modern cryptographysindhu/cs46/s16/crypto.pdf · symmetric ciphers 8. public key cryptosystems rsa...
TRANSCRIPT
![Page 1: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/1.jpg)
A whirlwind tour of Modern Cryptography!
1
![Page 2: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/2.jpg)
Sharing Secrets
2
Steganography vs Cryptography
![Page 3: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/3.jpg)
Scytale
3
![Page 4: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/4.jpg)
Caesar Cipher
A B CD
EFGHI
JK
LM
ZYX
V
U
NOPQ
RST
AB C D E
FG
HIJKL
M
ZY
X
V
UN
OPQRST
4
![Page 5: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/5.jpg)
5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫: Set of all plaintext strings 𝒞: Set of all ciphertext strings 𝒦: Set of all keys called keyspace ℰ: Set of all encryption functions; each indexed by a key Ek ∈ ℰ 𝒟: Set of all decryption functions; each indexed by a key Dk ∈ 𝒟
Cryptosystem
∀k ∈ 𝒦 ∀p ∈ 𝒫 Dk( Ek (p)) = p
5
![Page 6: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/6.jpg)
Shift Ciphers
5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫 = 𝒞 = ℤ26 𝒦 = ℤ26 ℰ: Set of all encryption functions
Ek(p)= p + k mod 26 𝒟: Set of all decryption functions
Dk(c)= c - k mod 26
6
![Page 7: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/7.jpg)
Affine Ciphers
5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫 = 𝒞 = ℤ26 𝒦 = ℤ*
26 x ℤ26 ℰ: Set of all encryption functions
Ea,k(p)= ap + k mod 26 𝒟: Set of all decryption functions
Da,k(c)= a-1 (c - k) mod 26
gcd(a, 26) = 17
![Page 8: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/8.jpg)
shared key cryptosystems
State of the art: AES implemented in secure file transfer
protocols (HTTPS, SFTP)
Symmetric Ciphers
8
![Page 9: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/9.jpg)
public key cryptosystems
RSA
Asymmetric Ciphers
Results from Number Theory9
![Page 10: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/10.jpg)
Def: Divisibility
For any a, b ∈ ℤ We say a | b iff there is k ∈ ℤ such that b = ka
10
![Page 11: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/11.jpg)
Warm up: Properties of Divisibility
For any a, b, c ∈ ℤ with a ≠ 0 • a | b and a | c ⇒ a | (b + c) • for all k ∈ ℤ a | b ⇒ a | bk • a | b and b | c ⇒ a | c
For all k1, k2 ∈ ℤ • a | b and a | c ⇒ a | (k1 b + k2 c)
11
![Page 12: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/12.jpg)
Def: congruence, modulus
For any a, b ∈ ℤ and m ∈ ℤ+ We say
a = b (mod m) iff
m | (a - b)
12
![Page 13: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/13.jpg)
Result
a = b (mod m)iff
∃ k st a = b + km
13
![Page 14: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/14.jpg)
Bezout’s Lemma
For any a, b ∈ ℤ+
∃ s, t ∈ ℤ gcd(a, b) = sa + tb
14
![Page 15: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/15.jpg)
Suppose a, m are relatively prime integers with m > 1. Then there exists a unique integer a-1 st
a-1 a = 1 (mod m)
Inverse
15
![Page 16: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/16.jpg)
Suppose a, m are relatively prime integers with m > 1. Then there exists a unique integer a-1 st
a-1 a = 1 (mod m)
gcd(a, m) = 1 There exist s, t such that sa + tm = 1 Thus, sa = 1 mod m
Inverse
16
![Page 17: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/17.jpg)
Suppose p is a prime integer and a is an integer such that gcd(a,p) = 1
Then ap-1 = 1 (mod p)
Fermat’s Little Theorem
17
![Page 18: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/18.jpg)
Chinese Remainder TheoremFor any m1, m2, …, mn st
• mi ∈ ℤ+
• mi > 1
• gcd(mi, mj) = 1 (for i ≠ j)
and integers a1, a2, …, an
The following system of congruences has a unique solution mod (m1 m2 … mn)
x ≡ a1 mod m1 x ≡ a2 mod m2
… x ≡ an mod mn
18
![Page 19: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/19.jpg)
Chinese Remainder TheoremDefine Mk = m1 m2 mk-1 mk+1 mn gcd(mk, Mk) = 1
Let Mk-1 = yk mod mk
The following system of congruences has the unique solution x = Σ ai yi Mi mod (m1 m2 … mn)
x ≡ a1 mod m1 x ≡ a2 mod m2
… x ≡ an mod mn
19
![Page 20: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/20.jpg)
Chinese Remainder TheoremFor any m1, m2, …, mn st • mi ∈ ℤ+
• mi > 1
• gcd(mi, mj) = 1 (for i ≠ j)
and integers a1, a2, …, an
The system of congruences x ≡ ai mod mi
has a solution x with 0 ≤ x < m, and all other solutions are congruent (modulo m) to this solution.
20
![Page 21: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/21.jpg)
RSA EncryptionGiven: Plaintext M Construct: Ciphertext C Public Key: (n, e)
• n = p q p, q are primes • gcd(e, (p-1)(q-1)) = 1
21
![Page 22: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/22.jpg)
RSA EncryptionPublic Key: (n, e)
• n = p q p, q are primes • gcd(e, (p-1)(q-1)) = 1
m1 m2 … mk
M
c1 c2 … ck
ci = ( mi ) e mod n
C22
![Page 23: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/23.jpg)
RSA DecryptionPrivate Key: d d e = 1 mod (p-1)(q-1)
m1 m2 … mk
M
c1 c2 … ck
mi = ( ci ) d mod n
C
23
![Page 24: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/24.jpg)
RSA DecryptionClaim: m = cd mod n
• cd mod n = (me)d mod n • (me)d mod n = med mod n
d e = 1 mod (p-1)(q-1) • med mod n
= mk(p-1)(q-1)+1 mod n24
![Page 25: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/25.jpg)
RSA Decryptionmk(p-1)(q-1)+1 mod n = (m mk(p-1)(q-1)) mod n FLT: mp-1 = 1 mod p if gcd(m,p) = 1 (m mk(p-1)(q-1)) mod p = m (mp-1) k(q-1) mod p = m mod p Similarly (m mk(p-1)(q-1)) mod q = m (mq-1) k(p-1) mod q = m mod q
25
![Page 26: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/26.jpg)
Chinese Remainder TheoremFor any p1, p2, …, pn st • pi ∈ ℤ+
• pi > 1
• gcd(pi, pj) = 1 (for i ≠ j)
and integers a1, a2, …, an
The system of congruences x ≡ ai mod pi
has a solution x with 0 ≤ x < p1p2…pn, and all other solutions are congruent (modulo p1p2…pn) to this solution.
26
m = cd mod p m = cd mod q
![Page 27: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/27.jpg)
RSA Decryptionm = cd mod p m = cd mod q
By CRT cd = m mod pq
27
![Page 28: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/28.jpg)
RSA Decryptionmk(p-1)(q-1)+1 mod n = (m mk(p-1)(q-1)) mod n FLT: mp-1 = 1 mod p if gcd(m,p) = 1 (m mk(p-1)(q-1)) mod p = m (mp-1) k(q-1) mod p = m mod p Similarly (m mk(p-1)(q-1)) mod q = m (mq-1) k(p-1) mod q = m mod q
28
![Page 29: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/29.jpg)
RSAc = me mod n m = cd mod n
relies on hardness of factoring large numbers
29
![Page 30: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/30.jpg)
Digital Signature using RSAIdea: sender applies decryption function to each message block
recipient applies encryption function to every block received
30
![Page 31: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/31.jpg)
Suppose p is a prime integer Then a is a primitive root mod p If every non-zero element of ℤp is a power of a ℤp = {0, a, a2,…, ap-1}
primitive root
31
![Page 32: Modern Cryptographysindhu/cs46/s16/Crypto.pdf · Symmetric Ciphers 8. public key cryptosystems RSA Asymmetric Ciphers Results from Number Theory 9. Def: Divisibility For any a, b](https://reader033.vdocuments.us/reader033/viewer/2022053113/608a0418593c734d1e6b415a/html5/thumbnails/32.jpg)
Diffie-Hellman Key ExchangeAlice and Bob agree to use prime p and primitive root a Alice chooses secret k1 Bob chooses secret k2
A → B: ak1 mod p B → A: ak2 mod p
Alice computes key = (ak2)k1 mod p Bob computes key = (ak1)k2 mod p
relies on hardness of discrete log problem32