1 / 54

The Algebra of Encryption

The Algebra of Encryption. CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011. Modern Cryptography. Multi-Precision Calculator. That’s a lot of digits. Modular Arithmetic. The Division Algorithm a = m b + r

nyssa-atkins
Télécharger la présentation

The Algebra of Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Algebra of Encryption CS 6910 Semester Research and Project University of Colorado at Colorado Springs By Cliff McCullough 20 July 2011

  2. Modern Cryptography Cliff McCullough

  3. Multi-Precision Calculator Cliff McCullough

  4. That’s a lot of digits Cliff McCullough

  5. Modular Arithmetic • The Division Algorithm a = m b + r “Any integer a can be divided by b in such a way that the remainder is smaller than b.” (Burton, 2007, p. 17) Cliff McCullough

  6. Examples • 13 = 1 * 12 + 1 • 13 ≡ 1 mod 12 • 9 = 0 * 12 + 9 • 9 ≡ 9 mod 12 Cliff McCullough

  7. Addition • First express the numbers in modular form • Add the numbers and collect the terms • Adjust the multiplier if needed so that the residue is positive and less than the modulus Cliff McCullough

  8. Subtraction • First express the numbers in modular form • Subtract the numbers and collect the terms • Adjust the multiplier if needed so that the residue is positive and less than the modulus Cliff McCullough

  9. Multiplication • Multiplication is merely repeated addition • Adjust the multiplier so that the residue is positive and less than the modulus Cliff McCullough

  10. Division • Division is tricky • Instead of c ---- = e d • We write c = d * e • Ask by what number, e, can we multiply d to result in c, in modular arithmetic? Cliff McCullough

  11. Division by Multiplicative Inverse • Another way to divide is to multiply by the MMI c * d-1 = e • MMI: d * d-1 = 1 mod modulus • Ask by what number, d-1 , can we multiply d such that the result is 1 in modular arithmetic? Cliff McCullough

  12. Useful Functions • Euclidean Algorithm • Greatest Common Divisor • Modular Multiplicative Inverse • Modular Exponentiation • Chinese Remainder Theorem • Euler’s Totient Function Cliff McCullough

  13. Greatest Common Divisor • Compare the smaller number to the larger • Find the quotient of the two numbers • Multiply the smaller by the quotient and subtract • Now compare the residue with the previous smaller number • Continue until the residue is zero Cliff McCullough

  14. GCD Example Example from (Euclidean algorithm, 2011) Cliff McCullough

  15. GCD Results AE = 3 * CF CD = 2 * AE + CF = 2 * 3 * CF + CF = 7 * CF AB = CD + AE = 7 * CF + 3 * CF = 10 * CF Cliff McCullough

  16. Extended Euclidean Algorithm • Use Extended Euclidean Algorithm • Basically keep track of the coefficients • Start by writing the two numbers • Find the quotient • Multiply the second equation by the quotient and subtract from the first • Repeat steps 2 and 3 until the residue is zero Cliff McCullough

  17. Extended Euclid Example • 50 = 50 ( 1) + 35 ( 0) • 35 = 50 ( 0) + 35 ( 1), q = 1 • 15 = 50 ( 1) + 35 ( -1), q = 2 • 5 = 50 ( -2) + 35 ( 3), q = 3 • 0 = 50 ( 7) + 35 (-10) Cliff McCullough

  18. Finding the MMI • 13 = 13 ( 1) + 4 ( 0) • 4 = 13 ( 0) + 4 ( 1), q = 3 • 1 = 13 ( 1) + 4 ( -3) • 1 = 13 (1) + 4 (-3) + 13 (-4) + 4 (13) • 1 = 13 (1 - 4) + 4 (-3 + 13) • 1 = 13 (-3) + 4 (10) Cliff McCullough

  19. Modular Exponentiation • Initiate X = base, E = exponent, Y = 1 • If E is odd • Replace Y = X * Y • Replace E = E - 1 • E is now even • Replace X = X * X • Replace E = E ÷ 2 • When E = 0, Y is the answer (Garrett, 2004, p. 123) Cliff McCullough

  20. Exponentiation Example E = 11 = 8 + 2 + 1 Y = 38 * 32 * 31 = 6561 * 9 * 3 = 177147 Cliff McCullough

  21. Modular Exponentiation Example E = 11 = 8 + 2 + 1 Y = 38 * 32 * 31 = 237 * 9 * 3 mod 527 Cliff McCullough

  22. Consider Multiplication 1111 11 x 1111 x 11 ---------------- -------- 1111 11 1111 + 11 1111 -------- + 1111 1001 ---------------- 11100001 Cliff McCullough

  23. Chinese Remainder Theorem • Reduces calculation time by dealing with smaller numbers • Some elements may be pre-calculated and used repeatedly for subsequent calculations Cliff McCullough

  24. How To CRT • Pre-calculations • Know the Factors of M = m1 * m2 • Calculate each Mi • Calculate MMI of each Mi mod mi • Calculate Ai • Perform the operation • Combine the results (Stallings, 2011, pp. p 254-257) Cliff McCullough

  25. CRT Pre-calculations • Chose m1 and m2 M = m1 * m2 = 37 * 49 = 1813 • Calculate Mi = M ÷ mi M1= 1813 ÷ 37 = 49 M2 = 1813 ÷ 49 = 37 • Calculate Mi-1 mod mi M1-1 mod m1 = 49-1 mod 37 ≡ 34 M2-1 mod m2 = 37-1 mod 49 ≡ 4 Cliff McCullough

  26. CRT Pre-calculations too • Calculate Ai A1 = M1 * M1-1 mod M = 49 * 34 mod 1813 ≡ 1666 A2 = M2 * M2-1 mod M = 37 * 4 mod 1813 ≡ 148 Cliff McCullough

  27. CRT Addition • Compute x + y = zi mod mi for each mi 973 mod 37 = 11 973 mod 49 = 42 + 678 mod 37 = 12 + 678 mod 49 = 41 ----------------- ----------------- z1 = 23 mod 37 z2 = 34 mod 49 • Combine results (x + y) mod M = (z1 * A1 + z2 * A2) mod M (973 + 678) mod 1813 = (23 * 1666 + 34 * 148) mod 1813 ≡ 1651 Cliff McCullough

  28. CRT Multiplication • Compute x * y = zi mod mi for each mi 1651 mod 37 = 23 1651 mod 49 = 34 * 73 mod 37 = 36 * 73 mod 49 = 24 ----------------- ----------------- z1 = 14 mod 37 z2 = 32 mod 49 • Combine results (x * y) mod M = (z1 * A1 + z2 * A2) mod M (973 + 678) mod 1813 = (14 * 1666 + 32 * 148) mod 1813 ≡ 865 Cliff McCullough

  29. Euler’s Totient Function Euler’s totient function, Φ(n), identifies the number of integers, less than n, that are relatively prime to n. A good treatment of Euler’s Totient function can be found in (Burton, 2007, pp. 131-135). Φ(n)=(pi)*(qj)=(pi - pi-1)*(qj - qj-1) (Burton, 2007, pp. 131-135) Cliff McCullough

  30. Phi Examples 21 = 3 * 7 Φ(21)=(3 - 1) * (7 - 1) = 2 * 6 = 12 • 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20 are the 12 numbers less than 21 that are coprime to 21 20 = 4 * 5 Φ(21)=(22-21) * (51-50) = (4-2)*(5-1)=2*4=8 • The 8 integers less than 20 coprime to 20 are1, 3, 7, 9, 11, 13, 17, 19 Cliff McCullough

  31. Public Key Cryptography - RSA • RSA uses Euler’s theorem • If a and n are coprime • then aΦ(n) ≡ 1 mod n (Burton, 2007, p. 137) Cliff McCullough

  32. How to RSA • Chose two prime numbers p and q • Form n = p * q and find Φ(n) • Choose encryption exponent e coprime to Φ(n) • Find MMI of e mod Φ(n) • Encrypt: C = Me mod n • Decrypt: M = Cd mod n • Public key (e, n) • Private key d and p, q if using CRT Cliff McCullough

  33. Why Does RSA Work • C = Me mod n • M = (C)d = Me*d mod n • e and d were chosen such that e * d ≡ 1 mod Φ(n), therefore: e * d = m * Φ(n) + 1 • Remember the Euler’s Theorem MΦ(n) ≡ 1 mod n • Me*d = MmΦ(n)+1 = (MΦ(n))m * M ≡1m * M mod n Cliff McCullough

  34. RSA and CRT • To use CRT, we need to know the factors of n • Thus, we only use CRT to decrypt Cliff McCullough

  35. RSA Example • Let: p = 17 q = 31 e = 11 message: M = 3 n = p * q = 17 * 31 = 527 Φ(n) = 16 * 30 = 480 d = e-1 mod Φ(n) ≡ 131 Cliff McCullough

  36. RSA-CRT Pre-calculations P = n ÷ p = 31 P-1 mod p ≡ 11 Ap = P * P-1 mod n = 31 * 11 mod 527 ≡ 341 Q = n ÷ q = 17 Q-1 mod q ≡ 11 Aq = Q * Q-1 mod n = 17 * 11 mod 527 ≡ 187 dp = d mod Φ(p) = 131 mod 16 ≡ 3 dq = d mod Φ(q) = 131 mod 30 ≡ 11 Cliff McCullough

  37. RSA Encrypt • Encrypt is standard C = Me mod n = 311 mod 527 ≡ 75 Cliff McCullough

  38. RSA-CRT Decrypt • Decrypt uses CRT • Complete the operation Mp = Cdp mod p = 753 mod 17 ≡ 3 Mq = Cdq mod q = 7511 mod 31 ≡ 3 • Combine the results M = (Mp * Ap + Mq * Aq) mod n = (3 * 341 + 3 * 187) mod 527 ≡ 3 Cliff McCullough

  39. How to Share a Secret • (Shamir, November, 1979) describes how to share a secret • A simple way of looking at this is to use a curve described by a polynomial function f(x) = atxt + at-1xt-1 ... a1x + a0 • Typically a0 is the secret information • a1 through at are chosen randomly Cliff McCullough

  40. Why It Remains a Secret • We have t + 1 unknowns • the t + 1 coefficients • We need t + 1 points on the curve to identify all the coefficients • The secret shares are points on the curve • x, f(x) number pairs • x can be an index. Only f(x) must be secret Cliff McCullough

  41. Paillier Cryptography • Carmichael function is very similar to Euler’s totient function λ(n) = lcm(p-1, q-1) • Useful properties wλ≡ 1 mod n wλn≡ 1 mod n2 • Which implies wλ = an + 1 wλn = bn2 + 1 (Paillier, 1999) Cliff McCullough

  42. How to Paillier • Choose two safe primes p and q • Calculate n = p * q and λ(n) • Define the function u - 1 L(u) = ---------- n • Choose a generator value g such that L(gλ mod n2) and n are coprime • Public key is (g, n) • Private key is λ Cliff McCullough

  43. Paillier Encrypt • For plaintext message m < n • Chose a random number r < n • Encrypt message m c = gmrn mod n2 Cliff McCullough

  44. Paillier Decrypt • Decrypt L(cλ mod n2) m = ------------------ mod n L(gλ mod n2) Cliff McCullough

  45. The Generator g • Start from the Carmichael function gλ = 1 + an gλx = (1 + an)x • Use binomial expansion (1+an)x = 1 + x(an) + n2 ... • Result gλx = (1 + an)x = (1 + xan) mod n2 Cliff McCullough

  46. Decrypt Numerator c λ - 1 gλmr λ n - 1 L(cλ mod n2) = -------- mod n2 = -------------- mod n2 n n • Applying the Generator g Result and Carmichael function (1 + man) (1) - 1 L(cλ mod n2) = ----------------------- mod n2 = ma mod n2 n Cliff McCullough

  47. Decrypt Denominator g λ - 1 (1 + an) - 1 L(gλ mod n2) = -------- mod n2 = -------------- mod n2 n n L(cλ mod n2) = a mod n2 Cliff McCullough

  48. The Decrypt Result • Combining the results gives L(cλ mod n2) ma mod n2 m = ------------------ mod n = ---------------- mod n L(gλ mod n2) a mod n2 Cliff McCullough

  49. Cryptographic Blinding • Cryptographic blinding allows for a message to be multiplied by a specially treated random number, while still allowing the message to be decrypted without knowledge of the random number. (Blinding (cryptography), 2011) Cliff McCullough

  50. Paillier Blinding • We can apply any succession of blinding factors without affecting the successful decryption c = gm * r1n r2n ... rkn mod n2 = gm * (r1r2 ... rk)n mod n2 = gm * rn mod n2 Cliff McCullough

More Related