1. Cryptology

2.  Cryptology, the study of cryptosystems  can be subdivided into two disciplines: Cryptography cryptanalysis  Cryptography : concerns itself with the design of cryptosystems  Cryptanalysis: (code breaking) studies the breaking of cryptosystems

3. History  About 1900 BC An Egyptian scribe used non-standard hieroglyphs in an inscription.  Julius Caesar (100-44 BC) used a simple substitution with the normal alphabet (just shifting the letters a fixed amount) in government communications

4. History  1933-1945 The Enigma machine was not a commercial success but it was taken over and improved upon to become the cryptographic workhorse of Nazi Germany.  rotor cipher machines used for the encryption and decryption of secret messages.  Enigma was invented by German engineer Arthur Scherbius at the end of World War I

5. History  1976 A design by IBM based on the Lucifer cipher and with changes (including both S-box improvements and reduction of key size) by the US NSA, was chosen to be the U.S. Data Encryption Standard.

6. History  1976 Whitfield Diffie and Martin Hellman published ``New Directions in Cryptography'', introducing the idea of public key cryptography

8. Cryptography  Cryptography or Encryption  Encryption, process of converting messages, information, or data into a form unreadable by anyone except the intended recipient.  Encrypted data must be deciphered, or decrypted, before it can be read by the recipient.

9. Cryptography : Requirements  two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver  mathematically have: Y = E K (X) X = D K (Y)  assume encryption algorithm is known  implies a secure channel to distribute key 9

10. Cryptography :Some Basic Terminology  plaintext - original message  ciphertext - coded message  cipher-algorithm : for transforming plaintext to ciphertext  key - info used in cipher known only to sender/receiver  encipher (encrypt) - converting plaintext to ciphertext  decipher (decrypt) - recovering ciphertext from plaintext 10

12. Cryptanalysis objective to recover key not just message is the art and science of analyzing information systems in order to study the hidden aspects of the systemsinformation systems general approaches: ◦ cryptanalytic attack rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. ◦ Brute-force attack try every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. 12

13. Cryptanalytic Attacks  ciphertext only only knows algorithm & ciphertext  known plaintext know/suspect plaintext & ciphertext  chosen plaintext select plaintext and obtain ciphertext  chosen ciphertext select ciphertext and obtain plaintext  chosen text select plaintext or ciphertext to en/decrypt 13

14. Brute Force Search  always possible to simply try every key  most basic attack, proportional to key size  assume either know / recognise plaintext 14 Key Size (bits)Number of Alternative Keys Time required at 1 decryption/µs Time required at 10 6 decryptions/µs 322 32 = 4.3  10 9 2 31 µs= 35.8 minutes2.15 milliseconds 562 56 = 7.2  10 16 2 55 µs= 1142 years10.01 hours 1282 128 = 3.4  10 38 2 127 µs= 5.4  10 24 years 5.4  10 18 years 1682 168 = 3.7  10 50 2 167 µs= 5.9  10 36 years 5.9  10 30 years 26 characters (permutation) 26! = 4  10 26 2  10 26 µs= 6.4  10 12 years 6.4  10 6 years

16. Cryptography : The main two basic techniques  Substitution  Transposition 16

17. Classical Substitution Ciphers  Substitution : where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns 17

18. Transposition Ciphers  Transposition or Permutation ciphers : these hide the message by rearranging the letter order without altering the actual letters used can recognise these since have the same frequency distribution as the original text. 18

20. Caesar Cipher  earliest known substitution cipher  by Julius Caesar  first attested use in military affairs  replaces each letter by 3rd letter on  example: Me e t m e a f t e r t h e t o g a p a r t y P H H W P H D I W H U W K H W R J D S D U W B 20

21. Caesar Cipher  then have Caesar cipher as: c = E(p) = (p + k) mod (26) p = D(c) = (c – k) mod (26) 21

22. Caesar Cipher  can define transformation as: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C  mathematically give each letter a number a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25  then have Caesar cipher as: c = E(p) = (p + 3) mod (26) If p= a= 0, E(a) = (0+3) mod 26 = 3 = D 22

23. a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 23 abcdefghijklmnopqrstuvwxyz 01234567891010 11121313 1414 1515 1616 1717 1818 1919 2020 2121 222323 2424 25

24. Caesar Example  Let k= 10  Encrypt the following “Hello” 24

25. Caesar Example  Let k= 10  Encrypt the following “Hello”  H E L L O 7 4 11 11 14 17 14 21 21 24  -----------------------(MOD 26) 17 14 21 21 24 R O V V Y 25

26. Caesar Example  Let k= 9  Encrypt the following “SUN” 26

27. Caesar Example  Let k= 9  Encrypt the following “SUN” S U N 18 20 13 27 29 22 -----------------------(MOD 26) 1 3 22 B D W 27

28. Caesar Example  Let the cipher text = “IFMMP” and k =1  What is the plain text?  P= (C-1) mod 26  P = Hello 28

29. Cryptanalysis of Caesar Cipher only have 26 possible ciphers ◦ A maps to A,B,..Z could simply try each in turn a brute force search given ciphertext, just try all shifts of letters do need to recognize when have plaintext eg. break ciphertext "GCUA VQ DTGCM" 29

30. Example for fun GCUAVQDTGCM AWOUPKXNAWG BXPVQLYOBXH CYQWRMZPCYI DZRXSNAQDZJ EASYTOBREAK FBTZUPCSFBL GCUAVQDTGCM HDVBWREUHD IEWCXSFVIE JFXDYT gWJF KIYEZU hX LJZFAV IY MKAGBW jZ NLBH X kA OMc I y lB PN dJ z mC QO eK a nD R p f l b oE S q g m c pF T r h n d qG U s I o e rH V t j p f sI W u k q g tJ X v l r h uK Y w m s I vL Z x n t j wM 30

31. Example for fun GCUAVQDTGCM AWOUPKXNAWG BXPVQLYOBXH CYQWRMZPCYI DZRXSNAQDZJ EASYTOBREAK FBTZUPCSFBL GCUAVQDTGCM HDVBWREUHD IEWCXSFVIE JFXDYT gWJF KIYEZU hX LJZFAV IY MKAGBW jZ NLBH X kA OMc I y lB PN dJ z mC QO eK a nD R p f l b oE S q g m c pF T r h n d qG U s I o e rH V t j p f sI W u k q g tJ X v l r h uK Y w m s I vL Z x n t j wM 31

32. 32

33. Rail Fence cipher  write message letters out diagonally over a number of rows  then read off cipher row by row  eg. write message out as: m e m a t r h t g p r y e t e f e t e o a a t  giving ciphertext MEMATRHTGPRYETEFETEOAAT 33

34. 34

35. Modern Cryptographic Techniques  Modern cipher system : Symmetric Asymmetric  Symmetric cryptography: Stream cipher Block cipher 35

36. Cryptography : Cryptography types or number of Keys  Symmetric cipher  Asymmetric cipher 36

37. Symmetric Encryption  or conventional / private-key / single-key  sender and recipient share a common key  all classical encryption algorithms are private-key  was only type prior to invention of public- key in 1970’s  and by far most widely used 37

38.  Symmetric cryptography : ◦ Also called Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Plain TextCipher Text Plain Text

39. Asymmetric Encryption  probably most significant advance in the 3000 year history of cryptography  uses two keys – a public & a private key  asymmetric since parties are not equal  uses clever application of number theoretic concepts to function  complements rather than replaces private key crypto

40.  Asymmetric Cryptography : ◦ Also called Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Cipher TextPlain Text

41. Cryptography : Encryption Diagram 41 Encryption algorithm Decryption algorithm Plain Text Cipher Text Key

42. Stream cipher  Stream ciphers: where plaintext bits are combined with a pseudorandom cipher bit stream (key stream), typically by an  exclusive-or (xor) operation. In a stream cipher, the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. 42

43. Stream cipher 43 Stream ciphers:- process messages a bit or byte at a time when en/decrypting

44. Stream cipher  2 types: Synchronous stream Asynchronous stream  Synchronous stream ciphers where the key stream depends only on the key,  Asynchronous stream ones where the key stream also depends on the ciphertext. 44

45. Stream cipher 45

46. Stream cipher Definition Stream Cipher Encryption and Decryption The plaintext, the ciphertext and the key stream consist of individual bits, i.e., xi,yi, si ∈ {0,1}. Encryption: y i = e si (x i ) ≡ x i +s i mod 2. Decryption: x i = d si (y i ) ≡ y i +s i mod 2. 46

47. Modern Block Ciphers  look at modern block ciphers  one of the most widely used types of cryptographic algorithms  provide secrecy /authentication services  focus on DES (Data Encryption Standard)  to illustrate block cipher design principles 47

48. Block cipher 48 Block cipher scheme :encrypts one block of data at a time using the same key on each block. In general, the same plaintext block will always be encrypted to the same cipher text if using the same key in a block cipher whereas the same plaintext will be encrypted to different cipher text in a stream cipher.

49. Block cipher  block ciphers: process messages in blocks, each of which is then en/decrypted  like a substitution on very big characters 64-bits or more 49

50. Block vs Stream Ciphers  many current ciphers are block ciphers  broader range of applications 50

51. Block vs Stream Ciphers Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”. Block ciphers are currently better analysed, and seem to have a broader range of applications, hence focus on them. 51

52.  Block mods is self study

54. Types of Encryption Schemes Ciphers ClassicalModern SubstitutionPublic KeyTranspositionSecret Key BlockStream

55. History  In February 2001, NIST announced that a draft of the Federal Information Processing Standard (FIPS) was available for public review and comment.  Finally, AES was published as FIPS 197 in the Federal Register in December 2001. 7.55

56. History  AES is a block cipher with a block length of 128 bits.  AES allows for three different key lengths: 128, 192, or 256 bits.  Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256- bit keys.  Except for the last round in each case, all other rounds are identical.

57. Definitions  Byte  The basic unit for processing in the AES algorithm is a byte, a sequence of eight bits treated as a single entity.  For example, {01100011} identifies the specific finite field element x6 + x5 + x +1.

58. Definitions  Arrays of Bytes  Arrays of bytes will be represented in the following form:

59. Definitions  Unlike DES, the decryption algorithm differs substantially from the encryption algorithm.  Although, overall, the same steps are used in encryption and decryption, the order in which the steps are carried out is different, as mentioned previously.

60. Overview  The bytes and the bit ordering within bytes are derived from the 128-bit input sequence as follows: input0 input1 input2 … input126 input127  a0 = {input0, input1, …, input7};  a1 = {input8, input9, …, input15};  a15 = {input120, input121, …, input127}.

61. Overview  To appreciate the processing steps used in a single round, it is best to think of a 128-bit block as consisting of a 4×4 matrix of bytes, arranged as follows:  The first four byte occupy the first column  The 4x4 called stat array

62. 7.62 7.1.4 Data Units. Figure 7.2 Data units used in AES

63. Example  Changing plaintext to state 7.63

64. Continue 7.64 Figure 7.3 Block-to-state and state-to-block transformation

65. Overview  AES also has the notion of a word. A word consists of four bytes, that is 32 bits. Therefore, each column of the state array is a word, as is each row.  Each round of processing works on the input state array and produces an output state array.  The output state array produced by the last round is rearranged into a 128-bit output block.

66. Overview  Assuming a 128-bit key, the key is also arranged in the form of a matrix of 4 × 4 bytes. As with the input block, the first word from the key fills the first column of the matrix, and so on.  The four column words of the key matrix are expanded into a schedule of 44 words. Each round consumes four words from the key schedule.

67. Overview  Each round of processing includes one single-byte based substitution step,  a row-wise permutation step,  a column-wise mixing step,  and the addition of the round key.  The order in which these four steps are executed is different for encryption and decryption.

68. Overview  the di ff erent steps that are carried out in each round except the last one

69.  Watch the film:  http://www.youtube.com/watch?v=mlzxp kdXP58 http://www.youtube.com/watch?v=mlzxp kdXP58

71. AES: The Advanced Encryption Standard  focus particularly on the four steps used in each round of AES:  (1) substitution,  (2) shift rows,  (3) mix columns, and  (4)add round key.

72. AES: The Advanced Encryption Standard

74. 1- SubBytes()Transformation  STEP 1: (called SubBytes for byte-by- byte substitution duringb the forward process)  This step consists of using a 16 × 16 lookup table to find a replacement byte for a given byte in the input state array.

75. 1-SubBytes()Transformation  The SubBytes() transformation is a non-linear byte substitution that operates independently  on each byte of the State using a substitution table (S-box).

76. 1-SubBytes()Transformation

77.  s1,1={53}, s’ 1,1 = {ed}.

79. 2- ShiftRows() Transformation  In the ShiftRows() transformation, the bytes in the last three rows of the State are cyclically shifted over different numbers of bytes (offsets). The first row, r = 0, is not shifted.

80. 2- ShiftRows() Transformation

82. 3- MixColumns() Transformation  The MixColumns() transformation operates on the State column-by- column, treating each column as a four- term polynomial :

83. 3- MixColumns() Transformation

86. 4- AddRoundKey() Transformation  In the AddRoundKey() transformation, a Round Key is added to the State by a simple bitwise  XOR operation.

87. 4- AddRoundKey() Transformation

88. Self Study

89. Key Expansion 7.89

90. Key Expansion  The function RotWord() takes a word [a0,a1,a2,a3] as input, performs a cyclic permutation, and returns the word [a1,a2,a3,a0].  SubWord() is a function that takes a four-byte input word and applies the S- box to each of the four bytes to produce an output word.

91. 7.91

92. Example  Each round key in AES depends on the previous round key. The dependency, however, is nonlinear because of SubWord transformation. The addition of the round constants also guarantees that each round key will be different from the previous one.  The two sets of round keys can be created from two cipher keys that are different only in one bit. 7.92

93. Example 7.93

94. For Reading only

95. Inverse Cipher  The individual transformations used in the Inverse Cipher :  InvShiftRows(),  InvSubBytes(),  InvMixColumns(), and  AddRoundKey()

96. Inverse Cipher

97.  InvShiftRows(),  InvSubBytes(),  InvMixColumns  AddRoundKey()

98. InvSubBytes()

99.  The Figure shows how a state is transformed using the SubBytes transformation.  The figure also shows that the InvSubBytes transformation creates the original one. Note that if the two bytes have the same values, their transformation is also the same. 7.99

100. InvShiftRows()  ShiftRows  In the encryption, the transformation is called ShiftRows.  Another transformation found in a round is shifting, which permutes the bytes. 7.100

101. InvShiftRows()  The shows how a state is transformed using ShiftRows transformation. The figure also shows that InvShiftRows transformation creates the original state. 7.101

102. InvMixColumns()

103.  The Figure shows how a state is transformed using the MixColumns transformation. The figure also shows that the InvMixColumns transformation creates the original one. 7.103 The MixColumns transformation in Example 7.5

104. AddRoundKey() 7.104

105. 7.105

106. 7.106 Examples Examples In this section, some examples of encryption/ decryption and key generation are given to emphasize some points discussed in the two previous sections. Example The following shows the ciphertext block created from a plaintext block using a randomly selected cipher key.

107. 7.107 Continued Example

108. 7.108 Continued Continued ExampleContinued

109. 7.109 Continued Continued ExampleContinued

110. 7.110 Another Example States in a single round

111. Conclusion  Rijndael has the symmetric and parallel structure. Gives implementer a lot of flexibility Have not allowed effective cryptanalytic attacks  Rijndael is well adapted to modern processors.  Rijndael is suited for Smart cards

114. Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed communications are compromised  also is symmetric, parties are equal  hence does not protect sender from receiver forging a message & claiming is sent by sender

115. Public-Key Cryptography  probably most significant advance in the 3000 year history of cryptography  uses two keys – a public & a private key  asymmetric since parties are not equal  uses clever application of number theoretic concepts to function  complements rather than replaces private key crypto

116. Historical Background  1976: W. Diffie and M.E. Hellman proposed the first public-key encryption algorithms -- actually an algorithm for public exchange of a secret key.  1978: L.M Adleman, R.L. Rivest and A. Shamir propose the RSA encryption method Currently the most widely used Basis for the spreadsheet used in the lab

117. 15-853Page 117 Public Key History  Some algorithms Diffie-Hellman, 1976, key-exchange based on discrete logs Merkle-Hellman, 1978, based on “knapsack problem” McEliece, 1978, based on algebraic coding theory RSA, 1978, based on factoring Rabin, 1979, security can be reduced to factoring ElGamal, 1985, based on discrete logs Blum-Goldwasser, 1985, based on quadratic residues Elliptic curves, 1985, discrete logs over Elliptic curves Chor-Rivest, 1988, based on knapsack problem NTRU, 1996, based on Lattices XTR, 2000, based on discrete logs of a particular field

118. Public-Key Cryptography public-key/two-key/asymmetric cryptography involves the use of two keys: a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures

119. Quantum Computing - Daugherity Why Public-Key Cryptography?  Compared with symmetric-key encryption, public-key encryption requires more computation and is therefore not always appropriate for large amounts of data.  However, it's possible to use public-key encryption to send a symmetric key, which can then be used to encrypt additional data. 1. Key distribution Secret keys for conventional cryptography Unforgeable public keys (digital certificate) 2. Message authentication

120. Public-Key Cryptography

121. Public-Key Characteristics  Public-Key algorithms rely on two keys where: it is computationally infeasible to find decryption key knowing only algorithm & encryption key it is computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known either of the two related keys can be used for encryption, with the other used for decryption (for some algorithms)

122. Public-Key Cryptosystems

123. Public-Key Applications  Can classify uses into 3 categories: Encryption/decryption (provide secrecy) Digital signatures (provide authentication) Key exchange (of session keys)  some algorithms are suitable for all uses, others are specific to one

124. RSA by Rivest, Shamir & Adleman of MIT in 1977 best known & widely used public-key scheme based on exponentiation in a finite (Galois) field over integers modulo a prime uses large integers (e.g., 1024 bits) security due to cost of factoring large numbers

125. For Reading

126. Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers note: 1 is prime, but is generally not of interest  eg. 2,3,5,7 are prime, 4,6,8,9,10 are not  prime numbers are central to number theory  list of prime number less than 200 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

127. Prime Factorisation  to factor a number n is to write it as a product of other numbers: n=a × b × c  note that factoring a number is relatively hard compared to multiplying the factors together to generate the number  the prime factorisation of a number n is when its written as a product of primes  تحليل العدد لعناصره الاولية eg. 91=7×13 ; 3600=2 4 ×3 2 ×5 2

128. Relatively Prime Numbers & GCD  two numbers a, b are relatively prime if have no common divisors apart from 1  common divisors : القاسم المشترك الاعظم eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor  conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers eg. 300=2 1 ×3 1 ×5 2 18=2 1 ×3 2 hence GCD(18,300)=2 1 ×3 1 ×5 0 =6

129. Fermat's Theorem  a p-1 mod p = 1 where p is prime and gcd(a,p)=1  also known as Fermat’s Little Theorem  useful in public key and primality testing

130. Fermat's Theorem  Example : Let a= 12, p= 7 …..gcd(12,7)= 1 So 12 (7-1) mod 7 = 1  Another example : Let a= 10, p= 3 …..gcd(10,3)= 1 So 10 (3-1) mod 3 = 1

131. Euler Totient Function ø(n)  when doing arithmetic modulo n  complete set of residues is: 0..n-1  reduced set of residues is those numbers (residues) which are relatively prime to n eg for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9}  number of elements in reduced set of residues is called the Euler Totient Function ø(n)

132. Euler Totient Function ø(n)  to compute ø(n) need to count number of elements to be excluded  in general need prime factorization, but for p (p prime) ø(p) = p-1 for p.q (p,q prime) ø(p.q) = (p-1)(q-1)  eg. ø(37) = 36 ø(21) = (3–1)×(7–1) = 2×6 = 12

133. Euler's Theorem  a generalisation of Fermat's Theorem  a ø(n) mod N = 1 where gcd(a,N)=1  eg. a=3;n=10; ø(10)=4; hence 3 4 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 2 10 = 1024 = 1 mod 11

135. RSA Key Setup  each user generates a public/private key pair by:  selecting two large primes at random : p,q  computing their system n=p.q -define ø(n)=(p-1)(q-1)  Selecting at random the encryption key e  where 1< e<ø(n), gcd(e,ø(n))=1  solve following equation to find decryption key d ◦ e.d=1 mod ø(n) and 0≤d≤n  publish their public encryption key: PU={e,n}  keep secret private decryption key: PR={d,n}

136. RSA Example 1. Select primes: p=17 & q=11 2. Compute n = pq =17 x 11=187 3. Compute ø(n)=(p–1)(q-1)=16 x 10=160 4. Select e : gcd(e,160)=1; choose e=7 5. Determine d : de=1 mod 160 and d < 160 Value is d=23 since 23x7=161= 10x160+1 6. Publish public key PU={7,187} 7. Keep secret private key PR={23,187}

137. Another Example  Select primes p=11, q=3.  n = pq = 11.3 = 33 phi = (p-1)(q-1) = 10.2 = 20  Choose e=3 Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common factors except 1), and check gcd(e, q-1) = gcd(3, 2) = 1 therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1  Compute d such that ed ≡ 1 (mod phi) i.e. compute d = e -1 mod phi = 3 -1 mod 20 i.e. find a value for d such that phi divides (ed-1) i.e. find d such that 20 divides 3d-1. Simple testing (d = 1, 2,...) gives d = 7 Check: ed-1 = 3.7 - 1 = 20, which is divisible by phi.  Public key = (e, n) = (3,33) Private key = ( d, n) = (7, 33).

138. RSA Use in Encryption  to encrypt a message M the sender: obtains public key of recipient PU={e,n} computes: C = M e mod n, where 0≤M<n  to decrypt the ciphertext C the owner: uses their private key PR={d,n} computes: M = C d mod n  note that the message M must be smaller than the modulus n (block if needed)

139. RSA Example - En/Decryption  sample RSA encryption/decryption is:  given message M = 88 1. Publish public key PU={7,187} 2. Keep secret private key PR={23,187}  encryption: C = 88 7 mod 187 = 11  decryption: M = 11 23 mod 187 = 88

140. Assignments 1. Perform encryption and decryption using RSA algorithm, as in Figure 1, for the following: ① p = 3; q = 11, e = 7; M = 5 ② p = 5; q = 11, e = 3; M = 9 2. In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5, n = 35. What is the plaintext M? EncryptionDecryption Plaintext 88 Ciphertext 11 Plaintext 88 7 mod187=11 23 mod187=88 KU=7,187KR=23,187 Figure1. Example of RSA Algorithm

141. RSA Key Generation  users of RSA must: determine two primes at random - p, q select either e or d and compute the other  primes p,q must not be easily derived from modulus n=p.q means must be sufficiently large typically guess and use probabilistic test  exponents e, d are inverses, so use Inverse algorithm to compute the other

142. How to compute d  Find d such that : 1 ≡ ( d.e mod m )  1 = Km + de  Using the extended Euclid Algorithm

143. Extended Euclid’s Algorithm  Extend the algorithm to compute the integer coe ffi cients x and y such that  d = gcd(a, b) = ax + by Extended-Euclid(a, b) 1. if b = 0 then return (a, 1, 0) 2. (d’, x’, y’ ) ← Extended-Euclid(b, a mod b) 3. (d, x, y) ← (d’, y’, x’− [a/b]y’ ) 4. return (d, x, y)

144. Example

145. Example for Extended Euclid Algorithm  Ex: 50* 35

146. Example for Extended Euclid Algorithm

147. Example : self  Let p =11, q=3  Let e= 3  Calculate d

148. The results  n =p.q= 33  Q(n)= (p-1)(q-1)= 20  d.e mod Q(n) = 1  d= 7

149. Why RSA Works  because of Euler's Theorem: a ø(n) mod n = 1 where gcd(a,n)=1  in RSA have: n=p.q ø(n)=(p-1)(q-1) carefully chose e & d to be inverses mod ø(n) hence e.d=1+k.ø(n) for some k  hence : C d = M e.d = M 1+k.ø(n) = M 1.(M ø(n) ) k = M 1.(1) k = M 1 = M mod n

150. Efficient Encryption  Encryption uses exponentiation to power e  Hence if e small, this will be faster often choose e=65537 (2 16 -1) also see choices of e=3 or e=17  But if e too small (eg e=3) can attack using Chinese remainder theorem & 3 messages with different moduli

151. Efficient Decryption  Decryption uses exponentiation to power d this is likely large, insecure if not  can use the Chinese Remainder Theorem (CRT) to compute mod p & q separately. then combine to get desired answer

152. Exponentiation  can use the Square and Multiply Algorithm  a fast, efficient algorithm for exponentiation  concept is based on repeatedly squaring base  and multiplying in the ones that are needed to compute the result  look at binary representation of exponent  only takes O(log 2 n) multiples for number n eg. 7 5 = 7 4.7 1 = 3.7 = 10 mod 11 eg. 3 129 = 3 128.3 1 = 5.3 = 4 mod 11

153. Exponentiation  The algorithm for computing a b mod n  The b integer is expressed as as binary number : bk, bk-1,…, b0

154. Example  Get 7 5 mod 11= ??  a b mod n as in th algorithm  So b= 5  101  n= 11 a= 7  The final result is = 10 101 b0b1b2 dcAsk? b(k) k 10 102 71Yes b2 = 1 521 No 340 105

155. Example  Get 10 3 mod 60= ??  a b mod n as in th algorithm  So b= 3  11  n= 60 a= 10  The final result is = 40 11 b01 b2 dcAsk? b(k) k 10 101 101Yes b1 = 1 4020 3Yes b0 = 1

156. RSA Security  three approaches to attacking RSA: brute force key search (infeasible given size of numbers) mathematical attacks (based on difficulty of computing ø(N), by factoring modulus N) timing attacks (on running of decryption)

157. Summary  have considered: prime numbers Fermat’s and Euler’s Theorems Primality Testing Chinese Remainder Theorem Discrete Logarithms principles of public-key cryptography RSA algorithm, implementation, security

158. Second Question  Summarize AES algorithm using the given example “video”  Summarize RSA algorithm for discuss it at the next lecture