KTLec42Informatics2012
advertisement
MATH 1020: Mathematics For Non-science
Chapter 4.2: Cryptography
Instructor: Prof. Ken Tsang
Room E409-R9
Email: kentsang@uic.edu.hk
1
Informatics-the science of information
– What’s information
– Correcting errors in transmitted
messages
– Genetic code and information
– Data compression
– Cryptography
2
A typical communication system
Shannon (1948)
Message
Information
Source
Signal
Received
Signal
Receiver
Transmitter
Noise
Source
Message
Destination
Bad guys
Information Theory
3
Computer system security
Consider your bank account
– You want to be the only one able to withdraw money from
your account.
Similar concerns in the computing resources:
– You want to be able to create, read and modify your files
and let your co-worker Bob only to read it.
– Safeguarding database contents, files, email messages etc.
Securing computer systems is a difficult problem
– Information system components including hardware,
software, users and data are dynamic in nature, so the
solution needs to be re-evaluated.
4
Secure communication
Many sensitive data are being transmitted
through the network all the time
– You want to buy a book online and send the
–
–
–
–
bookstore your credit card number… personal data
Your father transfers money from his account to
yours in a home banking session… personal data
Bob wants to send secret messages to express his
love to Alice… privacy
The branch office of IBM in China sent a new
business plan to its headquarter in US…commercial
secret
The US Embassy in Beijing sent a cable back to
Washington to report China’s latest political and
economical developments… national secret
5
Who needs secure communication?
Before the computer age
–
–
–
–
Governments
Militaries
Diplomats
Secret societies
Now, everybody who uses the computer
Almost all modern telephone, internet, fax and
satellite communications are exploitable due to
recent advances in technology and the 'open air'
nature of much of the radio communications around
the world.
6
ECHELON:
the big brother watching us
The vast international global eavesdropping network
has existed since shortly after the second world war,
when the US, Britain, Canada, Australia and New
Zealand signed a secret (UKUSA) agreement on
signals intelligence, or "sigint".
The system, reportedly in development since 1947,
has been revealed in a number of public sources, first
in a New Statesman article titled Someone's Listening
in 1988. Its capabilities and political implications
were later investigated by a committee of the
European Parliament published in 2001.
7
ECHELON intercept station at Menwith Hill, England.
In the days of the cold war, ECHELON's primary purpose was to keep an eye on
the USSR. In the wake of the fall of the USSR. ECHELON justifies it's continued
multi-billion dollar expense with the claim that it is being used to fight
"terrorism", the catch-all phrase used to justify any and all abuses of civil rights.
8
ECHELON: the big brother
watching us
The purpose of the UKUSA agreement was to
create a single vast global intelligence
organization sharing common goals and a
common agenda, spying on the world and
sharing the data. The entire global system is
actually run by the US National Security
Agency (NSA).
9
The National
Security Agency (NSA)
The United States government's cryptologic organization
responsible for the collection and analysis of foreign
communications.
It coordinates, directs, and
engages in activities to
produce foreign signals
intelligence information,
using cryptanalysis and
cryptographic technologies.
10
The struggle to keep communication
secure
Throughout history, cryptographers and
cryptanalysts struggled to out-wit each other
to achieve/expose secure communication.
11
Enigma machine
As the German military strength
grew in the late 1920s, it began
looking for a better way to secure
its communications. It found the
answer in a new cryptographic
machine called "Enigma." The
Germans believed the encryption
generated by the machine to be
unbreakable. With a theoretical
number of ciphering possibilities
of 3 x 10**114, their belief was
not unjustified.
12
The first computer:
'Bombe'?
During World War II, English mathematician
Alan Turing designed the “Bombe”, a
machine to find the passwords or 'keys' into
the secret codes of 'Enigma’, the famous
encryption machine used by the German army
in the field and to communicate to U-Boats in
the Atlantic.
13
Between 1939 and 1945, the most advanced and creative forms
of mathematical and technological knowledge were combined to
master German communications. British cryptanalysts, Alan
Turing at the forefront, changed the course of the Second World
War and created the foundation for the modern computer.
During World War II, Bletchley Park, a Victorian Gothic
mansion, was the site of the United Kingdom's main decryption
establishment.
Electronic machines were
built out of readily available
parts used for telephone
switchgear. This move from
mechanical to electronic
methods in cryptography
was probably the most
significant result of the
Bletchley Park codebreakers.
14
Alan M. Turing (1912-1954)
Alan Turing is often called the
father of modern computers for
two other reasons. Before the
war he had the idea of a
theoretical machine which
could be programmed to solve
any problem, just like our
modern computers. Then, after
the war he used the experience
of working at Bletchley Park
(top secret Laboratory in
England during war time) to
help build some of the worlds
first computers in the UK.
15
Cryptography- a way to security
Cryptography is the study of secret (crypto-)
writing (-graphy)
developing algorithms which may be used to:
– conceal the context of some message from all
except the sender and recipient (privacy or
secrecy), and/or
– verify the correctness of a message to the
recipient (authentication)
16
Friends and enemies: Alice, Bob, Trudy
Bob & Alice want to communicate “securely”
Trudy (intruder) may intercept, delete, add
messages
channel
data
Alice
secure
sender
Bob
data, control
messages
secure
receiver
data
Trudy
17
Basic terms of Cryptography
A message is in its original form is plaintext.
The coded (transformed) information is ciphertext
The process of producing ciphertext from plaintext is
encryption (encode, encipher ). The reverse of
encryption is decryption (decode, decipher).
The art of creating ciphertext is Cryptography. The
study of methods of decoding ciphertext back into
plaintext without knowledge of the key is called codebreaking, or cryptanalysis.
18
How cryptography works
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
m plaintext message
KA(m) ciphertext, encrypted with key KA
m = KB(KA(m))
19
Types of Cryptography
Cryptography often uses keys:
– Algorithm is known to everyone
– Only “keys” are secret
Asymmetric/Public key cryptography
– Involves the use of two (1 secret & 1 public)
keys
Symmetric/secret key cryptography
– Involves the use one secret key
20
Symmetric & Asymmetric Cryptography
K(E) = K(D)
K(E) != K(D)
21
Symmetric key cryptography
KS
KS
plaintext
message, m
encryption ciphertext
algorithm
K (m)
S
decryption plaintext
algorithm
m = KS(KS(m))
Symmetric key crypto: Bob and Alice share same
(symmetric) key: KS
e.g., key is knowing substitution pattern in mono alphabetic
substitution cipher
How do Bob and Alice agree on key value?
22
Secret key encryption
In Symmetric-Key encryption, each computer (for example
two computers) has a secret key (code) that it can use to
encrypt (encode) a packet of information.
As an example “shift by 2” with letters could be “A”
becomes “C” and “B” becomes “D”.
Key distribution (so that A & B share the same key) can be
problematic.
23
Kerckhoffs’ Principle- Key is the only secret
In any practical cipher system, it is often
assumed that the interceptor will at some
point find out the general system that is
being used.
Security of the message resides in
preventing the interceptor from finding out
the message key, the specific details of
exactly how the system was configured for
sending that particular message.
24
Conventional Cryptosystem
Model
25
Classical Cryptography
•
Sender, receiver share common key
– Keys may be the same, or trivial to derive from
one another
– symmetric cryptography
•
Two basic types
– Transposition ciphers
– Substitution ciphers
– Combinations are called product ciphers
26
Transposition Cipher
•
Rearrange letters in plaintext to produce ciphertext
• Example (Rail-Fence Cipher or 2-columnar
transposition)
– Plaintext is HELLO WORLD
– HE
LL
OW
OR
LD
– Ciphertext is HLOOL ELWRD
27
Transposition Cipher
•
•
Generalize to n-columnar transpositions
Example 3-columnar
– HEL
LOW
ORL
DXX
– HLODEORXLWLX
Modern Transposition ciphers take in N bits
and permute using lookup table : called P-Boxes.
28
Attacking the Transposition Cipher
•
Anagramming (rearranging the letters of a
word/phrase to produce a new word/phrase)
– If 1-gram frequencies match English
frequencies, but other n-gram frequencies do
not, probably transposition
– Rearrange letters to form n-grams with highest
frequencies
29
Di-gram - frequencies
Pairs of letters in English (referred to as digrams) have their
characteristic frequencies. Some of the most common in English
are given in the following table. Meaker’s tables, and those of
Pratt and Fraprie, are taken from Gaines.
One can also analyze trigrams, or longer sequences. Among the
most common trigrams in English are THE, ING, THA, AND,
ION.
30
Example: Transposition Cipher
•
•
•
•
Ciphertext: HLOOLELWRD
Frequencies of 2-grams beginning with H (generally in
English)
• Examine frequencies of H-{letters in ciphertext}
– HE 0.0305
– HO 0.0043
– HL, HW, HR, HD < 0.0010
Frequencies of 2-grams ending in H (again, generally in
English)
• Examine frequences of {letters in ciphertext}-H
– WH 0.0026
– EH, LH, OH, RH, DH ≤ 0.0002
Implies it likely that E follows H in plaintext
31
Example
•
•
Arrange so the H and E are adjacent
HE
LL
OW
OR
LD
Read off across, then down, to get original
plaintext
32
Substitution cipher
substituting one character for another
– Mono-alphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Key: the mapping from the set of 26 letters to the
set of 26 letters
Total numbers of possible substitutions: 26!
33
Cæsar Ciphers
34
Cæsar Ciphers
Cæsar cipher (simplest substitution cipher):
ABCDEFGHIJKLMNOPQRSTUVWXYZ
GHIJKLMNOPQRSTUVWXYZABCDEF
•
Example (Cæsar cipher)
– Plaintext is HELLO WORLD
– Change each letter to the third letter following it
(X goes to A, Y to B, Z to C)
•
Key is 3, usually written as letter ‘D’
– Ciphertext is KHOOR ZRUOG
35
Attacking the Cæsar Cipher
•
Exhaustive search
– If the key space is small enough, try all possible
keys until you find the right one
– Cæsar cipher has 26 possible keys
•
Statistical analysis
– Compare to 1-gram model of English
36
Relative Frequency of Letters in English Text
37
English alphabet Frequencies
p(char idx)
p(char idx)
p(char idx)
p(char idx)
0:a
0.080
7:h
0.060
13:n 0.070
1:b
0.015
8:i
0.065
14:o 0.080
19: 0.090
t
20:u 0.030
2:c
0.030
9:j
0.005
15:p 0.020
21:v 0.010
3:d
0.040
10:k 0.005
16:q 0.002
4:e
0.130
11:l
0.035
17:r 0.065
22: 0.015
w
23:x 0.005
5:f
0.020
12:m 0.030
18:s 0.060
24:y 0.020
6:g
0.015
25:z 0.002
38
Frequency Statistics of Language
In addition to the frequency info of single
letters, the frequency info of two-letter
(digram) or three-letter (trigram) combinations
can be used for the cryptanalysis
Most frequent digrams
– TH, HE, IN, ER, AN, RE, ED, ON, ES, ST, EN,
AT, TO, NT, HA, ND, OU, EA, NG, AS, OR, TI,
IS, ET, IT, AR, TE, SE, HI, OF
Most frequent trigrams
– THE, ING, AND, HER, ERE, ENT, THA, NTH,
WAS, ETH, FOR, DTH
39
Cæsar’s weakness
•
Key is too short
– Can be found by exhaustive search
– Statistical frequencies not concealed well
• They look too much like regular English letters
•
Improve the substitution permutation
– Increase number of mapping options from 26
– Modern substitution ciphers take in N bits and
substitute N bits using lookup table: called SBoxes
40
Vigènere Cipher
In 1562, Blaise de Vigènere invented a cipher
in which a different Caesar shift is applied to
each letter of the plaintext.
Example
– Message THE BOY HAS THE BALL
– Key VIG
– Encipher using Cæsar cipher for each letter:
key
VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
cipher OPKWWECIYOPKWIRG
41
Vigenère Square
42
Useful Terms for Vigènere Cipher
•
period: length of key
– In earlier example, period is 3
•
Poly-alphabetic: the key has several different
letters
– Unlike Cæsar cipher, which is mono-alphabetic
43
Attacking the Vigènere Cipher
•
Approach
– Establish period; call it n
– Break message into n parts, each part being
enciphered using the same key letter, e.g., a
Cæsar cipher
– Solve each part as separate Cæsar cipher
problem
•
Automated in applet
– http://math.ucsd.edu/~crypto/java/EARLYCIP
HERS/Vigenere.html
44
Establish Period
•
Kaskski: repetitions in the ciphertext occur when
characters of the key appear over the same
characters in the plaintext
• Example : same pattern in the plaintext occurs
under the same pattern of key:
key
VIGVIGVIGVIGVIGV
plain THEBOYHASTHEBALL
cipher OPKWWECIYOPKWIRG
Note the key and plaintext line up over the repetitions
(underlined). As distance between repetitions is 9, the
period is a factor of 9 (that is, 1, 3, or 9)
45
Playfair Cipher
Best-known multiple-letter substitution cipher
Digram cipher (diagram to digram, i.e., E(pipi+1)=cici+1
through key-based 5x5 transformation table)
M
O
N
A
R
C
H
Y
B
D
E
F
G
I/J K
L
P
Q
S
T
U
V
W X
Z
Keyword = monarchy
Plaintext: H S E A A R M U
Ciphertext: B P I M R M C M
Great advance over simple mono-alphabetic cipher
– 26 letters 26x26=676 digrams
Still leaves much of the structure of the plaintext language
relatively easy to break
Can be generalized to polygram cipher
46
Rotor Machines
• Mechanical cipher machines, extensively used in WWII;
Germany (Enigma), Japan (Purple), Sweden (Hagelin)
• Each rotor corresponds to a
substitution cipher
• A one-rotor machine produces a
polyalphabetic cipher with period 26
• Output of each rotor is input to next
rotor
• After each symbol, the “fast” rotor is
rotated
• After a full rotation, the adjacent
rotor is rotated (like odometer)
- An n rotor machine produces a
polyalphabetic cipher with period 26n
47
The basic Enigma was invented in 1918
by Arthur Scherbius in Berlin.
It enciphers a message by performing a number of
substitutions one after the other. Scherbius's idea was
to achieve these substitutions by electrical connections.
Figure 1 shows just a few of the 26 wires which will give the effect of the
substitutions given earlier as a look-up table. For instance there is a wire from Q in
the top row to M in the bottom row. Thus an electrical voltage applied to the Q
terminal on the top row will appear at the M terminal on the bottom row.
48
The next idea is that it is not much more difficult to compose
substitutions which are to be performed one after the other. The
bottom row of terminals can simply be connected to the entry
terminals of another set of wires, as in figure 2.
The voltage appearing at the M terminal carries on to the R terminal
on the bottom row. Thus the wirings have achieved a 'substitution'
first from Q to M and then from M to R.
49
Suppose the second set of wirings is displaced by 2 letters, as in
Figure 3:
In figure 3, an input at letter Q results in a lamp L lighting.
Each choice from the 26 possible shifts now gives rise to a completely
different substitution alphabet.
If the wiring embodying the substitutions are set in a wheel then the
shifts are achieved by rotations of one wheels against another.
50
“One-Time pad” -- random key
•
A Vigenère cipher with a random key at least as
long as the message
– Provably unbreakable
– Why? Look at ciphertext DXQR. Equally likely to
correspond to plaintext DOIT (key AJIY) and to
plaintext DONT (key AJDY) and any other 4 letters
– Each key used only once, Not very practical
– Warning: keys must be random, or you can attack the
cipher by trying to regenerate the key
•
Approximations, such as using pseudorandom number
generators to generate keys, are not random
51
Attributes of Strong
Encryption
Confusion: relationship between key and
ciphertext as complex as possible.
Diffusion: the statistics of the plaintext is
"dissipated" in the statistics of the ciphertext.
The non-uniformity in the distribution of the individual letters
(and pairs of neighbouring letters) in the plaintext should be
redistributed in such a way that it is much harder to detect.
Two properties of a secure cipher were identified by Claude
Shannon [1945]– Information Theory
52
Relative Frequency of Occurrence of Letters
53
Two types of symmetric ciphers
Stream ciphers
– encrypt one bit at time
Block ciphers
– Break plaintext message in equal-size blocks
– Encrypt each block as a unit
54
Stream Ciphers
pseudo random
key
keystream
generator
keystream
Combine each bit of keystream with bit of plaintext to get
bit of ciphertext
m(i) = ith bit of original message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks(i) m(i) ( = exclusive or)
m(i) = ks(i) c(i)
55
Example:
1010
1010
= 0000
0000
1101
= 1101
Since ks ks = 0000…00 for any ks
therefore
m = ks c = ks (ks m)
= (ks ks) m = m
56
Block Cipher
•
Divide input bit stream into n-bit sections, encrypt
only that section, no dependency/history between
sections
•
In a good block cipher, each output bit is a function
of all n input bits and all k key bits
57
Example: DES
• Data Encryption Standard (DES)
•
•
•
•
Encodes plaintext in 64-bit chunks using a 64-bit
key (56 bits + 8 bits parity)
Uses a combination of diffusion and confusion to
achieve security
Was cracked in 1997
• Parallel attack – exhaustively search key space
Decryption in DES – it’s symmetric! Use KA again as
input and then the same keys except in reverse
order
58
Example: DES (2)
• DES
•
•
•
64-bit input is permuted
16 stages of identical
operation
• differ in the 48-bit
key extracted from
56-bit key - complex
• R2= R1 is encrypted
with K1 and XOR’d
with L1
• L2=R1, …
Final inverse permutation
stage
59
Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values
brute force search looks hard
recent advances have shown is possible
– in 1997 on Internet in a few months
– in 1998 on dedicated hardware (EFF) in a few
days
– in 1999 above combined in 22hrs!
60
Symmetric key
Both users must have the same secret key
The Key Sharing Problem
n*(n-1)/2 keys needed for complete
confidence
Using less than n*(n-1)/2 keys for n people,
you lose identification of source
61
Asymmetric key
Public Key Cryptography
Each user has a pair of complimentary keys
(one private, one public)
n*2 keys needed (n key pairs)
Public key may be distributed freely
Either key encrypts – Complement needed
to decrypt
62
Public-Key Cryptography
63
Why Public-Key Cryptography?
developed to address two key issues:
– key distribution – how to have secure
communications in general without having to trust
a KDC with your key
– digital signatures – how to verify a message
comes intact from the claimed sender
public invention due to Whitfield Diffie &
Martin Hellman at Stanford Univ. in 1976
– known earlier in classified community (1970 James Ellis,
“The possibility of non-secret encryption”, British Gov’t)
64
Public-Key Applications
can classify uses into 3 categories:
– encryption/decryption (provide secrecy)
– digital signatures (provide authentication)
– key exchange (of session keys)
65
Security of Public Key
Schemes
like private key schemes brute force exhaustive
search attack is always theoretically possible
but keys used are too large (>512bits)
security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
more generally the hard problem is known, its just
made too hard to do in practise
requires the use of very large numbers
hence is slow compared to private key schemes
66
Overview of RSA
RSA (currently the most widely used public key)
– Rivest, Shamir, Adleman, 1977
Zn
– Modular operations (the expensive part)
– A sender looks up the public key of the receiver,
and encrypts the message with that key
– The receiver decrypts the message with his
private key
– Although, public key is public information,
private key is secret but related to the public key
in a special way
67
Modular Arithmetic
Definition. Let m ≠ 0 be an integer. We say that two integers a and b
are congruent modulo m if there is an integer k such that a – b = km,
and in this case we write
a ≡ b mod m, or a mod m = b
Properties
Reflexivity : a ≡ a mod m.
Symmetry : If a ≡ b mod m, then b ≡ a mod m.
Transitivity : If a ≡ b mod m and b ≡ c mod m,
then a ≡ c mod m.
The relation of congruence modulo m partitions Z into m
equivalence classes of the form
[x] = [x]m = {x + km | k in Z} .
The set of equivalence classes is denoted Zm = {0, 1, 2, . . . ,m − 1}.
For instance, Z5 = {0, 1, 2, 3, 4}.
68
69
More Modular Arithmetic
(ab) mod m = ((a mod m) (b mod m)) mod m
(a+b) mod m = ((a mod m)+(b mod m)) mod m
Example: Prove that an integer is divisible by 3 if the sum of its
digits is divisible by 3.
70
Why RSA Works
Multiplying P by Q is easy: the number of
operations depends on the number of bits
(number of digits) in P and Q.
For example, multiplying two 384-bit
numbers takes approximately
3842 = 147,456 bit operations
71
Why RSA Works (2)
If one knows only n, finding p and q is
hard: in essence, the number of operations
depends on the value of M.
– The simplest method for factoring a 768-bit
number takes about 2384 3.94 x10115 trial
divisions.
– A more sophisticated methods takes about 285
3.87 x 1025 trial divisions.
– A still more sophisticated method takes about
241 219,900,000,000 trial divisions
72
Why RSA Works (3)
No-one has found an really quick algorithm
for factoring a large number M.
No-one has proven that such a quick
algorithm doesn’t exist (or even that one is
unlikely to exist).
Peter Shor has devised a very fast factoring
algorithm for a quantum computer, if
anyone manages to build one.
73
RSA Usage
to encrypt a message M the sender:
– obtains public key of recipient KU={e,N}
– computes: C=Me mod N, where 0≤M<N
to decrypt the ciphertext C the owner:
– uses their private key KR={d,p,q}
– computes: M=Cd mod N
note that the message M must be smaller
than the modulus N (block if needed)
74
Bob chooses his public key
He randomly chooses 17th and 19th primes, 59
and 67, respectively (p = 59, q = 67, pq=3953)
(n) = (58)(66) = 3828
Euler totient number
Pick a random b, less than 3828 but > 1
– Let’s try 2669. Will that work? gcd(2669, 3828)
=1
Now, ab 1 (mod (n))
– a x 2669 1 mod 3828
– a will exist if gcd(a, (n)) = 1
75
Bob finishes his calculations in
making his public key…
a = b-1 in Zn, recall a is the decryption
exponent (n=pq=3953)
a = 1625 (b-1 = 1625 mod 3828)
Bob’s private key (a, n) is (1625,3953), so
now Bob publishes his public key (b,n) as
(2669, 3953)
76
Alice wants to send Bob a
message, m…
Alice has plaintext 3128 to send. She will
send E(m):
– Alice encrypts with public key (b,n) or
(2669,3953)
– E(m) = 31282669 mod 3953 = 3541
Bob receives the ciphertext 3541:
– Bob decrypts with private key (a,n) or
(1625,3953)
– 35411625 mod 3953 = 3128
77
Prime Numbers
prime numbers only have divisors of 1 and self
– they cannot be written as a product of other
numbers
– note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
prime numbers are central to number theory
list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
61 67 71 73 79 83 89 97 101 103 107 109 113 127
131 137 139 149 151 157 163 167 173 179 181 191
193 197 199
78
Relatively Prime Numbers & GCD
two numbers a, b are relatively prime if
have no common divisors apart from 1
– eg. 8 & 15 are relatively prime since factors of
8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the
only common factor
conversely can determine the greatest
common divisor by comparing their prime
factorizations and using least powers
– eg. 300=21×31×52 18=21×32 hence
GCD(18,300)=21×31×50=6
79
Fermat's Theorem
ap-1 mod p = 1
– where p is prime and gcd(a,p)=1
also known as Fermat’s Little Theorem
useful in public key and primality testing
80
Euler Totient Function ø(n)
when doing arithmetic modulo n
complete set of residues is: 0..n-1
reduced set of residues is those numbers
(residues) which are relatively prime to n
– eg for n=10,
– complete set of residues is {0,1,2,3,4,5,6,7,8,9}
– reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues
is called the Euler Totient Function ø(n)
81
Euler Totient Function ø(n)
to compute ø(n) need to count number of
elements to be excluded
in general need prime factorization, but
ø(p) = p-1
– for p.q (p,q prime) ø(p.q) = (p-1)(q-1)
– for p (p prime)
eg.
– ø(37) = 36
– ø(21) = (3–1)×(7–1) = 2×6 = 12
82
Euler's Theorem
a generalisation of Fermat's Theorem
aø(n)mod N = 1
– where gcd(a,N)=1
eg.
– a=3;n=10; ø(10)=4;
– hence 34 = 81 = 1 mod 10
– a=2;n=11; ø(11)=10;
– hence 210 = 1024 = 1 mod 11
83
Why RSA Works
because of Euler's Theorem:
aø(n)mod N = 1
– where gcd(a,N)=1
in RSA have:
– N=p.q
– ø(N)=(p-1)(q-1)
– carefully chosen e & d to be inverses mod ø(N)
– hence e.d=1+k.ø(N) for some k
hence :
Cd = (Me)d = M1+k.ø(N) =
M1.(Mø(N))k = M1.(1)k = M1 = M
mod N
84
RSA Example
1.
2.
3.
4.
5.
6.
7.
Select primes: p=17 & q=11
Compute n = pq =17×11=187
Compute ø(n)=(p–1)(q-1)=160
Select e : gcd(e,160)=1; choose e=7
Determine d: de=1 mod 160 and d
< 160 Value is d=23 since 23×7=161=
10×160+1
Publish public key ={7,187}
Keep secret private key ={23,17,11}
85
RSA Example cont
sample RSA encryption/decryption is:
given message M = 88 (<187)
encryption:
C = 887 mod 187 = 11
decryption:
M = 1123 mod 187 = 88
Encryption
Plaintext
88
887 mod 187 = 11
Decryption
Ciphertext
11
11 23 mod 187 = 88
KU = 7, 187
KR = 23, 187
Figure 1. Example of RSA Algorithm
Plaintext
88
86
Some notes about a,b, p, & q
p and q must be large for security
b, the encryption exponent, does not have to
be that large (216 – 1 = 65535 is good)
a, the decryption exponent, needs to be
sufficiently large (512 to 2048 bits)
Having to work with such large numbers,
we need to look at some other elements of
RSA.
87
RSA: Component Operations
Exponentiation
– We need to do it fast
Factorization
– Believed to be difficult (security is here)
Finding prime numbers and testing primality
– Rabin Miller test
– New polynomial time algorithm
http://mathworld.wolfram.com/news/2002-0807_primetest/
88
DES vs. RSA
RSA is about 1500 times slower than DES
– Exponentiation and modulus
Generation of numbers used in RSA can take
time
89
Key Distribution
The hard problem for symmetric (secret)
key ciphers
Transmitting a private key on an insecure
channel
– Asymmetric system solves problem
90
4 Requirements of Security
Privacy/confidentiality: Ensuring that no one can read the message
except the intended receiver.
Authentication: Sender, receiver want to confirm identity of each
other .
Integrity: Assuring the receiver that the received message has not
been altered in any way from the original.
Non-repudiation: A mechanism to prove that the sender really sent
91
this message.
Authentication
Authentication can be defined as determining the
identity of a message sender or access control.
Access control: Office workers bear identity card or
ATM Card with a PIN is required for bank transaction.
Asymmetric keys can be used for non-repudiation and
sender authentication; if the receiver can obtain the
session key encrypted with the sender's private key,
then only this sender could have sent the message.
92
Digital signature
A digital signature is a cryptographic means
through which identity of the sender, the time and
date a document was sent, …, may be verified.
The digital signature of a document is a piece of
information based on both the document and the
signer's private key. It is typically created through
the use of a hash function and a private signing
function (encrypting with the signer's private key),
but there are other methods.
93
Authentication & Integrity
To verify the contents of digitally signed data, the recipient
generates a new message digest from the data that was
received, decrypts the original message digest with the
originator's public key, and compares the decrypted digest
with the newly generated digest. If the two digests match,
the integrity of the message is verified.
The identify of the originator also is confirmed because the
public key can decrypt only data that has been encrypted
with the corresponding private key.
94
Digital Signatures are the electronic world's equivalent to a
handwritten signature. A Digital Signature provides the following
functions to the cryptographer:
* Authentication
* Data Integrity
* Non Repudiation
95
Assignments
1.
Perform encryption and decryption using RSA
algorithm, as in Figure 1, for the following:
① p = 3; q = 11, e = 7; M = 5
② p = 5; q = 11, e = 3; M = 9
Encryption
Plaintext
88
887 mod 187 = 11
Decryption
Ciphertext
11
11 23 mod 187 = 88
KU = 7, 187
KR = 23, 187
Figure 1. Example of RSA Algorithm
2.
In a public-key system using RSA, you intercept
the ciphertext C = 10 sent to a user whose public
key is e = 5, n = 35. What is the plaintext M?
96
Plaintext
88
Example
In a public-key system using RSA, you intercept the ciphertext
C = 10 sent to a user whose public key is (5, 35). What is the
plaintext M?
The strength of RSA depends on the difficulties to factorize a
large number to its prime factors. For small public key it is
easy to crack.
N=35, p=3, q=5
t=2*4=12
e=5, (1+k*12)=(1, 13, 25, 37, 49, … )
d=5
Ans: M= 5 since 10^5 mod 35 = 5
Check 5^5 mod 35 = 10
97
