Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.

Published byDiane Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena."— Presentation transcript:

1 Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena

2 Today’s Informative/Fun Bit – Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em anations&btnG=Google+Search http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em anations&btnG=Google+Search http://tau.ac.il/~tromer/acoustic/ 22/19/2016Public Key Cryptography -- I

3 Course Administration HW1 posted – due at 11am on Feb 2 (Mon) – Any questions? Regarding programming portion of the homework – Submit the whole modified code that you used to measure timings – Comment the portions in the code where you modified the code Include a small “readme” for us to understand this 32/19/2016Public Key Cryptography -- I

4 Outline of Today’s Lecture Public Key Crypto Overview Number Theory Modular Arithmetic 42/19/2016Public Key Cryptography -- I

5 Recall: Private Key/Public Key Cryptography Private Key: Sender and receiver share a common (private) key – Encryption and Decryption is done using the private key – Also called conventional/shared-key/single-key/ symmetric-key cryptography Public Key: Every user has a private key and a public key – Encryption is done using the public key and Decryption using private key – Also called two-key/asymmetric-key cryptography 52/19/2016Public Key Cryptography -- I

6 Private key cryptography revisited. Good: Quite efficient (as you’ll see from the HW#1 programming exercise on AES) Bad: Key distribution and management is a serious problem – for N users O(N 2 ) keys are needed 62/19/2016Public Key Cryptography -- I

7 Public key cryptography model Good: Key management problem potentially simpler Bad: Much slower than private key crypto (we’ll see later!) 72/19/2016Public Key Cryptography -- I

8 Public Key Encryption Two keys: – public encryption key e – private decryption key d Encryption easy when e is known Decryption easy when d is known Decryption hard when d is not known We’ll study such public key encryption schemes; first we need some number theory. 82/19/2016Public Key Cryptography -- I

9 Public Key Encryption: Security Notions Very similar to what we studied for private key encryption – What’s the difference? 92/19/2016Public Key Cryptography -- I

10 Group: Definition (G,.) (where G is a set and. : GxG  G) is said to be a group if following properties are satisfied: 1.Closure : for any a, b G, a.b G 2.Associativity : for any a, b, c G, a.(b.c)=(a.b).c 3.Identity : there is an identity element such that a.e = e.a = a, for any a G 4.Inverse : there exists an element a -1 for every a in G, such that a.a -1 = a -1.a = e Abelian Group: Group which also satisfies commutativity, i.e., a.b = b.a 10

11 Groups: Examples Set of all integers with respect to addition -- (Z,+) Set of all integers with respect to multiplication (Z,*) – not a group Set of all real numbers with respect to multiplication (R,*) Set of all integers modulo m with respect to modulo addition (Z m, “modular addition”) 112/19/2016Public Key Cryptography -- I

12 Divisors x divides y (written x | y) if the remainder is 0 when y is divided by x – 1|8, 2|8, 4|8, 8|8 The divisors of y are the numbers that divide y – divisors of 8: {1,2,4,8} For every number y – 1|y – y|y 122/19/2016Public Key Cryptography -- I

13 Prime numbers A number is prime if its only divisors are 1 and itself: – 2,3,5,7,11,13,17,19, … Fundamental theorem of arithmetic: – For every number x, there is a unique set of primes {p 1, …,p n } and a unique set of positive exponents {e 1, …,e n } such that 132/19/2016Public Key Cryptography -- I

14 Common divisors The common divisors of two numbers x,y are the numbers z such that z|x and z|y – common divisors of 8 and 12: intersection of {1,2,4,8} and {1,2,3,4,6,12} = {1,2,4} greatest common divisor: gcd(x,y) is the number z such that – z is a common divisor of x and y – no common divisor of x and y is larger than z gcd(8,12) = 4 142/19/2016Public Key Cryptography -- I

15 Euclidean Algorithm: gcd(r 0,r 1 ) 15 Main idea: If y = ax + b then gcd(x,y) = gcd(x,b) 2/19/2016Public Key Cryptography -- I

16 Example – gcd(15,37) 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0  gcd(15,37) = 1 162/19/2016Public Key Cryptography -- I

17 Relative primes x and y are relatively prime if they have no common divisors, other than 1 Equivalently, x and y are relatively prime if gcd(x,y) = 1 – 9 and 14 are relatively prime – 9 and 15 are not relatively prime 172/19/2016Public Key Cryptography -- I

18 Modular Arithmetic Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: We work in Z m = {0, 1, 2, …, m-1}, the group of integers modulo m Example: Z 9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write = instead of 182/19/2016Public Key Cryptography -- I

19 Addition in Z m : Addition is well-defined: – 3 + 4 = 7 mod 9. – 3 + 8 = 2 mod 9. 192/19/2016Public Key Cryptography -- I

20 Additive inverses in Z m 0 is the additive identity in Z m Additive inverse of a is -a mod m = (m-a) – Every element has unique additive inverse. – 4 + 5= 0 mod 9. – 4 is additive inverse of 5. 202/19/2016Public Key Cryptography -- I

21 Multiplication in Z m : Multiplication is well-defined: – 3 * 4 = 3 mod 9. – 3 * 8 = 6 mod 9. – 3 * 3 = 0 mod 9. 212/19/2016Public Key Cryptography -- I

22 Multiplicative inverses in Z m 1 is the multiplicative identity in Z m Multiplicative inverse (x*x -1 =1 mod m) – SOME, but not ALL elements have unique multiplicative inverse. – In Z 9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) – On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4 -1 =7, (mod 9) 222/19/2016Public Key Cryptography -- I

23 Which numbers have inverses? In Z m, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 – E.g., 4 in Z 9 232/19/2016Public Key Cryptography -- I

24 Extended Euclidian: a -1 mod n Main Idea: Looking for inverse of a mod n means looking for x such that x * a – y * n = 1. To compute inverse of a mod n, do the following: – Compute gcd(a, n) using Euclidean algorithm. – Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. – So you can obtain linear combination of r m and r m-1 that yields 1. – Work backwards getting linear combination of r i and r i-1 that yields 1. – When you get to linear combination of r 0 and r 1 you are done as r 0 =n and r 1 = a. 242/19/2016Public Key Cryptography -- I

25 Example – 15 -1 mod 37 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1 So, 15 -1 mod 37 is 5. 252/19/2016Public Key Cryptography -- I

26 Modular Exponentiation: Square and Multiply method Usual approach to computing x c mod n is inefficient when c is large. Instead, represent c as bit string b k-1 … b 0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z 2 mod n if b i = 1 then z = z* x mod n 262/19/2016Public Key Cryptography -- I

27 Example: 30 37 mod 77 27 z = z 2 mod n if b i = 1 then z = z* x mod n i b z 5 1 30 =1*1*30 mod 77 4 0 53 =30*30 mod 77 3 0 37 =53*53 mod 77 2 1 29 =37*37*30 mod 77 1 0 71 =29*29 mod 77 0 1 2 =71*71*30 mod 77 2/19/2016Public Key Cryptography -- I

28 Other Definitions An element g in G is said to be a generator of a group if a = g i for every a in G, for a certain integer i – A group which has a generator is called a cyclic group The number of elements in a group is called the order of the group Order of an element a is the lowest i (>0) such that a i = e (identity) A subgroup is a subset of a group that itself is a group 28Public Key Cryptography -- I2/19/2016

29 Lagrange’s Theorem Order of an element in a group divides the order of the group 292/19/2016Public Key Cryptography -- I

30 Euler’s totient function Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n Fact: If p is prime then – {1,2,3,…,p-1} are relatively prime to p. 302/19/2016Public Key Cryptography -- I

31 Euler’s totient function Fact: If p and q are prime and n=pq then Each number that is not divisible by p or by q is relatively prime to pq. – E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} – pq-p-(q-1) = (p-1)(q-1) 312/19/2016Public Key Cryptography -- I

32 Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then If a is relatively prime to p then a p-1 = 1 mod p Proof : follows from Lagrange’s Theorem 322/19/2016Public Key Cryptography -- I

33 Euler’s Theorem and Fermat’s Theorem EG: Compute 9 100 mod 17: p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9 100 =9 6·16+4 =(9 16 ) 6 (9) 4. So mod 17 we have 9 100  (9 16 ) 6 (9) 4 (mod 17)  (1) 6 (9) 4 (mod 17)  (81) 2 (mod 17)  16 Public Key Cryptography -- I 2/19/201633

34 Some questions 2 -1 mod 4 =? What is the complexity of – (a+b) mod m – (a*b) mod m – x c mod (n) Order of a group is 5. What can be the order of an element in this group? 342/19/2016Public Key Cryptography -- I

35 Further Reading Chapter 4 of Stallings Chapter 2.4 of HAC 352/19/2016Public Key Cryptography -- I

Download ppt "Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena."

Similar presentations

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Cryptography and Network Security

Cryptography and Network Security
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Number Theory and Cryptography

Number Theory and Cryptography
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Number Theory(L5) Number Theory Number Theory(L5).

Number Theory(L5) Number Theory Number Theory(L5).
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Similar presentations

Ads by Google