6.857 Computer and Network Security Lecture 12
advertisement
6.857 Computer and Network Security
Lecture 12
Admin: Project proposals due this week.
Project Ideas:
Electronic auctions
See: recent CACM article
http://www.cs.ut.ee/~lipmaa/crypto/link/protocols/auctions.php (good
high-level set of links)
Today:
Group theory review
Diffie-Hellman key exchange
Five crypto groups: Z *, Q , Z *, Q , elliptic curves
1
ILL INI:L
:-
‘tkeorz
xc C&, *‘)
4
(niwI4pkc.%
p
ejmc
)
iden+c+y
:•
aehan
fntc
is
s;t.c
3r44a 1s.t.qc&)q.1t1.a= a
. 4
(V
t
&)(c&)
InVtv5tS.
.
•
t
(q,l,,tc&)
(6tca1)
q.(.c’)i
(aS).c.
•
= least Lflo
Let or4er(s)
s$,
a
(VasG) orc1er(’)t
1,tortn-;
rr%
€)
0
(v
cc rc
<q%>;
•I(>i
sa’tjmup
s;ncL
enn%4bya
14enG s
orckr(a’)
Xri $nk
oe\qr
(YqeG’)
Fqe,t
(ninlp’)
a
a
it
c s;r. t
0
atrl
fa’: Co:
<c’>
&).
,
ywp
Exnnsp\t: (Vac’Z) ai
Del:
(‘
.f srec t
€4
ZLJ
1.
1j’
“S
•
m4p
[q1]4?[a
alwAyS CyClft
2
& of
orjer. t %AACtC
scicneratDrtf&j.
I
DuG
FILE UNDIR
3P A
• St.: xc et k
t%t
4
N
tVI
MJi
t
xc
4
Oflt
4
{S Oflt
betWttvI. [o,i,,..,t-i.] in
4
t*
ponentattovi “power$n
-wp”
5
d;sct4t\oac&Im. (Di)
.
(4t. DL peem’ r
dicn4t
•
4 4.$4iWJ
OMVbt
40 b’t k,tcLAnfeasc r
2
•
icn.,t nnJ.wi’l C\los’ev
4votgg
\
c tw rtfnsent n1css’eS as
Wt c4t eeA 6
a\twev*s
?
0
y
44
nee.4
94
a.
pfl
wrrt
ovvierD’4pS
•n
messQ,t p4CC
I
(b”4fO
be à,osev ft
Ic
e
4
i
4
injtc.iCVL (t_-one’:
qfl
4 (rn’
k
,
4
.t
54A6\,
1%
%A)t
‘Aaviktfy k-We
1,2.,..2
itecs
kk%
Cqb%
Can
1
o
t
‘
fl1t1543t5
Sc
O
1
,v1D
h*c 4vrci,
I.
1
..
F
F..
—
F
.F
JLL
—..
I
3
DATE
I
z*t
A
1
...
.
fL1
.n_-.__,_______-.
.
•:e
...
aq
.
.
.
.
.
s:i::z:z:zt;Ej
e
.
— — —
-
—1
—
—
—
-
—.
—
—
- .—
-
—
t_.
—
—.
-
EZEiZEZEHEjEZt4iDZ{
1
ä;crzzz::z
EzGr
ia
—‘..
.._
._,
.—a_
—--4
eL_i1HJ_L
t:z:±zz:
ZHE±EEEZpñIAtE
..zj-1E :‘:r::z::ZZVLtE:t
.‘
—
—.
—.
—
—.———
—
.—
—
—
f.
4
—
5
t
—
.
3
•&p.••
-
5
rta
4
it.
.
.5-
—
c-f-
K.
-.
..-
ci
c..
L.
a
.tJ
t
c.D
a
I
3-
i4.
3•
a
,
(-S
ç
2tH g;
,
ih
“K
rftir!
?rrtc
Th
3
-,
‘
—
•
rtr
‘S
-t3
—
S
—
•
‘3
-c
-t
£
$1
‘4
0
-9
-d
0
aD
0’
a
C
Lb
Vt
V
-n
cS
‘C
qi
>-
I
‘41
>-
*
II
5
Ku_I Xa_
II
£
3
‘.
0
<
}
C
0
-
-S
rW
€
•8
‘I
0
4
1
-4--
ii
4
4-
“3
4
Cl
a
6’
K
e
C
-t
I
0
>%
04
-
4
I
‘3
(5
£
0-
4
-3
4 ‘p
C
;S
A
4-
I
(-3
t
n
3
4,
-
2’
•
F-)
—
ivi
&
C
C
3,
•
*1
I
4—
—
S
-e
y-±a!
c_i)
‘
c
>%
Xr
•‘
•‘)
——
-C.
6
4%—
ti
nç
t;
t
ci
i-i
€T
a
%3
a
-p
a-
: Lj
E
a
4
I
11
I-,
4*
jr
S
5
em
r
‘S
‘6
c
6
—
C
1*
a’
a
L
C.
S
‘-r
-(‘(C,
• i
6
7
*
*
•
4,
e
‘
A
.S
It
a
‘
I’
3
?.
1’
ii
‘%,/
.a
ni
t-.
-n
-rt k
A
r4t
taq&
€3’
•II
1ir-••
t, L
•
-
p..
..
Di,
I
;__
S
I3
t
4
cf-
%V’
P
A
V
rn
I
—.
p
,
•
I
F
t
I
01
8
II
V
-.
3’
£3
90
D.
—
V’
U
-,
—(
‘I
z
H
2
C
II
3
Z
II
C’
“
—
‘I
‘
p
e
a
-
t
S
a
I,
•-n.
t
—
II
•H&
-
__
__
1
—
açt
nite
4 sleep
M
a
pvtper)rn,.
v’J ueJ
reiW to
yenj 6vccf fritro,
Letr
a
Let
in
a,
9q
’
3
7Z,Q
(*)
(U’biOJf
CosAer 1
.e
nicon (in Vattollt$ .xjy
moJp)
6
yxta3c
l- (no4p)
&rap\ic.\)
5
4Dflt+1n
(n)
i +c
1
I
-ax
t”Jok ta4 tc- (s,y’)
Qrs CLint,
50
.3
If roo±s art 3
,ç,r t\.n
1
r
=
cc
-.
are ttnct,
titans
L
9
H _L..
10
t 4
1
ci
I
Tt
Si
at”
A
v.1
flAil’ “!
a
a—
.
, c
S a
Ez
P
1
,+
‘ThEE
V
I
U
U)
t4’ .tp’sin
:j
•icc2J 1
H
—4-
!
Ot4
‘?“
.AO
z4jworub_&, t).4LW
1aI% ‘it”
aJ(a noA 4
’r
1
tYt4 4
t =lai w:
Ez- #1) ;.t’
AQJ
t’i’rr
:r 4’ 4
/ ‘Cj)
—
—
—
—‘
—
—
—l
{njn £tttcA:ch’s,} = 3.
——-——
L
LAO
[___
%4ufO
rz
LTh17;N
‘1
I3CNi1
—
-i
I
&
-
-r
‘I
£
4-c_c
C:
I—
SL
I,
‘a
+
a
II
‘C
H
3•
>.
,-
‘C
,
4)
S
4-.
‘3
4
(
a
‘C
•tdl
I—
,c
4—
_%-.‘
rN
1
II
‘c-I
Is
U
E
a.
ft
‘C
4
‘C
St
a
-t
‘3
•
—
E
7-
S
—
‘
%1
II
+
Sc?
S
j
—
__l%.
-c
V
4’
I
-
-E
—F
II
4-
I)
1\
o---o
t’
.4
2’—
K
I’
,E
r
,c
I
)C
-
t
-Th
C
a
Sc
-JZ
>‘
—
t)
%.J
C.
C-
b
4-
e
eL
e
-S
fl)
U
—
_o
-t.
“9
‘.
.2
—=-
q.
.0
0
-s
C
-%
.__.,
(.3
tel
LtL.!
.•
C
-fl-
Lii
—I.-—,
..
1
E
0
11
_
Tc)pIc
I
—
.HLEUI’JDFP:
iEt_!—Wi.
I
cwr’ms
4i+-*t
r
-t
4$
-
-t ; 4;
iN
Ifl
I
we
“firsr
t
[t4tjftP$#s
H
MCt
t1
a
t
%
.
85 €
i‘
I
N-
lIE H
anA
A.n14
w Is
Ps
a’
4i
Th
C.
—
44
“sck
E1
_ttt’1Irr
t::
-
I
tHt.LL.L.L
t----.tI f
-
EEL-rE
--
I
-I
---F
-_
12
3914:47 notes S /*pplicationslsage/sage
Detected 6A0E64 flag
Building Sage on OS Z in 64—bit mode
Sage version 4.6.2, Release Date: 2011—02-25
I
1ype notebook() for the GUI,
Iaqez I
sage: I
sages V
sages V
Ring of
sage: I
and license() for intonation.
some experiments with elliptic tunes with sage
first define a (Said mod 101
— Zmot(1O1)
integers nodule 101
example of multiplication is V
sages t(l0)flhl)
9
sage: * define elliptic ctrve aver V
nge. P — EllipticCurve(P,f0,1J)
sage: S
Elliptic Curve defined by y2
sage:
sage:
(96 :
sages
r3 P 1 Over Ring of integers modulo 101
P — E.r.ndoajoint()
P
1)
49
I note coordinates are La projective ton (K i I
5) representing
U point x — 1/I, y — 1/5, with a — 0 for point at infinity.
sage;
sage: I get another point
sage: Q — !.random_point()
angus 9
(29
94 : 1)
sage: P+Q
21 : 77 ,
1.)
sage: I check cammutativity
sage: Q+P
(21
77
1)
sage: I get thira point
sage; K — E.randonpoiflt()
sage; K
(76 t 58 1 1)
sage: I check •ssoei.ativity
sage: P + (Q+R)
(53
2 : 1)
sage:
(P+9)+R
: 1)
sages 4 find size of this group
sage: S.order()
102
sage: I what are factors of 102?
sage: factar(102)
2 — 3 * 17
sage: I so possible orders of elements are 1,2,3,6,17,34,51,102
Pages Porder()
51
(53
: 2
-
sega. Q.order()
51
sage; R.order()
Si
sage: * none of P,Q, A are a generator (i.e. have order 102)
sages Iiet’e find one
sage; a — E.racdoia_point()
13
sage: R.order()
102
sage: 8 binge
sage: 4 what don identity look like?
sage: P-P
(0 i 1 a 0)
a
sage:
sage. I
(0
1
sage: Zn
(96 t 49 a 1)
sage; P4.1
(96 : 49 a 1)
sage: .
(96 a 52 a 1)
sags: I cots that innrses just negate T component, nodule 101
sage: I look at nec seall powers of generator a
sage: for i in range(15): print 1, j*g
o (0 a 1 a 0)
1 (72 a 85 a 1)
2 (15 a 89 a 1)
3 (9 a 86 a 1)
4 (84 a 21 a 1)
£ (52 a 44 a 1)
6 (07 a 61 a 1)
1)
7 (90 a 65
$ (35 a 31 • 1)
9 (10 a 71 a I)
10 (18
51 a 1)
14 a 1)
11 (93
12 (4 a 41
1)
13 (38
38 a 1)
14 (76
58 a 1)
sage: I find discrete log at P, base a
sage: R.dIscretelog(P)
80
sage: 80*R
(96 a 49 a 1)
sage: C0RP
True
sage: I find discrete log of Q, base K
sage: K. di.crete_log(Q)
58
sager I find eleaents of each possible order
sage. R.ordet()
102
sage: S — 2R
sage: S.order()
51
sage: S — 3R
Sage: S.order()
34
sage: S — 6K
sage, S.osder()
17
sage: S — 17CR
sage; 8.order()
14
15
f
0
‘
aot)
9
t
.t5 — S
npog :abgs
— 9
p
MIT OpenCourseWare
http://ocw.mit.edu
1HWZRUNDQG&RPSXWHU6HFXULW\
Spring 2014
For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
