Intro to Cryptography ICS 6D Sandy Irani

Cryptography Intro Alice wants to send a message to Bob so that even if Eve can see the transmitted information, she does not learn the true message. message

Sending Numbers as Messages Modern cryptography is based on number theory Usually we want to send text messages. Need to convert text to a number and back. – Translation between text and numbers does not need to be secure. – Text to number function must be one-to-one so that translation back to text is well defined.

Sending Numbers as Messages Function mapping text to numbers – Could use ASCII representation of each characher – Simple example mapping {A, B,…, Z, _ } to {01,02,…,27} SEND_HELP

Sending Numbers as Messages Can break up message so that each individual message is a number in the range from 0 through N-1 for some large N. – Cryptographic scheme will use arithmetic mod N m: plaintext c: cyphertext – encrypt: ℤ N → ℤ N encrypt(m) = c – decrypt: ℤ N → ℤ N decrypt(c) = m

A Simple Cryptosystem Alice: message sender Bob: message received Alice and Bob meet in advance and agree on a secret key k ∈ ℤ N – Encrypt: c = (m+k) mod N – Decrypt: m = (c-k) mod N – Encrypt is one-to-one

A Simple Cryptosystem Alice and Bob meet in advance and agree on a secret key k ∈ ℤ N – Encrypt: c = (m+k) mod N – Decrypt: m = (c-k) mod N Not very secure – One (m,c) pair reveals k – Can infer k from many c’s. Example: N = 79, k = 55 m = 41

Public Key Cryptography Private key cryptography requires that communicating parties agree in advance on a secret key. Public key cryptography: – Bob publishes an encoding key (public key) so that anyone can send Bob a message encode(m, e) = c e: public key – Only Bob has the decryption key (private key) that can decode messages sent by the public key. decode(c, d) = m d: private key

Public Key Cryptography Security of a public key cryptosystem relies on the assumption that some functions are hard to compute: If Eve knows c, she can test all possible messages m to see if encrypt(m, e) = c. Prohibitively expensive if the space of all possible messages is large Assume that there is no fast way to directly compute the decryption function without knowing the private key in advance

RSA Bob picks two large prime numbers p and q Bob computes: – N = pq – φ = (p-1)(q-1) – Find e such that gcd(e, φ) = 1. (Usually e is prime) – Compute d = multiplicative inverse of e mod φ: de mod φ = 1 – Public key: e, N – Private key: d Anyone who knows p and q can compute d, the private key

RSA Bob picks to large prime numbers p and q Bob computes: – N = pq – φ = (p-1)(q-1) – Find e such that gcd(e, φ) = 1. (Usually e is prime) – Compute d = multiplicative inverse of e mod φ: de mod φ = 1 – Public key: e, N – Private key: d Encrypt m: c = m e mod N Decrypt c: m = c d mod N

RSA Example: p = 5, q = 11 Pick e = 37 and find d:

RSA Example: p = 5, q = 11 N = 55, φ = 40 Pick e = 37, so d = 13 – Encrypt m: c = m e mod N – Decrypt c: m = c d mod N m = 17

RSA: why does it work? Euler’s Theorem (special case): If p and q are prime and gcd(m,pq) = 1, then m (p-1)(q-1) mod pq = 1 Know: c = m e mod N want to know that m = c d mod N Also know that d·e mod (p-1)(q-1) = 1

RSA Example: p = 7, q = 13 Pick e = 41 and find d:

RSA Example: p = 7, q = 13, N = 91, φ = 72 Pick e = 41 d = 65 m = 55