1 / 35

Lecture 3.1: Public Key Cryptography I

Lecture 3.1: Public Key Cryptography I. CS 436/636/736 Spring 2015 Nitesh Saxena. Today’s Informative/Fun Bit – Acoustic Emanations. http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+emanations&btnG=Google+Search http://tau.ac.il/~tromer/acoustic/.

cathleenl
Télécharger la présentation

Lecture 3.1: Public Key Cryptography I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena

  2. Today’s Informative/Fun Bit – Acoustic Emanations • http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+emanations&btnG=Google+Search • http://tau.ac.il/~tromer/acoustic/ Public Key Cryptography -- I

  3. Course Administration • HW1 posted – due at 11am on Feb 2 (Mon) • Any questions? • Regarding programming portion of the homework • Submit the whole modified code that you used to measure timings • Comment the portions in the code where you modified the code • Include a small “readme” for us to understand this Public Key Cryptography -- I

  4. Outline of Today’s Lecture • Public Key Crypto Overview • Number Theory • Modular Arithmetic Public Key Cryptography -- I

  5. Recall: Private Key/Public Key Cryptography • Private Key: Sender and receiver share a common (private) key • Encryption and Decryption is done using the private key • Also called conventional/shared-key/single-key/ symmetric-key cryptography • Public Key: Every user has a private key and a public key • Encryption is done using the public key and Decryption using private key • Also called two-key/asymmetric-key cryptography Public Key Cryptography -- I

  6. Private key cryptography revisited. • Good: Quite efficient (as you’ll see from the HW#1 programming exercise on AES) • Bad: Key distribution and management is a serious problem – for N users O(N2) keys are needed Public Key Cryptography -- I

  7. Public key cryptography model • Good: Key management problem potentially simpler • Bad: Much slower than private key crypto (we’ll see later!) Public Key Cryptography -- I

  8. Public Key Encryption • Two keys: • public encryption key e • private decryption key d • Encryption easy when e is known • Decryption easy when d is known • Decryption hard when d is not known • We’ll study such public key encryption schemes; first we need some number theory. Public Key Cryptography -- I

  9. Public Key Encryption: Security Notions • Very similar to what we studied for private key encryption • What’s the difference? Public Key Cryptography -- I

  10. Group: Definition (G,.) (where G is a set and . : GxGG) is said to be a group if following properties are satisfied: • Closure : for any a, b G, a.b G • Associativity : for any a, b, c G, a.(b.c)=(a.b).c • Identity : there is an identity element such that a.e = e.a = a, for any a G • Inverse : there exists an element a-1 for every a in G, such that a.a-1 = a-1.a = e Abelian Group: Group which also satisfies commutativity , i.e., a.b = b.a

  11. Groups: Examples • Set of all integers with respect to addition --(Z,+) • Set of all integers with respect to multiplication (Z,*) – not a group • Set of all real numbers with respect to multiplication (R,*) • Set of all integers modulo m with respect to modulo addition (Zm, “modular addition”) Public Key Cryptography -- I

  12. Divisors • xdividesy (written x | y) if the remainder is 0 when y is divided by x • 1|8, 2|8, 4|8, 8|8 • The divisors of y are the numbers that divide y • divisors of 8: {1,2,4,8} • For every number y • 1|y • y|y Public Key Cryptography -- I

  13. Prime numbers • A number is prime if its only divisors are 1 and itself: • 2,3,5,7,11,13,17,19, … • Fundamental theorem of arithmetic: • For every number x, there is a unique set of primes {p1, … ,pn} and a unique set of positive exponents {e1, … ,en} such that Public Key Cryptography -- I

  14. Common divisors • The common divisors of two numbers x,y are the numbers z such that z|x and z|y • common divisors of 8 and 12: • intersection of {1,2,4,8} and {1,2,3,4,6,12} • = {1,2,4} • greatest common divisor: gcd(x,y) is the number z such that • z is a common divisor of x and y • no common divisor of x and y is larger than z • gcd(8,12) = 4 Public Key Cryptography -- I

  15. Euclidean Algorithm: gcd(r0,r1) Main idea: If y = ax + b then gcd(x,y) = gcd(x,b) Public Key Cryptography -- I

  16. Example – gcd(15,37) • 37 = 2 * 15 + 7 • 15 = 2 * 7 + 1 • 7 = 7 * 1 + 0 • gcd(15,37) = 1 Public Key Cryptography -- I

  17. Relative primes • x and y are relatively prime if they have no common divisors, other than 1 • Equivalently, x and y are relatively prime if gcd(x,y) = 1 • 9 and 14 are relatively prime • 9 and 15 are not relatively prime Public Key Cryptography -- I

  18. Modular Arithmetic • Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: • We work in Zm = {0, 1, 2, …, m-1}, the group of integers modulo m • Example: Z9 ={0,1,2,3,4,5,6,7,8} • We abuse notation and often write = instead of Public Key Cryptography -- I

  19. Addition in Zm : • Addition is well-defined: • 3 + 4 = 7 mod 9. • 3 + 8 = 2 mod 9. Public Key Cryptography -- I

  20. Additive inverses in Zm • 0 is the additive identity in Zm • Additive inverse of a is -a mod m = (m-a) • Every element has unique additive inverse. • 4 + 5= 0 mod 9. • 4 is additive inverse of 5. Public Key Cryptography -- I

  21. Multiplication in Zm : • Multiplication is well-defined: • 3 * 4 = 3 mod 9. • 3 * 8 = 6 mod 9. • 3 * 3 = 0 mod 9. Public Key Cryptography -- I

  22. Multiplicative inverses in Zm • 1 is the multiplicative identity in Zm • Multiplicative inverse (x*x-1=1 mod m) • SOME, but not ALL elements have unique multiplicative inverse. • In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) • On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4-1=7, (mod 9) Public Key Cryptography -- I

  23. Which numbers have inverses? • In Zm, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 • E.g., 4 in Z9 Public Key Cryptography -- I

  24. Extended Euclidian: a-1 mod n • Main Idea: Looking for inverse of a mod n means looking for x such that x*a – y*n = 1. • To compute inverse of a mod n, do the following: • Compute gcd(a, n) using Euclidean algorithm. • Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. • So you can obtain linear combination of rm and rm-1 that yields 1. • Work backwards getting linear combination of ri and ri-1 that yields 1. • When you get to linear combination of r0 and r1 you are done as r0=n and r1= a. Public Key Cryptography -- I

  25. Example – 15-1 mod 37 • 37 = 2 * 15 + 7 • 15 = 2 * 7 + 1 • 7 = 7 * 1 + 0 Now, • 15 – 2 * 7 = 1 • 15 – 2 (37 – 2 * 15) = 1 • 5 * 15 – 2 * 37 = 1 So, 15-1 mod 37 is 5. Public Key Cryptography -- I

  26. Modular Exponentiation:Square and Multiply method • Usual approach to computing xc mod n is inefficient when c is large. • Instead, represent c as bit string bk-1 … b0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z2 mod n if bi = 1 then z = z* x mod n Public Key Cryptography -- I

  27. Example: 3037 mod 77 z = z2 mod n if bi = 1 then z = z* x mod n Public Key Cryptography -- I

  28. Other Definitions • An element g in G is said to be a generator of a group if a = gi for every a in G, for a certain integer i • A group which has a generator is called a cyclic group • The number of elements in a group is called the order of the group • Order of an element a is the lowest i (>0) such that ai = e (identity) • A subgroup is a subset of a group that itself is a group Public Key Cryptography -- I

  29. Lagrange’s Theorem • Order of an element in a group divides the order of the group Public Key Cryptography -- I

  30. Euler’s totient function • Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n • Fact: If p is prime then • {1,2,3,…,p-1} are relatively prime to p. Public Key Cryptography -- I

  31. Euler’s totient function • Fact: If p and q are prime and n=pq then • Each number that is not divisible by p or by q is relatively prime to pq. • E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} • pq-p-(q-1) = (p-1)(q-1) Public Key Cryptography -- I

  32. Euler’s Theorem and Fermat’s Theorem • If a is relatively prime to n then • If a is relatively prime to p then ap-1 = 1 mod p Proof : follows from Lagrange’s Theorem Public Key Cryptography -- I

  33. Euler’s Theorem and Fermat’s Theorem EG: Compute 9100 mod 17: p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100  (916)6(9)4 (mod 17)  (1)6(9)4 (mod 17)  (81)2 (mod 17)  16 Public Key Cryptography -- I

  34. Some questions • 2-1 mod 4 =? • What is the complexity of • (a+b) mod m • (a*b) mod m • xc mod (n) • Order of a group is 5. What can be the order of an element in this group? Public Key Cryptography -- I

  35. Further Reading • Chapter 4 of Stallings • Chapter 2.4 of HAC Public Key Cryptography -- I

More Related