210 likes | 355 Vues
Public key ciphers 2. Session 6. Contents. The discrete logarithm problem The Diffie-Hellman key exchange. The discrete logarithm problem. Over the real numbers, exponentiation (finding y = b x ) is not significantly easier than the inverse operation (finding x = log b ( y ))
E N D
Public key ciphers 2 Session 6
Contents • The discrete logarithm problem • The Diffie-Hellman key exchange
The discrete logarithm problem • Over the real numbers, exponentiation (finding y=bx ) is not significantly easier than the inverse operation (finding x=logb(y)) • Over GF(pn) the algorithm for modular exponentiation or repeated squaring makes exponentiation easy • But finding logb(y) is considered to be a difficult problem
The discrete logarithm problem • Definition (Discrete logarithm) • If G is a finite group, b is an element of G and y is an element of G such that y=bx, then the discrete logarithm of y for the base b is any integer x such that bx= y
The discrete logarithm problem • Example (1) • Let f(x)=x2-x-1 be an irreducible polynomial over GF(32) • The elements of the multiplicative group of the field are the powers of a primitive element (1) 0=101 1=10 2=2 mod (2--1)=+111 3=2=(+1)=2+=+1+=2+121
The discrete logarithm problem • Example (2) • The elements of the multiplicative group of the field (2) 4=3=(2+1)=22+=2(+1)+=2+2+=202 5=4=220 6=5=2=22=2(+1)=2+222 7=6=(2+2)=22+2=2(+1)+2=2+2+2= = +212 00 is also an element of the field
The discrete logarithm problem • Example (3) • The logarithm log(02)=log(4)=4 • We do not know a polynomial algorithm for determining the discrete log in a general case (i.e. in any group)
The discrete logarithm problem • Known algorithms for solving DLP (1) • Algorithms that work in arbitrary groups • Exhaustive search • Baby-step giant-step algorithm • Etc. • Algorithms that work in arbitrary groups, but are especially efficient if the order of the group has only small prime factors • Example: the Pohlig-Hellman algorithm
The discrete logarithm problem • Known algorithms for solving DLP (2) • The index calculus algorithms, which are efficient only in certain groups
The discrete logarithm problem • Exhaustive search • Requires generating of the whole multiplicative group of the field • That requires O(q) operations, where q=pn is the order of the multiplicative group of the field GF(pn)
The discrete logarithm problem • The Baby step – giant step algorithm (1) • Input • A generator of a cyclic group G of order n, and an element G • Output • The discrete logarithm x = log
The discrete logarithm problem • The Baby step – giant step algorithm (2) • Set m= • Construct a table with entries (j,j), 0j<m • Sort the table by its second component • Compute -m mod n and set =
The discrete logarithm problem • The Baby step – giant step algorithm (3) • For 0im-1 do • Check if is the second component of some entry in the table • If =j then return x=im+j • Set -m • The algorithm requires O( ) storage and O( ) group multiplications
The discrete logarithm problem • Example: n=113, =3, =57 (1) • Set m= =11 • Construct the table • Sort the table by the second component
The discrete logarithm problem • Example: n=113, =3, =57 (2) • Compute -11 mod 113 = (11)-1 (1) • We use the extended Euclidean algorithm (1) 11 mod 113=311 mod 113=76 • We compute (113,76) 113=176+37 76=237+2 37=182+1 • Then 1=37-182=37-18(76-237)=37-1876+3637= =3737-1876=37(113-76)-1876=37113-3776-1876= =37113-5576
The discrete logarithm problem • Example: n=113, =3, =57 (3) • Compute -11 mod 113 = (11)-1 (2) • We use the extended Euclidean algorithm (2) • If we take both sides mod 113 we get • 1-55 76 (mod 113) • Since -5558 (mod 113), (11)-1=58 • We also set ==57
The discrete logarithm problem • Example: n=113, =3, =57 (4) • For i=0 to 10 we try -m until we get a value from the second row in the table • We conclude that log357=911+1=100
The Diffie-Hellman key exchange • Diffie and Hellman gave the first detailed proposal for the process of agreeing on a key for a classical cryptosystem using a public key system • The key exchange protocol is based on the assumption that it is computationally infeasible to compute gab knowing only ga and gb when g is some fixed element in GF(pn)
The Diffie-Hellman key exchange • The Diffie-Hellman assumption is a priori at least as strong as the assumption that discrete logarithms cannot be feasibly computed in a group • Let p be a prime and let be a generator
The Diffie-Hellman key exchange • Example, p=53, n=1, =2
The Diffie-Hellman key exchange • The Diffie-Hellman key exchange algorithm gives protection against passive adversaries, but not against active adversaries capable of intercepting, modifying, or injecting messages • Neither party has assurance of the source identity of the incoming message or the identity of the party which may know the resulting key