Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi 1.

Similar presentations


Presentation on theme: "Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi 1."— Presentation transcript:

1 Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi 1

2  Two Information Coding Schemes  RSA Algorithm  Privacy  Authenticity  Reed-Solomon Codes  (Bursty) Noise Tolerance 2

3 3

4 4

5 5 Trinity? Yes, it’s me.

6  Encrypt messages with a symmetric-key cryptosystem (e.g. DES, AES, etc…)  Requires prior agreement on a shared key over a secure channel  What if Neo and Trinity have yet to meet? 6

7  Mathematically-related public/private key pairs are generated  Messages encrypted with public key  Can only be decrypted with private key  Infeasible to compute private key from public key alone  No need to agree on a shared key! 7

8  Rivest, Shamir and Adleman (1977)  Based on difficulty of computing prime factors of large integers 8

9 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 9 Setup Usage

10 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 10

11  Let e, d, n be integers with n ≠ 0  Fact: If gcd(e, n) = 1 (i.e. e and n are coprime) then there exists d such that de ≡ 1 (mod n)  In other words, the multiplicative inverse of e (mod n) exists when gcd(e, n) = 1 11

12 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 12

13 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 13

14  Definition: no. of integers 1 ≤ a ≤ n with gcd(a, n) = 1  Formula:  For n = pq where p and q are primes 14

15  Let x, y, m, n be integers with n ≥ 0  Fact: If x ≡ y (mod ɸ (n)), then m x ≡ m y (mod n)  In other words, working in mod n requires that we work mod ɸ (n) in the exponent 15

16 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 16

17 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Encrypt with C ≡ M e (mod n) 7. Decrypt with M ≡ C d (mod n) 17 (M e ) d ≡ M (mod n) and (M d ) e ≡ M (mod n)

18 1. Pick p = 37 and q = Compute n = 1591 and ɸ (n) = Pick e = 71 gcd(e, ɸ (n)) = gcd(71, 1512) = 1 4. Compute d = 575 (Extended Euclidean Algorithm) de = ≡ 1 (mod 1512) 5. Public key is (n, e), private key is (n, d) 6. Encrypt: C ≡ M e ≡ ≡ 908 (mod 1591) 7. Decrypt: M ≡ C d ≡ ≡ 1234 (mod 1591) 18

19 1. Pick two distinct primes p and q 2. Compute n = pq and ɸ (n) = (p – 1)(q – 1) 3. Pick e where 1 < e < ɸ (n) and gcd(e, ɸ (n)) = 1 4. Compute d where de ≡ 1 (mod ɸ (n)) 5. Public key is (n, e), private key is (n, d) 6. Sign M with S ≡ M d (mod n) ; Send (M, S) 7. Verify that M ≡ S e (mod n) 19 Reversed! Sign with private key Verify with public key

20 1. Modular exponentiation ▪ Successive-Squaring 2. Computing d from e and ɸ (n) ▪ Extended Euclidean Algorithm 3. Finding large primes 20

21  Successive-Squaring to Compute C ≡ M e (mod n) Let e = e k e k–1 … e 0 (binary representation of e) C := 1 For i := k, k – 1, …, 0 C := (C * C) mod n If e i = 1 Then C := (C * M) mod n End For  Performance: O(log e)  Memory: O(1) 21

22  Extended Euclidean Algorithm:  Since e and ɸ (n) are coprime, solving yields d = y satisfying 22 Find max. q i satisfyingand x i and y i satisfying When r k = 0, stop and output gcd(a, b) = r k-1 and x = x k-1 and y = y k-1 Similar to Euclidean Algorithm for gcd(a, b), but retain quotients q i at each step i to compute x i and y i

23  Generate a large random integer  Apply primal test repeatedly  Primality Tests:  Miller-Rabin  Solovay-Strassen  Fermat Primality Test  Euler Witness, Euler Liar 23

24 24

25 25

26 26

27 27

28 28

29 29

30 30

31 31

32 32

33 33

34 34

35 35

36 36

37 37

38 38

39 39 ???

40 40

41 Noise is Natural Studied models in general  Binary Symmetric Channel  Binary Erasure Channel  Noisy Typewriter Channel  Continuous Output Channel … 41

42 42

43 43 MC

44 44

45 45

46 46 MC No Structure?? Have to store the whole mapping in a codebook

47 47 G = n x k, where n =7, k=4 for example, Hamming Code is Linear =

48 48

49  Applications: CDs, Space Communication, …  Robust against Burst errors 49 From left: Gustave Solomon & Irving S. Reed

50 50

51 51

52 52

53 53

54 54

55 55

56  A set of elements with two operations “Addition” and “Multiplication” defined on these elements.  Closed under these two operations  Basically all arithmetic operations are allowed Examples: Set of Real numbers, Set of Rational numbers… 56

57  A field with finite number of elements. Example: {0,1} with modulo operations In general {0,1,2….p-1} is a field with p elements with modulo operations. (p is prime) How to construct fields with 8 elements? In general how to construct p r elements?? 57

58  A field with 2 m elements can be constructed by extending the field GF(2) which is {0,1}.  Let α denotes an additional element in GF(2 m ).  Now GF(2 m ) ={ 0,1, α,α 2,….. α 2 m -1, α 2 m,…}  To make the number of elements 2 m, we restrict α 2 m -1 = 1 = α 0 58

59 GF(2 m )={0, α 0, α,…… α 2 m -2 }  Any non-zero element in GF(2 m ) can be written as a polynomial of degree at most m-1.  Coefficients are from GF(2)  Also they can be mapped to binary values. 59

60  An irreducible polynomial f(x) of degree m is said to be primitive if the smallest positive integer n for which f(x) divides x n +1 is n=2 m -1.  Example: 1 + x + x 4 because it divides x n +1 for n=15 and not for other values less than 15.  Used for construction GF(2 m )  RS codes use GF(2 m ). 60

61 61

62 62

63 63

64  Linear Code  Cyclic  d = n-k+1 (Maximum Distance Separable)  Can correct up to n-k erasures  Can correct up to (n-k)/2 symbol errors 64

65  This form of encoding is not in Systematic form  Systematic form : Parity symbols message symbols   Message polynomial α + α 3 x + α 5 x 2  Code Polynomial α 0 + α 2 x + α 4 x 2 + α 6 x 3 + αx 4 + α 3 x 5 + α 5 x 6  A generator polynomial g(x) is defined as g(x) = (x-α) (x-α 2 ) …………… (x-α 2t ) 65

66  Shift the message polynomial m(x) by 2t positions by multiplying m(x) by x 2t.  Define p(x) = x 2t m(x) (mod g(x))  The final codeword polynomial u(x) is u(x) = p(x) + x 2t m(x) 66

67  Message polynomial α + α 3 x + α 5 x 2  Yielding αx 4 + α 3 x 5 + α 5 x 6 after multiplication with x 2t i.e. x 4  Take g(x) = (x- α)(x- α 2 )(x- α 3 )(x- α 4 ) = x 4 – α 3 x 3 + α 0 x 2 – αx + α 3 = α 3 + αx + α 0 x 2 + α 3 x 3 +x 4 Next divide α x 4 + α 3 x 5 + α 5 x 6 by g(x) to find the remainder p(x) = α 0 + α 2 x 4 + α 4 x 2 + α 6 x 3. Now u(x)=α 0 + α 2 x + α 4 x 2 + α 6 x 3 + αx 4 + α 3 x 5 + α 5 x 6 67

68  The syndrome is the result of a parity check performed on the received polynomial r(x) to determine whether r(x) is a valid codeword.  The syndromes are basically evaluations of the received polynomial r(x) at α, α 2, α 3,… α 2t. S i = r(α i ), i=1,2,….2t  If r(x) is a valid codeword then we get all the S i evaluate to zero.  Any non-zero S i indicates the presence of errors. 68

69  The errors introduced by the channel during transmission can be modeled as a polynomial e(x) over the field GF(2 m ).  Hence r(x) = u(x) + e(x).  The problem finding e(x) from r(x) (or the syndromes) is decoding. 69

70  Given any collection of k coefficients from the polynomial u(x), it is possible to construct the remaining coefficients of u(x).  If at most ‘t’ of the coefficients of u(x) are incorrect, it is possible to reconstruct all the coefficients of u(x) correctly.  Polynomial multiplication/division using FFT takes O(klogk) where k is the max of degrees of the polynomial. 70

71  Error polynomial e(x) = e 0 + e 1 x +….e n x n  Suppose the received polynomial r(x) has ν errors in it at the locations i 1,i 2,…i ν. The magnitude of error at these locations are e i j.  Then syndromes can be written in the form Sj = e 1 j x l j + e 2 j x l j + ….+e ν j x l j j=1,2,…2t where X l = α il 71

72 72

73 1. Calculate Syndromes 2. Find the error locator polynomial  Peterson-Gorenstein-Zierler Decoder 3. Find error locations  Chien Search 4. Find error values  Forney’s Algorithm 73

74 74 Non- Linear System!! Finding S j for j = 1 to 2t

75 75  Intuition: The roots of this polynomial are inverses of the error locations  Help to find the locations where an error has occurred Expanding Λ(x):

76 76 For x = X l -1 and for any 1 ≤ l ≤ ν Multiplying throughout by Y l X l (j+ν)

77 77 Sum over l = 1 to t

78 78  Equation (1) – (4) now form a system of Linear Equations

79 79  Solved for Λ i s by finding the largest value of ν for which M ν is non-singular starting from ν = t  Overall this algorithms runs in polynomial time  ν ≤ t; 2t = n – k = O(n) (could also be O(1) for large n & k)  Use polynomial-time algorithms for matrix determinants and inversion

80 80

81 81 For i ≥ ν, Y i X i = 0  The Middle matrix is singular  M μ is singular

82 1. Calculate Syndromes 2. Find the error locator polynomial  Peterson-Gorenstein-Zierler Decoder 3. Find error locations  Chien Search 4. Find error values  Forney’s Algorithm 82

83  Find roots of Error Locator Polynomial, Λ(x), by exhaustive search  Evaluate Λ(α i ) for i = 1, 2, …, 2t  Find all i where Λ(α i ) = 0  α i is a root of Λ(x)  Error locations will also be of the form: α j  Here, α j = α -1 and j = 2t – i.  If number of errors found is ≥ t, abort process 83

84 84

85  Number of iterations = O(n)  Linear time algo  Correctness of Chien Search:  Viewing Λ(x) as a polynomial over a finite field 85

86 1. Calculate Syndromes 2. Find the error locator polynomial  Peterson-Gorenstein-Zierler Decoder 3. Find error locations  Chien Search 4. Find error values  Forney’s Algorithm 86

87 87 Convert to matrix form Vandermonde Matrix

88 88  Defining the Syndrome polynomial:  Defining the Error Evaluator polynomial: where, b is the degree of the smallest root of the generating function of the code &

89  Computing coefficients of Ω(x) takes ≈ ν 2 /2 multiplications  Computing each Y i takes 2ν+1 multiplications and one reciprocal  Total computation time needed ≈ 2.5ν 2 multiplications  ν = O(n)  Operations needed O(n 2 )  Polynomial Time algorithm 89

90 1. Calculate Syndromes 2. Find the error locator polynomial  Peterson-Gorenstein-Zierler Decoder 3. Find error locations  Chien Search 4. Find error values  Forney’s Algorithm 90

91  r(x) = u(x) + e(x)  Decoding techniques help determine e(x) completely  Hence, u(x) = r(x) – e(x) = Message sent is recovered 91 We are done!!

92  Other more efficient (implementation wise) algorithms for decoding:  Berlekamp-Massey Decoder (LFSR and iterative correction)  Euclidean Algorithm (Values and locations simultaneously determined using iterative GCD of polynomials)  Decoders implemented as dedicated chips by manufacturers (Hardware and Software) 92

93 RSA: 1. Evgeny Milanov, RSA algorithm, 2. Kenneth Rose, Elementary Number Theory and its applications, 5 th Ed., Pearson International 3. Trappe & Washington, Introduction to Cryptography with Coding Theory, 2 nd Ed., Pearson International Reed-Solomon Codes: 1. Bernard Sklar, Reed Solomon error correction, solomon/elementLinks/art_sklar7_reed-solomon.pdf solomon/elementLinks/art_sklar7_reed-solomon.pdf 2. V. Guruswami, Introduction to Coding Theory, CMU, 3. John Gill, EE 387 Note #7, Stanford University, 4. Wikipedia 93

94 Thanks for your attention!! 94


Download ppt "Group 5: Daryl, Etkin, Supartha, Rajendra and Aarthi 1."

Similar presentations


Ads by Google