1

Applications of Number Theory

CS 202

Epp section 10.4

2

Symmetric Key Encryption

plaintext ciphertext plaintext

Alice Bob

Encrypt Decrypt

transmit key

3

Symmetric (Private) Key Encryption

• Goal: confidentiality• Issues/problems:

– Key must be kept secret• Key distribution technique is critical• Many communicating pairs… in a network with 1000 nodes

(communicating computers), may require more than half million keys

– Based on permutation and substitution

4

Symmetric Key Risks

• How are the keys distributed?– Through mail?

• If key is stolen/copied, all communications are (unknowingly) compromised– All participants must synchronize and get a new key

5

Private key cryptography

• The function and/or key to encrypt/decrypt is a secret– (Hopefully) only known to the sender and recipient

• The same key encrypts and decrypts

• How do you get the key to the recipient?

6

Asymmetric Cryptosystem: Encryption/Decryption

plaintext ciphertext plaintext

Alice Bob

3. Decrypt2. Encrypt

1. transmit public key

7

Confidentiality

• Alice has two keys – Public key that she freely shares with the world– Private key that only she knows

• Messages encrypted with Alice’s public key are only decipherable by Alice’s private key

8

Asymmetric Cryptosystem: Authentication

plaintext ciphertext plaintext

Alice Bob

2. Encrypt3. Encrypt

1. transmit public key

9

Authentication: Digital Signature

• Alice can send message encrypted using her private key

• Bob can decode message using Alice’s public key

• Bob is assured message he reads was authored by Alice (digital signature)

• No confidentiality

10

Public key cryptography goals

• Key generation should be relatively easy

• Encryption should be easy• Decryption should be easy

– With the right key!

• Cracking should be very hard

11

Is that number prime?

• Use the Fermat primality test

• Given:– n: the number to test for primality– k: the number of times to test (the certainty)

• The algorithm is:repeat k times:

pick a randomly in the range [1, n−1]if an−1 mod n ≠ 1 then return composite

return probably prime

12

Is that number prime?

• The algorithm is:repeat k times:

pick a randomly in the range [1, n−1]if an−1 mod n ≠ 1 then return composite

return probably prime

• Let n = 105– Iteration 1: a = 92: 92104 mod 105 = 1– Iteration 2: a = 84: 84104 mod 105 = 21– Therefore, 105 is composite

13

Is that number prime?

• The algorithm is:repeat k times:

pick a randomly in the range [1, n−1]if an−1 mod n ≠ 1 then return composite

return probably prime

• Let n = 101– Iteration 1: a = 55: 55100 mod 101 = 1– Iteration 2: a = 60: 60100 mod 101 = 1– Iteration 3: a = 14: 14100 mod 101 = 1– Iteration 4: a = 73: 73100 mod 101 = 1– At this point, 101 has a (½)4 = 1/16 chance of still

being composite

14

More on the Fermat primality test

• Each iteration halves the probability that the number is a composite– Probability = (½)k

– If k = 100, probability it’s a composite is (½)100 = 1 in 1.2 1030 that the number is composite

• Greater chance of having a hardware error!

– Thus, k = 100 is a good value

• However, this is not certain!– There are known numbers that are composite but will always

report prime by this test

• Source: http://en.wikipedia.org/wiki/Fermat_primality_test

1515

Google’s recruitment campaignGoogle’s recruitment campaign

16

RSA

• Stands for the inventors: Ron Rivest, Adi Shamir and Len Adleman

• Three parts:– Key generation– Encrypting a message– Decrypting a message

17

Key generation steps

1. Choose two random large prime numbers p ≠ q, and

n = p*q

2. Choose an integer 1 < e < n which is relatively prime to

(p-1)(q-1)

3. Compute d such that d * e ≡ 1 (mod (p-1)(q-1))– Rephrased: d*e mod (p-1)(q-1) = 1

4. Destroy all records of p and q

18

Key generation, step 1

• Choose two random large prime numbers p ≠ q– In reality, 2048 bit numbers are recommended

• That’s 617 digits

– From last lecture: chance of a random odd 2048 bit number being prime is about 1/710• We can compute if a number is prime relatively quickly via

the Fermat primality test

• We choose p = 107 and q = 97• Compute n = p*q

– n = 10379

19

Key generation, step 1

• Java code to find a big prime number:

BigInteger prime = new BigInteger (numBits, certainty, random);

The number of bits of the prime

Certainty that the number is a prime

The random numbergenerator

20

Key generation, step 1

• Java code to find a big prime number:

import java.math.*;import java.util.*;

class BigPrime {

static int numDigits = 617;static int certainty = 100;

static final double LOG_2 = Math.log(10)/Math.log(2);static int numBits = (int) (numDigits * LOG_2);

public static void main (String args[]) {Random random = new Random();BigInteger prime = new BigInteger (numBits, certainty,

random);System.out.println (prime);

}}

21

Key generation, step 1

• How long does this take?– Keep in mind this is Java!– Old data: These tests done on a 850 Mhz Pentium

machine– Average of 100 trials (certainty = 100)

– 200 digits (664 bits): about 1.5 seconds– 617 digits (2048 bits): about 75 seconds

22

Key generation, step 1

• Practical considerations– p and q should not be too close together– (p-1) and (q-1) should not have small prime factors– Use a good random number generator

23

Key generation, step 2

• Choose an integer 1 < e < n which is relatively prime to (p-1)(q-1)

• There are algorithms to do this efficiently– We aren’t going over them in this course

• Easy way to do this: make e be a prime number– It only has to be relatively prime to (p-1)(q-1), but can

be fully prime

24

Key generation, step 2

• Recall that p = 107 and q = 97– (p-1)(q-1) = 106*96 = 10176 = 26*3*53

• We choose e = 85– 85 = 5*17– gcd (85, 10176) = 1– Thus, 85 and 10176 are relatively prime

25

Key generation, step 3

• Compute d such that:d * e ≡ 1 (mod (p-1)(q-1))

– Rephrased: d*e mod (p-1)(q-1) = 1

• There are algorithms to do this efficiently– We aren’t going over them in this course

• We choose d = 4669– 4669*85 mod 10176 = 1

• http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

26

Key generation, step 3

• Java code to find d:

import java.math.*;

class FindD {public static void main (String args[]) {

BigInteger pq = new BigInteger("10176");BigInteger e = new BigInteger ("85");

System.out.println (e.modInverse(pq)); }}

• Result: 4669

27

Key generation, step 4

• Destroy all records of p and q

• If we know p and q, then we can compute the private encryption key from the public decryption key (because e is part of the public key)

d * e ≡ 1 (mod (p-1)(q-1))

28

The keys

• We have n = p*q = 10379, e = 85, and d = 4669

• The public key is (n,e) = (10379, 85)• The private key is (n,d) = (10379, 4669)

• Thus, n is not private– Only d is private

• In reality, d and e are 600 (or so) digit numbers– Thus n is a 1200 (or so) digit number

29

Encrypting messages

• To encode a message:1. Encode the message m into a number2. Split the number into smaller numbers m < n3. Use the formula c = me mod n

• c is the ciphertext, and m is the message

• Java code to do the last step:– m.modPow (e, n)– Where the object m is the BigInteger to encrypt

30

Encrypting messages example1. Encode the message into a number

– String is “Go Cavaliers!!”– Modified ASCII codes:

• 41 81 02 37 67 88 67 78 75 71 84 85 03 03

2. Split the number into numbers < n– Recall that n = 10379– 4181 0237 6788 6778 7571 8485 0303

3. Use the formula c = me mod n– 418185 mod 10379 = 4501– 023785 mod 10379 = 2867– 678885 mod 10379 = 4894– Etc…

• Encrypted message:– 4501 2867 4894 0361 3630 4496 6720

3131

Encrypting RSA messagesEncrypting RSA messages

Formula is Formula is c = mc = mee mod mod nn

32

Decrypting messages

1. Use the formula m = cd mod n on each number

2. Split the number into individual ASCII character numbers

3. Decode the message into a string

33

Decrypting messages example• Encrypted message:

– 4501 2867 4894 0361 3630 4496 6720

1. Use the formula m = cd mod n on each number– 45014669 mod 10379 = 4181– 28674669 mod 10379 = 0237– 48944669 mod 10379 = 6788– Etc…

2. Split the numbers into individual characters– 41 81 02 37 67 88 67 78 75 71 84 85 03 03

3. Decode the message into a string– Modified ASCII codes:

• 41 81 02 37 67 88 67 78 75 71 84 85 03 03 – Retrieved String is “Go Cavaliers!!”

34

modPow computation

1. How to compute c = me mod n or m = cd mod n?– Example: 45014669 mod 10379 = 4181

• Use the script at http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

• Other means:– Java: use the BigInteger.modPow() method– Perl: use the bmodpow function in the BigInt library– Etc…

35

Cracking a message

• In order to decrypt a message, we must compute m = cd mod n– n is known (part of the public key)– c is known (the ciphertext)– e is known (the encryption key)

• Thus, we must compute d with no other information– Recall: choose an integer 1 < e < n which is relatively prime to

(p-1)(q-1)– Recall: Compute d such that: d*e mod (p-1)(q-1) = 1

• Thus, we must factor the composite n into it’s component primes– There is no efficient way to do this!– We can, very easily, tell that n is composite, but we can’t tell

what its factors are• Once n is factored into p and q, we compute d as above

– Then we can decrypt c to obtain m

36

Cracking a message example

• In order to decrypt a message, we must compute m = cd mod n– n = 10379– c is the ciphertext being cracked– e = 85

• In order to determine d, we need to factor n– d*e mod (p-1)(q-1) = 1 – We factor n into p and q: 97 and 107– This would not have been feasible with two large prime

factors!!!– d * 85 (mod (96)(106)) = 1

• We then compute d as above, and crack the message

37

Security of RSA• n is public, but not p and q where n = pq

• How much work is factoring n?

n ~200 digits – would take quintillions of years

Number Field Sieve (fastest known factoring algorithm) is:

O(e1.9223((ln (n))1/3 (ln (ln (n)))2/3)The movie Sneakers is about what happens if someone discovers a O(nk) factoring algorithm.

38

PGP and GnuPG

• Two applications which implement the RSA algorithm

– GnuPG Is open-source (thus it’s free)

– PGP was first, and written by Phil Zimmerman• The US gov’t didn’t like PGP…

3939

The US gov’t and war The US gov’t and war munitionsmunitions

40

How to “crack” PGP

• Factoring n is not feasible• Thus, “cracking” PGP is done by other means

– Intercepting the private key• “Hacking” into the computer, stealing the computer, etc.

– Man-in-the-middle attack (next 2 slides)– Etc.

41

Man-in-the-middle attack:“Normal” RSA communication

What is your public key?

My public key is 12345…

What is your public key?

My public key is 67890…

Here’s message encrypted with 12345…

Here’s a response encrypted with 67890…

42

What is your public key?What is your public key?

My public key is 12345…My public key is abcde…

What is your public key?What is your public key?

My public key is 67890…My public key is vwxyz…

Here’s message encrypted w/ abcde…

Decrypts message with corresponding private key to abcde…; re-encrypts message with blue’s public key (12345…)

Here’s message encrypted w/ 12345…

Here’s response encrypted w /vwxyz…

Decrypts message with corresponding private key to vwxyz…; re-encrypts message with yellow’s public key (67890…)

Here’s response encrypted w/ 67890…

Black has the private decryption

key for abcde…

Black has the private decryption

key for vwxyz…

43

Other public key encryption methods

• Modular logarithms– Developed by the US government, therefore not

widely trusted

• Elliptic curves

44

Quantum computers

• A quantum computer could (in principle) factor n in reasonable time– This would make RSA obsolete!– Shown (in principle) by Peter Shor in 1993– You would need a new (quantum) encryption algorithm to

encrypt your messages

• This is like saying, “in principle, you could program a computer to correctly predict the weather”

• A few years ago, IBM created a quantum computer that successfully factored 15 into 3 and 5

45

Sources

• Wikipedia article has a lot of info on RSA and the related algorithms

– Those articles use different variable names

– Link at http://en.wikipedia.org/wiki/RSA