Download presentation

Presentation is loading. Please wait.

Published byPaola Cobler Modified over 3 years ago

1
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

2
2 Complexity ©D.Moshkovitz The Amazing Adventures of Alice and Bob AliceBob extremely secret message eavesdropper

3
3 Complexity ©D.Moshkovitz Introduction Objectives: –To introduce the subject of cryptography and its tight connection to complexity Overview: –Public key cryptography –One-Way Functions and Trapdoor functions –RSA PAP 279-298

4
4 Complexity ©D.Moshkovitz Intuitive Approach AliceBob extremely secret message eavesdropper E(e, )D(d, ) encoding key decoding key

5
5 Complexity ©D.Moshkovitz Simple Implementation: Just XOR! Agree first on some random string e. AliceBob eavesdropper e e ( ) extremely secret message Problem!

6
6 Complexity ©D.Moshkovitz Solution: Public-Key Cryptosystems Bob generates a pair of keys Publishes E Keeps D private Bob E(x) D(y)

7
7 Complexity ©D.Moshkovitz Encryption: Requirements “Easy” (so everyone can send Bob encrypted messages) “Hard to invert” (so no one can break the encryption)

8
8 Complexity ©D.Moshkovitz One-Way Functions: Formally Definition: A length preserving function f is a one- way function if: 1.f is computable in polynomial time. 2.f -1 cannot be computed in probabilistic polynomial time, i.e SIP 375 some textbooks demand f is one-to-one

9
9 Complexity ©D.Moshkovitz One-Way For any Turing Machine M For any natural constant k For sufficiently large natural n Probability taken over: choices made by M random selection of w M inverts f correctly on at most n -k of the inputs

10
10 Complexity ©D.Moshkovitz Applications: Authentication Many users may login to a network Each user has a password The database can be read by everyone Problem: secure authentication

11
11 Complexity ©D.Moshkovitz How to Authenticate Using OWF? Encrypt each password with a OWF. Store only the encrypted password. When this user tries to login… –Encrypt the password she entered –Compare to the stored password One-Way Function MyPass1234 2iB>S\]1%^o MyPass1234

12
12 Complexity ©D.Moshkovitz Do One-Way Functions Exist? Believed to… OWF P≠NP.

13
13 Complexity ©D.Moshkovitz Do One-Way Functions Suffice? Problem: How would Bob generate D(y)? Bob D is so hard, I don’t know how to compute it myself…

14
14 Complexity ©D.Moshkovitz Trapdoor Functions f1f1 f2f2 f3f3 … G index family of functions which are hard to invert probabilistic polynomial-time TM the key to invert that function

15
15 Complexity ©D.Moshkovitz Trapdoor Functions : Formally Definition: A length preserving indexing function f: * * * is a trapdoor function, if there exist a poly-time TM G a function h: * * * which satisfy: SIP 376-377 f(i,w)=f i (w)

16
16 Complexity ©D.Moshkovitz Trapdoor Functions : Formally 1.f and h are computable in polynomial time. 2. “f i is hard to invert in the absence of t” 3.“f i is easy to invert when t is known” SIP 376-377 * is output by G
*

17
17 Complexity ©D.Moshkovitz RSA A public-key cryptosystem developed by Rivest, Shamir and Adleman. Based on the (conjectured) hardness of factoring.

18
18 Complexity ©D.Moshkovitz Plan 1.Prime numbers: basic facts and recent results. 2.Euler’s function. 3.Description of the RSA cryptosystem.

19
19 Complexity ©D.Moshkovitz PRIMES Instance: A number in binary representation. Problem: To decide if this number is prime. 10111 Yes instance: No instance:10110

20
20 Complexity ©D.Moshkovitz Is PRIMES in P ?! What’s the problem with the following trivial algorithm? Input: a number N Output: is N prime? for i in 2.. N do for j in 2.. N do if i*j=N, return FALSE return TRUE

21
21 Complexity ©D.Moshkovitz Prime Numbers Fact 1: There are many prime numbers (k/log k in the range [k]={1,…,k}) Fact 2: ([AKS02]) Primality testing can be done in time polynomial in log k. Question: How to choose a random prime in [k] in time poly-log k?

22
22 Complexity ©D.Moshkovitz Picking a Random Prime while didn’t-find-one –choose x R [k] –if x PRIMES return x [k] primes uniformly at random Expected time: O(polylogk)

23
23 Complexity ©D.Moshkovitz De-Randomization By Alon et Al and Naor and Naor, there’s a deterministic construction X of O(logk/ 2 ) numbers in [k] which is -close to uniform. By using it with < log -1 k, we can obtain O(polylogk) run-time (not just expectedly!) If Pr x R [k] [x S] > X S≠

24
24 Complexity ©D.Moshkovitz Euler’s Function (n) = { m | 1 m < n AND gcd(m,n)=1 } Euler’s function: (n)=| (n)| (12)={1,2,3,4,5,6,7,8,9,10,11} (12)=4 Example: Observe: For any prime p, (p)={1,...,p-1}

25
25 Complexity ©D.Moshkovitz RSA To encrypt a message, write it as a number m, and compute E N,e (m) = m e (mod N) To decrypt a cipher text c, compute D d (c) = c d (mod N) Now for (almost) any m, –m ed m (mod N) –And therefore: (m e ) d m (mod N) Therefore: D d (E N,e (m)) m (mod N)

26
26 Complexity ©D.Moshkovitz The Public and Private Keys Choose two long random prime numbers p, q –set N = pq Randomly choose an odd number e s.t: –1 < e < (N) –gcd(e, (N)) = 1 Let d be the inverse of e, namely ed 1 (mod (n)) Public key: ;Private key: d Compute d using Euclid’s gcd algorithm

27
27 Complexity ©D.Moshkovitz Summary We presented the notion of Public Key Cryptosystems and its well-known implementation, RSA. We examined some of the underlying assumptions of cryptography: –Existence of one-way functions –Existence of trapdoor functions These assumptions are stronger than the standard complexity assumption P≠NP.

Similar presentations

Presentation is loading. Please wait....

OK

Reductions Complexity ©D.Moshkovitz.

Reductions Complexity ©D.Moshkovitz.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To ensure the functioning of the site, we use **cookies**. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy & Terms.
Your consent to our cookies if you continue to use this website.

Ads by Google

Ppt on nuclear family and joint family system Ppt on trial and error factoring Ppt on object oriented programming with c++ textbook Free ppt on american war of independence Ppt on computer languages of the future Ppt on validity and reliability Ppt on forward rate agreement quotes Download ppt on mind controlled robotic arms design Ppt on db2 mainframes learning Ppt on case study of company