Download presentation

Presentation is loading. Please wait.

Published byTristen Wain Modified over 2 years ago

1
Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi 1

2
Two Information Coding Schemes RSA Algorithm Privacy Authenticity Reed-Solomon Codes (Bursty) Noise Tolerance 2

3
3

4
4

5
5 Trinity? Yes, it’s me.

6
Encrypt messages with a symmetric-key cryptosystem (e.g. DES, AES, etc…) Requires prior agreement on a shared key over a secure channel What if Neo and Trinity have yet to meet? 6

7
Mathematically-related public/private key pairs are generated Messages encrypted with public key Can only be decrypted with private key Infeasible to compute private key from public key alone No need to agree on a shared key! 7

8
Rivest, Shamir and Adleman (1977) Based on difficulty of computing prime factors of large integers 8

9
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 9 Setup Usage

10
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 10

11
Let e, d, n be integers with n ≠ 0 Fact: If gcd(e, n) = 1 (i.e. e and n are coprime) then there exists d such that de ≡ 1 (mod n) In other words, the multiplicative inverse of e (mod n) exists when gcd(e, n) = 1 11

12
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 12

13
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 13

14
Definition: no. of integers 1 ≤ a ≤ n with gcd(a, n) = 1 Formula: For n = pq where p and q are primes 14

15
Let x, y, m, n be integers with n ≥ 0 Fact: If x ≡ y (mod ɸ (n)), then m x ≡ m y (mod n) In other words, working in mod n requires that we work mod ɸ (n) in the exponent 15

16
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 16

17
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 17 (M e ) d ≡ M (mod n) and (M d ) e ≡ M (mod n)

18
1. Pick p = 37 and q = 43 2. Compute n = 1591 and ɸ (n) = 1512 3. Pick e = 71 gcd(e, ɸ (n)) = gcd(71, 1512) = 1 4. Compute d = 575 (Extended Euclidean Algorithm) de = 40825 ≡ 1 (mod 1512) 5. Public key is (n, e), private key is (n, d) 6. Encrypt: C ≡ M e ≡ 1234 71 ≡ 908 (mod 1591) 7. Decrypt: M ≡ C d ≡ 908 575 ≡ 1234 (mod 1591) 18

19
1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Sign M with S ≡ M d (mod n) ; Send (M, S) 7. Verify that M ≡ S e (mod n) 19 Reversed! Sign with private key Verify with public key

20
1. Modular exponentiation ▪ Successive-Squaring 2. Computing d from e and ɸ (n) ▪ Extended Euclidean Algorithm 3. Finding large primes 20

21
Successive-Squaring to Compute C ≡ M e (mod n) Let e = e k e k–1 … e 0 (binary representation of e) C := 1 For i := k, k – 1, …, 0 C := (C * C) mod n If e i = 1 Then C := (C * M) mod n End For Performance: O(log e) Memory: O(1) 21

22
Extended Euclidean Algorithm: Since e and ɸ (n) are coprime, solving yields d = y satisfying 22 Find max. q i satisfyingand x i and y i satisfying When r k = 0, stop and output gcd(a, b) = r k-1 and x = x k-1 and y = y k-1 Similar to Euclidean Algorithm for gcd(a, b), but retain quotients q i at each step i to compute x i and y i

23
Generate a large random integer Apply primal test repeatedly Primality Tests: Miller-Rabin Solovay-Strassen Fermat Primality Test Euler Witness, Euler Liar 23

24
24

25
25

26
26

27
27

28
28

29
29

30
30

31
31

32
32

33
33

34
34

35
35

36
36

37
37

38
38

39
39 ???

40
40

41
Noise is Natural Studied models in general Binary Symmetric Channel Binary Erasure Channel Noisy Typewriter Channel Continuous Output Channel … 41

42
42

43
43 MC 00000 01001 10010 11011 100 101 110 111

44
44

45
45

46
46 MC 00000 01001 10010 11011 100 101 110 111 No Structure?? Have to store the whole mapping in a codebook

47
47 G = n x k, where n =7, k=4 for example, Hamming Code is Linear =

48
48

49
Applications: CDs, Space Communication, … Robust against Burst errors 49 From left: Gustave Solomon & Irving S. Reed

50
50

51
51

52
52

53
53

54
54

55
55

56
A set of elements with two operations “Addition” and “Multiplication” defined on these elements. Closed under these two operations Basically all arithmetic operations are allowed Examples: Set of Real numbers, Set of Rational numbers… 56

57
A field with finite number of elements. Example: {0,1} with modulo operations In general {0,1,2….p-1} is a field with p elements with modulo operations. (p is prime) How to construct fields with 8 elements? In general how to construct p r elements?? 57

58
A field with 2 m elements can be constructed by extending the field GF(2) which is {0,1}. Let α denotes an additional element in GF(2 m ). Now GF(2 m ) ={ 0,1, α,α 2,….. α 2 m -1, α 2 m,…} To make the number of elements 2 m, we restrict α 2 m -1 = 1 = α 0 58

59
GF(2 m )={0, α 0, α,…… α 2 m -2 } Any non-zero element in GF(2 m ) can be written as a polynomial of degree at most m-1. Coefficients are from GF(2) Also they can be mapped to binary values. 59

60
An irreducible polynomial f(x) of degree m is said to be primitive if the smallest positive integer n for which f(x) divides x n +1 is n=2 m -1. Example: 1 + x + x 4 because it divides x n +1 for n=15 and not for other values less than 15. Used for construction GF(2 m ) RS codes use GF(2 m ). 60

61
61

62
62

63
63

64
Linear Code Cyclic d = n-k+1 (Maximum Distance Separable) Can correct up to n-k erasures Can correct up to (n-k)/2 symbol errors 64

65
This form of encoding is not in Systematic form Systematic form : Parity symbols message symbols 010 110 111 100 001 011 101 010 110 111 Message polynomial α + α 3 x + α 5 x 2 Code Polynomial α 0 + α 2 x + α 4 x 2 + α 6 x 3 + αx 4 + α 3 x 5 + α 5 x 6 A generator polynomial g(x) is defined as g(x) = (x-α) (x-α 2 ) …………… (x-α 2t ) 65

66
Shift the message polynomial m(x) by 2t positions by multiplying m(x) by x 2t. Define p(x) = x 2t m(x) (mod g(x)) The final codeword polynomial u(x) is u(x) = p(x) + x 2t m(x) 66

67
Message polynomial α + α 3 x + α 5 x 2 Yielding αx 4 + α 3 x 5 + α 5 x 6 after multiplication with x 2t i.e. x 4 Take g(x) = (x- α)(x- α 2 )(x- α 3 )(x- α 4 ) = x 4 – α 3 x 3 + α 0 x 2 – αx + α 3 = α 3 + αx + α 0 x 2 + α 3 x 3 +x 4 Next divide α x 4 + α 3 x 5 + α 5 x 6 by g(x) to find the remainder p(x) = α 0 + α 2 x 4 + α 4 x 2 + α 6 x 3. Now u(x)=α 0 + α 2 x + α 4 x 2 + α 6 x 3 + αx 4 + α 3 x 5 + α 5 x 6 67

68
The syndrome is the result of a parity check performed on the received polynomial r(x) to determine whether r(x) is a valid codeword. The syndromes are basically evaluations of the received polynomial r(x) at α, α 2, α 3,… α 2t. S i = r(α i ), i=1,2,….2t If r(x) is a valid codeword then we get all the S i evaluate to zero. Any non-zero S i indicates the presence of errors. 68

69
The errors introduced by the channel during transmission can be modeled as a polynomial e(x) over the field GF(2 m ). Hence r(x) = u(x) + e(x). The problem finding e(x) from r(x) (or the syndromes) is decoding. 69

70
Given any collection of k coefficients from the polynomial u(x), it is possible to construct the remaining coefficients of u(x). If at most ‘t’ of the coefficients of u(x) are incorrect, it is possible to reconstruct all the coefficients of u(x) correctly. Polynomial multiplication/division using FFT takes O(klogk) where k is the max of degrees of the polynomial. 70

71
Error polynomial e(x) = e 0 + e 1 x +….e n x n Suppose the received polynomial r(x) has ν errors in it at the locations i 1,i 2,…i ν. The magnitude of error at these locations are e i j. Then syndromes can be written in the form Sj = e 1 j x l j + e 2 j x l j + ….+e ν j x l j j=1,2,…2t where X l = α il 71

72
72

73
1. Calculate Syndromes 2. Find the error locator polynomial Peterson-Gorenstein-Zierler Decoder 3. Find error locations Chien Search 4. Find error values Forney’s Algorithm 73

74
74 Non- Linear System!! Finding S j for j = 1 to 2t

75
75 Intuition: The roots of this polynomial are inverses of the error locations Help to find the locations where an error has occurred Expanding Λ(x):

76
76 For x = X l -1 and for any 1 ≤ l ≤ ν Multiplying throughout by Y l X l (j+ν)

77
77 Sum over l = 1 to t

78
78 Equation (1) – (4) now form a system of Linear Equations

79
79 Solved for Λ i s by finding the largest value of ν for which M ν is non-singular starting from ν = t Overall this algorithms runs in polynomial time ν ≤ t; 2t = n – k = O(n) (could also be O(1) for large n & k) Use polynomial-time algorithms for matrix determinants and inversion

80
80

81
81 For i ≥ ν, Y i X i = 0 The Middle matrix is singular M μ is singular

82
1. Calculate Syndromes 2. Find the error locator polynomial Peterson-Gorenstein-Zierler Decoder 3. Find error locations Chien Search 4. Find error values Forney’s Algorithm 82

83
Find roots of Error Locator Polynomial, Λ(x), by exhaustive search Evaluate Λ(α i ) for i = 1, 2, …, 2t Find all i where Λ(α i ) = 0 α i is a root of Λ(x) Error locations will also be of the form: α j Here, α j = α -1 and j = 2t – i. If number of errors found is ≥ t, abort process 83

84
84

85
Number of iterations = O(n) Linear time algo Correctness of Chien Search: Viewing Λ(x) as a polynomial over a finite field 85

86
1. Calculate Syndromes 2. Find the error locator polynomial Peterson-Gorenstein-Zierler Decoder 3. Find error locations Chien Search 4. Find error values Forney’s Algorithm 86

87
87 Convert to matrix form Vandermonde Matrix

88
88 Defining the Syndrome polynomial: Defining the Error Evaluator polynomial: where, b is the degree of the smallest root of the generating function of the code &

89
Computing coefficients of Ω(x) takes ≈ ν 2 /2 multiplications Computing each Y i takes 2ν+1 multiplications and one reciprocal Total computation time needed ≈ 2.5ν 2 multiplications ν = O(n) Operations needed O(n 2 ) Polynomial Time algorithm 89

90
1. Calculate Syndromes 2. Find the error locator polynomial Peterson-Gorenstein-Zierler Decoder 3. Find error locations Chien Search 4. Find error values Forney’s Algorithm 90

91
r(x) = u(x) + e(x) Decoding techniques help determine e(x) completely Hence, u(x) = r(x) – e(x) = Message sent is recovered 91 We are done!!

92
Other more efficient (implementation wise) algorithms for decoding: Berlekamp-Massey Decoder (LFSR and iterative correction) Euclidean Algorithm (Values and locations simultaneously determined using iterative GCD of polynomials) Decoders implemented as dedicated chips by manufacturers (Hardware and Software) 92

93
RSA: 1. Evgeny Milanov, RSA algorithm, http://www.math.washington.edu/~morrow/336_09/papers/Yevgeny.pdf http://www.math.washington.edu/~morrow/336_09/papers/Yevgeny.pdf 2. Kenneth Rose, Elementary Number Theory and its applications, 5 th Ed., Pearson International 3. Trappe & Washington, Introduction to Cryptography with Coding Theory, 2 nd Ed., Pearson International Reed-Solomon Codes: 1. Bernard Sklar, Reed Solomon error correction, http://ptgmedia.pearsoncmg.com/images/art_sklar7_reed- solomon/elementLinks/art_sklar7_reed-solomon.pdf http://ptgmedia.pearsoncmg.com/images/art_sklar7_reed- solomon/elementLinks/art_sklar7_reed-solomon.pdf 2. V. Guruswami, Introduction to Coding Theory, CMU, http://www.cs.cmu.edu/~venkatg/teaching/codingtheory/ http://www.cs.cmu.edu/~venkatg/teaching/codingtheory/ 3. John Gill, EE 387 Note #7, Stanford University, http://www.stanford.edu/class/ee387/handouts/notes7.pdf http://www.stanford.edu/class/ee387/handouts/notes7.pdf 4. Wikipedia 93

94
Thanks for your attention!! 94

Similar presentations

Presentation is loading. Please wait....

OK

Cryptography and Network Security

Cryptography and Network Security

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Download ppt on electric motor Ppt on first conditional sentence Ppt on condition based maintenance definition Ppt on power line carrier communication pdf Ppt on the history of space flight Free download ppt on social networking sites Retina anatomy and physiology ppt on cells Ppt on inventory turnover ratio Download ppt on diversity in living organisms for class 9 Ppt on tcp/ip protocol suite solutions