Application: Public Key Cryptography. Public Key Cryptography

Similar documents
Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Fermat s little theorem. RSA.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

The number theory behind cryptography

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Algorithmic Number Theory and Cryptography (CS 303)

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Public Key Encryption

MA/CSSE 473 Day 9. The algorithm (modified) N 1

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Introduction to Modular Arithmetic

SOLUTIONS FOR PROBLEM SET 4

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Final exam. Question Points Score. Total: 150

Number Theory and Public Key Cryptography Kathryn Sommers

Diffie-Hellman key-exchange protocol

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Data security (Cryptography) exercise book

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

Math 319 Problem Set #7 Solution 18 April 2002

Cryptography, Number Theory, and RSA

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

L29&30 - RSA Cryptography

Assignment 2. Due: Monday Oct. 15, :59pm

Solutions for the Practice Questions

Public Key Cryptography

The Chinese Remainder Theorem

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

Number Theory and Security in the Digital Age

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Solutions for the Practice Final

The Chinese Remainder Theorem

EE 418: Network Security and Cryptography

Applications of Fermat s Little Theorem and Congruences

DUBLIN CITY UNIVERSITY

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

MAT199: Math Alive Cryptography Part 2

MAT Modular arithmetic and number theory. Modular arithmetic

NUMBER THEORY AMIN WITNO

Discrete Square Root. Çetin Kaya Koç Winter / 11

DUBLIN CITY UNIVERSITY

TMA4155 Cryptography, Intro

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

University of British Columbia. Math 312, Midterm, 6th of June 2017

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

CHAPTER 2. Modular Arithmetic

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Number Theory/Cryptography (part 1 of CSC 282)

Sheet 1: Introduction to prime numbers.

Solutions for the 2nd Practice Midterm

1 Introduction to Cryptology

The Chinese Remainder Theorem

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Discrete Math Class 4 ( )

#27: Number Theory, Part II: Modular Arithmetic and Cryptography May 1, 2009

Wilson s Theorem and Fermat s Theorem

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Algorithmic Number Theory and Cryptography (CS 303)

Primitive Roots. Chapter Orders and Primitive Roots

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Modular Arithmetic. claserken. July 2016

CS70: Lecture 8. Outline.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Practice Midterm 2 Solutions

Related Ideas: DHM Key Mechanics

MA 111, Topic 2: Cryptography

Distribution of Primes

Classical Cryptography

ALGEBRA: Chapter I: QUESTION BANK

Grade 7 & 8 Math Circles October 12, 2011 Modular Arithmetic

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Problem Set 6 Solutions Math 158, Fall 2016

Modular Arithmetic. Kieran Cooney - February 18, 2016

by Michael Filaseta University of South Carolina

Math 1111 Math Exam Study Guide

Modular Arithmetic: refresher.

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

Foundations of Cryptography

EE 418 Network Security and Cryptography Lecture #3

Number Theory. Konkreetne Matemaatika

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Math 1111 Math Exam Study Guide

MATH 135 Algebra, Solutions to Assignment 7

Introduction to Cryptography CS 355

ON THE EQUATION a x x (mod b) Jam Germain

Modular arithmetic Math 2320

MODULAR ARITHMETIC II: CONGRUENCES AND DIVISION

Numbers (8A) Young Won Lim 5/22/17

Numbers (8A) Young Won Lim 6/21/17

Drill Time: Remainders from Long Division

Transcription:

Application: Public Key Cryptography Suppose I wanted people to send me secret messages by snail mail Method 0. I send a padlock, that only I have the key to, to everyone who might want to send me a message. They send me the message in a locked box. Problem 0. I need to know in advance who wants to send me a message Problem 1. Any one with one of my padlocks can inspect it to discover the key. Problem 2.man [sic] in the middle attacks. Method 1. I design a key. Then I design a padlock only opened by that key I publish the design of the lock on my web-site Inspecting the design, does not reveal the key! Now anyone can send me a secret message With public key cryptography, we do the mathematical equivalent Public Key Cryptography Can we create a way to encrypt information such that: anyone can encrypt a message only we can decrypt the message? In one sense the answer is no Anyone can encrypt all possible message and see which encrypted version matches the one sent But, if the number of possible messages is large, this is impractical Public key cryptography Encryption using publicly available information is fast Decryption using publicly available information is possible, but very very very slow There is a second, fast, method of decryption that relies on secret information Typeset October 12, 2005 1 Typeset October 12, 2005 2

The RSA Algorithm I pick two different large primes p and q, each roughly 150 decimal digits long Let n = p q. Noten is about 300 decimal digits long I pick two integers e and d such that 0 <e,d<(p 1)(q 1) and ed 1 (mod (p 1)(q 1)) Claim: If 0 a<nthen (a e mod n) d mod n = a To be proved later The numbers e and n are made public Ikeepd, p, andq secret. To encrypt a number a with 0 a<ncompute b = a e mod n. Transmitb to me. To decrypt b, Icomputeb d mod n. This will equal a. To send a sequence of bits: Each segment of blog 2 nc bits encodes a number between 0 and n 1. Sowe split the sequence into segments and encrypt each segment. Typeset October 12, 2005 3 Why is this secure? No one currently knows of a fast enough way to compute a from b, e, and n, without factoring n No one currently knows of a fast enough way to factor large numbers such as n Why is it practical? There are plenty of primes of about 150 digits Finding primes of this size is not unreasonably hard (In practice the numbers used are probably prime with a very, very, very high probability) Finding a suitable d from e is reasonably fast All the encryption and decryption operations can be done reasonably fast Why does it work? Before we can prove that (a e mod n) d mod n = a, weneed two theorems. The Chinese Remainder Theorem (CRT) Fermat s Little Theorem. Typeset October 12, 2005 4

Chinese Remainder Theorem Fermat s Little Theorem Supposewehavetwodigitalclocksdisplayingminutes. One repeats every 5 minutes: 0, 1, 2, 3, 4, 0, 1,... The other repeats every 12 minutes: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0, 1,... So, assuming perfect synchronization, we see (0, 0), (1, 1), (2, 2), (3, 3), (4, 4), (0, 5), (1, 6), (2, 7), (3, 8),... This sequence will repeat after 5 12 minutes. The sequence is (0 mod 5, 0mod12), (1 mod 5, 1 mod 12),... Q. For what pairs of numbers m, n will we get m n different pairs? A. When m and n have no common factor. I.e. when gcd(m, n) =1. If we know the two remainders (i mod m, i mod n), we can figure out the number of minutes i modulo m n If gcd(m, n) =1and a b (mod m) and a b (mod n) then a b (mod mn) This is the Chinese Remainder Theorem Consider the sequence a n mod p for some prime p and 0 <a<pand n =0, 1, 2,... For example take p =11and a =2then we get 2 0 mod 11, 2 1 mod 11, 2 2 mod 11,... =1, 2, 4, 8, 5, 10, 9, 7, 3, 6, 1, 2, 4,... We get a sequence that starts with 1 and repeats after 10 numbers Consider p =11& a =3and also p =11& a =10, 1, 3, 9, 5, 4, 1, 3,... and 1, 10, 1, 10,... We get sequences with periods 5 and 2 respectively In fact for any a (0 <a<p) the period will be a divisor of p 1. [Canyouprovethis?] In all three examples, items 0, 10, 20 etc. are 1 In general, items 0, p 1, 2(p 1) etc. will be 1: a p 1 mod p =1 We can generalize this result to any a that p does not divide This is Fermat s Little Theorem Typeset October 12, 2005 5 Typeset October 12, 2005 6

Back to RSA Weneedtoshow(a e mod n) d mod n = a where n = pq, p and q are prime e and d aresuchthat0 <e,d<(p 1)(q 1) and ed 1 (mod (p 1)(q 1)) Since (i mod n)(j mod n)modn =(i j)modn we really need to show a ed a (mod n) By the CRT we need only show a ed a (mod p) and a ed a (mod q) First we show a ed a (mod p) If p divides a, then p also divides a ed (since ed > 0); thus the congruence simplifies to 0 0 (modp), which is obviously true. Now suppose p does not divide a. Since ed 1 (mod (p 1)(q 1)), theremustbe some k such that k(p 1)(q 1) = ed 1. Let k be such that k(p 1)(q 1) + 1 = ed. a ed = a k(p 1)(q 1)+1 = a ³a k(q 1) p 1 Since p does not divide a, it also does not divide a k(q 1), so we can apply Fermat s little theorem. Continuing: a ed ³a k(q 1) p 1 = a a 1 (modp) by Fermat s little theorem = a Thus a ed a (mod p) Similarly a ed a (mod q). Typeset October 12, 2005 7 Typeset October 12, 2005 8

Using RSA for authentication RSA has a nice property that many public key algorithms don t. The encryption and decryption algorithms commute. Thus I can sign a message as follows. Suppose I have secret key d and public key (e, n). Suppose my message is b. With0 b<n I ll compute a = b d mod n and send you both b and a. On receipt, you encrypt a to get b 0 = a e mod n and check that b 0 = b. Only someone who knows d could (feasibly) have calculated a from b, n, ande. Typeset October 12, 2005 9

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback