Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University."— Presentation transcript:

1 © Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington

2 © Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

3 © Copyright Martin Tompa, 1999 What Is a Cryptosystem? A Sender B Receiver C = E AB (M)M = D AB (C)M K AB

4 © Copyright Martin Tompa, 1999 What Is a Cryptosystem? A Sender B Receiver Cryptanalyst (bad guy) C = E AB (M)M = D AB (C)M K AB

5 © Copyright Martin Tompa, 1999 What Is a Cryptosystem? A Sender B Receiver Cryptanalyst (bad guy) C = E AB (M)M = D AB (C)M M C K AB MessageEncryptionKey PlaintextCyphertext Cleartext K AB

6 © Copyright Martin Tompa, 1999 What Is a Public Key Cryptosystem? A Sender B Receiver Cryptanalyst (bad guy) C = E AB (M)M = D AB (C)M M C K B E B MessageEncryptionKeyPublic Key PlaintextCyphertextPrivate Key Cleartext K AB

7 © Copyright Martin Tompa, 1999 The RSA Public Key Cryptosystem v Invented by Rivest, Shamir, and Adleman in 1977. v Has proven resistant to all cryptanalytic attacks.

8 © Copyright Martin Tompa, 1999 Receiver’s Set-Up v Choose 500-digit primes p and q (each 2 more than a multiple of 3). p = 5, q = 11

9 © Copyright Martin Tompa, 1999 Receiver’s Set-Up v Choose 500-digit primes p and q (each 2 more than a multiple of 3). p = 5, q = 11 v Let n = pq. n = 55

10 © Copyright Martin Tompa, 1999 Receiver’s Set-Up v Choose 500-digit primes p and q (each 2 more than a multiple of 3). p = 5, q = 11 v Let n = pq. n = 55 v Let s = (1/3) (2(p - 1)(q - 1) + 1). s = (1/3) (2  4  10 + 1) = 27

11 © Copyright Martin Tompa, 1999 Receiver’s Set-Up v Choose 500-digit primes p and q (each 2 more than a multiple of 3). p = 5, q = 11 v Let n = pq. n = 55 v Let s = (1/3) (2(p - 1)(q - 1) + 1). s = (1/3) (2  4  10 + 1) = 27 v Publish n. Keep p, q, and s secret.

12 © Copyright Martin Tompa, 1999 Encrypting a Message v Break the message into chunks. H I C H R I S …

13 © Copyright Martin Tompa, 1999 Encrypting a Message v Break the message into chunks. H I C H R I S …

14 © Copyright Martin Tompa, 1999 Encrypting a Message v Break the message into chunks. H I C H R I S … v Translate each chunk into an integer M (0 < M < n) by any convenient method. 8 9 3 8 18 9 19 …

15 © Copyright Martin Tompa, 1999 Encrypting a Message v Break the message into chunks. H I C H R I S … v Translate each chunk into an integer M (0 < M < n) by any convenient method. 8 9 3 8 18 9 19 … v Divide M 3 by n. E(M) is the remainder. M = 8, n = 55 8 3 = 512 = 9×55 + 17 E(8) = 17

16 © Copyright Martin Tompa, 1999 Decrypting a Cyphertext C v Divide C s by n. D(C) is the remainder. C = 17, n = 55, s = 27 17 27 = 1,667,711,322,168,688,287,513,535,727,415,473 = 30,322,024,039,430,696,136,609,740,498,463 × 55 + 8 D(17) = 8

17 © Copyright Martin Tompa, 1999 Decrypting a Cyphertext C v Divide C s by n. D(C) is the remainder. C = 17, n = 55, s = 27 17 27 = 1,667,711,322,168,688,287,513,535,727,415,473 = 30,322,024,039,430,696,136,609,740,498,463 × 55 + 8 D(17) = 8 v Translate D(C) into letters. H

18 © Copyright Martin Tompa, 1999 Why Does It Work? Euler’s Theorem (1736): Suppose v p and q are distinct primes, v n = pq, v 0 < M < n, and v k > 0. If M k(p-1)(q-1)+1 is divided by n, the remainder is M.

19 © Copyright Martin Tompa, 1999 Why Does It Work? Euler’s Theorem (1736): Suppose v p and q are distinct primes, v n = pq, v 0 < M < n, and v k > 0. If M k(p-1)(q-1)+1 is divided by n, the remainder is M. (M 3 ) s = (M 3 ) (1/3)(2(p-1)(q-1)+1) = M 2(p-1)(q-1)+1

20 © Copyright Martin Tompa, 1999 Leonhard Euler 1707-1783

21 © Copyright Martin Tompa, 1999 Why Is It Secure? v To find M = D(C), you seem to need s.

22 © Copyright Martin Tompa, 1999 Why Is It Secure? v To find M = D(C), you seem to need s. v To find s, you seem to need p and q.

23 © Copyright Martin Tompa, 1999 Why Is It Secure? v To find M = D(C), you seem to need s. v To find s, you seem to need p and q. v All the cryptanalyst has is n = pq.

24 © Copyright Martin Tompa, 1999 Why Is It Secure? v To find M = D(C), you seem to need s. v To find s, you seem to need p and q. v All the cryptanalyst has is n = pq. v How hard is it to factor a 1000-digit number n? With the grade school method, doing 1,000,000,000 steps per second it would take …

25 © Copyright Martin Tompa, 1999 Why Is It Secure? v To find M = D(C), you seem to need s. v To find s, you seem to need p and q. v All the cryptanalyst has is n = pq. v How hard is it to factor a 1000-digit number n? With the grade school method, doing 1,000,000,000 steps per second it would take … 10 483 years.

26 © Copyright Martin Tompa, 1999 State of the Art in Factoring v 1977: Inventors encrypt a challenge using “RSA129,” a 129-digit number n = pq. v 1981: Pomerance invents Quadratic Sieve factoring method. v 1994: Using Quadratic Sieve, RSA129 is factored over 8 months using 1000 computers on the Internet around the world. v (1999: Using a new method, RSA140 is factored.)

27 © Copyright Martin Tompa, 1999 State of the Art in Factoring v 1977: Inventors encrypt a challenge using “RSA129,” a 129-digit number n = pq. v 1981: Pomerance invents Quadratic Sieve factoring method. v 1994: Using Quadratic Sieve, RSA129 is factored over 8 months using 1000 computers on the Internet around the world. v (1999: Using a new method, RSA140 is factored.) v Using Quadratic Sieve, a 250-digit number would take 800,000,000 months instead of 8.

28 © Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

29 © Copyright Martin Tompa, 1999 Signed Messages v How A sends a secret message to B A B C = E B (M) M = D B (C) C

30 © Copyright Martin Tompa, 1999 Signed Messages v How A sends a secret message to B A B C = E B (M) M = D B (C) v How A sends a signed message to B A B C = D A (M) M = E A (C) C C

31 © Copyright Martin Tompa, 1999 Signed and Secret Messages v How A sends a secret message to B... A B C = E B (M) M = D B (C) v How A sends a signed secret message to B... A B C = E B (D A (M)) M = E A (D B (C)) C C

32 © Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone

33 © Copyright Martin Tompa, 1999 Flipping a Coin Over the Phone AB Choose random x. y = E A (x) Guess if x is even or odd. Check y = E A (x).  B wins if the guess about x was right, or y = E A (x). y “even” “odd” x

Download ppt "© Copyright Martin Tompa, 1999 Secret Codes, Unforgeable Signatures, and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University."

Similar presentations

Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
hap8.html#chap8ex5.

hap8.html#chap8ex5.
7. Asymmetric encryption-

7. Asymmetric encryption-
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.

Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Cryptography in Subgroups of Z n * Jens Groth UCLA.

Cryptography in Subgroups of Z n * Jens Groth UCLA.
Public Encryption: RSA

Public Encryption: RSA
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Public Key Cryptography and the RSA Algorithm

Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Similar presentations

Ads by Google