CS363
description
Transcript of CS363
CS363Week 4 - Wednesday
Last time
What did we talk about last time? Finished DES AES
Questions?
Project 1
Dylan Manning Presents
Public Key Cryptography
Symmetric key cryptography So far, we have talked about symmetric
(or private) key cryptography In symmetric key cryptography, the
same key is used for encryption and decryption
The key is a shared secret This is perfect for sending messages
between two parties who1. Trust each other2. Have shared a secret ahead of time
Public key cryptography
Sometimes, we need something different
We want a public key that anyone can use to encrypt a message to Alice
Alice has a private key that can decrypt such a message
The public key can only encrypt messages; it cannot be used to decrypt messages
Diffie and Hellman In 1976, Diffie and Hellman proposed the idea
of a public key cryptosystem, one in which encryption and decryption keys were different
They gave the following 3 conditions for such a system:1. It must be computationally easy to encipher or
decipher a message given the appropriate key2. It must be computationally infeasible to derive the
private key from the public key3. It must be computationally infeasible to determine
the private key from a chosen plaintext attack
Public key history (Whitfield) Diffie and (Martin) Hellman "invented"
public key cryptography in 1976 However, James Ellis invented it in 1970, but his work
was for a secret British government agency, classified until 1997
Diffie and Hellman came up with the idea of a "trapdoor" function (computationally easy one way, hard the other)
RSA, a practical algorithm published in 1978, made this idea workable
Again, the system had been invented earlier by British intelligence
The guys behind RSA made millions
Number Theory
Prime
RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes)
For those of you who aren't in Formal Methods, an integer p is prime if p > 1 p is not divisible by any positive integers
other than 1 and itself
Fundamental theorem of arithmetic Any integer greater than 1 can be
factored into a unique series of prime factors: Example: 52 = 22 ∙ 13
Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b
Testing for primality How do we know if a number is prime? For small numbers, we can try to divide it by all
integers less than or equal to its square root RSA-768 was successfully factored in
December 2009 into 2 primes One is:
33478071698956898786044169848212690817704794983713768568912431388982883793 878002287614711652531743087737814467999489
You can't test up to the square root of that in any reasonable time
Efficient primality testing In 2002, the AKS algorithm was
published which demonstrated that it was possible to test to see if a number is prime Deterministically In time polynomial in the number of
digits of the prime This algorithm is of theoretical
interest, but it is too slow for testing the primality of RSA moduli
Rabin-Miller primality testing We won't get into the number theory behind this (yet) A Rabin-Miller primality test works as follows: Let n be the number you want to prove if it's prime or
not n must be odd, thus n – 1 is even (n – 1) = 2sd where s and d are positive integers and d is
odd If n is prime, then for any integer 1 < a < n, exactly one of
the two is true:▪ ad 1 (mod n) or▪ a2rd -1 (mod n), 1 ≤ r < s
Pick several a values, see if either of the two cases hold If it ever doesn't, you know you have a composite
Rabin-Miller example What if we want to see if 221 is prime? n – 1 = 220 = 22∙55 s = 2 d = 55 Attempt 1: Let a = 174
a20·d mod n = 17455 mod 221 = 47 ≠ 1, n − 1 a21·d mod n = 174110 mod 221 = 220 = n − 1 Check!
Attempt 2: Let a = 137 a20·d mod n = 13755 mod 221 = 188 ≠ 1, n − 1 a21·d mod n = 137110 mod 221 = 205 ≠ n − 1 Oh no!
Every successful attempt means there is only a 25% chance that the number is composite
So, after k attempts, there is a 4-k chance that the number is composite
Greatest common divisor The greatest common divisor or GCD
of two numbers gives the largest factor they have in common
Example: GCD( 12, 18 ) = GCD( 42, 56 ) =
For small numbers, we can determine GCD by doing a complete factorization
Euclid's algorithm For large numbers, we can use Euclid's
algorithm to determine the GCD of two numbers
Algorithm GCD( a, b)1. If b = 0▪ Return a
2. Else▪ temp = a mod b▪ a = b▪ b = temp
3. Goto Step 1 Example: GCD( 1970, 1066)
Extended Euclid's algorithm We can extend Euclid's
algorithm to give us the multiplicative inverse for modular arithmetic
Example: Find the inverse of 120 mod 23
Let a be the number Let b be the modular
base
Find Inverse(a, b) x = 0 lastx = 1 y = 1 lasty = 0 while b ≠ 0 ▪ quotient = a div b▪ temp = b▪ b = a mod b▪ a = temp▪ temp = x▪ x = lastx-quotient*x ▪ lastx = temp▪ temp = y▪ y = lasty-quotient*y ▪ lasty = temp
Return lastx
More Number Theory!
Fermat’s Little Theorem
If p is prime and a is a positive integer not divisible by p, then:
ap –1 1 (mod p)
Proof of Fermat's Theorem Assume a is positive and less than p Consider the sequence a, 2a, 3a, …, (p – 1)a If these are taken mod p, we will get:
1, 2, 3, …, p – 1 This bit is the least obvious part of the proof However (because p is prime) if you add any non-zero
element repeatedly, you will eventually get back to the starting point, covering all values (except 0) once
Multiplying this sequence together gives: a ∙ 2a ∙ 3a ∙ … ∙ (p – 1)a 1 ∙ 2 ∙ 3 ∙ … ∙ (p – 1) (mod
p) ap – 1(p – 1)! (p – 1)! (mod p) ap – 1 1 (mod p)
Euler's in the mix too
Euler’s totient function (n)(n) = the number of positive
integers less than n and relatively prime to n (including 1)
If p is prime, then (p) = p – 1 If we have two primes p and q
(which are different), then:(pq) = (p)∙(q) = (p – 1)(q – 1)
Take that, Fermat
Euler’s Theorem:For every a and n that are relatively prime,
a(n) 1 (mod n)
This generalizes Fermat’s Theorem because (p) = p – 1 if p is prime
Proof is messier
Quiz
Upcoming
Next time…
RSA Key management Start hash functions Kiefer Weis presents
Reminders
Keep reading Sections 2.3 and 12.4 Work on Project 1
Due this Friday