IMT4531 Introduction to Cryptology Exercise 4 – Asymmetric ciphers
advertisement
IMT4531 Introduction to Cryptology Exercise 4 – Asymmetric ciphers, hash functions and digital signatures 1. Find (66,35) by means of the Euclidean algorithm. 66 = 1 ∙ 35 + 31 35 = 1 ∙ 31 + 4 31 = 7 ∙ 4 + 3 4=1∙3+1 3=1∙3+0 This means (66,35)=1. 2. Find u,v such that (288,126) = 𝑢 ∙ 288 + 𝑣 ∙ 126 by means of the extended Euclidean algorithm. We first run the Euclidean algorithm to find (288,126). 288 = 2 ∙ 126 + 36 126 = 3 ∙ 36 + 18 36 = 2 ∙ 18 + 0 This means (288,126)=18. Then we run the extended Euclidean algorithm to find u and v. 18 = 126 − 3 ∙ 36 = 126 − 3(288 − 2 ∙ 126) = 126 − 3 ∙ 288 + 6 ∙ 126 = = −3 ∙ 288 + 7 ∙ 126 That means 𝑢 = −3, 𝑣 = 7. 3. Find u,v such that (936,879) = 𝑢 ∙ 936 + 𝑣 ∙ 879 by means of the extended Euclidean algorithm. Euclidean algorithm: 936 = 1 ∙ 879 + 57 879 = 15 ∙ 57 + 24 57 = 2 ∙ 24 + 9 24 = 2 ∙ 9 + 6 9=1∙6+3 6=2∙3+0 This means (936,879)=3. Extended Euclidean algorithm: 3 = 9 − 1 ∙ 6 = 9 − (24 − 2 ∙ 9) = 9 − 24 + 2 ∙ 9 = 3 ∙ 9 − 24 = 3 ∙ (57 − 2 ∙ 24) − 24 = = 3 ∙ 57 − 6 ∙ 24 − 24 = 3 ∙ 57 − 7 ∙ 24 = 3 ∙ 57 − 7(879 − 15 ∙ 57) = = 3 ∙ 57 − 7 ∙ 879 + 105 ∙ 57 = 108 ∙ 57 − 7 ∙ 879 = 108(936 − 879) − 7 ∙ 879 = = 108 ∙ 936 − 108 ∙ 879 − 7 ∙ 879 = 108 ∙ 936 − 115 ∙ 879 So, 𝑢 = 108, 𝑣 = −115. 4. Determine 𝜙(15) by means of prime factors. We first determine the prime factors of 15. 15 3 5 |5 , which means that 15 = 3 ∙ 5. 1 𝛼 𝛼 −1 Then we use the theorem that says 𝜙(𝑛) = ∏𝑟𝑖=1(𝑝𝑖 𝑖 − 𝑝𝑖 𝑖 𝑟 = 2, 𝑝1 = 3, 𝑝2 = 5, 𝛼1 = 1, 𝛼2 = 1, so we have: ). In our case 𝜙(15) = (31 − 30 )(51 − 50 ) = (3 − 1)(5 − 1) = 8. 5. Determine 𝜙(4200) by means of prime factors. The prime factors of 4200: 4200 2 2100 |2 1050 2 525 3 175 |5 35 5 7 7 | 1 𝛼 𝛼 −1 This means that 4200 = 23 ∙ 3 ∙ 52 ∙ 7. We use the theorem 𝜙(𝑛) = ∏𝑟𝑖=1(𝑝𝑖 𝑖 − 𝑝𝑖 𝑖 ). In our case 𝑟 = 4, 𝑝1 = 2, 𝑝2 = 3, 𝑝3 = 5, 𝑝4 = 7, 𝛼1 = 3, 𝛼2 = 1, 𝛼3 = 2, 𝛼4 = 1. So we have: 𝜙(4200) = (23 − 22 )(31 − 30 )(52 − 51 )(71 − 70 ) = (8 − 4)(3 − 1)(25 − 5)(7 − 1) = = 4 ∙ 2 ∙ 20 ∙ 6 = 960. 6. Find 6−1 in 𝑍23 , if it exists. The theorem says that an element a of 𝑍𝑛 has multiplicative inverse if and only if (𝑎, 𝑛) = 1. So we first have to check whether (6,23) = 1. We use the Euclidean algorithm: 23 = 3 ∙ 6 + 5 6=1∙5+1 5=5∙1+0 This means that (6,23) = 1 and 6 has a multiplicative inverse in 𝑍23 . Now we use the extended Euclidean algorithm to find it. Bear in mind that all the operations are taken modulo 23. 1 = 6 − 1 ∙ 5 = 6 − (23 − 3 ∙ 6) = 6 − 23 + 3 ∙ 6 = −23 + 4 ∙ 6 We take both sides modulo 23, so we get: 1 ≡ 4 ∙ 6 (mod 23). This means that 6−1 = 4 in 𝑍23 . 7. Convert 11410 into base 2. We use the “Arrow algorithm”, i.e. successive division by the base 2 and reading the remainders backwards at the end. 114: 2 = 57 and the remainder is 0. 57: 2 = 28 and the remainder is 1. 28: 2 = 14 and the remainder is 0. 14: 2 = 7 and the remainder is 0. 7: 2 = 3 and the remainder is 1. 3: 2 = 1 and the remainder is 1. 1: 2 = 0 and the remainder is 1. Reading the remainders backwards, we get 11410 = 11100102. 8. Find 21234 (mod 789). We first convert 1234 into base 2 by means of the arrow algorithm (see task 7): 123410=100110100102. 𝑖 Then we perform pre-computation of the powers 22 , 𝑖 = 0, … ,10 by means of squaring and reducing modulo 789: i 0 1 2 3 4 5 6 7 8 9 10 2𝑖 20 1 2 * 22 23 24 * 25 6 2 * 27 * 28 29 10 2 * 𝑖 22 mod 789 21 mod 789 = 2 22 mod 789 = 4 24 mod 789 = 16 28 mod 789 = 256 216 mod 789 = 2562 mod 789 = 65536 mod 789 = 49 232 mod 789 = 492 mod 789 = 34 264 mod 789 = 342 mod 789 = 367 2128 mod 789 = 3672 mod 789 = 559 2256 mod 789 = 5592 mod 789 = 37 2512 mod 789 = 372 mod 789 = 580 21024 mod 789 = 5802 mod 789 = 286 The powers of 2, whose corresponding coefficients in the binary representation of the exponent 1234 are non-zero are labeled with *. These will be the only ones that will be used for computing the power that we need. We can now compute 21234 mod 789 = 22 ∙ 216 ∙ 264 ∙ 2128 ∙ 21024 mod 789 = 4 ∙ 49 ∙ 367 ∙ 559 ∙ 286 mod 789 = 481 9. Suppose Bob wants to send an enciphered message to Alice by means of the RSA cipher system. Let the message be YES. Let Alice’s public key be (eA,nA)=(39423,46927). a) Encipher the message that is to be sent from Bob to Alice. b) Let Alice’s prime numbers be p=167 and q=281. Determine Alice’s secret key dA and decipher the ciphertext obtained from Bob. a) We first have to encode the plaintext YES into integers. We use the conversion table for letters, in which A=0, B=1, …, Z=25. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Then, Y=24, E=4 and S=18. Since the cardinality of the alphabet is 26, we obtain the single integer that represents the plaintext YES by powering 26 and multiplying these powers with the letter encodings: 𝑌𝐸𝑆 → 24 ∙ 262 + 4 ∙ 261 + 18 ∙ 260 = 16346 = 𝑚 Then we encipher using Alice’s public key and the message m: 𝑐 = 𝑚𝑒𝐴 mod 𝑛𝐴 = 1634639423 mod 46927 To compute this, we use modular exponentiation. We first convert the exponent 39423 into binary form by means of the arrow algorithm and get 3942310=10011001111111112, i.e. we need 16 bits for this representation. Because of that, we pre-compute the powers 𝑖 163462 , 𝑖 = 0, … ,15. i 0 1 2 3 4 5 6 7 8 9 10 11 12 2𝑖 20 * 21 * 22 * 23 * 24 * 25 * 26 * 27 * 28 * 29 210 11 2 * 212 * 𝑖 163462 mod 46927 163461 mod 46927 = 16346 163462 mod 46927 = 36305 163464 mod 46927 = 363052 mod 46927 = 14376 163468 mod 46927 = 143762 mod 46927 = 2868 1634616 mod 46927 = 28682 mod 46927 = 13199 1634632 mod 46927 = 131992 mod 46927 = 20577 1634664 mod 46927 = 205772 mod 46927 = 37535 16346128 mod 46927 = 375352 mod 46927 = 33831 16346256 mod 46927 = 338312 mod 46927 = 33958 16346512 mod 46927 = 339582 mod 46927 = 8593 163461024 mod 46927 = 85932 mod 46927 = 23478 163462048 mod 46927 = 234782 mod 46927 = 11942 163464096 mod 46927 = 119422 mod 46927 = 211 13 14 15 213 214 215 * 163468192 mod 46927 = 2112 mod 46927 = 44521 1634616384 mod 46927 = 445212 mod 46927 = 16815 1634632768 mod 46927 = 168152 mod 46927 = 9050 The powers of 2, whose corresponding coefficients in the binary representation of the exponent 39423 are non-zero are labeled with *. These will be the only ones that will be used for computing the power that we need. We can now compute 1634639423 mod 46927 = 16346 ∙ 36305 ∙ 14376 ∙ 2868 ∙ 13199 ∙ 20577 ∙ 37535 ∙ 33831 ∙ 33958 ∙ 11942 ∙ 211 ∙ 9050 = 21166 (mod 46927) We want to send letter, not numbers through the communication channel, so we convert the ciphertext in numerical form, 21166, into base 26 by means of the arrow algorithm and get the letters from the letter encoding table: 2116610=158226BFIC . This is Bob’s ciphertext sent to Alice. b) P=167, q=281. Then nA=46927=167281. We compute 𝜙(𝑛𝐴 ) = (𝑝 − 1)(𝑞 − 1) = 166 ∙ 280 = 46480 It is easy to verify, by means of the Euclidean algorithm that (𝑒𝐴 , 𝜙(𝑛𝐴 )) = (39423,46480) = 1. We now determine dA. We first run Euclidean algorithm used to determine (39423,46480). 46480 = 1 ∙ 39423 + 7057 39423 = 5 ∙ 7057 + 4138 7057 = 1 ∙ 4138 + 2919 4138 = 1 ∙ 2919 + 1219 2919 = 2 ∙ 1219 + 481 1219 = 2 ∙ 481 + 257 481 = 1 ∙ 257 + 224 257 = 1 ∙ 224 + 33 224 = 6 ∙ 33 + 26 33 = 1 ∙ 26 + 7 26 = 3 ∙ 7 + 5 7=1∙5+2 5=2∙2+1 2=1∙2+0 Then we use the extended Euclidean algorithm to find multiplicative inverse of 39423 modulo 46480. 1 = 5 − 2 ∙ 2 = 5 − 2(7 − 1 ∙ 5) = 5 − 2 ∙ 7 + 2 ∙ 5 = 3 ∙ 5 − 2 ∙ 7 = 3(26 − 3 ∙ 7) − 2 ∙ 7 = 3 ∙ 26 − 9 ∙ 7 − 2 ∙ 7 = 3 ∙ 26 − 11 ∙ 7 = 3 ∙ 26 − 11(33 − 26) = 3 ∙ 26 − 11 ∙ 33 + 11 ∙ 26 = 14 ∙ 26 − 11 ∙ 33 = 14 ∙ (224 − 6 ∙ 33) − 11 ∙ 33 = 14 ∙ 224 − 84 ∙ 33 − 11 ∙ 33 = 14 ∙ 224 − 95 ∙ 33 = 14 ∙ 224 − 95(257 − 224) = 14 ∙ 224 − 95 ∙ 257 + 95 ∙ 224 = 109 ∙ 224 − 95 ∙ 257 = 109(481 − 257) − 95 ∙ 257 = 109 ∙ 481 − 109 ∙ 257 − 95 ∙ 257 = 109 ∙ 481 − 204 ∙ 257 = 109 ∙ 481 − 204(1219 − 2 ∙ 481) = 109 ∙ 481 − 204 ∙ 1219 + 408 ∙ 481 = 517 ∙ 481 − 204 ∙ 1219 = 517(2919 − 2 ∙ 1219) − 204 ∙ 1219 = 517 ∙ 2919 − 1034 ∙ 1219 − 204 ∙ 1219 = 517 ∙ 2919 − 1238 ∙ 1219 = 517 ∙ 2919 − 1238(4138 − 2919) = 517 ∙ 2919 − 1238 ∙ 4138 + 1238 ∙ 2919 = 1755 ∙ 2919 − 1238 ∙ 4138 = 1755(7057 − 4138) − 1238 ∙ 4138 = 1755 ∙ 7057 − 1755 ∙ 4138 − 1238 ∙ 4138 = 1755 ∙ 7057 − 2993 ∙ 4138 = 1755 ∙ 7057 − 2993(39423 − 5 ∙ 7057) = 1755 ∙ 7057 − 2993 ∙ 39423 + 14965 ∙ 7057 = 16720 ∙ 7057 − 2993 ∙ 39423 = 16720(46480 − 39423) − 2993 ∙ 39423 = 16720 ∙ 46480 − 16720 ∙ 39423 − 2993 ∙ 39423 = 16720 ∙ 46480 − 19713 ∙ 39423 If we take both sides of this equation modulo 46480 we get: 1 ≡ −19713 ∙ 39423 (mod 46480) Since -19713+46480=26767, we can write 1 ≡ 26767 ∙ 39423 (mod 46480). So dA=26767. We decipher the message BFIC sent by Bob, by converting BFIC to a decimal number by means of the letter encoding table and expressing everything in the base 26, so we would get c=21166. Then deciphering is powering 𝑚 = 𝑐 𝑑𝐴 (mod 𝑛𝐴 ) = 2116626767 (mod 46927) As usual, we use modular exponentiation. 26767 has binary representation 110100010001111, i.e. 15 bits are needed. We pre-compute the powers 𝑖 211662 , 𝑖 = 0, … ,14 i 0 1 2 3 4 5 6 7 2𝑖 20 * 21 * 22 * 23 * 24 25 26 7 2 * 𝑖 211662 mod 46927 211661 mod 46927 = 21166 211662 mod 46927 = 34414 211664 mod 46927 = 344142 mod 46927 = 26697 211668 mod 46927 = 266972 mod 46927 = 2533 2116616 mod 46927 = 25332 mod 46927 = 34017 2116632 mod 46927 = 340172 mod 46927 = 30323 2116664 mod 46927 = 303232 mod 46927 = 43618 21166128 mod 46927 = 436182 mod 46927 = 15940 8 9 10 11 12 13 14 28 29 210 11 2 * 212 13 2 * 214 * 21166256 mod 46927 = 159402 mod 46927 = 2349 21166512 mod 46927 = 23492 mod 46927 = 27342 211661024 mod 46927 = 273422 mod 46927 = 37854 211662048 mod 46927 = 378542 mod 46927 = 9371 211664096 mod 46927 = 93712 mod 46927 = 15224 211668192 mod 46927 = 152242 mod 46927 = 44650 2116616384 mod 46927 = 446502 mod 46927 = 22759 The powers of 2, whose corresponding coefficients in the binary representation of the exponent 26767 are non-zero are labeled with *. These will be the only ones that will be used for computing the power that we need. We can now compute 2116626767 mod 46927 = 21166 ∙ 34414 ∙ 26697 ∙ 2533 ∙ 15490 ∙ 9371 ∙ 44650 ∙ 22759 = 16346 (mod 46927) This is the same as the original plaintext.
