be used together: each individual key cannot be used to undo its own operation. This means that the operation of each individual key is a one-way operation: a key cannot be used to reverse its operation. In addition, the algorithms used by both keys are designed so that a key cannot be used to determine the opposite key in the pair. Thus, the private key cannot be determined from the public key. 7.1 Background Knowledge 7.1.1 Modular Arithmetic Definition 7.1. The number a is equivalent (congruent) to the number b modulo n, expressed by a b (mod n), if a differs from b by an exact multiple of n. Lemma 7.2. The following statements hold: If a b (mod n) and c d (mod n), then a + c b + d (mod n). If a b (mod n) and c d (mod n), then ac bd (mod n). Example 7.3. 321 741 1 1 1 (mod 5). Example 7.4. 715 10000 1 (mod 7). Example 7.5. 321 3 6 3 (mod 7) = 36 6 (mod 7) 6 (mod 7). Example 7.6. 320 984 1 (mod 7) Proof. We first write down the binary expression of 984, i.e. 984 = 512 + 256 + 128 + 64 + 16 + 8 = 2 9 + 2 8 + 2 7 + 2 6 + 2 4 + 2 3. Note that 320 984 5 984 (mod 7). Moreover, we have the following: 5 2 = 25 4 (mod 7) 5 4 = 4 4 (mod 7) 2 (mod 7)

7.2. The Euclidean Algorithm 3 5 8 = 2 2 (mod 7) 4 (mod 7) 5 16 = 4 4 (mod 7) = 2 (mod 7) 5 32 4 (mod 7) 5 64 2 (mod 7) 5 128 4 (mod 7) 5 256 2 (mod 7) 5 512 4 (mod 7) Hence 5 984 = 5 512+256+128+64+16+8 (mod 7) 4 2 4 2 2 2 4 (mod 7) 2 (mod 7) 7.1.2 Fermat s Little Theorem We call that n is divisible by m if n = km. Theorem 7.7 (Fermat s Little Theorem). If p is a prime number, then a p a (mod p) for all a. Theorem 7.8 (Fermat s Little Theorem, Alternative Form). If p is a prime number and a is any integer not divisible by p, then a p 1 1 (mod p). 7.2 The Euclidean Algorithm Given two integers r 0 and r 1, the Euclidean Algorithm finds the greatest common divisor of r 0 and r 1, denoted by gcd(r 0, r 1 ). Before present the algorithm, we first look at the following lemma. Lemma 7.9. gcd(r 0, r 1 ) = gcd(r 1, r 0 mod r 1 ) Proof. Let x = gcd(r 0, r 1 ). Then we can write r 0 = cx and r 1 = dx, where c, d Z. Without loss of generality we assume that r 0 r 1, otherwise the statement holds trivially. Then we can write r 0 = pr 1 + q, where q {0, 1,..., r 1 1}. Hence, gcd(r 0, r 1 ) = gcd(cx, dx) = gcd(pdx + q, dx) = gcd(q, dx) = gcd(r 0 mod r 1, r 1 ).

4 Public Key Cryptography Algorithm 7.1 Euclidean Algorithm 1: write a as a = bq 1 + r 1, for r 1 {1, 2,..., b 1}; 2: write b as b = r 1 q 2 + r 2, for r 2 {0,..., r 1 1} 3: Let j = 0 4: while r j+2 0 do 5: j j + 1; 6: write r j as r j = r j+1 q j+2 + r j+2, where r j+1 {0,..., r j+1 1}; 7: return r j+1 r j+1 = gcd(a, b) Now we show that the Euclidean Algorithm can be used to compute a multiplicative inverse. Definition 7.10. If ab 1 (mod p), then b is called the multiplicative inverse of a module p. Theorem 7.11 (Multiplicative Inverse Algorithm). Given two integers 0 < b < a, consider the Euclidean Algorithm equations which yield gcd(a, b) = r j. Rewrite all of these equations except the last one, by solving for the remainders: r 1 = a bq 1 r 2 = b r 1 q 2 r 3 = r 1 r 2 q 3 r j 1 = r j 3 r j 2 q j 1 r j = r j 2 r j 1 q j Then, in the last of these equations, r j = r j 2 r j 1 q j, replace r j 1 with its expression in terms of r j 3 and r j 2 from the equation immediately above it. Continue this process successively, replacing r j 2, r j 3,, until we obtain the final equation r j = ax + by, where x and y are integers. In the special case that gcd(a, b) = 1, the integer equation reads 1 = ax + by. Therefore we deduce 1 by(mod a) so that the residue of y is the multiplicative inverse of b, mod a.

7.3. The RSA Algorithm 5 7.3 The RSA Algorithm In the initialization step, we choose two prime numbers p, q, and let n = p q. We further pick a positive integer r that has no common factor with (p 1) (q 1), and find a multiplicative inverse of r modulo (p 1) (q 1), i.e. we find a number s such that rs 1 (mod (p 1) (q 1)). Encryption. The pair of values n, r are called the public encryption key, and these two numbers are publicly available. Given the private key, any plaintext x n is encrypted by y x r (mod n). Decryption. The pair of values n, s are called the private decryption key. With these two numbers, we can compute z y s (mod n). That is, you need to know s to decrypt. Now s is the multiplicative inverse of r modulo (p 1)(q 1). The outsiders know r, and if they knew (p 1)(q 1), then it would be easy (with the Euclidean Algorithm) to compute s. But they do not know (p 1)(q 1). They know n, which is equal to pq, but they do not have n factored into p and q. To find (p 1)(q 1), they need to know the prime factors p and q of n, and factoring large numbers is difficult. Theorem 7.12. The decrypted message z = x. Proof. By definition, we have that z = y s (mod n) = x rs (mod n) = x rs (mod pq). Since rs 1 (mod (p 1) (q 1)), we have that rs = c (p 1)(q 1) + 1 for an integer c, and z = x c(p 1)(q 1)+1 (mod pq). It suffices to show that x c(p 1)(q 1)+1 1 (mod p) and x c(p 1)(q 1)+1 1 (mod q). We only look at the first case, and the second case can be proven in the same way. (1) If x is divisible by p, then x c(p 1)(q 1)+1 0 (mod p) x (mod p) holds trivially. (2) If x is not divisible by p, then by Fermat s Little Theorem we know that z = x c(p 1)(q 1) x x (mod p) and z = x c(p 1)(q 1) x x (mod q). Therefore, we have that z = x c(p 1)(q 1) x x (mod pq).

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback