Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Computing Chapter 12, Cryptography Explained Part 4 Summary created by Kirk Scott 1.

Published byMaurice Douglas Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in Computing Chapter 12, Cryptography Explained Part 4 Summary created by Kirk Scott 1."— Presentation transcript:

1 Security in Computing Chapter 12, Cryptography Explained Part 4 Summary created by Kirk Scott 1

2 This set of overheads corresponds to the second portion of section 12.3 in the book The overheads for Chapter 12 roughly track the topics in the chapter Keep this in mind though: On some topics I simply go over the book’s material On other topics I expand on the book’s material in a significant way You are responsible not just for what’s in the book, but also what’s in the overheads that’s not in the book 2

3 Euler’s Theorem and RSA Encryption 3

4 1. A Remark on Terminology In the original set of notes on the mathematics of encryption the algebraic terms group, ring, and field were introduced. The ring was noted as an intermediate structure, and up until this point the field was the structure of interest. If n is prime, all elements have an inverse, and addition and multiplication give a modular field. From this point on we are interested in the case where n is not prime. 4

5 If n is not prime, then not all of the elements of the modular structure have an inverse. This is the key feature distinguishing a ring from a field. When referring to the algebraic structure formed by the operations and modulus where n is not prime, it is correct to refer to it as a ring instead of a field. 5

6 2. A Preliminary Result In previous sets of notes the following observations have been made: In a modular ring where n is not prime, there are repetitions in the multiplication table for factors of n. It was not shown that in general the factors are not invertible, but it was shown that it’s easy to find examples where such values are not invertible. It was also demonstrated that if n is prime, then all of the elements of the field are invertible. 6

7 We are now interested in the case where n is not prime and the value a, in the ring, does not have any common factors with n. In other words, what if a and n are relatively prime? It is helpful to start this section by demonstrating that if they are relatively prime, then a is invertible. 7

8 If a and n are relatively prime, you can state: gcd(a, n) = 1 If this is the case, then it is also true that: lcm(a, n) = an 8

9 This demonstration relies on some of the same reasoning as the demonstration that a is invertible if n is prime. In other words, I will appeal to the modular multiplication table and claim the following: The only valid values that can appear in the table are 0 through n – 1. Every row has n – 1 entries. Therefore, if there are no duplicates in a row, then the value 1 must appear, which implies that the value is invertible. 9

10 The proof is done by contradiction. Suppose that for some value a, relatively prime to n, there are values b and c such that: ab ≡ n ac If this is the case, then there are values j and k such that: ab = jn + r and ac = kn + r 10

11 ab = jn + r and ac = kn + r Combining these two equations you get: ab – ac = jn – kn a(b – c) = n(j – k) 11

12 a(b – c) = n(j – k) Because b and c come from the ring, (b – c) < n. Now consider the equation above. It says that there is some multiple of n, n(j – k), which a is a factor of, where the other factor, (b – c) is less than n. This means that there is a common multiple of a and n which is less than an. This is a contradiction. Therefore, conclude that it is not possible to have a duplicate in the a row of the multiplication table, and a has an inverse. 12

13 3. Euler’s Totient In order to present Euler’s theorem, which comes next, it’s necessary to define Euler’s totient and give a few examples of it. Given some positive integer n, Euler’s totient is a function represented by Φ(n). The value of the function is defined to be the number of positive integers less than n that are relatively prime to n. 13

14 The first example of Euler’s totient is the following: If n is prime, then Φ(n) = n – 1. That is, if n is prime, all values less than it are relatively prime to it. Now consider the case where n is the product of two prime factors, p and q. A simple result is given here and explained below: Φ(n) = Φ(pq) = (p – 1)(q – 1) 14

15 Φ(n) = Φ(pq) = (p – 1)(q – 1) If p and q are factors of n, then p and q are not relatively prime to n. Likewise, any multiples of p and q are not relatively prime to n. We would like to count up how many multiples of p and q there are that are less than n. 15

16 Φ(n) = Φ(pq) = (p – 1)(q – 1) If n = pq, there are q – 1 multiples of p less than n If n = pq, there are p – 1 multiples of q less than n Informally, you may see this directly: There are (p – 1) different multiples of p, values to multiply the (q – 1) different multiples of q by, and all of these products are relatively prime to and less than pq = n. 16

17 More formally: Because p and q are both prime, they are relatively prime, and no multiple of p or q less than pq = n will be the same. Multiples of p and q, the factors of n, are not relatively prime to n = pq. The number of values that are NOT relatively prime to n is the sum of the number of multiples of p and q less than n: p – 1 + q – 1 17

18 The total number of values less than n is pq – 1. Therefore, the total number of values that ARE relatively prime to n is the total minus the number that aren’t relatively prime: pq – 1 – (p – 1 + q – 1) = pq – p – q + 1 = (p – 1)(q – 1) The right hand expression is the desired result. 18

19 For p, q prime, n = pq, the number of values less than n that are relatively prime to n is (p – 1)(q – 1) In summary, you can write the following sequence: Φ(n) = Φ(pq) = Φ(p)Φ(q) = (p – 1)(q – 1) It is not generally true that Euler’s totient of a product is the product of the Euler’s totients of the factors, but it is true if there are two factors, each prime. 19

20 4. Euler’s Theorem Euler’s theorem is stated as follows: Let a, a < n be an element of the ring base n. Let a and n be relatively prime Let Euler’s totient, Φ(n), be defined as the number of positive integers less than n that are relatively prime to n Then the following holds: a Φ(n) ≡ n 1 Stated in words: a raised to a power equal to the number of values less than n that are relatively prime to n gives the multiplicative identity in the ring base n. 20

21 There is a relationship between Fermat’s Little Theorem and Euler’s Theorem. You can use the same technique to come up with an expression for the inverse. Since a is relatively prime to n, a has an inverse in the ring Multiplying both sides of the equation of Euler’s theorem by the inverse gives: a Φ(n) - 1 ≡ n a -1 21

22 Fermat’s theorem is a specialized case of Euler’s. In Fermat’s theorem you have to have n prime, which implies that any a will be relatively prime to n. In Euler’s theorem you have to have a and n relatively prime. Euler’s theorem can be used to derive Fermat’s theorem. 22

23 Start with Euler’s theorem: a Φ(n) ≡ n 1 Let n be prime: Then Φ(n) = n – 1. Substitute (n – 1) for Φ(n) in Euler’s result: a n-1 ≡ n 1 Multiplying both sides by a gives Fermat’s result: a n ≡ n a 23

24 Demonstrating Euler’s Theorem The proof of Euler’s theorem isn’t done with either contradiction or induction. You develop some expressions that allow you to write an equivalence that is easily verified. You then do some algebraic manipulations that can be verified. The manipulations result in this equivalence: a Φ(n) ≡ n 1 This is Euler’s result. 24

25 Start by considering those elements of a modular ring, base n, which are relatively prime to n. There are Φ(n) of them by the definition of Euler’s totient. Let them be represented by subscripted r’s: r 1, r 2, …, r Φ(n) 25

26 Now for a given a, relatively prime to n, consider the result of multiplying each of the r i by a: ar 1, ar 2, …, ar Φ(n) One of the r i is in fact a, so one of the products happens to be a times a This is true, but it has no particular consequence on the argument. 26

27 ar 1, ar 2, …, ar Φ(n) Since each of the factors of these products is relatively prime to n, then each product is also relatively prime to n. In other words, for an arbitrary r i, ar i is relatively prime to n. 27

28 If you took the modulus, base n, of this set of products, what you would get back is the set of r i ’s, not necessarily in the same order. This can be shown using a technique that has already been used. We know that the multiplication of a times the r’s results in Φ(n) values that are relatively prime to n. The question is, are there any duplicates among the ar i ? 28

29 Suppose there is a duplicate: ar i mod n = ar j mod n You can write these equations expressing ar i and ar j : ar i = kn + x, ar j = cn + x Subtracting one equation from the other gives: ar i – ar j = kn - cn 29

30 ar i – ar j = kn - cn Factoring gives: a(r i – r j ) = n(k – c) But (r i – r j ) < n And n(k – c) is obviously a multiple of n This means that there is a multiple of a, a(r i – r j ), which is less than an, but which is a multiple of n. 30

31 This is a contradiction. a and n are supposed to be relatively prime. This means that gcd(a, n) = 1 It also means that lcm(a, n) = an. Notice that this argument is similar to the argument used to show that there were no duplicates in a row of a modular multiplication table when n was prime. 31

32 By the time I’ve finished the proof of the intermediate result, I’ve forgotten what the result was… Given this set of products, where a is one of the values relatively prime to n and the r i are the complete set of values relatively prime to n: ar 1, ar 2, …, ar Φ(n) If you took the modulus of each element of the set, you would get a permutation of the r i. 32

33 This means that there is a one-to-one correspondence between the r i ’s and the ar j ’s. Another way of expressing this is that for some i, there is some j such that the following holds true: r i ≡ n ar j 33

34 Now, continuing with the demonstration of Euler’s theorem overall… The property of reducibility over multiplication in a modular ring means that the product of the mods equals the mod of the product. Also, commutativity says that it doesn’t matter what order you multiply in. 34

35 These properties allow me to write this equivalence: r 1 r 2 …r Φ(n) ≡ n ar 1 ar 2 …ar Φ(n) It doesn’t matter which r i specifically matches with which ar j in the one-to-one correspondence Overall, the modular equivalence of the products of the r i ’s and the ar i ’s holds 35

36 r 1 r 2 …r Φ(n) ≡ n ar 1 ar 2 …ar Φ(n) The next step mainly consists of doing a substitution so that the representation of this result is more compact. Associativity allows me to rewrite the equivalence in this way: r 1 r 2 …r Φ(n) ≡ n aa…ar 1 r 2 …r Φ(n) 36

37 r 1 r 2 …r Φ(n) ≡ n aa…ar 1 r 2 …r Φ(n) There are Φ(n) occurrences of the factor a, because there was one a for each r i. So the expression can be written: r 1 r 2 …r Φ(n) ≡ n a Φ(n) r 1 r 2 …r Φ(n) 37

38 r 1 r 2 …r Φ(n) ≡ n a Φ(n) r 1 r 2 …r Φ(n) Now represent the product of the r i ’s in compact form: r 1 r 2 …r Φ(n) = R Then the equivalence overall can be represented in this compact form: R ≡ n a Φ(n) R 38

39 All of the r i are relatively prime to n. Therefore, all of the r i are invertible in the modular ring base n. The inverse of the product is the product of the inverses. Therefore, the product of the r i, R, has an inverse, R -1, in the modular ring. 39

40 This is where we’re at: R ≡ n a Φ(n) R Multiplying on both sides by R -1 leads to the desired result: RR -1 ≡ n a Φ(n) RR -1  1 ≡ n a Φ(n) Or a Φ(n) ≡ n 1 Namely, Euler’s theorem. 40

41 5. General Remarks on RSA Encryption RSA encryption is based on properties of algebraic structures, including Euler’s theorem. It is a public key encryption scheme, which means that some information is kept private as the decryption key and other information is made public as the encryption key. RSA encryption is based on taking powers in a modular ring. 41

42 The public key is some value e, together with the base of the modular ring, n. Plaintext is encrypted by raising it to the power e, modulus n. The private key is some value d. Ciphertext is decrypted by raising it to the power d, modulus n. 42

43 In the book’s description of this, plaintext is represented as P. In order to eliminate any possible confusion with mathematical symbols, in these overheads the plaintext message will be represented by M. Written using notation, RSA encryption can be represented as follows: C = M e mod n M = C d mod n = (M e ) d mod n 43

44 Recall that a successful cryptosystem has to satisfy three basic requirements: 1. It has to work. 2. It has to be “easy” for authorized users; in other words, the complexity of authorized transformations has to be acceptably low. 3. When the system is used properly, it presents the cryptanalyst with a high complexity or high expense problem to solve. 44

45 For RSA encryption, accomplishing these goals depends on making the right choices for the base of the ring and the encryption and decryption keys. It is done in a clever way that depends on yet another round of mathematical results in order to achieve the desired results. 45

46 1. First you have to choose a number which will serve as n, the base of the ring used for the encryption. Let p and q be prime. Let n = pq In other words, n is not prime. However, n is a special number, namely one that is the product of two primes only. 46

47 2. Choose d such that d is relatively prime to (p – 1)(q – 1). This can also be stated as: gcd(d, (p – 1)(q – 1)) = 1. Remember that by definition (p – 1)(q – 1) itself can’t be prime. 47

48 If d is relatively prime to (p – 1)(q – 1), d has an inverse in the ring with the base (p – 1)(q – 1). The easiest way to pick d relatively prime is simply to pick d prime. Keep in mind that the ring for encryption is base n, not base (p – 1)(q – 1). 48

49 4. Let e be the inverse of d in the ring with base (p – 1)(q – 1). In other words: ed ≡ (p-1)(q-1) 1 Again, keep in mind that the inverse we’ve chosen is for the ring base (p – 1)(q – 1), even though the base of the ring for encryption is n. This is where the additional, clever mathematical results will come in. 49

50 Now it can be shown how the scheme should work with these choices. Let M be the plaintext message to be encrypted. 1. The encryption is: C = M e mod n 50

51 2. d and e were chosen so that ed ≡ (p-1)(q-1) 1. This can be expressed as follows: ed = k((p – 1)(q – 1)) + 1. 51

52 3. The decryption is: C d mod n = (M e ) d mod n = M ed mod n = M k((p – 1)(q – 1)) + 1 mod n = M kΦ(n) + 1 mod n 52

53 = M k((p – 1)(q – 1)) + 1 mod n = M kΦ(n) + 1 mod n In case you’re foggy on the last step: n = pq It was established earlier that for p, q prime, Φ(n) = (p – 1)(q – 1). e and d are chosen the way they are so that you get this power on M. 53

54 The sequence, again, looks like this: C d mod n = (M e ) d mod n = M ed mod n = M k((p – 1)(q – 1)) + 1 mod n = M kΦ(n) + 1 mod n The claim is that this last expression on the right is equivalent to M, mod n. The following section examines this claim. 54

55 6. Demonstrating that the RSA Scheme Works Before trying to formally demonstrate that RSA encryption works, it’s helpful to consider more closely what the expression at the end of the previous section means. We are interested in whether the following is true: M kΦ(n) + 1 ≡ n M 55

56 Showing this expression to be true: M kΦ(n) + 1 ≡ n M ******* k is just a constant. It arises in the expression in this way: ed ≡ (p-1)(q-1) 1  ed = k((p – 1)(q – 1)) + 1. Φ(n) is Euler’s totient. It is defined to be the number of values less than n that are relatively prime to n. 56

57 Case 1: M is relatively prime to n Showing this expression to be true: M kΦ(n) + 1 ≡ n M ******* Euler’s theorem is stated in this way, for a relatively prime to n: a Φ(n) ≡ n 1 So if M is relatively prime to n, then: M Φ(n) ≡ n 1 57

58 Showing this expression to be true: M kΦ(n) + 1 ≡ n M ******* In this case the result for RSA follows easily. Raise both sides to the k th power. (M Φ(n) ) k ≡ n 1 k M kΦ(n) ≡ n 1 Multiply both sides by 1. M kΦ(n) M ≡ n 1M M kΦ(n) + 1 ≡ n M 58

59 Case 2: M is not relatively prime to n The more challenging case is understanding what happens if M is not relatively prime to n. Remember that by definition, n is not prime. It is the product of p and q. 59

60 In the end, we’re going to discover that for n = pq, p and q prime, we do get the desired result. However, it is worth stepping back and recalling that if a is a factor of n, a is not invertible in the modular ring base n. It will turn out that if a is not relatively prime to n, a is also not invertible. This means that the desired result comes for a different reason than invertibility. 60

61 It is helpful to look at an example again. Let p = 2, q = 3, p and q prime n = (2)(3) = 6 Φ(n) = (p – 1)(q – 1) = (1)(2) = 2 The values 0 < k < n that are relatively prime to 6 are 1 and 5. 61

62 2 and 3 are factors of 6 and are not invertible. 4 is not a factor of 6, but it is also not relatively prime to 6. 4 and 6 share a factor of 2. 62

63 Here is the modular multiplication table for the ring base 6: *012345 0000000 1012345 2024024 3030303 4042042 5054321 63

64 These are the observations about the contents of the table: As expected, the row for 5, relatively prime to 6, is a permutation of all of the values. 5 is invertible and the row contains the value 1. 64

65 As expected, the rows for 2 and 3, the factors of 6, do not contain the value 1. The row for 4 also doesn’t contain the value 1. From this we conclude that in general a value that is not relatively prime is not invertible. 65

66 The observations about factors of n generally apply to values that are not relatively prime to n. The rows for 2, 3, and 4 each contain repetitions of the values 2, 3, and 4. The patterns of repetition do differ. 66

67 The row for 3 contains repetitions of 0 and 3. The rows for 2 and 4 contain repetitions of 0, 2, and 4. The difference in patterns isn’t important to the discussion. 67

68 This is the critical observation—part 1: It is true that there is nothing you can multiply those values by to get 1 back. However, the repetitions in the table clearly show that there are values in the ring that you can multiply those values by to get the values themselves back. For decryption purposes, it’s not important to be able to get 1 back. It’s important to get the original value back. 68

69 This is the critical observation—part 2: Actually, we’re not really interested in what you can multiply a value by in order to get that value back. As we will see, the numbers they can be multiplied by are already multiples of those values themselves. Therefore, there are powers which those values can be raised to which give those values back. 69

70 We would like to see whether a message that is not relatively prime to n is decryptable in a ring base n. Try putting the values 2, 3, and 4 as the message M in a ring with base 6 and check (remember that kΦ(n) = 2): This should hold: M kΦ(n) + 1 ≡ n M 2 Φ(n) + 1 ≡ 6 2 3 ≡ 6 8 ≡ 6 2 3 Φ(n) + 1 ≡ 6 3 3 ≡ 6 27 ≡ 6 3 4 Φ(n) + 1 ≡ 6 4 3 ≡ 6 64 ≡ 6 4 70

71 For these simple examples it appears that RSA decryption works, even for those values which aren’t relatively prime to n. This is where we stand: 1. These values are not invertible. 2. However, they are repeated in the multiplication table. 3. More importantly, all of them raised to the special power Φ(n) + 1 give back M. 71

72 This is what we would like to show in general: The pattern of repetitions in the table is such that for each row of a non-relatively prime element: It is not necessary for the row to contain all possible values of the ring, including a product of 1, implying there’s an inverse, in order to arrive at the same value again as a result of some product. You will hit a repetition of that element if the value is raised to the special power Φ(n) + 1. 72

73 The proof of this given by Rivest, Shamir, and Adleman will be sketched out below. The heart of the proof and the potential source of confusion is this: The arguments involve more than one ring. For n = pq, one step of the argument will involve the ring base p, the next step will involve the ring base q. These two steps will be combined to reach the desired conclusion in the ring base n. 73

74 Step 1: Thinking about p. Start with some M and n = pq, p and q prime. Since p is prime, Φ(p) = p – 1. And since p is prime, Euler’s theorem says that for any M: M p - 1 ≡ p 1 Or: M p ≡ p M 74

75 Now we make a statement about n based on the result for p alone: Since n = pq (p and q prime), Φ(n) = (p – 1)(q – 1). That is, Φ(n) is just (p – 1) times an integral constant: Φ(n) = j(p – 1) 75

76 At this is the point in the argument you are considering the ring base p. However, we want to see what happens if we raise M to the power Φ(n) in this ring. M Φ(n) ≡ p M (p – 1)(q – 1) ≡ p M j(p – 1) ≡ p (M (p – 1) ) j ≡ p 1 j ≡ p 1 76

77 This is the result of the previous overhead: M Φ(n) ≡ p 1 This implies that for any integral constant k the following also holds: M kΦ(n) ≡ p (M Φ(n) ) k ≡ p 1 k ≡ p 1 Multiplying both sides by M gives this result: M kΦ(n) + 1 ≡ p M (All that really happened here was to trade k for j in the previous discussion.) Be careful to note that this is mod p, not mod n. This is not the final result yet. 77

78 This was the previous result: M kΦ(n) + 1 ≡ p M You can go through an analogous set of steps with q instead of p, giving this result: M kΦ(n) + 1 ≡ q M These last two equivalences, one mod p and one mod q, will lead to the desired result. 78

79 The logic of the argument can be outlined in simpler form and then applied to the expressions in M. Consider the following setup. We would like to show that: If n = pq with p and q prime, and if a ≡ p r and a ≡ q r, then a ≡ pq r. 79

80 To show: a ≡ pq r. If a ≡ p r and a ≡ q r hold, then there exist j and k such that: a = jp + r and a = kq + r 80

81 To show: a ≡ pq r. a = jp + r and a = kq + r Or: (a – r) = jp and (a – r) = kq This can be summarized as: (a – r) is a common multiple of p and q. 81

82 To show: a ≡ pq r. (a – r) = jp and (a – r) = kq (a – r) is a common multiple of p and q. Since p and q are prime, the lcm(p, q) = pq. So take the lcm() case. j = p or k = p. (a – r) = pq. 82

83 To show: a ≡ pq r. (a – r) = pq Rearrange: a = pq + r And the result follows: a mod pq = r a ≡ pq r 83

84 In summary: a ≡ p r and a ≡ q r implies that a ≡ pq r. In words p and q are prime n = pq a is equivalent to r mod p and mod q a is equivalent to r mod pq 84

85 This is just what we need. For the ring base n, there are just two rows in the multiplication table that are factors, the rows for p and q These are the rows where duplicates can appear. 85

86 By Euler’s theorem, these factors raised to Φ(n) + 1 in the “sub” rings base p and q are modularly equivalent to themselves. By the foregoing argument we found that these factors raised to Φ(n) + 1 in the “main” ring base n are also modularly equivalent to themselves. This whole affair works because RSA is based on n as the product of just 2 primes, p and q. 86

87 Here is the result applied to the expressions in M: Given: M kΦ(n) + 1 ≡ p M And given: M kΦ(n) + 1 ≡ q M This implies that: M kΦ(n) + 1 ≡ pq M Or: M kΦ(n) + 1 ≡ n M Since n = pq 87

88 A Recapitulation Euler’s theorem tells you directly that for the M that are relatively prime to n, raising them to the power kΦ(n) + 1 gives back M. This result tells you that for all of the M not relatively prime to n, raising them to the power kΦ(n) + 1 also gives back M. 88

89 Here are the bits and pieces again, in terms of RSA encryption: n = pq, p and q prime M is an arbitrary message, not necessarily relatively prime to n You choose e and d to be inverses in the modular ring base (p – 1)(q – 1) That means that ed = k[(p – 1)(q – 1)] + 1 89

90 For n = pq, p and q prime, Φ(n) = (p – 1)(q – 1) Therefore, ed = kΦ(n) + 1 From Euler’s theorem we know that raising a relatively prime element a of the ring base n to the power kΦ(n) + 1 will give a back. From the most recent result we know that the same holds true when a is not relatively prime to n. 90

91 The following sequence, finally, shows that encryption followed by decryption works (regardless of whether M is relatively prime to n or not). (M e ) d ≡ n M ed ≡ n M k((p – 1)(q – 1)) + 1 ≡ n M kΦ(n) + 1 ≡ n M 91

92 7. Examples Here is a simple example taken from a previous edition of the textbook: Let p = 11, q = 13 (both prime) n = (11)(13) = 143 Φ(n) = (11 – 1)(13 – 1) = (10)(12) = 120 120 = (p – 1)(q – 1) is the base of the ring where we want e and d to be inverses of each other. 92

93 In order for d to be invertible in the ring base 120, it has to be relatively prime to 120. Let d = 11, prime. Observe that (11)(11) = 121. That means that d -1 = e = 11 in the ring base 120. It is simply a coincidence that 11 is its own inverse in this ring. It would obviously be unwise to have the encryption and decryption keys be the same. This may be why the book got rid of this example. 93

94 This gives you all of the needed parameters in the correct relationships to each other in order to do encryption. Suppose you wanted to encrypt M = 7. C = M e mod n = 7 11 mod 143 = 106 You can easily verify the decryption: M = C d mod n = 106 11 mod 143 = 7 94

95 With values this small it is not too difficult to work these kinds of problems with a pocket calculator. If you calculate powers by repeated multiplication, whenever a result gets large enough to threaten to overflow the calculator, make use of reducibility and find the modulus base n in order to bring it back into a reasonable range. 95

96 The contents of this set of notes are a simplified and incomplete presentation of the ideas given in the original research article which presented RSA encryption. This presentation also makes use of the information as explained in the textbook. 96

97 If you are interested in looking at the original article, here is its citation. You can find it in the library: Rivest, R. L., A. Shamir, and L Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, February 1978, V. 21, n. 2, pp. 120- 126. 97

98 I am giving the citation here because what follows is another example, lifted in its entirety from this original research paper. It is more representative of reality than the thumbnail example above because it uses larger numbers and includes the question of how a message is encoded, as opposed to simply encoding a decimal value like 7. 98

99 Let p = 47, q = 59 (both prime) n = (47)(59) = 2773 Φ(n) = (47 – 1)(59 – 1) = (46)(58) = 2668 Choose d relatively prime to 2668. Let d = 157, prime. 99

100 Observe that (157)(17) mod 2668 = 1. That means that d -1 = e = 17 in the ring with base 2668. I have avoided the question of how to compute the inverse, which is not completely trivial. See the next section. 100

101 This gives you all of the needed parameters in the correct relationships to each other in order to do encryption. The authors suggest the following blocking scheme for encoding symbols as decimal numbers: Blank = 00, A = 01, B = 02, …, Z = 26 101

102 Then they pick this message to encode: ITS ALL GREEK TO ME Julius Caesar, I, ii, 288, paraphrased; see below Using the blocking scheme, this gives this sequence of digits: 0920 1900 0112 1200 0718 0505 1100 2015 0013 0500 102

103 The digits are now given in blocks of 4 for a reason. Since the largest pair of digits for a single symbol is 26, the largest grouping of four digits would be 2626, which is less than 2773. That means that with n = 2773 you can encode four digits or two letters at a time in a block. 103

104 Starting with the first block, M = 0920, encoding gives: (920) 17 mod 2773 = 948 The article gives the complete encoding as: 0948 2342 1084 1444 2663 2390 0778 0774 0219 1655 The authors invite the reader to verify the decryption. For example: 948 157 mod 2773 = 920, and so on. 104

105 To conclude this section, here is more information for your liberal education. This is an explanation of the source of the phrase that the authors used for encryption. The Phrase Finder. www.phrases.org.uk Re: It's all Greek to me. Posted by Barbara DuVall on April 25, 2001 at 23:17:16: In Reply to: Re: It's all Greek to me posted by Arnie on February 29, 2000 at 08:40:06: 105

106 Well, I'm pretty certain it's from William Shakepeare's play Julius Caesar. At any rate I'm including a direct quote from the play, Act I, Scene ii: The character Casca tells his companions Cassius and Brutus he couldn't understand anything Marc Antony said in a speech to the Roman populace because he didn't speak in Latin, "But those that understood him smiled at one another and shook their heads; but for mine own part, it was Greek to me." 106

107 8. Various Conceptual and Practical Issues with RSA Encryption It is worth taking a moment to consider: What are the public and private keys of RSA encryption? What problem is RSA fundamentally based on? What are the real computational issues involved in using RSA encryption? 107

108 The public key consists of the values e and n. Literally speaking, the private key consists of d used with n Only d is secret. Notice, however, that n is the product of p and q If p and q are known, given e, it is possible to find d. (Invert in the ring base (p – 1)(q – 1). Therefore, although d is the private key, the prime factors of n, p and q, have to be kept secret. 108

109 This fact reveals the fundamental problem that RSA encryption is based on, namely factorization. If you can factor n, part of the public key, into pq, then you’ve broken the code. This is not even an NP complete problem, but it is a computationally expensive one. 109

110 Given some reasonably large n, you have to identify the prime numbers that are less than it and then test each to see whether it goes in evenly, leaving another prime as the other factor. This is the problem faced by the cryptanalyst, and with current hardware and algorithms the problem is hard enough to be the basis of an encryption system. 110

111 The implementer of RSA encryption faces certain decisions and computational issues. These include: 1. Picking p and q prime. Although the algorithms are not simple, the problem of finding primes is not insurmountable. 111

112 2. Choosing d relatively prime to (p – 1)(q – 1). The easiest choice is for d simply to be prime. Again, finding primes is not too hard. Rivest, Shamir, and Adleman suggest choosing d to be greater than max(p, q). They state that the values of the parameters should be large enough so that a cryptanalyst can’t find d by a direct (brute force) search. 112

113 Finding e, the inverse of d, in the modular ring base n. As noted in a previous set of notes, Knuth has given a practical algorithm for finding the inverse, and there are various reasonably good algorithms for finding primes. It would probably be somewhat difficult for the average college student programmer to implement RSA encryption using a general purpose programming language. 113

114 However, professional systems can be developed where the run-time complexity is of an order allowing it to be practically useful. The algorithms can also be implemented in hardware, which makes them very fast. Keep in mind that public key encryption is mainly useful for symmetric key exchange. Then symmetric encryption, which is less computationally intensive, can be used for data exchange. 114

115 5. Another practical issue concerns the magnitudes, or sizes of the values, that would render this a secure scheme. Rivest, Shamir, and Adleman suggest an n of around 200 decimal digits, and the textbook author says that p and q are typically nearly 100 decimal digits each. 115

116 In a sense, it is the magnitude of the values that make the system secure, not the complexity of the problem it’s based on. These magnitudes are another reason why it would not be easy for a student programmer to implement such a system. The average programmer isn’t trained in the techniques of manipulating numeric values larger than those supported by the types of a high level language. 116

117 Finally, you might ask, does RSA encryption have any cryptographic flaws or weaknesses? In a sense, its strength and weakness are one and the same. Fundamentally, it is based on factoring. As long as finding the prime factorization of some large n is a computationally expensive process, RSA will remain secure. 117

118 When the time comes that either new algorithms or new hardware have rendered this a computationally tractable problem, RSA encryption will no longer be secure. As noted above, factoring isn’t even an NP complete problem. 118

119 If you assume that things like Moore’s law will continue to be true, then most computational problems will eventually be amenable to solution in ways quicker than they are now. That means that any scheme, such as RSA encryption, is a pragmatic solution to a current problem, but at some point will be ineffective and will be replaced by something else. It is conceivable that its life span will be increased by increasing the size of the numbers involved. 119

120 Here is a common expression in the English language that might be thought to summarize this point of view: “All things must pass.” Here is another citation from the Phrasefinder giving the source of the expression: Origin: From the Bible. Matthew 24:6-8: 120

121 And ye shall hear of wars and rumors of wars: see that ye be not troubled: for all these things must come to pass, but the end is not yet. For nation shall rise against nation, and kingdom against kingdom: and there shall be famines, and pestilences, and earthquakes, in divers places. All these are the beginning of sorrows. 121

122 The End 122

Download ppt "Security in Computing Chapter 12, Cryptography Explained Part 4 Summary created by Kirk Scott 1."

Similar presentations

Rules of Matrix Arithmetic

Rules of Matrix Arithmetic
Cryptography and Network Security

Cryptography and Network Security
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
Key Stone Problems… Key Stone Problems… next Set 11 © 2007 Herbert I. Gross.

Key Stone Problems… Key Stone Problems… next Set 11 © 2007 Herbert I. Gross.
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
Key Stone Problem… Key Stone Problem… next Set 21 © 2007 Herbert I. Gross.

Key Stone Problem… Key Stone Problem… next Set 21 © 2007 Herbert I. Gross.
Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.

Copyright © Cengage Learning. All rights reserved. CHAPTER 5 SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION SEQUENCES, MATHEMATICAL INDUCTION, AND RECURSION.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Number Theory and Cryptography

Number Theory and Cryptography
Mathematics as a Second Language Mathematics as a Second Language Mathematics as a Second Language Developed by Herb I. Gross and Richard A. Medeiros ©

Mathematics as a Second Language Mathematics as a Second Language Mathematics as a Second Language Developed by Herb I. Gross and Richard A. Medeiros ©
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
Algebra Problems… Solutions Algebra Problems… Solutions © 2007 Herbert I. Gross Set 22 By Herbert I. Gross and Richard A. Medeiros next.

Algebra Problems… Solutions Algebra Problems… Solutions © 2007 Herbert I. Gross Set 22 By Herbert I. Gross and Richard A. Medeiros next.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
INFINITE SEQUENCES AND SERIES

INFINITE SEQUENCES AND SERIES
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.

Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.

Similar presentations

Ads by Google