1 / 169

Practical Aspects of Modern Cryptography

Practical Aspects of Modern Cryptography. Josh Benaloh Brian LaMacchia John Manferdelli. Public-Key History. 1976 New Directions in Cryptography Whit Diffie and Marty Hellman One-Way functions Diffie-Hellman Key Exchange 1978 RSA paper Ron Rivest, Adi Shamir, and Len Adleman

georgia-steele
Télécharger la présentation

Practical Aspects of Modern Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Aspects of Modern Cryptography Josh Benaloh Brian LaMacchia John Manferdelli

  2. Public-Key History • 1976 New Directions in Cryptography Whit Diffie and Marty Hellman • One-Way functions • Diffie-Hellman Key Exchange • 1978 RSA paper Ron Rivest, Adi Shamir, and Len Adleman • RSA Encryption System • RSA Digital Signature Mechanism Practical Aspects of Modern Cryptography

  3. The Fundamental Equation Z=YXmod N Practical Aspects of Modern Cryptography

  4. Diffie-Hellman Z=YXmod N When X is unknown, the problem is known as the discrete logarithm and is generally believed to be hard to solve. Practical Aspects of Modern Cryptography

  5. Alice Randomly select a large integer aand send A = Ya mod N. Compute the key K =Bamod N. Bob Randomly select a large integer band send B = Yb mod N. Compute the key K =Ab mod N. Diffie-Hellman Key Exchange Ba = Yba = Yab = Ab Practical Aspects of Modern Cryptography

  6. One-Way Trap-Door Functions Z=YXmod N Recall that this equation is solvable for Y if the factorization of N is known, but is believed to be hard otherwise. Practical Aspects of Modern Cryptography

  7. Alice Select two large random primes P & Q. Publish the product N=PQ. Use knowledge of P & Q to compute Y. Anyone To send message Y to Alice, compute Z=YX mod N. Send Z and X to Alice. RSA Public-Key Cryptosystem Practical Aspects of Modern Cryptography

  8. Some RSA Details When N=PQ is the product of distinct primes, YX mod N = Y whenever X mod (P-1)(Q-1) = 1 and 0 YN. Alice can easily select integers E and D such that E•D mod (P-1)(Q-1) = 1. Practical Aspects of Modern Cryptography

  9. Remaining RSA Basics • Why is YX mod PQ = Ywhenever X mod (P-1)(Q-1) = 1, 0 YPQ, and P and Q are distinct primes? • How can Alice can select integers E and D such that E•D mod (P-1)(Q-1) = 1? Practical Aspects of Modern Cryptography

  10. Fermat’s Little Theorem If p is prime, then x p-1 mod p = 1 for all 0 < x < p. Equivalently … If p is prime, then x p mod p = xmod p for all integers x. Practical Aspects of Modern Cryptography

  11. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= p 1 p p–1 p i p! i!(p – i)! Practical Aspects of Modern Cryptography

  12. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= If p is prime, then ( )mod p = 0 for 0 < i < p. p 1 p p–1 p i p! i!(p – i)! p i Practical Aspects of Modern Cryptography

  13. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= If p is prime, then ( )mod p = 0 for 0 < i < p. Thus, (x + y) p mod p = (x p + y p) mod p. p 1 p p–1 p i p! i!(p – i)! p i Practical Aspects of Modern Cryptography

  14. Proof of Fermat’s Little Theorem Practical Aspects of Modern Cryptography

  15. Proof of Fermat’s Little Theorem By induction on x… Practical Aspects of Modern Cryptography

  16. Proof of Fermat’s Little Theorem By induction on x… Basis Practical Aspects of Modern Cryptography

  17. Proof of Fermat’s Little Theorem By induction on x… Basis If x = 0, then x p mod p = 0 = x mod p. Practical Aspects of Modern Cryptography

  18. Proof of Fermat’s Little Theorem By induction on x… Basis If x = 0, then x p mod p = 0 = x mod p. If x = 1, then x p mod p = 1 = x mod p. Practical Aspects of Modern Cryptography

  19. Proof of Fermat’s Little Theorem Practical Aspects of Modern Cryptography

  20. Proof of Fermat’s Little Theorem Inductive Step Practical Aspects of Modern Cryptography

  21. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Practical Aspects of Modern Cryptography

  22. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p Practical Aspects of Modern Cryptography

  23. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Practical Aspects of Modern Cryptography

  24. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Hence, x p mod p = x mod p for integers x ≥ 0. Practical Aspects of Modern Cryptography

  25. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Hence, x p mod p = x mod p for integers x ≥ 0. Also true for negative x, since (-x) p = (-1) px p. Practical Aspects of Modern Cryptography

  26. Proof of RSA Practical Aspects of Modern Cryptography

  27. Proof of RSA We have shown … Practical Aspects of Modern Cryptography

  28. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P Practical Aspects of Modern Cryptography

  29. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! Practical Aspects of Modern Cryptography

  30. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … Practical Aspects of Modern Cryptography

  31. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … YK(P-1)(Q-1)+1 mod PQ = Y when 0 ≤ Y < PQ Practical Aspects of Modern Cryptography

  32. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … YK(P-1)(Q-1)+1 mod PQ = Y when 0 ≤ Y < PQ P and Q are distinct primes and K ≥ 0. Practical Aspects of Modern Cryptography

  33. Finding Primes Practical Aspects of Modern Cryptography

  34. Finding Primes Euclid’s proof of the infinity of primes Practical Aspects of Modern Cryptography

  35. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. Practical Aspects of Modern Cryptography

  36. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. Practical Aspects of Modern Cryptography

  37. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. Practical Aspects of Modern Cryptography

  38. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. • The prime factors of N+1 are not among the finite set of primes multiplied to form N. Practical Aspects of Modern Cryptography

  39. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. • The prime factors of N+1 are not among the finite set of primes multiplied to form N. • This contradicts the assumption that the set of all primes is finite. Practical Aspects of Modern Cryptography

  40. The Prime Number Theorem Practical Aspects of Modern Cryptography

  41. The Prime Number Theorem The number of primes less than N is approximately N/(ln N). Practical Aspects of Modern Cryptography

  42. The Prime Number Theorem The number of primes less than N is approximately N/(ln N). Thus, approximately 1 out of every n randomly selected n-bit integers will be prime. Practical Aspects of Modern Cryptography

  43. Testing Primality Recall Fermat’s Little Theorem If p is prime, then a(p-1) mod p = 1 for all a in the range 0 < a < p. Practical Aspects of Modern Cryptography

  44. The Miller-Rabin Primality Test Practical Aspects of Modern Cryptography

  45. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Practical Aspects of Modern Cryptography

  46. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times Practical Aspects of Modern Cryptography

  47. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 Practical Aspects of Modern Cryptography

  48. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. Practical Aspects of Modern Cryptography

  49. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. • If am = ±1 or if some a2im = -1, then N is probably prime – continue. Practical Aspects of Modern Cryptography

  50. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. • If am = ±1 or if some a2im = -1, then N is probably prime – continue. • Otherwise, N is composite – stop. Practical Aspects of Modern Cryptography

More Related