Download presentation

Presentation is loading. Please wait.

Published byPaola Cobler Modified over 2 years ago

1
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

2
2 Complexity ©D.Moshkovitz The Amazing Adventures of Alice and Bob AliceBob extremely secret message eavesdropper

3
3 Complexity ©D.Moshkovitz Introduction Objectives: –To introduce the subject of cryptography and its tight connection to complexity Overview: –Public key cryptography –One-Way Functions and Trapdoor functions –RSA PAP 279-298

4
4 Complexity ©D.Moshkovitz Intuitive Approach AliceBob extremely secret message eavesdropper E(e, )D(d, ) encoding key decoding key

5
5 Complexity ©D.Moshkovitz Simple Implementation: Just XOR! Agree first on some random string e. AliceBob eavesdropper e e ( ) extremely secret message Problem!

6
6 Complexity ©D.Moshkovitz Solution: Public-Key Cryptosystems Bob generates a pair of keys Publishes E Keeps D private Bob E(x) D(y)

7
7 Complexity ©D.Moshkovitz Encryption: Requirements “Easy” (so everyone can send Bob encrypted messages) “Hard to invert” (so no one can break the encryption)

8
8 Complexity ©D.Moshkovitz One-Way Functions: Formally Definition: A length preserving function f is a one- way function if: 1.f is computable in polynomial time. 2.f -1 cannot be computed in probabilistic polynomial time, i.e SIP 375 some textbooks demand f is one-to-one

9
9 Complexity ©D.Moshkovitz One-Way For any Turing Machine M For any natural constant k For sufficiently large natural n Probability taken over: choices made by M random selection of w M inverts f correctly on at most n -k of the inputs

10
10 Complexity ©D.Moshkovitz Applications: Authentication Many users may login to a network Each user has a password The database can be read by everyone Problem: secure authentication

11
11 Complexity ©D.Moshkovitz How to Authenticate Using OWF? Encrypt each password with a OWF. Store only the encrypted password. When this user tries to login… –Encrypt the password she entered –Compare to the stored password One-Way Function MyPass1234 2iB>S\]1%^o MyPass1234

12
12 Complexity ©D.Moshkovitz Do One-Way Functions Exist? Believed to… OWF P≠NP.

13
13 Complexity ©D.Moshkovitz Do One-Way Functions Suffice? Problem: How would Bob generate D(y)? Bob D is so hard, I don’t know how to compute it myself…

14
14 Complexity ©D.Moshkovitz Trapdoor Functions f1f1 f2f2 f3f3 … G index family of functions which are hard to invert probabilistic polynomial-time TM the key to invert that function

15
15 Complexity ©D.Moshkovitz Trapdoor Functions : Formally Definition: A length preserving indexing function f: * * * is a trapdoor function, if there exist a poly-time TM G a function h: * * * which satisfy: SIP 376-377 f(i,w)=f i (w)

16
16 Complexity ©D.Moshkovitz Trapdoor Functions : Formally 1.f and h are computable in polynomial time. 2. “f i is hard to invert in the absence of t” 3.“f i is easy to invert when t is known” SIP 376-377 * is output by G
*

17
17 Complexity ©D.Moshkovitz RSA A public-key cryptosystem developed by Rivest, Shamir and Adleman. Based on the (conjectured) hardness of factoring.

18
18 Complexity ©D.Moshkovitz Plan 1.Prime numbers: basic facts and recent results. 2.Euler’s function. 3.Description of the RSA cryptosystem.

19
19 Complexity ©D.Moshkovitz PRIMES Instance: A number in binary representation. Problem: To decide if this number is prime. 10111 Yes instance: No instance:10110

20
20 Complexity ©D.Moshkovitz Is PRIMES in P ?! What’s the problem with the following trivial algorithm? Input: a number N Output: is N prime? for i in 2.. N do for j in 2.. N do if i*j=N, return FALSE return TRUE

21
21 Complexity ©D.Moshkovitz Prime Numbers Fact 1: There are many prime numbers (k/log k in the range [k]={1,…,k}) Fact 2: ([AKS02]) Primality testing can be done in time polynomial in log k. Question: How to choose a random prime in [k] in time poly-log k?

22
22 Complexity ©D.Moshkovitz Picking a Random Prime while didn’t-find-one –choose x R [k] –if x PRIMES return x [k] primes uniformly at random Expected time: O(polylogk)

23
23 Complexity ©D.Moshkovitz De-Randomization By Alon et Al and Naor and Naor, there’s a deterministic construction X of O(logk/ 2 ) numbers in [k] which is -close to uniform. By using it with < log -1 k, we can obtain O(polylogk) run-time (not just expectedly!) If Pr x R [k] [x S] > X S≠

24
24 Complexity ©D.Moshkovitz Euler’s Function (n) = { m | 1 m < n AND gcd(m,n)=1 } Euler’s function: (n)=| (n)| (12)={1,2,3,4,5,6,7,8,9,10,11} (12)=4 Example: Observe: For any prime p, (p)={1,...,p-1}

25
25 Complexity ©D.Moshkovitz RSA To encrypt a message, write it as a number m, and compute E N,e (m) = m e (mod N) To decrypt a cipher text c, compute D d (c) = c d (mod N) Now for (almost) any m, –m ed m (mod N) –And therefore: (m e ) d m (mod N) Therefore: D d (E N,e (m)) m (mod N)

26
26 Complexity ©D.Moshkovitz The Public and Private Keys Choose two long random prime numbers p, q –set N = pq Randomly choose an odd number e s.t: –1 < e < (N) –gcd(e, (N)) = 1 Let d be the inverse of e, namely ed 1 (mod (n)) Public key: ;Private key: d Compute d using Euclid’s gcd algorithm

27
27 Complexity ©D.Moshkovitz Summary We presented the notion of Public Key Cryptosystems and its well-known implementation, RSA. We examined some of the underlying assumptions of cryptography: –Existence of one-way functions –Existence of trapdoor functions These assumptions are stronger than the standard complexity assumption P≠NP.

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google