Introduction to Information Security Lecture 1: Introduction - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to Information Security Lecture 1: Introduction

Description:

... RFID/WSN Security. 7 ... last half of the 20th century in which service jobs based on information are more common than jobs in manufacturing or agriculture. ... – PowerPoint PPT presentation

Number of Views:250
Avg rating:3.0/5.0
Slides: 58
Provided by: caislabK
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Information Security Lecture 1: Introduction


1
Introduction to Information Security Lecture 1
Introduction Overview
  • 2009. 6.

Prof. Kwangjo Kim
2
Contents
1. Lecture Overview 2. Basic terms 3. Quick
overview on information security 4. Basic
Number Theory
3
Lecture Overview
Objective This course introduces the fundamental
understanding on cryptography to apply for any
secure system including classical, symmetric and
asymmetric cryptosystem with mathematical
background. We also deal with the cryptographic
protocols and their applications. Experts in this
area will give a special talk on hot issues in
information security. After finishing this class,
the students can gain the general knowledge and
background on information security and
cryptography to execute advanced research.
Course Webpage http//caislab.icu.ac.kr/Lecture/da
ta/2009/summer/ice1212/
4
Overview
  • Instructor Prof. Kwangjo Kim
  • Assistant Zeen Kim
  • Text Handouts
  • References
  • Wade Trappe, Lawrence C. Washington,
    Introduction to Cryptography with Coding
    Theory, 2nd Ed, 2005, Prentice Hall ISBN
    0-13-186239-1
  • Richard A. Mollin, An Introduction to
    Cryptography, Chapman Hall/CRC, 2001, ISBN
    1-58488-127-5
  • Grading Policy
  • Midterm (35), Final (35), Quiz (10),
  • HW (10), Attendance (10)

5
Homework (Programming) 1st Half Select one of
15 AES candidates after round 2 except Rijndael
and program it with your favorite language.
(Test encryption and decryption of given test
vector) Deadline 7/3, 2009 2nd Half Select
one of SHA-3 (round 1) candidates and program it
with your favorite language. (Test validation of
given test vector) Deadline 7/31, 2009
6
Schedule (1/2)
Week Topic Remark
1 Overview, Number Theory 6/16, TA
2 Algebra and Classical Ciphers 6/18, Prof. TA
3 Encryptions 6/23, Prof.
4 Digital Signatures 6/25, Prof.
5 Hash Functions 6/30, Prof. TA
6 Other Cryptographic Primitives 7/2, Prof.
7 Midterm 7/7 or 7/9
7
Schedule (2/2)
Week Topic Remark
8 Special Talk RFID/WSN Security 7/14, Hyunrok Lee
9 Special Talk Ubiquitous Security 7/16, Jangseong Kim
10 Special Talk Hacking and Malware 7/21, Hanyoung Noh and Sungbae Ji
11 Special Talk ID based cryptography 7/23, Zeen Kim
12 Special Talk E-passport and E-cash 7/28, Jeongkyu Yang
13 Special Talk Mobile Phone Security 7/30, Jaemin Park
14 Final Exam 8/4 or 8/6
8
1. Basic Terms
Lots of new terminologies in every new fields
9
What is Information Security?
  • Data
  • recording of something measured
  • Raw material, just measured
  • Information
  • Information is the result of processing,
    manipulating and organizing data in a way that
    adds to the knowledge of the receiver.
  • Processed data
  • Knowledge
  • Knowledge is normally processed by means of
    structuring, grouping, filtering, organizing or
    pattern recognition.
  • Highly structured information

10
What is Information Security?
  • Information Systems
  • An integrated set of components for collecting,
    storing, processing, and communicating
    information.
  • Business firms, other organizations, and
    individuals in contemporary society rely on
    information systems to manage their operations,
    compete in the marketplace, supply services, and
    augment personal lives.
  • Information Revolution
  • A phrase we use to refer to the dramatic changes
    taking place during the last half of the 20th
    century in which service jobs based on
    information are more common than jobs in
    manufacturing or agriculture.
  • Information becomes more and more important than
    materials, resources.
  • Competitiveness comes from information
  • How much information do you have?

11
What is Information Security?
  • Information Security (????, ????)
  • Information security is the process of protecting
    information from unauthorized access, use,
    disclosure, destruction, modification, or
    disruption
  • The protection of computer systems and
    information from harm, theft, and unauthorized
    use.
  • Protecting the confidentiality, integrity and
    availability of information
  • Information security is an essential
    infrastructure technology to achieve successful
    information-based society
  • Highly information-based company without
    information security will lose competitiveness
  • What kind of protection?
  • Protecting important document / computer
  • Protecting communication networks
  • Protecting Internet
  • Protection in ubiquitous world

12
Cryptology Cryptography Cryptanalysis
  • Cryptography designing secure cryptosystems
  • Cryptography (from the Greek kryptós and
    gráphein, to write) was originally the study of
    the principles and techniques by which
    information could be concealed in ciphers and
    later revealed by legitimate users employing the
    secret key.
  • Cryptanalysis analyzing the security of
    cryptosystems
  • Cryptanalysis (from the Greek kryptós and
    analýein, to loosen or to untie) is the
    science (and art) of recovering or forging
    cryptographically secured information without
    knowledge of the key.
  • Cryptology science dealing with information
    security
  • Science concerned with data communication and
    storage in secure and usually secret form. It
    encompasses both cryptography and cryptanalysis.

13
Cryptology
  • Cryptography is a basic tool to implement
    information security
  • Security goals
  • Secrecy (confidentiality)
  • Authentication
  • Integrity
  • Non-repudiation
  • Verifiability
  • More application-specific security goals
  • Achieve these security goals using cryptography
  • Without cryptography . ???

14
Secret Key vs. Public Key Systems
  • Symmetric Key Cryptosystem
  • Public Key Cryptosystem

15
Common Terms (1)
  • Cryptography(????) The study of mathematical
    techniques related to aspects of information
    security
  • Cryptanalysis(????) The study of mathematical
    techniques for attempting to defeat cryptographic
    techniques
  • Cryptology(???) The study of cryptography and
    cryptanalysis
  • Cryptosystem(?????) A general term referring to
    a set of cryptographic primitives used to provide
    information security
  • Symmetric key primitives Public key primitives
  • Steganography The method of concealing the
    existence of message
  • Cryptography is not the only means of providing
    information security, but rather one set of such
    techniques (physical / human security)

16
Common Terms (2)
  • Cipher Block cipher, Stream cipher, Public key
    cipher
  • Plaintext/Cleartext (??), Ciphertext (???)
  • Encryption/Encipherment(???)
  • Decryption/Decipherment(???)
  • Key (or Cryptographic key)
  • Secret key
  • Private key / Public key
  • Hashing (??)
  • Authentication (??)
  • Message authentication
  • User authentication
  • Digital signature (????)

17
Attacks
  • Attacks
  • An efficient algorithm that, for a given
    cryptographic design, enables some protected
    elements of the design to be computed
    substantially quicker than specified by the
    designer.
  • Finding overlooked and realistic threats for
    which the design fails
  • Attacks on encryption algorithms
  • Exhaustive search (brute force attack)
  • Ciphertext-only attack
  • Known-plaintext attack
  • Chosen-plaintext attack
  • Chosen-ciphertext attack

18
Security Threats
  • Interruption/Denial of service
  • Interception eavesdropping, wiretapping, theft
  • Modification
  • Fabrication/Forgery
  • Unauthorized access
  • Denial of facts

19
Security Services
  • Security services
  • A service that enhances information security
    using one or more security mechanisms
  • Confidentiality/Secrecy (???) ? Interception
  • Authentication (???) ? Forgery
  • Integrity (???) ? Modification
  • Non-repudiation (????) ? Denial of facts
  • Access control (????) ? Unauthorized access
  • Availability (???) ? Interruption

20
Security Needs for Network Communications
21
Security Mechanisms
  • Security mechanism
  • A mechanism designed to detect, prevent, or
    recover from a security attack
  • Encryption
  • Authentication
  • Digital signature
  • Key exchange
  • Access control
  • Monitoring Responding

22
Models for Evaluating Security
  • Conditional vs. Unconditional Security
  • Unconditional security
  • Computational security
  • Provable vs. Ad hoc Security
  • Provable security
  • Ad hoc security

23
Basic Number Theory
24
Introduction to Number Theory
  • Prime and Relative Prime Numbers
  • Modular Arithmetic
  • Fermats and Eulers Theorem
  • Testing for Primality
  • Euclids Algorithm
  • Chinese Remainder Theorem
  • Discrete Logarithms

25
Divisors
  • ba (b divides a, b is a divisor of a) if a
    kb for some k, where a, b, and k are integers,
    and b ? 0
  • If a1, then a ?1
  • If ab and ba, then a ?b
  • Any b ? 0 divides 0
  • If bg and bh, then b(mg nh) for arbitrary
    integers m and n

26
Prime Numbers
  • An integer p gt 1 is a prime number if its only
    divisors are ?1 and ?p
  • Prime Factorization
  • Any integer agt1 can be factored in a unique way
    as
  • a p1?1 p2?2 pt?t where p1 lt p2 lt lt pt
    are prime numbers and where each ?i gt 0
  • If P is the set of all prime numbers, then any
    positive integer can be written uniquely in the
    following form
  • The value of any positive integer can be
    specified by listing all nonzero exponents (ap)
  • Multiplication of two numbers is equivalent to
    adding two corresponding exponents
  • k mn ? kp mp np for all p
  • ab ? ap ? bp for all p

27
Primes Under 2000
28
Relatively Prime Numbers
  • Greatest common divisor
  • c gcd(a, b) if ca and cb and ?d that divides
    a and b dc
  • Equivalently, gcd(a, b) maxc ca and cb
  • k gcd(a, b) ? kp min(ap, bp) for all p
  • a and b are relatively prime if gcd(a, b) 1

29
Modular Arithmetic
  • For any integer a and positive integer n, if a is
    divided by n, the following relationship holds
  • a qn r 0 ? r ? n q ?a/n? (q quotient,
    r remainder or residue)
  • If a is an integer and n is a positive integer, a
    mod n is defined to be the remainder when a is
    divided by n
  • a ?a/n? ? n (a mod n)
  • Two integers a and b are said to be congruent
    modulo n if (a mod n) (b mod n), and this is
    written a ? b mod n
  • Properties of modulo operator
  • a ? b mod n if n(a b)
  • (a mod n) (b mod n) implies a ? b mod n
  • a ? b mod n implies b ? a mod n
  • a ? b mod n and b ? c mod n implies a ? c mod n

30
Modular Arithmetic Operations
  • Modulo arithmetic operation over Zn 0, 1, ,
    n-1
  • Properties
  • (a mod n) (b mod n) mod n (a b) mod n
  • (a mod n) ? (b mod n) mod n (a ? b) mod n
  • (a mod n) ? (b mod n) mod n (a ? b) mod n

31
Properties of Modular Arithmetic
  • Modulo arithmetic over Zn 0, 1, , n-1
    (called a set of residues of modulo n)
  • Integers modulo n with addition and
    multiplication form a commutative ring
  • Commutative laws (a b) mod n (b a) mod n
  • (a ? b) mod n (b ? a) mod n
  • Associative laws (a b) c mod n a (b
    c) mod n
  • (a ? b) ? c mod n a ? (b ? c) mod n
  • Distributive laws a ? (b c) mod n (a ? b)
    (a ? c) mod n
  • Identities (a 0) mod n a mod n
  • (a ? 1) mod n a mod n
  • Additive inverse (-a) ?a ? Zn ?b s.t. a b ? 0
    mod n
  • Multiplicative inverse (a-1) ?a (?0) ? Zn, if a
    is relative prime to n, ?b s.t. a ? b ?
    1 mod n
  • If n is not prime, Zn is a ring, but not a field
  • Zp is a field

32
Modular 7 Arithmetic
33
Groups, Rings, Fields
  • Group
  • A set of numbers with some addition operation
    whose result is also in the set (closure)
  • Obeys associative law, has an identity, has
    inverses
  • If also is commutative its an abelian group
  • Ring
  • An abelian group with a multiplication operation
    also
  • Multiplication is associative and distributive
    over addition
  • If multiplication is commutative, its a
    commutative ring
  • e.g., integers mod N for any N
  • Field
  • An abelian group for addition
  • A ring
  • An abelian group for multiplication (ignoring 0)
  • e.g., integers mod P where P is prime

34
Fermats Little Theorem
  • If p is prime and a is a positive integer not
    divisible by p, then
  • ap-1 ? 1 mod p
  • Proof
  • Start by listing the first p 1 positive
    multiples of a
  • a, 2a, 3a, , (p-1)a
  • Suppose that ra and sa are the same modulo p,
    then we have
  • r ? s mod p, so the p-1 multiples of a above are
    distinct and nonzero that is, they must be
    congruent to 1, 2, 3, , p-1 in some order.
    Multiply all these congruences together and we
    find
  • a ? 2a ? 3a ? ? (p-1)a ? 1 ? 2 ? 3 ? ? (p-1)
    mod p
  • or better, ap-1(p-1)! ? (p-1)! mod p. Divide
    both side by (p-1)! to complete the proof
  • Corollary
  • If p is prime and a is any positive integer, then
  • ap ? a mod p

35
Eulers Totient Function
  • Eulers totient function ?(n) is the number of
    positive integers less than n (including 1) and
    relatively prime to n
  • ?(p) p-1
  • ?(1) 1 (Definition)
  • Let p and q be distinct prime numbers, n pq.
    Then ?(pq) ?(p)?(q) (p-1)(q-1)
  • Proof
  • Consider Zn 0, 1, , pq-1
  • The residues not relatively prime to n are 0, p,
    2p, , (q-1)p, and q, 2q, , (p-1)q
  • So ?(pq) pq - (1 (q-1) (p-1)) pq - p - q
    1 (p-1)(q-1)

36
Eulers Totient Function
37
Eulers Theorem
  • Generalization of Fermats little theorem
  • For every a and n that are relatively
    prime, a?(n) ? 1 mod n
  • Proof
  • The proof is completely analogous to that of the
    Fermat's Theorem except that instead of the set
    of residues 1,2,...,n-1 we now consider the set
    of residues x1,x2,...,x?(n) which are
    relatively prime to n. In exactly the same manner
    as before, multiplication by a modulo n results
    in a permutation of the set x1, x2, ..., x?(n).
    Therefore, two products are congruent
  • x1x2 ... x?(n) ? (ax1)(ax2) ... (ax?(n)) mod n
  • dividing by the left-hand side proves the
    theorem.
  • Corollary
  • a?(n)1 ? a mod n

38
Eulers Theorem
  • Corollaries
  • Given two prime numbers, p and q, and integers n
    pq and m, with 0ltmltn,
  • m?(n)1 m(p-1)(q-1)1 ? m mod n
  • (Demonstrate the validity of the RSA
    algorithm)
  • mk?(n) ? 1 mod n
  • mk?(n)1 ? m mod n

39
Testing for Primality (Miller-Ravins)
  • Miller-Ravin primality test
  • Can be used to determine if a large number is
    prime
  • Based on the following theorem
  • If p is an odd prime, then the equation
  • x2 1 (mod p)
  • has only two solutions namely, x 1 (mod p)
    and x ?1 (mod p)
  • Proof
  • Omitted
  • If there exist solutions to x2 1 (mod n) other
    than ? 1, then n is not prime

40
Modular Exponentiation
  • An efficient way to compute ab mod n
  • Repeated squaring
  • Computes ac mod n as c is
  • increased from 0 to b
  • Each exponent computed
  • in a sequence is either twice
  • the previous exponent or
  • one more than the previous
  • exponent
  • Each iteration of the loop
  • uses one of the identities
  • a2c mod n (ac)2 mod n,
  • a2c1 mod n a ? (ac)2 mod n
  • depending on whether bi 0 or 1
  • Just after bit bi is read and processed, the
    value of c is the same as the prefix bkbk-1bi
    of the binary representation of b
  • Variable c is not needed (included just for
    explanation)
  • Modular-Exponentiation(a, b, n)
  • c ? 0
  • d ? 1
  • let bkbk-1b0 be the binary representation of b
  • for i ? k downto 0
  • do c ? 2c
  • d ? (d ? d) mod n
  • if bi 1
  • then c ? c 1
  • d ? (d ? a) mod n
  • return d

41
Modular Exponentiation - Example
  • Modular-Exponentiation(a, b, n)
  • c ? 0
  • d ? 1
  • let bkbk-1b0 be the binary representation of b
  • for i ? k downto 0
  • do c ? 2c
  • d ? (d ? d) mod n
  • if bi 1
  • then c ? c 1
  • d ? (d ? a) mod n
  • return d
  • Example
  • Result of Modular-Exponentiation algorithm for ab
    mod n, where a 7, b 560 1000110000, n
    561. The values are shown after each execution of
    the for loop

42
Testing for Primality (Miller-Ravins)
  • Core algorithm is WITNESS(a, n)
  • n inputs to WITNESS, to be tested for
    primality,
  • a some randomly chosen integer, 1 ? a lt n
  • WITNESS(a, n) is TRUE if and only if a is a
    witness to the compositeness of n that is, if
    it is possible using a to prove that n is
    composite
  • If WITENSS returns FALSE, then n may be prime
  • WITNESS (a, n)
  • let bkbk-1b0 be the binary rep. of (n-1)
  • d ? 1
  • for i ? k downto 0
  • do x ? d
  • d ? (d ? d) mod n
  • if d 1 and x ? 1 and x ? n 1
  • then return TRUE
  • if bi 1
  • then d ? (d ? a) mod n
  • if d ? 1
  • then return TRUE
  • return FALSE

43
Testing for Primality (Miller-Ravins)
  • WITNESS (a, n)
  • let bkbk-1b0 be the binary rep. of (n-1)
  • d ? 1
  • for i ? k downto 0
  • do x ? d
  • d ? (d ? d) mod n
  • if d 1 and x ? 1 and x ? n 1
  • then return TRUE
  • if bi 1
  • then d ? (d ? a) mod n
  • if d ? 1
  • then return TRUE
  • return FALSE

44
Testing for Primality (Miller-Ravins)
  • Miller-Ravin Primaility Test
  • Probabilistic search
  • Repeatedly invoke s times WITNESS(n,a) using
    randomly chosen values for a, if return false,
    then the probability that n is prime is at least
    1 2-s
  • MILLER_RAVIN (n, s)
  • for j ? 1 to s
  • do a ? RANDOM(1, n-1)
  • if WITNESS(a, n)
  • then return COMPOSITE
  • return PRIME

45
Euclids Algorithm Finding GCD
  • Based on the following theorem
  • gcd(a, b) gcd(b, a mod b)
  • Proof
  • If d gcd(a, b), then da and db
  • For any positive integer b, a kb r r mod b,
    a mod b r
  • a mod b a kb (for some integer k)
  • because db, dkb
  • because da, d(a mod b)
  • ? d is a common divisor of b and (a mod b)
  • Conversely, if d is a common divisor of b and (a
    mod b), then dkb and d kb(a mod b)
  • d kb(a mod b) da
  • ? Set of common divisors of a and b is equal to
    the set of common divisors of b and (a mod b)
  • ex) gcd(18,12) gcd(12,6) gcd(6,0) 6
  • gcd(11,10) gcd(10,1) gcd(1,0) 1

46
Euclids Algorithm Finding GCD
  • Recursive algorithm
  • Function Euclid (a, b) / assume a ? b ? 0 /
  • if b 0 then return a
  • else return Euclid(b, a mod b)
  • Iterative algorithm
  • Euclid(d, f) / assume d gt f gt 0 /
  • 1. X ? d Y ? f
  • 2. if Y0 return X gcd(d, f)
  • 3. R X mod Y
  • 4. X ? Y
  • 5. Y ? R
  • 6. goto 2

47
Euclids Alg. Finding Multiplicative Inverse
  • If gcd(d, f) 1, d has a multiplicative inverse
    modulo f
  • Euclids algorithm can be extended to find the
    multiplicative inverse
  • In addition to finding gcd(d, f), if the gcd is
    1, the algorithm returns multiplicative inverse
    of d (modulo f)
  • Extended Euclid(d, f)
  • (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
    d)
  • If Y3 0 return X3 gcd(d, f) no inverse
  • If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
  • Q ?X3/Y3?
  • (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
  • (X1, X2, X3) ? (Y1, Y2, Y3)
  • (Y1, Y2, Y3) ? (T1, T2, T3)
  • goto 2

48
Euclids Alg. Finding Multiplicative Inverse
  • Extended Euclid(d, f)
  • (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
    d)
  • If Y3 0 return X3 gcd(d, f) no inverse
  • If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
  • Q ?X3/Y3?
  • (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
  • (X1, X2, X3) ? (Y1, Y2, Y3)
  • (Y1, Y2, Y3) ? (T1, T2, T3)
  • goto 2

Note Always f ? Y1 d ? Y2 Y3
49
Chinese Remainder Theorem
  • Let M m1 ? m2 ? m3 ? ? mk, where mis are
    pairwise relatively prime, i.e., gcd(mi, mj) 1,
    1 i?j k
  • Assertion
  • A ? (a1, a2,..,ak), where A ? ZM, ai ? Zmi, and
    ai A mod mi for 1 i k
  • One to one correspondence(bijection) between ZM
    and the Cartesian product Zm1 ? Zm2 ? . ? Zmk
  • For every integer A such that 0 A lt M, there is
    a unique k-tuple (a1, a2,..,ak) with 0 ai lt
    mi
  • For every such k-tuple (a1, a2,..,ak), there is
    a unique A in ZM
  • Transformation from A to (a1, a2,..,ak) is
    unique
  • Computing A from (a1, a2,..,ak) is done as
    follows
  • Let Mi M/mi for 1 i k, i.e., Mi m1 ? m2 ?
    ? mi-1 ? mi1 ? ? mk
  • Note that Mi 0 (mod mj) for all j ? i
  • Let ci Mi x (Mi-1 mod mi) for 1 i k
  • Then A (a1c1 a2c2 akck) mod M
  • ? ai A mod mi, since cj Mj 0 (mod mi) if j?
    i and ci 1 (mod mi)

50
Chinese Remainder Theorem
  • Operations performed on the elements of ZM can be
    equivalently performed on the corresponding
    k-tuples by performing the operation
    independently in each coordinate position
  • ex) A ? (a1, a2, ... ,ak), B ? (b1, b2, ,bk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • CRT provides a way to manipulate (potentially
    large) numbers mod M in term of tuples of smaller
    numbers

51
Chinese Remainder Theorem
  • Example
  • Let m1 37, m2 49, M m1 ? m2 1813, A 973
  • M1 49, M2 37
  • Using the extended Euclids alg. M1-1 34 mod m1
    and M2-1 4 mod m2
  • Taking residues modulo 37 and 49, 973 ? (11,
    42)
  • Suppose we want to add 678 to 973
  • 678 ? (12, 41)
  • Add the tuples element-wise ? (1112 mod 37,
    4241 mod 49) (23, 34)
  • To verify, we compute
  • (23, 34) ? (a1c1 a2c2) mod M (a1M1M1-1
    a2M2M2-1 ) mod M
  • (23)(49)(34) (34)(37)(4) mod 1813 1651
  • which is equal to (678 973) mod 1813 1651

52
Discrete Logarithms
  • Consider the powers of an integer a, modulo n
  • a mod n, a2 mod n, a3 mod n, , am mod n,
  • The least positive exponent m for which am 1
    mod n is referred to
  • The order of a (mod n)
  • The exponent to which a belongs (mod n)
  • The length of the period generated by a
  • If a and m are relatively prime, there is at
    least one integer m that satisfies am 1 mod n,
    namely m ?(n)
  • If a, a2, , a?(n) are distinct (mod n) and all
    are relatively prime to n, a is called a
    primitive root (generator)
  • In particular, for a prime number p, if a is a
    primitive root of p, then a, a2, , ap-1 are
    distinct
  • Not all integers have primitive roots. The only
    integers with primitive roots are those of the
    form 2, 4, p?, and 2p?, where p is any odd prime

53
Powers of Integers, modulo 19
54
Discrete Logarithms - Indices
  • For any integer b and primitive root a of prime
    number p, there is a unique exponent i s.t.
  • b ai mod p where 0 i (p-1)
  • This exponent i is referred to as the index of
    the number b for the base a (mod p), and denoted
    as inda,p(b)
  • inda,p(1) 0, (a0 mod p 1 mod p 1)
  • inda,p(a) 1, (a1 mod p a)
  • Example
  • Ind2,19(a)

55
Derivation of Indices (Discrete Logarithms)
  • By def. of indices, x ainda,p(x) mod p, y
    ainda,p(y) mod p, xy ainda,p(xy) mod p
  • Using the rules of modular multiplication,
    ainda,p(xy) mod p (ainda,p(x) mod p)(ainda,p(y)
    mod p) (ainda,p(x)inda,p(y)) mod p
  • Eulers theorem state that for every a and n that
    are relatively prime, a?(n) 1 mod n
  • Any positive integer z can be expressed in the
    form z q k?(n). Therefore, by Eulers
    theorem az aq mod n if z q mod ?(n)
  • ? inda,p(xy) inda,p(x) inda,p(y) mod ?(p)
  • ? inda,p(yr) r ? inda,p(y) mod ?(p)
  • Demonstrates the analogy between true logarithms
    and indices. Indices often referred to as
    discrete logarithms

56
Tables of Discrete Logarithms, modulo 19
57
Discrete Logarithms
  • Calculation of Discrete Logarithms
  • y gx mod p
  • Given g, x, p, it is a straightforward matter to
    calculate y
  • Given g, y, p, it is very difficult to calculate
    to x (discrete logarithm)
  • The difficulty seems to be on the same order as
    that of factoring primes required for RSA
  • Time complexity O(e((ln p)1/3 ln(ln p))2/3)
Write a Comment
User Comments (0)
About PowerShow.com