Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

Published byPaola Cobler Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…"— Presentation transcript:

1 1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

2 2 Complexity ©D.Moshkovitz The Amazing Adventures of Alice and Bob AliceBob extremely secret message eavesdropper

3 3 Complexity ©D.Moshkovitz Introduction Objectives: –To introduce the subject of cryptography and its tight connection to complexity Overview: –Public key cryptography –One-Way Functions and Trapdoor functions –RSA PAP 279-298

4 4 Complexity ©D.Moshkovitz Intuitive Approach AliceBob extremely secret message eavesdropper E(e, )D(d, ) encoding key decoding key

5 5 Complexity ©D.Moshkovitz Simple Implementation: Just XOR! Agree first on some random string e. AliceBob eavesdropper e  e  ( ) extremely secret message Problem!

6 6 Complexity ©D.Moshkovitz Solution: Public-Key Cryptosystems Bob generates a pair of keys Publishes E Keeps D private Bob E(x) D(y)

7 7 Complexity ©D.Moshkovitz Encryption: Requirements “Easy” (so everyone can send Bob encrypted messages) “Hard to invert” (so no one can break the encryption)

8 8 Complexity ©D.Moshkovitz One-Way Functions: Formally Definition: A length preserving function f is a one- way function if: 1.f is computable in polynomial time. 2.f -1 cannot be computed in probabilistic polynomial time, i.e SIP 375 some textbooks demand f is one-to-one

9 9 Complexity ©D.Moshkovitz One-Way For any Turing Machine M For any natural constant k For sufficiently large natural n Probability taken over: choices made by M random selection of w M inverts f correctly on at most n -k of the inputs

10 10 Complexity ©D.Moshkovitz Applications: Authentication Many users may login to a network Each user has a password The database can be read by everyone Problem: secure authentication

11 11 Complexity ©D.Moshkovitz How to Authenticate Using OWF? Encrypt each password with a OWF. Store only the encrypted password. When this user tries to login… –Encrypt the password she entered –Compare to the stored password One-Way Function MyPass1234 2iB>S\]1%^o MyPass1234

12 12 Complexity ©D.Moshkovitz Do One-Way Functions Exist? Believed to… OWF  P≠NP.

13 13 Complexity ©D.Moshkovitz Do One-Way Functions Suffice? Problem: How would Bob generate D(y)? Bob D is so hard, I don’t know how to compute it myself…

14 14 Complexity ©D.Moshkovitz Trapdoor Functions f1f1 f2f2 f3f3 … G index family of functions which are hard to invert probabilistic polynomial-time TM the key to invert that function

15 15 Complexity ©D.Moshkovitz Trapdoor Functions : Formally Definition: A length preserving indexing function f:  *  *   * is a trapdoor function, if there exist a poly-time TM G a function h:  *  *   * which satisfy: SIP 376-377 f(i,w)=f i (w) <index, key> generator decoder

16 16 Complexity ©D.Moshkovitz Trapdoor Functions : Formally 1.f and h are computable in polynomial time. 2. “f i is hard to invert in the absence of t” 3.“f i is easy to invert when t is known” SIP 376-377 <i,t> is output by G

17 17 Complexity ©D.Moshkovitz RSA A public-key cryptosystem developed by Rivest, Shamir and Adleman. Based on the (conjectured) hardness of factoring.

18 18 Complexity ©D.Moshkovitz Plan 1.Prime numbers: basic facts and recent results. 2.Euler’s function. 3.Description of the RSA cryptosystem.

19 19 Complexity ©D.Moshkovitz PRIMES Instance: A number in binary representation. Problem: To decide if this number is prime. 10111 Yes instance: No instance:10110

20 20 Complexity ©D.Moshkovitz Is PRIMES in P ?! What’s the problem with the following trivial algorithm? Input: a number N Output: is N prime? for i in 2..  N do for j in 2..  N do if i*j=N, return FALSE return TRUE

21 21 Complexity ©D.Moshkovitz Prime Numbers Fact 1: There are many prime numbers (k/log k in the range [k]={1,…,k}) Fact 2: ([AKS02]) Primality testing can be done in time polynomial in log k. Question: How to choose a random prime in [k] in time poly-log k?

22 22 Complexity ©D.Moshkovitz Picking a Random Prime while didn’t-find-one –choose x  R [k] –if x  PRIMES return x [k] primes uniformly at random Expected time: O(polylogk)

23 23 Complexity ©D.Moshkovitz De-Randomization By Alon et Al and Naor and Naor, there’s a deterministic construction X  of O(logk/  2 ) numbers in [k] which is  -close to uniform. By using it with  < log -1 k, we can obtain O(polylogk) run-time (not just expectedly!) If Pr x  R [k] [x  S] >   X   S≠ 

24 24 Complexity ©D.Moshkovitz Euler’s Function  (n) = { m | 1  m < n AND gcd(m,n)=1 } Euler’s function:  (n)=|  (n)|  (12)={1,2,3,4,5,6,7,8,9,10,11}  (12)=4 Example: Observe: For any prime p,  (p)={1,...,p-1}

25 25 Complexity ©D.Moshkovitz RSA To encrypt a message, write it as a number m, and compute E N,e (m) = m e (mod N) To decrypt a cipher text c, compute D d (c) = c d (mod N) Now for (almost) any m, –m ed  m (mod N) –And therefore: (m e ) d  m (mod N) Therefore: D d (E N,e (m))  m (mod N)

26 26 Complexity ©D.Moshkovitz The Public and Private Keys Choose two long random prime numbers p, q –set N = pq Randomly choose an odd number e s.t: –1 < e <  (N) –gcd(e,  (N)) = 1 Let d be the inverse of e, namely ed  1 (mod  (n)) Public key: ;Private key: d Compute d using Euclid’s gcd algorithm

27 27 Complexity ©D.Moshkovitz Summary We presented the notion of Public Key Cryptosystems and its well-known implementation, RSA. We examined some of the underlying assumptions of cryptography: –Existence of one-way functions –Existence of trapdoor functions These assumptions are stronger than the standard complexity assumption P≠NP. 

Download ppt "1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…"

Similar presentations

CLASSICAL ENCRYPTION TECHNIQUES

CLASSICAL ENCRYPTION TECHNIQUES
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Using Matrices in Real Life

Using Matrices in Real Life
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Addition Facts 1 - 20.

Addition Facts
Cryptography encryption authentication digital signatures

Cryptography encryption authentication digital signatures
RSA.

RSA.
Public Key Cryptosystem

Public Key Cryptosystem
Formal Models of Computation Part III Computability & Complexity

Formal Models of Computation Part III Computability & Complexity
Reductions Complexity ©D.Moshkovitz.

Reductions Complexity ©D.Moshkovitz.
ABC Technology Project

ABC Technology Project
Hash Tables.

Hash Tables.
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
RSA and Public Key Cryptography Oct. 2002 Nathanael Paul.

RSA and Public Key Cryptography Oct Nathanael Paul.
Public Key Encryptions CS461/ECE422 Fall 2011. Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –

Public Key Encryptions CS461/ECE422 Fall Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –
Lets play bingo!!. Calculate: MEAN 4 7 5 8 6 Calculate: MEDIAN 9 4 6 1 5.

Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Chapter 5 Test Review Sections 5-1 through 5-4.

Chapter 5 Test Review Sections 5-1 through 5-4.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Similar presentations

Ads by Google