Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:"— Presentation transcript:

1 Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6: 3 more problems added, all due Tuesday, will add a bonus factoring problem. Questions? This week: Primality testing, factoring Primality testing, factoring Discrete Logs Discrete Logs DTTF/NB479: DszquphsbqizDay 23

2 Factoring 1.Fermat factoring: Compute n + 1 2, n + 2 2, n + 3 2, until you reach a perfect square, say r 2 = n + k 2 Then n = r 2 - k 2 = (r+k)(r-k) 2.Sieves: Generate lots squares that can be expressed as products of small primes Pairs = linear dependencies (mod 2) Speed? See http://www.crypto- world.com/FactorRecords.html http://www.crypto- world.com/FactorRecords.htmlhttp://www.crypto- world.com/FactorRecords.html 3.(p-1) algorithm (next)

3 (p-1) Algorithm Useful if p|n and (p-1) has only small factors Choose any a>1 (like a=2) and a bound B Compute b=a B! (mod n) (How?) Then compute d=gcd(b-1, n) If 1<d<n, then d is a non-trivial factor If 1<d<n, then d is a non-trivial factor Example: n=5183. We’ll use a=2, B=6. Why does it work?

4 Moral of this story? To get a 100-digit number n=pq resistant to this attack: Make sure (p-1) has at least 1 large prime factor: Make sure (p-1) has at least 1 large prime factor: Pick p 0 = nextprime(10 40 ) Pick p 0 = nextprime(10 40 ) Choose k~10 60 such that p=(kp 0 +1) is prime Choose k~10 60 such that p=(kp 0 +1) is prime How to test? Repeat for q. Repeat for q.

5 Known implementation mistakes Choosing p and q close to each other Choosing p and q such that (p-1) or (q-1) has only small prime factors Choosing e=3 (smallest e such that gcd(e,(f(n))=1 (problem 6.9.14) Using a scheme such that ½ the digits of p or q are easy to find (6.2 Theorem 1) Choosing e too small (6.2 Theorem 2) Choosing d too small (d < 1/3 n 1/4 ; 6.2 Theorem 3; exposes to continued fraction attack) Choosing plaintext much shorter than n (But can pad plaintext; see scheme on p. 173) (But can pad plaintext; see scheme on p. 173)

6 Discrete logs… But first, some humor: Bruce Schneier is a genius in the crypto field, the author of the authoritative book on crypto. Bruce Schneier writes his books and essays by generating random alphanumeric text of an appropriate length and then decrypting it.

7 Discrete logs… …are the basis of the ElGamal cryptosystem …can be used for digital signatures

8 Discrete Logs Find x We denote this as Why is this hard? Given

9 Consider this… Solve 9=2 x (mod 11) Are there other solutions for x? By convention, x is defined to be the minimum of all such. It must be < (p-1). Why?

10 But consider this… Solve 2150=3621 x (mod p) where p=1775754…74581 (100 digits) How long will exhaustive search take? Up to p-2 if 3621 is a primitive root of n. Up to p-2 if 3621 is a primitive root of n. What’s a primitive root? Please read section 3.7 (1 page) tonight if you haven’t

11 One-way functions Take y=f(x) If y is easy to find given x, but x is hard to find given y, f is called a one-way function. Examples: Factoring (easy to multiply, hard to factor) Factoring (easy to multiply, hard to factor) Discrete logs (easy to find powers mod n, even if n is large, but hard to find discrete log) Discrete logs (easy to find powers mod n, even if n is large, but hard to find discrete log)

Download ppt "Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:"

Similar presentations

RSA.

RSA.
Public Key Cryptosystem

Public Key Cryptosystem
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,

Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
Announcements: Matlab: tutorial available at Matlab: tutorial available at

Announcements: Matlab: tutorial available at Matlab: tutorial available at
Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.

Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10.

Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,

Announcements: 1. Class cancelled tomorrow 2. HW7 due date moved to Thursday. Questions? This week: Birthday attacks, Digital signatures Birthday attacks,
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O167 10 th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics formed 3. HW6 due tomorrow. Questions? This week: Discrete Logs,
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Similar presentations

Ads by Google