Download presentation

Presentation is loading. Please wait.

Published byMae Richards Modified about 1 year ago

1
Week 3 - Friday

2
What did we talk about last time? AES Public key cryptography

3

4

5

6
Matt Shank

7

8
RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes) Recall that an integer p is prime if p > 1 p is not divisible by any positive integers other than 1 and itself Trivia: The largest prime currently known is – 1 It has 17,425,170 digits in base 10

9
Any integer greater than 1 can be factored into a unique series of prime factors: Example: 52 = 2 2 ∙ 13 Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b

10
We won't get into the number theory behind this (yet) A Rabin-Miller primality test works as follows: Let n be the number you want to prove if it's prime or not n must be odd, thus n – 1 is even (n – 1) = 2 s d where s and d are positive integers and d is odd If n is prime, then for any integer 1 < a < n, exactly one of the two is true: ▪ a d 1 (mod n) or ▪ a 2 r d -1 (mod n), 1 ≤ r < s Pick several a values, see if either of the two cases hold If it ever doesn't, you know you have a composite

11
What if we want to see if 221 is prime? n – 1 = 220 = 2 2 ∙55 s = 2 d = 55 Attempt 1: Let a = 174 a 2 0 ·d mod n = mod 221 = 47 ≠ 1, n − 1 a 2 1 ·d mod n = mod 221 = 220 = n − 1 Check! Attempt 2: Let a = 137 a 2 0 ·d mod n = mod 221 = 188 ≠ 1, n − 1 a 2 1 ·d mod n = mod 221 = 205 ≠ n − 1 Oh no! Every successful attempt means there is only a 25% chance that the number is composite So, after k attempts, there is a 4 -k chance that the number is composite

12
The greatest common divisor or GCD of two numbers gives the largest factor they have in common Example: GCD( 12, 18 ) = GCD( 42, 56 ) = For small numbers, we can determine GCD by doing a complete factorization

13
For large numbers, we can use Euclid's algorithm to determine the GCD of two numbers Algorithm GCD( a, b) 1. If b = 0 ▪ Return a 2. Else ▪ temp = a mod b ▪ a = b ▪ b = temp 3. Goto Step 1 Example: GCD( 1970, 1066)

14
We can extend Euclid's algorithm to give us the multiplicative inverse for modular arithmetic Example: Find the inverse of 120 mod 23 Let a be the number Let b be the modular base Find Inverse(a, b) x = 0 lastx = 1 y = 1 lasty = 0 while b ≠ 0 ▪ quotient = a div b ▪ temp = b ▪ b = a mod b ▪ a = temp ▪ temp = x ▪ x = lastx-quotient*x ▪ lastx = temp ▪ temp = y ▪ y = lasty-quotient*y ▪ lasty = temp Return lastx

15

16
If p is prime and a is a positive integer not divisible by p, then: a p –1 1 (mod p)

17
Assume a is positive and less than p Consider the sequence a, 2a, 3a, …, (p – 1)a If these are taken mod p, we will get: 1, 2, 3, …, p – 1 This bit is the least obvious part of the proof However (because p is prime) if you add any non-zero element repeatedly, you will eventually get back to the starting point, covering all values (except 0) once Multiplying this sequence together gives: a ∙ 2a ∙ 3a ∙ … ∙ (p – 1)a 1 ∙ 2 ∙ 3 ∙ … ∙ (p – 1) (mod p) a p – 1 (p – 1)! (p – 1)! (mod p) a p – 1 1 (mod p)

18
Euler’s totient function (n) (n) = the number of positive integers less than n and relatively prime to n (including 1) If p is prime, then (p) = p – 1 If we have two primes p and q (which are different), then: (pq) = (p)∙ (q) = (p – 1)(q – 1)

19
Euler’s Theorem: For every a and n that are relatively prime, a (n) 1 (mod n) This generalizes Fermat’s Theorem because (p) = p – 1 if p is prime Proof is messier

20

21
Named for Rivest, Shamir, and Adleman Take a plaintext M converted to an integer Create an ciphertext C as follows: C = M e mod n Decrypt C back into M as follows: M = C d mod n = (M e ) d mod n = M ed mod n

22
TermDetailsSource MMessage to be encryptedSender CEncrypted messageComputed by sender nModulus, n = pqKnown by everyone pPrime numberKnown by receiver qPrime numberKnown by receiver eEncryption exponentKnown by everyone dDecryption exponentComputed by receiver (n)(n) Totient of nKnown by receiver

23
To encrypt: C = M e mod n e is often 3, but is always publically known To decrypt: M = C d mod n = M ed mod n We get d by finding the multiplicative inverse of e mod (n) So, ed 1 (mod (n))

24
We know that ed 1 (mod (n)) This means that ed = k (n) + 1 for some nonnegative integer k M ed = M k (n) + 1 M∙(M (n) ) k (mod n) By Euler’s Theorem M (n) 1 (mod n) So, M∙(M (n) ) k M (mod n)

25
M = 26 p = 17, q = 11, n = 187, e = 3 C = M 3 mod 187 = 185 (n) = (p – 1)(q – 1) = 160 d = e -1 mod 160 = 107 C d = mod 187 = 26 If you can trust my modular arithmetic

26
You can’t compute the multiplicative inverse of e mod (n) unless you know what (n) is If you know p and q, finding (n) is easy Finding (n) is equivalent to finding p and q by factoring n No one knows an efficient way to factor a large composite number

27

28
Key management issues Cryptographic hash functions Yuki Gage presents

29
Finish reading Section 2.7 and 12.3 Start reading Section 2.8 Finish Assignment 1 Due tonight by midnight

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google