Cryptography - PowerPoint PPT Presentation

About This Presentation
Title:

Cryptography

Description:

Cryptography Lecture 14: Oct 29 (based on s in MIT 6.042) – PowerPoint PPT presentation

Number of Views:361
Avg rating:3.0/5.0
Slides: 41
Provided by: cse12
Category:

less

Transcript and Presenter's Notes

Title: Cryptography


1
Cryptography
  • Lecture 14 Oct 29

(based on slides in MIT 6.042)
2
Modular Arithmetic
Def a ? b (mod n) iff n(a - b).
For example, 15 ? 29 (mod 7).
Theorem. a ? b (mod n) iff rem(a, n) rem(b, n).
  1. a qn r
  2. b qn r
  3. n (a-b) iff r r

Corollary. a ? rem(a,n) (mod n)
3
Modular Addition and Multiplication
Addition If a ? a (mod n), and b ? b (mod n)
then ab ? ab (mod
n).
Multiplication If a ? a (mod n), and b ? b
(mod n) then
ab ? ab (mod n).
e.g. Let n10, a2, a12, b3, b23
4
Multiplicative Inverse
The multiplicative inverse of a number a is
another number a such that a a 1 (mod n)
5
Multiplication Inverse
Theorem. If gcd(k,n)1, then have k
kk ? 1 (mod n). k is an
inverse mod n of k
pf sk tn 1. So tn 1 - sk This means n 1
- sk just let k s .
So we can use extended GCD algorithm to compute
the inverse of k.
6
Cancellation
So ? (mod n) a lot like . main diff cant
cancel 42 ? 12 (mod 6) 4 ? 1 (mod 6)
Contrapositive if i ? j (mod n) and gcd(k,n)1,
then ik ? jk (mod n).
Cor If ik ? jk (mod n), and gcd(k,n) 1,
then i ? j (mod n)
  • pf Let k be the multiplicative inverse of k.
  • ik ? jk (mod n),
  • ikk ? jkk (mod n),
  • i ? j (mod n)

7
Permutation
If p is prime k not a multiple of p, can cancel
k. So k, 2k, , (p-1)k are all different (mod
p). So their remainders on division by p are all
different (mod p).
Cor If ik ? jk (mod n), and gcd(k,n) 1,
then i ? j (mod n)
This means that rem(k, p), rem(2k,
p),,rem((p-1)k, p) must be a permutation of 1,
2, , (p-1)
Let k3, p7.
3 6 2 5 1 4
8
Powers Series
What is the pattern of x0 x1 x2 x3...?
For n7, the sequence starts cycling, and comes
back to 1.
9
Fermats Little Theorem
Theorem If p is prime k not a multiple of p
1 ? kp-1 (mod p)
  • Proof.
  • 12(p-1)
  • rem(k,p)rem(2k,p)rem((p-1)k,p)
  • ? (k)(2k) ((p-1)k) (mod p)
  • ? (kp-1)12 (p-1) (mod p)
  • so
  • 1 ? kp-1 (mod p)

A permutation
10
Cryptography
Cryptography is the study of methods for sending
and receiving secret messages.
Alice
Bob
message
adversary
Goal Even though an adversary can listen to your
conversation, the adversary can not
learn what the message was.
11
Cryptography
Goal Even though an adversary can listen to your
conversation, the adversary can not
learn what the message was.
f(message)
Alice
Bob
encrypt the message
decrypt the message
adversary
message -gt f(message)
f(message) -gt message
But the adversary has no clue how to obtain
message from f(message)
A difficult goal!
12
Key
Goal Even though an adversary can listen to your
conversation, the adversary can not
learn what the message was.
f(message, key)
Alice
Bob
encrypt the message using the key
decrypt the message using the key
adversary
message -gt f(message,key)
f(message,key) -gt message
But the adversary can not decrypt f(message,key)
without the key
Use number theory!
13
Turings Code (Version 1.0)
The first step is to translate a message into a
number
v i c t o r y -gt 22 09 03 20
15 18 25
Beforehand The sender and receiver agree on a
secret key, which is a large number
k. Encryption The sender encrypts the message m
by computing m m
k Decryption The receiver decrypts m by
computing m/k m k/k m
14
Turings Code (Version 1.0)
mk
Alice
Bob
m message k key encrypted message mk
mk received message k key decrypted message
mk/km
adversary
Why the adversary cannot figure out m?
The adversary doesnt have the key k, and so can
only factor mk to figure out m, but factoring is
a difficult task to do.
15
Turings Code (Version 1.0)
mk
Alice
Bob
m message k key encrypted message mk
mk received message k key decrypted message
mk/km
adversary
So why dont we use this Turings code today?
Major flaw if you use the same key to send two
messages m and m, then from
mk and mk, we can use
gcd(mk,mk) to figure out k,
and then decrypt every message.
16
Turings Code (Version 2.0)
Beforehand The sender and receiver agree on a
large prime p, which may be made public. (This
will be the modulus for all our arithmetic.) They
also agree on a secret key k in 1, 2, . . . , p
- 1. Encryption The message m can be any
integer in the set 0, 1, 2, . . . , p - 1. The
sender encrypts the message m to produce m by
computing m rem(mk, p)
Decryption Let k be the multiplicative inverse
of k under modulo p. m ? mk
(mod p) mk ? m (mod p)
mk m
17
Turings Code (Version 2.0)
Public information p
Alice
Bob
m rem(mk,p)
m message k key encrypted message rem(mk,p)
m received message k key decrypted message
mk m
adversary
Why the adversary cannot figure out m?
Many m and k can produce m as output, just
impossible to determine m without k.
18
Turings Code (Version 2.0)
Public information p
Alice
Bob
m rem(mk,p)
m message k key encrypted message rem(mk,p)
m received message k key decrypted message
mk m
adversary
So why dont we use this Turings code today?
If the adversary somehow knows m, then first
compute m multiplicative inverse of m m ?
mk (mod p) mm ? k (mod p) So the adversary
can figure out k.
plain-text attack
19
Private Key Cryptosystem
f(message, key)
Alice
Bob
encrypt the message using the key
decrypt the message using the key
adversary
message -gt f(message,key)
f(message,key) -gt message
But the adversary can not decrypt f(message,key)
without the key
Two parties have to agree on a secret key, which
may be difficult in practice.
If we buy books from Amazon, we dont need to
exchange a secret code.
Why is it secure?
20
Public Key Cryptosystem
Public information Key for Alice
Public information Key for Bob
f(message, Bobs key)
Alice
Bob
encrypt the message using Bobs key
decrypt the message
adversary
f(message,Bobs key) -gt message
message -gt f(message,Bobs key)
But the adversary can not decrypt f(message,
Bobs key)!
Only Bob can decrypt the message sent to him!
There is no need to have a secret key between
Alice and Bob.
How is it possible???
21
RSA Cryptosystem
RSA are the initials of three Computer Scientists,
Ron Rivest, Adi Shamir and Len Adleman, who
discovered their algorithm when they were working
together at MIT in 1977.
22
How to Choose Public Key?
(Use slides in HKUST COMP170.)
23
How to Encrypt and Decrypt?
24
Decryption
25
Decryption
26
Easy Case
27
Interesting Case
28
Decryption
29
Decryption
30
Prime Factors
31
Decryption
32
Correctness of RSA Cryptosystem
33
Why is this Secret?
34
RSA Example
35
RSA Example
36
Exponentiation mod n
37
Exponentiation mod n
38
Exponentiation mod n
39
Repeated Squaring
40
Classwork 2
Special office hours Tomorrow (Oct 30) whole day.
Write a Comment
User Comments (0)
About PowerShow.com