1 / 122

Security in Computing Chapter 12, Cryptography Explained Part 4

Security in Computing Chapter 12, Cryptography Explained Part 4. Summary created by Kirk Scott. This set of overheads corresponds to the second portion of section 12.3 in the book The overheads for Chapter 12 roughly track the topics in the chapter Keep this in mind though:

pisces
Télécharger la présentation

Security in Computing Chapter 12, Cryptography Explained Part 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in ComputingChapter 12, Cryptography ExplainedPart 4 Summary created by Kirk Scott

  2. This set of overheads corresponds to the second portion of section 12.3 in the book • The overheads for Chapter 12 roughly track the topics in the chapter • Keep this in mind though: • On some topics I simply go over the book’s material • On other topics I expand on the book’s material in a significant way • You are responsible not just for what’s in the book, but also what’s in the overheads that’s not in the book

  3. Euler’s Theorem and RSA Encryption

  4. 1. A Remark on Terminology • In the original set of notes on the mathematics of encryption the algebraic terms group, ring, and field were introduced. • The ring was noted as an intermediate structure, and up until this point the field was the structure of interest. • If n is prime, all elements have an inverse, and addition and multiplication give a modular field. • From this point on we are interested in the case where n is not prime.

  5. If n is not prime, then not all of the elements of the modular structure have an inverse. • This is the key feature distinguishing a ring from a field. • When referring to the algebraic structure formed by the operations and modulus where n is not prime, it is correct to refer to it as a ring instead of a field.

  6. 2. A Preliminary Result • In previous sets of notes the following observations have been made: • In a modular ring where n is not prime, there are repetitions in the multiplication table for factors of n. • It was not shown that in general the factors are not invertible, but it was shown that it’s easy to find examples where such values are not invertible. • It was also demonstrated that if n is prime, then all of the elements of the field are invertible.

  7. We are now interested in the case where n is not prime and the value a, in the ring, does not have any common factors with n. • In other words, what if a and n are relatively prime? • It is helpful to start this section by demonstrating that if they are relatively prime, then a is invertible.

  8. If a and n are relatively prime, you can state: • gcd(a, n) = 1 • If this is the case, then it is also true that: • lcm(a, n) = an

  9. This demonstration relies on some of the same reasoning as the demonstration that a is invertible if n is prime. • In other words, I will appeal to the modular multiplication table and claim the following: • The only valid values that can appear in the table are 0 through n – 1. • Every row has n – 1 entries. • Therefore, if there are no duplicates in a row, then the value 1 must appear, which implies that the value is invertible.

  10. The proof is done by contradiction. • Suppose that for some value a, relatively prime to n, there are values b and c such that: • ab ≡n ac • If this is the case, then there are values j and k such that: • ab = jn + r and ac = kn + r

  11. ab = jn + r and ac = kn + r • Combining these two equations you get: • ab – ac = jn – kn • a(b – c) = n(j – k)

  12. a(b – c) = n(j – k) • Because b and c come from the ring, (b – c) < n. • Now consider the equation above. • It says that there is some multiple of n, n(j – k), which a is a factor of, where the other factor, (b – c) is less than n. • This means that there is a common multiple of a and n which is less than an. • This is a contradiction. • Therefore, conclude that it is not possible to have a duplicate in the a row of the multiplication table, and a has an inverse.

  13. 3. Euler’s Totient • In order to present Euler’s theorem, which comes next, it’s necessary to define Euler’s totient and give a few examples of it. • Given some positive integer n, Euler’s totient is a function represented by Φ(n). • The value of the function is defined to be the number of positive integers less than n that are relatively prime to n.

  14. The first example of Euler’s totient is the following: • If n is prime, then Φ(n) = n – 1. • That is, if n is prime, all values less than it are relatively prime to it. • Now consider the case where n is the product of two prime factors, p and q. • A simple result is given here and explained below: • Φ(n) = Φ(pq) = (p – 1)(q – 1)

  15. Φ(n) = Φ(pq) = (p – 1)(q – 1) • If p and q are factors of n, then p and q are not relatively prime to n. • Likewise, any multiples of p and q are not relatively prime to n. • We would like to count up how many multiples of p and q there are that are less than n.

  16. Φ(n) = Φ(pq) = (p – 1)(q – 1) • If n = pq, there are q – 1 multiples of p less than n • If n = pq, there are p – 1 multiples of q less than n • Informally, you may see this directly: • There are (p – 1) different multiples of p, values to multiply the (q – 1) different multiples of q by, and all of these products are relatively prime to and less than pq = n.

  17. More formally: • Because p and q are both prime, they are relatively prime, and no multiple of p or q less than pq = n will be the same. • Multiples of p and q, the factors of n, are not relatively prime to n = pq. • The number of values that are NOT relatively prime to n is the sum of the number of multiples of p and q less than n: • p – 1 + q – 1

  18. The total number of values less than n is pq – 1. • Therefore, the total number of values that ARE relatively prime to n is the total minus the number that aren’t relatively prime: • pq – 1 – (p – 1 + q – 1) • = pq – p – q + 1 • = (p – 1)(q – 1) • The right hand expression is the desired result.

  19. For p, q prime, n = pq, the number of values less than n that are relatively prime to n is (p – 1)(q – 1) • In summary, you can write the following sequence: • Φ(n) = Φ(pq) = Φ(p)Φ(q) = (p – 1)(q – 1) • It is not generally true that Euler’s totient of a product is the product of the Euler’s totients of the factors, but it is true if there are two factors, each prime.

  20. 4. Euler’s Theorem • Euler’s theorem is stated as follows: • Let a, a < n be an element of the ring base n. • Let a and n be relatively prime • Let Euler’s totient, Φ(n), be defined as the number of positive integers less than n that are relatively prime to n • Then the following holds: • aΦ(n) ≡n 1 • Stated in words: • a raised to a power equal to the number of values less than n that are relatively prime to n gives the multiplicative identity in the ring base n.

  21. There is a relationship between Fermat’s Little Theorem and Euler’s Theorem. • You can use the same technique to come up with an expression for the inverse. • Since a is relatively prime to n, a has an inverse in the ring • Multiplying both sides of the equation of Euler’s theorem by the inverse gives: • aΦ(n) - 1 ≡n a-1

  22. Fermat’s theorem is a specialized case of Euler’s. • In Fermat’s theorem you have to have n prime, which implies that any a will be relatively prime to n. • In Euler’s theorem you have to have a and n relatively prime. • Euler’s theorem can be used to derive Fermat’s theorem.

  23. Start with Euler’s theorem: • aΦ(n) ≡n 1 • Let n be prime: • Then Φ(n) = n – 1. • Substitute (n – 1) for Φ(n) in Euler’s result: • an-1 ≡n 1 • Multiplying both sides by a gives Fermat’s result: • an ≡n a

  24. Demonstrating Euler’s Theorem • The proof of Euler’s theorem isn’t done with either contradiction or induction. • You develop some expressions that allow you to write an equivalence that is easily verified. • You then do some algebraic manipulations that can be verified. • The manipulations result in this equivalence: • aΦ(n) ≡n 1 • This is Euler’s result.

  25. Start by considering those elements of a modular ring, base n, which are relatively prime to n. • There are Φ(n) of them by the definition of Euler’s totient. • Let them be represented by subscripted r’s: • r1, r2, …, rΦ(n)

  26. Now for a given a, relatively prime to n, consider the result of multiplying each of the ri by a: • ar1, ar2, …, arΦ(n) • One of the ri is in fact a, so one of the products happens to be a times a • This is true, but it has no particular consequence on the argument.

  27. ar1, ar2, …, arΦ(n) • Since each of the factors of these products is relatively prime to n, then each product is also relatively prime to n. • In other words, for an arbitrary ri, ari is relatively prime to n.

  28. If you took the modulus, base n, of this set of products, what you would get back is the set of ri’s, not necessarily in the same order. • This can be shown using a technique that has already been used. • We know that the multiplication of a times the r’s results in Φ(n) values that are relatively prime to n. • The question is, are there any duplicates among the ari?

  29. Suppose there is a duplicate: • ari mod n = arj mod n • You can write these equations expressing ari and arj: • ari = kn + x, arj = cn + x • Subtracting one equation from the other gives: • ari – arj = kn - cn

  30. ari – arj = kn - cn • Factoring gives: • a(ri – rj) = n(k – c) • But (ri – rj) < n • And n(k – c) is obviously a multiple of n • This means that there is a multiple of a, a(ri – rj), which is less than an, but which is a multiple of n.

  31. This is a contradiction. • a and n are supposed to be relatively prime. • This means that gcd(a, n) = 1 • It also means that lcm(a, n) = an. • Notice that this argument is similar to the argument used to show that there were no duplicates in a row of a modular multiplication table when n was prime.

  32. By the time I’ve finished the proof of the intermediate result, I’ve forgotten what the result was… • Given this set of products, where a is one of the values relatively prime to n and the ri are the complete set of values relatively prime to n: • ar1, ar2, …, arΦ(n) • If you took the modulus of each element of the set, you would get a permutation of the ri.

  33. This means that there is a one-to-one correspondence between the ri’s and the arj’s. • Another way of expressing this is that for some i, there is some j such that the following holds true: • ri ≡narj

  34. Now, continuing with the demonstration of Euler’s theorem overall… • The property of reducibility over multiplication in a modular ring means that the product of the mods equals the mod of the product. • Also, commutativity says that it doesn’t matter what order you multiply in.

  35. These properties allow me to write this equivalence: • r1r2…rΦ(n) ≡n ar1ar2…arΦ(n) • It doesn’t matter which ri specifically matches with which arj in the one-to-one correspondence • Overall, the modular equivalence of the products of the ri’s and the ari’s holds

  36. r1r2…rΦ(n) ≡n ar1ar2…arΦ(n) • The next step mainly consists of doing a substitution so that the representation of this result is more compact. • Associativity allows me to rewrite the equivalence in this way: • r1r2…rΦ(n) ≡naa…ar1r2…rΦ(n)

  37. r1r2…rΦ(n) ≡naa…ar1r2…rΦ(n) • There are Φ(n) occurrences of the factor a, because there was one a for each ri. • So the expression can be written: • r1r2…rΦ(n) ≡naΦ(n)r1r2…rΦ(n)

  38. r1r2…rΦ(n) ≡naΦ(n)r1r2…rΦ(n) • Now represent the product of the ri’s in compact form: • r1r2…rΦ(n) = R • Then the equivalence overall can be represented in this compact form: • R ≡naΦ(n)R

  39. All of the ri are relatively prime to n. • Therefore, all of the ri are invertible in the modular ring base n. • The inverse of the product is the product of the inverses. • Therefore, the product of the ri, R, has an inverse, R-1, in the modular ring.

  40. This is where we’re at: • R ≡naΦ(n)R • Multiplying on both sides by R-1 leads to the desired result: • RR-1 ≡naΦ(n)RR-1 •  1 ≡naΦ(n) • Or aΦ(n) ≡n 1 • Namely, Euler’s theorem.

  41. 5. General Remarks on RSA Encryption • RSA encryption is based on properties of algebraic structures, including Euler’s theorem. • It is a public key encryption scheme, which means that some information is kept private as the decryption key and other information is made public as the encryption key. • RSA encryption is based on taking powers in a modular ring.

  42. The public key is some value e, together with the base of the modular ring, n. • Plaintext is encrypted by raising it to the power e, modulus n. • The private key is some value d. • Ciphertext is decrypted by raising it to the power d, modulus n.

  43. In the book’s description of this, plaintext is represented as P. • In order to eliminate any possible confusion with mathematical symbols, in these overheads the plaintext message will be represented by M. • Written using notation, RSA encryption can be represented as follows: • C = Me mod n • M = Cd mod n = (Me)d mod n

  44. Recall that a successful cryptosystem has to satisfy three basic requirements: • 1. It has to work. • 2. It has to be “easy” for authorized users; in other words, the complexity of authorized transformations has to be acceptably low. • 3. When the system is used properly, it presents the cryptanalyst with a high complexity or high expense problem to solve.

  45. For RSA encryption, accomplishing these goals depends on making the right choices for the base of the ring and the encryption and decryption keys. • It is done in a clever way that depends on yet another round of mathematical results in order to achieve the desired results.

  46. 1. First you have to choose a number which will serve as n, the base of the ring used for the encryption. • Let p and q be prime. • Let n = pq • In other words, n is not prime. • However, n is a special number, namely one that is the product of two primes only.

  47. 2. Choose d such that d is relatively prime to (p – 1)(q – 1). • This can also be stated as: gcd(d, (p – 1)(q – 1)) = 1. • Remember that by definition (p – 1)(q – 1) itself can’t be prime.

  48. If d is relatively prime to (p – 1)(q – 1), d has an inverse in the ring with the base (p – 1)(q – 1). • The easiest way to pick d relatively prime is simply to pick d prime. • Keep in mind that the ring for encryption is base n, not base (p – 1)(q – 1).

  49. 4. Let e be the inverse of d in the ring with base (p – 1)(q – 1). • In other words: • ed ≡(p-1)(q-1) 1 • Again, keep in mind that the inverse we’ve chosen is for the ring base (p – 1)(q – 1), even though the base of the ring for encryption is n. • This is where the additional, clever mathematical results will come in.

  50. Now it can be shown how the scheme should work with these choices. • Let M be the plaintext message to be encrypted. • 1. The encryption is: • C = Me mod n

More Related