Lecture 5 Overview

1
Lecture 5 Overview
2
Does DES Work?

• Differential Cryptanalysis Idea
• Use two plaintext that barely differ
• Study the difference in the corresponding cipher
  text
• Collect the keys that could accomplish the change
• Repeat

3
Cracking DES

• Diffie and Hellman then outlined a "brute force"
  attack on DES
• By "brute force" is meant that you try as many of
  the 256 possible keys as you have to before
  decrypting the ciphertext into a sensible
  plaintext message
• They proposed a special purpose "parallel
  computer using one million chips to try one
  million keys each" per second

4
Cracking DES (cont.)

• In 1998, Electronic Frontier Foundation spent
  220K and built a machine that could go through
  the entire 56-bit DES key space in an average of
  4.5 days
• On July 17, 1998, they announced they had cracked
  a 56-bit key in 56 hours
• The computer, called Deep Crack
• used 27 boards each containing 64 chips
• was capable of testing 90 billion keys a second

5
Cracking DES (cont.)

• In early 1999, Distributed. Net used the DES
  Cracker and a worldwide network of nearly 100K
  PCs to break DES in 22 hours
• combined they were testing 245 billion keys per
  second
• This just serves to illustrate that any
  organization with moderate resources can break
  through DES with very little effort these days

6
Double DES

• E(k1, E(k2, M) )
• As strong as 57-bit key !
• Given message M and ciphertext c
• Encrypt M with all possible keys
• 256 steps
• Decrypt c with all possible keys and match Ms
• 256 steps

7
Triple DES Two keys

• E(k1, D(k2, E(k1, M) ) )
• The first key is used to DES-encrypt the message
• The second key is used to DES-decrypt the
  encrypted message
• Since the second key is not the right key, this
  decryption just scrambles the data further
• The twice-scrambled message is then encrypted
  again with the first key to yield the final
  ciphertext
• As strong as 80-bit key !

8
Triple DES Three keys

• E(k3, D(k2, E(k1, M) ) )
• The first key is used to DES-encrypt the message
• The second key is used to DES-decrypt the
  encrypted message
• Since the second key is not the right key, this
  decryption just scrambles the data further
• The twice-scrambled message is then encrypted
  with the third key to yield the final ciphertext
• As strong as 112-bit key !

9
Analysis of Algorithms

• Algorithms
• Time Complexity
• Space Complexity
• An algorithm whose time complexity is bounded by
  a polynomial is called a polynomial-time
  algorithm
• An algorithm is considered to be efficient if it
  runs in polynomial time.

10
Growth Rate

• T(n) O(f(n)) T is bounded above by f
• The growth rate of T(n) lt growth rate of f(n)
• T(n) W (g(n)) T is bounded below by g
• The growth rate of T(n) gt growth rate of g(n)
• T(n) Q(h(n)) T is bounded both above and below
  by h
• The growth rate of T(n) growth rate of h(n)
• T(n) o(p(n)) T is dominated by p
• The growth rate of T(n) lt growth rate of p(n)

11
Time Complexity

• C
• O(n)
• O(log n)
• O(nlogn)
• O(n2)
• O(nk)
• O(2n)
• O(kn)
• O(nn)

Polynomial
Exponential
12
P, NP, NP-hard, NP-complete

• A problem belongs to the class P if the problem
  can be solved by a polynomial-time algorithm
• A problem belongs to the class NP if the
  correctness of the problems solution can be
  verified by a polynomial-time algorithm
• A problem is NP-hard if it is as hard as any
  problem in NP
• Existence of a polynomial-time algorithm for an
  NP-hard problem implies the existence of
  polynomial solutions for every problem in NP
• NP-complete problems are the NP-hard problems
  that are also in NP

13
Relationships between different classes
NP-hard
NP
P
NP-complete
14
Partitioning Problem

• Given a set of n integers, partition the integers
  into two subsets such that the difference between
  the sum of the elements in the two subsets is
  minimum
• NP-complete
• 13, 37, 42, 59, 86, 100

Sum 165 172
86 100
42 59
37 13
15
Bin Packing Problem

• Suppose you are given n items of sizes
• s1, s2,..., sn
• All sizes satisfy 0 ? si ? 1
• The problem is to pack these items in the fewest
  number of bins,
• given that each bin has unit capacity
• NP-hard

16
Lecture 6 RSA

• CS 450/650
• Fundamentals of
• Integrated Computer Security

Slides are modified from Hesham El-Rewini
17
RSA

• Invented by Cocks (GCHQ), independently, by
  Rivest, Shamir and Adleman (MIT)
• Two keys e and d used for Encryption and
  Decryption
• The keys are interchangeable
• M D(d, E(e, M) ) D(e, E(d, M) )
• Public key encryption
• Based on problem of factoring large numbers
• Not in NP-complete
• Best known algorithm is exponential

18
RSA

• To encrypt message M compute
• c Me mod N
• To decrypt ciphertext c compute
• M cd mod N

19
Key Choice

• Let p and q be two large prime numbers
• Let N pq
• Choose e relatively prime to (p?1)(q?1)
• a prime number larger than p-1 and q-1
• Find d such that ed mod (p?1)(q?1) 1

20
RSA

• Recall that e and N are public
• If attacker can factor N, he can use e to easily
  find d
• since ed mod (p?1)(q?1) 1
• Factoring the modulus breaks RSA
• It is not known whether factoring is the only way
  to break RSA

21
Does RSA Really Work?

• Given c Me mod N we must show
• M cd mod N Med mod N
• Well use Eulers Theorem
• If x is relatively prime to N then x?(N) mod N 1
• ?(n) number of positive integers less than n
  that are relatively prime to n.
• If p is prime then, ?(p) p-1

22
Does RSA Really Work?

• Facts
• ed mod (p ? 1)(q ? 1) 1
• ed k(p ? 1)(q ? 1) 1 by definition of mod
• ?(N) (p ? 1)(q ? 1)
• Then ed ? 1 k(p ? 1)(q ? 1) k?(N)
• Med M(ed-1)1 M?Med-1 M?Mk?(N)
• M?(M?(N)) k mod N M?1 k mod N
• M mod N

23
Example

• Select primes p11, q3.
• N p q 113 33
• Choose e 3
• check gcd(e, p-1) gcd(3, 10) 1
• i.e. 3 and 10 have no common factors except 1
• check gcd(e, q-1) gcd(3, 2) 1
• therefore gcd(e, (p-1)(q-1)) gcd(3, 20) 1

24
Example (cont.)

• p-1 q-1 10 2 20
• Compute d such that
• e d mod (p-1)(q-1) 1
• 3 d mod 20 1
• d 7
• Public key (N, e) (33, 3)
• Private key (N, d) (33, 7)

25
Example (cont.)

• Now say we want to encrypt message m 7
• c Me mod N 73 mod 33 343 mod 33 13
• Hence the ciphertext c 13
• To check decryption, we compute
• M' cd mod N 137 mod 33 7

26
More Efficient RSA

• Modular exponentiation example
• 520 95367431640625 25 mod 35
• A better way repeated squaring
• Note that 20 2 ? 10, 10 2 ? 5, 5 2 ? 2 1,
  2 1? 2
• 51 5 mod 35
• 52 (51) 2 52 25 mod 35
• 55 (52) 2 ? 51 252 ? 5 3125 10 mod 35
• 510 (55) 2 102 100 30 mod 35
• 520 (510) 2 302 900 25 mod 35
• No huge numbers and its efficient!

27
RSA key-length strength

• RSA has challenges for different key-lengths
• RSA-140
• Factored in 1 month using 200 machines in 1999
• RSA-155 (512-bit)
• Factored in 3.7 months using 300 machines in 1999
• RSA-160
• Factored in 20 days in 2003
• RSA-200
• Factored in 18 month in 2005
• RSA-210, RSA-220, RSA-232, RSA-2048

28
Group Work

• Find keys d and e for the RSA cryptosystem with p
  7 and q 11
• Solution
• pq 77
• (p-1) (q-1) 60
• e 37
• d 13
• n 13 37 481 1 mod 60