Computer Systems Security Cryptography Topic 1 Main Source: Pfleeger

1
Computer Systems SecurityCryptography Topic
1Main Source Pfleeger Pfleeger, Chapter 10
Pirooz Saeidi
2
Notes and handouts available from

• http\www.fcet.staffs.ac.uk/ps1/CSS/css.html
• May Aaso be made available through Martins
  homepage.
• These notes will be updated occasionally.

3
Agenda

• Mathematics of Cryptography
• Symmetric Encryption
• DES and AES Encryption Algorithms
• Public Key encryption
• RSA Encryption Algorithm

4
Mathematics of Cryptography

• Encryption algorithm should be based on a problem
  that is difficult to solve.
• To find hard problems we need to study and
  analyse the inherent complexity of problems.
• Most of the work in this area has been carried
  out in 1970s by mathematicians under the general
  name of computational complexity.
• An important investigation of problem complexity
  based on the notion of NP-complete problems was
  conducted by Cook and Karp.
• http//encyclopedia.thefreedictionary.com/Stephen
  20Cook

5
NP-Complete Problems

• Before we introduce NP-complete problems we study
  three problems which happen to be NP-complete
• Satisfiability
• Knapsack
• Clique

6
NP-Complete Satisfiability Problem

• An instance of the problem is defined by a
  Boolean expression written using only AND, OR,
  NOT, variables, and parentheses.
• The question is given the expression, is there
  some assignment of TRUE and FALSE values to the
  variables that will make the entire expression
  true?

7
NP-Complete-Satisfiability problem

• Example1
• (k1).(k2K3).(K3K1)
• is satisfiable, while
• (k1).(K2K3).(K3K1).(K2)
• is not satisfiable
• . AND
• OR
• NOT

8
NP-Complete Problems Knapsack Problem

• The name relates to the scenario of choosing
  treasures to fit inside a knapsack  when you can
  only carry so much weight.
• Is there a way to select some of the items to be
  packed such that their sum equals the knapsack
  (target) capacity?

9
NP-Complete Problems Knapsack Problem

• Formally for a set sa1, a2, , an and a target
  sum T, where ai gt0 we want to know if there is a
  selection Vv1,v2,,vn, each of whose elements
  is a binary 0 or 1, such that

10
Example of Knapsack Problem

• Set S 4,7,1,12,10
• There is a solution for target sum T17, because
  174112 and the selection vector is
  1,0,1,1,0.
• But there is no possible solution for T25.

11
NP-Complete ProblemsClique

• A clique in a undirected graph G, is a set of
  vertices  V such that for every two vertices  in
  V, there exists an edge  connecting the two.
• The clique problem refers to the finding of the
  largest clique in any graph G.
• Impossible to find an efficient algorithm to find
  the largest clique (i.e. NP-complete)

12
Example of a clique subgraph in a graph
(v1,v2,v7,v8) forms a clique of size 4
v2
v3
v5
v8
v4
v1
v6
v7
13
Characteristics of NP-Complete Problem

• Each problem is solvable
• Can simply enumerate all possibilities
• all ways of assigning logical values (
  satisfiablity)
• All subsets of the set S( Knapsack)
• All subsets of n vertices in G (clique)
• If there is a solution, it will appear in the
  enumeration of all possibilities
• Otherwise testing of all possibilities will
  demonstrate it

14
Characteristics of NP-Complete Problem

• There are 2n (n is the problem size) cases to
  consider when enumerating all possibilities.
• So the time to examine all possibilities is
  proportional to n.
• The problem types are apparently unrelated
• Logic (satisfiability)
• Number Theory (Knapsack)
• Graph Theory (clique)

15
Characteristics of NP-Complete Problem

• If it were possible to guess perfectly, we could
  solve the problem in little time!
• For example to guess the correct sum or
  assignment to verify the knapsack has been solved
  or that the formula has been satisfied, etc.
• This verification process could be carried out in
  time bounded by a polynomial function of the
  size of the problem (i.e. n)

16
Definition of NP

• NP is the set of all problems that can be solved
  in time bounded by a polynomial function of size
  n (size of the problem),
• Assuming the ability to guess perfectly.
• This guessing is called non-determinism
• NP stands for
• Non-deterministic Polynomial

17
NP-CompleteNondeterminism

• The idea is similar to a programming language in
  which IF statements could be replaced by GUESS
  statements
• The GUESS statement would cause the program to
  fork, following more than one path concurrently
  and so on.
• Of course this guessing can not be done perfectly
  in real life!

18
NP-Complete Problems

• The problems we studied are NP-Complete. Karp
  Cook define it as
• If for even one of these problems it could be
  shown that there was no deterministic algorithm
  that ran in polynomial time, then no
  deterministic algorithm could exist for any of
  them
• Deterministic algorithm its behaviour can be
  completely predicted from the input.
• Polynomial-time algorithm - An algorithm that is
  guaranteed to terminate within a number of steps
  which is a polynomial function of the size of the
  problem.Polynomial function example 3x³ - 2x²
  6x - 5 

19
Polynomial time

• In computational complexity theory, polynomial
  time refers to the computation time of a problem
  where the time, m(n), is no greater than a
  polynomial function of the problem size, n.
• Source
• http//www.en.wikipedia.org/wiki/Polynomial_time

20
NP-completeness and Cryptography

• Hard-to-solve problems require the interceptor to
  carry out unusual amount of work to break the
  encryption.
• Unfortunately this way of thinking has the
  following false impressions
• An NP-complete problem can not guarantee that
  there is no solution easier than exponential.
• Every NP-complete problem has a deterministic
  exponential time solution. i.e.
• A solution that runs in time proportional to 2n.
• So for small values of n a brute force attack may
  become successful.
• But for large values of n, 2n may be deterring.

21
NP-completeness and Cryptography

• The continuing improvement in computing hardware
  make problems of larger size tractable.
• Parallel processing machine are being designed
  with finite but larger number of processors
  running together.
• In a GUESS program, two processors can follow
  the paths from a GUESS point concurrently.
• So with more processors it is possible to
  complete certain nondeterministic problems in
  deterministic mode in polynomial time.
• Even if an encryption algorithm uses a hard
  problem, the interceptor does not always have to
  solve it to crack the encryption.
• There may always be a secret, easy solution.
• An interceptor may look for the easy solution
  instead of trying to solve the hard problem.
• This type of exposure can happen with the
  Merkle-Hellman Knapsack algorithm. (will talk
  about it later on)

22
Other Inherently Hard Problems

• Number theory is another source of inherently
  hard problems that is used in cryptography.
• Most of Number theory problems are not
  NP-complete, but the known algorithms are very
  time consuming.
• Examples that form the basis of secure encryption
  are computation problems such as Galois fields
  and factoring large numbers.
• A Field is a mathematical entity for which
  addition, subtraction, multiplication and
  division are well-defined
• Galois (Finite) Field
• In this field every number other than 0 under
  (multiplication) has an inverse.
• http//en.wikipedia.org/wiki/Galois_field
• In mathematics, the reciprocal, or
  multiplicative inverse, of a number x is the
  number which, when multiplied by x, yields 1.
• Source
• http//en.wikipedia.org/wiki/Multiplicative_invers
  e

23
Properties of Arithmetic

• Number theory and hard problems involve
  arithmetic, algebra and a restricted area of
  arithmetic called field.
• We shall look at some examples and in particular
  those with multiplication and division
  properties
• Inverses
• E.g. in addition inverse of (a) is ( -a)
• Primes- any number gt 1 that is divisible only by
  itself.
• E.g. 2, 3, 5, 7, 11, ..
• Greatest Common Divisor
• Euclidean Algorithm
• Modular Arithmetic
• Computing Inverses
• Fermats Theorem
• These topics have major implications in the
  implementation of secure encryption algorithms.

24
Greatest Common Divisor

• gcd (a,b) is the largest integer that divides
  both a and b.
• Example
• E.g. gcd (15, 10) 5
• 5 is the largest number that divides both 10 and
  15.
• If p is a prime number, for any q ,
• gcd (p, q) 1
• It is also clear that gcd (a,b) gcd (b, a)

25
Euclidean Algorithm

• Computes the greatest common divisor of two given
  integers.
• If x divides a and b, x also divides a-(kb) for
  every k. This leads to a simple iterative
  algorithm for computing x gcd (a, b) agtb.

We can rewrite a as a m b r 0lt r ltb If
x gcd (a,b), x divides a, x divides b, and x
divides r- gcd (a,b)gcd (b,r) and
agtbgtrgt0 Therefore we can search for gcd by
working with b and r Instead of a and b b m
r r where m b/r with remainder r

This result leads to an iterative algorithm,
which terminates when a remainder 0 is found.
26
Euclidean Algorithm

• computes the greatest common divisor of two given
  integers.
• Example to compute gcd(2322,654) we take the
  following steps

Let a 2322, b 654. 2322 654 (3)
360  gcd(2322, 654) gcd(654, 360) 654 360
(1) 294  gcd(654, 360) gcd(360, 294) 360
294 (1) 66  gcd(360, 294) gcd(294,
66) 294 66 (4) 30  gcd(294, 66)
gcd(66, 30) 66 30 (2) 6  gcd(66, 30)
gcd(30, 6) 30 6 (5)   0 gcd(30, 6)
6 Therefore, gcd(2322,654) 6.
27
Modular Arithmetic(Modulus operation)

• Confines results to a limited range.
• For example if a cryptographic algorithm performs
  some arithmetic on plaintext we can guarantee
  that the result will also be another character.
  It is also said to be 'clock arithmetic'
• Remember inverses under multiplication produce a
  Galois Field. In particular,
• The integer mod prime n are a Galois field.

28
Modular Arithmetic(Modulus operation)

• integers modulo n with addition and
  multiplication also form a commutative ring with
  the laws of
• Associativity
• (ab)c mod n a(bc) mod n
• Commutativity
• ab mod n ba mod n
• Distributivity
• a (b c) mod n ((ab) (a c)) mod n

29
Modular Arithmetic

• define modulo operator a mod n to be remainder
  when a is divided by n
• use the term congruence for a b mod n
• when divided by n, a b have the same remainder
• eg. 100 34 mod 11
• 100 mod 11 1 34 mod 11
• b is called the residue of a mod n
• since with integers we can always write a qn
  b

30
Modular Arithmetic

• Modulo 7 Example
• ...
• -21 -20 -19 -18 -17 -16 -15
• -14 -13 -12 -11 -10 -9 -8
• -7 -6 -5 -4 -3 -2 -1
• 0 1 2 3 4 5 6
• 7 8 9 10 11 12 13
• 14 15 16 17 18 19 20
• 21 22 23 24 25 26 27
• 28 29 30 31 32 33 34
• ...

31
Modular Arithmetic

• Construction of these tables may be difficult for
  large values of the modulus
• But applying the remainder technique is helpful
  particularly the commutative ring properties
  makes it easy to work through even complex
  expressions using modulo operator.

32
Computing Inverses

• We can find inverses by say inspecting a table.
  For example consider the following field of
  integers mod 5

• The inverse of 1 is 1,
• The inverse of 2 is 3 and since
• Multiplication is commutative,
• The inverse of 3 is also 2
• The inverse of 4 is 4

33
Computing Inverses

• But with large numbers finding inverses in a
  finite field is not always easy.
• To perform a secure encryption we need a
  procedure for finding say the inverse mod n of
  any element, even for very large values of n.
• So an algorithm to find a-1 directly is usually
  faster than a table search.

34
Computing Inverses

• In the last example with a larger value for n it
  would not be easy to find a pattern or to
  generate the elements of particular row, looking
  for 1 each time we need an inverse.
• So we need an algorithm for computing inverses.
• But first lets look at the Fermat's Theorem.

35
Fermats Theorem

• In number theory, Fermats theorem states that
  for any prime p and any element altp,

ap mod p a Or ap-1 mod p 1 This leads to
the inverse we want. The inverse of a is the
element x so that ax mod p 1 ap-1 mod p So
that x ap-2 mod p This method computes
inverses ONLY when p is a prime number and
element a lt p.
36
Fermats Theorem

• Example
• We can use this formula to compute the inverse of
  3 mod 5
• x ap-2 mod p
• 3-1 mod 5 35-2 mod 5 3-1 read as
  Multiplicative inverse of 3
• 33 mod 5
• 27 mod 5
• 2
• As we determined earlier from the multiplication
  table!

37
Another algorithm to compute Inverse

• Knuth(1973) uses Euclid's algorithm for
  computing inverses by finding the greatest
  common divisor

• /Compute x a-1 mod n/
• c0 n c1 a
• b0 0 b1 1
• i 1
• Repeat
• ci1 ci-1 mod ci
• t ci-1 DIV ci
• bi1 bi-1 t bi
• i i 1
• Until c i 0
• If (bi-1 gt 0) then x bi-1 else x n
  bi-1

38
What next

• These mathematical results will be used in the
  following topics when we examine the encryption
  algorithms based on the arithmetic in finite
  field.

39
Affordable books for bed time reading!

• Fermats Last Theorem by Simon Singh
• Andrew Wiles solved the 350-year-old problem in
  1993
• Code Book
• Also by Simon Singh

Fermat Last Theorem states that xn yn zn
has no non-zero integer solutions for x, y and z
when n gt 2.