1. Week 4 - Wednesday

2.  What did we talk about last time?  Finished DES  AES

7.  So far, we have talked about symmetric (or private) key cryptography  In symmetric key cryptography, the same key is used for encryption and decryption  The key is a shared secret  This is perfect for sending messages between two parties who 1. Trust each other 2. Have shared a secret ahead of time

8.  Sometimes, we need something different  We want a public key that anyone can use to encrypt a message to Alice  Alice has a private key that can decrypt such a message  The public key can only encrypt messages; it cannot be used to decrypt messages

9.  In 1976, Diffie and Hellman proposed the idea of a public key cryptosystem, one in which encryption and decryption keys were different  They gave the following 3 conditions for such a system: 1. It must be computationally easy to encipher or decipher a message given the appropriate key 2. It must be computationally infeasible to derive the private key from the public key 3. It must be computationally infeasible to determine the private key from a chosen plaintext attack

10.  (Whitfield) Diffie and (Martin) Hellman "invented" public key cryptography in 1976  However, James Ellis invented it in 1970, but his work was for a secret British government agency, classified until 1997  Diffie and Hellman came up with the idea of a "trapdoor" function (computationally easy one way, hard the other)  RSA, a practical algorithm published in 1978, made this idea workable  Again, the system had been invented earlier by British intelligence  The guys behind RSA made millions

12.  RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes)  For those of you who aren't in Formal Methods, an integer p is prime if  p > 1  p is not divisible by any positive integers other than 1 and itself

13.  Any integer greater than 1 can be factored into a unique series of prime factors:  Example: 52 = 2 2 ∙ 13  Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b

14.  How do we know if a number is prime?  For small numbers, we can try to divide it by all integers less than or equal to its square root  RSA-768 was successfully factored in December 2009 into 2 primes  One is: 334780716989568987860441698482126908177047949 83713768568912431388982883793 878002287614711652531743087737814467999489  You can't test up to the square root of that in any reasonable time

15.  In 2002, the AKS algorithm was published which demonstrated that it was possible to test to see if a number is prime  Deterministically  In time polynomial in the number of digits of the prime  This algorithm is of theoretical interest, but it is too slow for testing the primality of RSA moduli

16.  We won't get into the number theory behind this (yet)  A Rabin-Miller primality test works as follows:  Let n be the number you want to prove if it's prime or not  n must be odd, thus n – 1 is even  (n – 1) = 2 s d where s and d are positive integers and d is odd  If n is prime, then for any integer 1 < a < n, exactly one of the two is true: ▪ a d  1 (mod n) or ▪ a 2 r d  -1 (mod n), 1 ≤ r < s  Pick several a values, see if either of the two cases hold  If it ever doesn't, you know you have a composite

17.  What if we want to see if 221 is prime?  n – 1 = 220 = 2 2 ∙55  s = 2  d = 55  Attempt 1: Let a = 174  a 2 0 ·d mod n = 174 55 mod 221 = 47 ≠ 1, n − 1  a 2 1 ·d mod n = 174 110 mod 221 = 220 = n − 1 Check!  Attempt 2: Let a = 137  a 2 0 ·d mod n = 137 55 mod 221 = 188 ≠ 1, n − 1  a 2 1 ·d mod n = 137 110 mod 221 = 205 ≠ n − 1 Oh no!  Every successful attempt means there is only a 25% chance that the number is composite  So, after k attempts, there is a 4 -k chance that the number is composite

18.  The greatest common divisor or GCD of two numbers gives the largest factor they have in common  Example:  GCD( 12, 18 ) =  GCD( 42, 56 ) =  For small numbers, we can determine GCD by doing a complete factorization

19.  For large numbers, we can use Euclid's algorithm to determine the GCD of two numbers  Algorithm GCD( a, b) 1. If b = 0 ▪ Return a 2. Else ▪ temp = a mod b ▪ a = b ▪ b = temp 3. Goto Step 1  Example: GCD( 1970, 1066)

20.  We can extend Euclid's algorithm to give us the multiplicative inverse for modular arithmetic  Example: Find the inverse of 120 mod 23  Let a be the number  Let b be the modular base  Find Inverse(a, b)  x = 0  lastx = 1  y = 1  lasty = 0  while b ≠ 0 ▪ quotient = a div b ▪ temp = b ▪ b = a mod b ▪ a = temp ▪ temp = x ▪ x = lastx-quotient*x ▪ lastx = temp ▪ temp = y ▪ y = lasty-quotient*y ▪ lasty = temp  Return lastx

22.  If p is prime and a is a positive integer not divisible by p, then: a p –1  1 (mod p)

23.  Assume a is positive and less than p  Consider the sequence a, 2a, 3a, …, (p – 1)a  If these are taken mod p, we will get:  1, 2, 3, …, p – 1  This bit is the least obvious part of the proof  However (because p is prime) if you add any non-zero element repeatedly, you will eventually get back to the starting point, covering all values (except 0) once  Multiplying this sequence together gives:  a ∙ 2a ∙ 3a ∙ … ∙ (p – 1)a  1 ∙ 2 ∙ 3 ∙ … ∙ (p – 1) (mod p)  a p – 1 (p – 1)!  (p – 1)! (mod p)  a p – 1  1 (mod p)

24.  Euler’s totient function  (n)   (n) = the number of positive integers less than n and relatively prime to n (including 1)  If p is prime, then  (p) = p – 1  If we have two primes p and q (which are different), then:  (pq) =  (p)∙  (q) = (p – 1)(q – 1)

25.  Euler’s Theorem: For every a and n that are relatively prime, a  (n)  1 (mod n)  This generalizes Fermat’s Theorem because  (p) = p – 1 if p is prime  Proof is messier

28.  RSA  Key management  Start hash functions  Kiefer Weis presents

29.  Keep reading Sections 2.3 and 12.4  Work on Project 1  Due this Friday