cryptography computations

28
08/14/22 23:10 1 Cryptography Computations ciphertext encrypt plaintext By: Jorge L. Salazar

Upload: lida

Post on 08-Feb-2016

73 views

Category:

Documents


1 download

DESCRIPTION

encrypt. Cryptography Computations. plaintext. ciphertext. By: Jorge L. Salazar. Outline. Cryptography Traditional cryptography, statistical attacks, Secret-key encryption, Public-key encryption. RSA cryptosystem (§10.2.3) Euler’s theorem, Algorithms for RSA - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Cryptography Computations

04/22/23 07:01 1

Cryptography Computations

ciphertextencryptplaintext

By: Jorge L. Salazar

Page 2: Cryptography Computations

04/22/23 07:01 2

Outline Cryptography Traditional cryptography, statistical attacks,

Secret-key encryption, Public-key encryption RSA cryptosystem (§10.2.3) Euler’s theorem, Algorithms for RSA Modular power, Modular inverse

Rabin and ElGamal public key algorithms

Page 3: Cryptography Computations

04/22/23 07:01 3

EncryptionScenario:

Alice wants to send a message (plaintext p) to Bob. The communication channel is insecure and can be

eavesdropped If Alice and Bob have previously agreed on an encryption scheme (cipher), the message can be sent encrypted (ciphertext c)

Issues: What is a good encryption scheme? What is the complexity of encrypting/decrypting? What is the size of the ciphertext, relative to the plaintext? If Alice and Bob have never interacted before, how can they

agree on an encryption scheme?

ciphertextencrypt decrypt plaintextplaintext

Page 4: Cryptography Computations

04/22/23 07:01 4

Traditional CryptographyCiphers were already studied in ancient timesCaesar’s cipher:

replace a with d replace b with e ... replace z with c

Caesar’s cipher is an example of a monoalphabetic substitution cipher, which permutes the charactersArmed with simple statistical knowledge, one can easily break a monoalphabetic substitution cipher

most frequent letters in English: e, t, o, a, n, i, ... most frequent digrams: th, in, er, re, an, ... most frequent trigrams: the, ing, and, ion, ...

The first description of the frequency analysis attack appears in a book written in the 9th century by the Arab philosopher al-Kindi

Page 5: Cryptography Computations

04/22/23 07:01 5

Statistical AttacksArmed with statistical knowledge about the plaintext language, one can easily break a monoalphabetic substitution cipher

Most frequent characters in English: e, t, o, a, n, i, ... Most frequent digrams: th, in, er, re, an, ... Most frequent trigrams: the, ing, and, ion, ...

The first description of the frequency analysis attack appears in a book written in the 9th century by the Arab philosopher al-KindiExample (S. Singh, The Code Book, 1999):PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?”

OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK

Page 6: Cryptography Computations

04/22/23 07:01 6

Frequency AnalysisWe identify the most common characters, digrams and trigrams in the ciphertextExamplePCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?”

OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLKFirst guess:

LBO is THE

Page 7: Cryptography Computations

04/22/23 07:01 7

DecryptionCode:

X Z A V O I D B Y G E R S P C F H J K L M N Q T U WA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Ciphertext:PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX'XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?”

OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLKPlaintext:Now during this time Shahrazad had borne King Shahriyar three sons. On the thousand and first night, when she had ended the tale of Ma'aruf, she rose and kissed the ground before him, saying: “Great King, for a thousand and one nights I have been recounting to you the fables of past ages and the legends of ancient kings. May I make so bold as to crave a favour of your majesty?”Epilogue, Tales from the Thousand and One Nights

Page 8: Cryptography Computations

04/22/23 07:01 8

Secret-Key EncryptionA secret-key cipher uses a unique key K to encrypt and decryptCaesar’s generalized cipher uses the modular addition of each character (viewed as an integer) with the key: C[i]P[i]K mod mP[i]C[i]K mod mMore secure secret-key encryption schemes have been devised in this centuryExamples:

DES 3DES IDEA BLOWFISH

With private-key encryption, a distinct secret key must be established for every pair of parties

Page 9: Cryptography Computations

04/22/23 07:01 9

Public-Key EncryptionBob uses a pair of keys (KE,KD) and

makes key KE public keeps key KD private

Anyone can use the public key KE to encrypt a plaintext into a ciphertext sent to BobOnly Bob can decrypt the ciphertext using the private key KD

The most popular encryption scheme is RSA, named after its inventors Rivest, Shamir, and Adleman (1978)The RSA patent expired in 2000

ciphertextencrypt decrypt plaintextplaintext

public key private key

Page 10: Cryptography Computations

04/22/23 07:01 10

The concept of Public –key was invented by Whitfield D and Martin Hellmann in 1970.

The first public-key algorithm was DES (Data encryption Standard, I was a standard for 15

years.Schemes:

RSA Rabin

El Gamal Knapsack

Public-Key Encryption

Page 11: Cryptography Computations

04/22/23 07:01 11

RSA CryptosystemBits PCs Memory430 1 128MB

760 215,000 4GB

1,020 342106 170GB

1,620 1.61015 120TB

Page 12: Cryptography Computations

04/22/23 07:01 12

OutlineEuler’s theorem (§10.1.3)RSA cryptosystem (§10.2.3) Definition Example Security Correctness

Algorithms for RSA Modular power (§10.1.4) Modular inverse (§10.1.5) Randomized primality testing (§10.1.6)

Page 13: Cryptography Computations

04/22/23 07:01 13

Euler’s TheoremThe multiplicative group for Zn, denoted with Z*n, is the subset of elements of Zn relatively prime with n The totient function of n, denoted with (n), is the size of Z*n

ExampleZ*10 { 1, 3, 7, 9 } (10) 4

If p is prime, we haveZ*p {1, 2, …, (p1)} (p) p1

Euler’s TheoremFor each element x of Z*n, we have x(n) mod n 1

Example (n 10)3(10) mod 10 34 mod 10 81 mod 10 1

7(10) mod 10 74 mod 10 2401 mod 10 19(10) mod 10 94 mod 10 6561 mod 10 1

Page 14: Cryptography Computations

04/22/23 07:01 14

RSA CryptosystemSetup:

npq, with p and q primes

e relatively prime to(n)(p 1) (q 1)

d inverse of e in Z(n)

Keys: Public key: KE(n, e) Private key: KDd

Encryption: Plaintext M in Zn C = Me mod n

Decryption: M = Cd mod n

Example Setup:

p7, q17 n717119 (n)61696 e5 d77

Keys: public key: (119, 5) private key: 77

Encryption: M19 C195 mod 119 = 66

Decryption: C6677 mod 119 = 19

Page 15: Cryptography Computations

04/22/23 07:01 15

Complete RSA Example

M 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18C 1 8 27 9 15 51 13 17 14 10 11 23 52 49 20 26 18 2M 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36C 39 25 21 33 12 19 5 31 48 7 24 50 36 43 22 34 30 16M 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54C 53 37 29 35 6 3 32 44 45 41 38 42 4 40 46 28 47 54

Setup: p5, q11 n51155 (n)41040 e3 d2732781 240 + 1)

Encryption CM3 mod 55

Decryption MC27 mod 55

Page 16: Cryptography Computations

04/22/23 07:01 16

SecurityThe security of the RSA cryptosystem is based on the widely believed difficulty of factoring large numbers

The best known factoring algorithm (general number field sieve) takes time exponential in the number of bits of the number to be factored

The RSA challenge, sponsored by RSA Security, offers cash prizes for the factorization of given large numbersIn April 2002, prizes ranged from $10,000 (576 bits) to $200,000 (2048 bits)

In 1999, a 512-bit number was factored in 4 months using the following computers:

160 175-400 MHz SGI and Sun 8 250 MHz SGI Origin 120 300-450 MHz Pentium II 4 500 MHz Digital/Compaq

Estimated resources needed to factor a number within one year

Bits PCs Memory430 1 128MB

760 215,000 4GB

1,020 342106 170GB

1,620 1.61015 120TB

Page 17: Cryptography Computations

04/22/23 07:01 17

CorrectnessWe show the correctness of the RSA cryptosystem for the case when the plaintext M does not divide nNamely, we show that

(Me)d mod nMSince ed mod (n)1, there is an integer k such that

ed k(n)1Since M does not divide n, by Euler’s theorem we haveM(n) mod n1

Thus, we obtain(Me)d mod nMed mod n

Mk(n)1 mod nMMk(n) mod nM (M(n))k mod nM (M(n) mod n)k mod nM (1)k mod nM mod n

MSee the book for the proof of correctness in the case when the plaintext M divides n

Page 18: Cryptography Computations

04/22/23 07:01 18

Algorithmic IssuesThe implementation of the RSA cryptosystem requires various algorithmsOverall

Representation of integers of arbitrarily large size and arithmetic operations on them

EncryptionModular power

DecryptionModular power

SetupGeneration of random numbers with a given number of bits (to generate candidates p and q)

Primality testing (to check that candidates p and q are prime)

Computation of the GCD (to verify that e and (n) are relatively prime)

Computation of the multiplicative inverse (to compute d from e)

Page 19: Cryptography Computations

04/22/23 07:01 19

Modular PowerThe repeated squaring algorithm speeds up the computation of a modular power ap mod nWrite the exponent p in binaryp pb1 pb2 … p1 p0

Start withQ1 apb1 mod n

Repeatedly computeQi ((Qi1)2 mod n)apbi mod n

We obtainQb ap mod n

The repeated squaring algorithm performs O (log p) arithmetic operations

Example318 mod 19 (18 010)Q1 31 mod 19 3Q2 32 mod 19)30 mod 19 = 9Q3 92 mod 19)30 mod 19 =

81 mod 19 = 5Q4 52 mod 19)31 mod 19 =

(25 mod 19)3 mod 19 =18 mod 19 = 18

Q5 182 mod 19)30 mod 19 = (324 mod 19) mod 19 = 1719 + 1 mod 19 = 1

p51 1 0 0 1 0

2p5i 3 1 1 3 1

Qi 3 9 5 18 1

Page 20: Cryptography Computations

04/22/23 07:01 20

Modular InverseTheorem

Given positive integers a and b, let d be the smallest positive integer such that dia + jbfor some integers i and j.We have dgcd(a,b)Example

a21 b15 d3 i3, j4 3321 + (4)15

6360 3

Given positive integers a and b, the extended Euclid’s algorithm computes a triplet (d,i,j) such that

dgcd(a,b) dia + jb

To test the existence of and compute the inverse of x Zn, we execute the extended Euclid’s algorithm on the input pair (x,n)Let (d,i,j) be the triplet returned

dix + jn Case 1: d1

i is the inverse of x in Zn

Case 2: d1x has no inverse in Zn

Page 21: Cryptography Computations

04/22/23 07:01 21

Pseudoprimality TestingThe number of primes less than or equal to n is about n ln nThus, we expect to find a prime among, O(b) randomly generated numbers with b bits eachTesting whether a number is prime (primality testing) is believed to be a hard problemAn integer n2 is said to be a base-x pseudoprime if

xn1 mod n1 (Fermat’s little theorem)Composite base-x pseudoprimes are rare:

A random 100-bit integer is a composite base-2 pseudoprime with probability less than 10-13

The smallest composite base-2 pseudoprime is 341Base-x pseudoprimality testing for an integer n:

Check whether xn1 mod n1 Can be performed efficiently with the repeated squaring

algorithm

Page 22: Cryptography Computations

04/22/23 07:01 22

Randomized Primality Testing

Compositeness witness function witness(x, n) with error probability q for a random variable xCase 1: n is prime

witness w(x, n)falseCase 2: n is composite

witness w(x, n)false with probability q1

Algorithm RandPrimeTest tests whether n is prime by repeatedly evaluating witness(x, n)A variation of base- x pseudoprimality provides a suitable compositeness witness function for randomized primality testing (Rabin-Miller algorithm)

Algorithm RandPrimeTest(n, k)Input integer n,confidence parameter k and composite witness function witness(x,n) with error probability qOutput an indication of whether n is composite or prime with probability 2k

t klog2(1q)for i 1 to t

x random()if witness(x,n)= true

return “n is composite”return “n is prime”

Page 23: Cryptography Computations

04/22/23 07:01 23

Rabin and ElGamal public-key encryption

(Examples)

Page 24: Cryptography Computations

04/22/23 07:01 24

Rabin public-key encryption

Rabin encryption is an extremely fast operation as it only involves a single modular squaring. By comparison with RSA.Rabin encryption is slower than encryption but is comparable in speed to RSA decryptionHow it works if B wants to send a message to A?Generation key: Each entity generate create a public key and corresponding private key

1. Generate 2 large random numbers primes p an q, each with the same size2. Compute n=pq3. The public key is n and the private key is p and q

The encryption:1. Represent the message as an integer m in the range {0,1,….,n-1}2. Compute c=m2modn3. Send the cipher text c to A

The Decryption:1. Find the square roots m1,m2,m3 and m4 of c modulo n2

2. The message sent was either m1,m2,m3 or m4.

Page 25: Cryptography Computations

04/22/23 07:01 25

Rabin public key- ExampleKey generation: A choose the primes p=277, q=331, and computes n=pq=91687. A’s public key is n=91687, while A’s private key is p=277 and q=331Encryption: Suppose that the last six bits of the original messages are required to be replied prior to encryption. In order to encrypt the 10-bits message m=1001111001, B replies the last six bits of m to obtain 16-bits message. m=1000111001111001 which in decimal notation is m=40569, the computes:

C=m2modn = 405692 mod 91687 = 62111

And sent this to ADecryption: to decrypt c, A use the square root algorithm to know the factors of n to compute the four square root of c mod n

m1=69954, m2=22033, m3=40569, m45118 m1=1000100000010110, m2=101011000010001,

m3=1001111001111001, m4=110001111010110.

Page 26: Cryptography Computations

04/22/23 07:01 26

ElGamal public-key encryption

Is bases on the difficulty of the problem called" discrete algorithm”How it works if B wants to send a message to A?Key generation: Each entity generate create a public key of the multiplicative group

1. Generate a large random prime p and generator α of the multiplicative group Z p

* of the integers modulo p. 2. Select a random integer a, between 1 and p-2 and compute αa mod p 3. A’s public key is (p,α, αa ); A’s private key is a

Encryption: B should b the following: 1. Obtain A’s authentication public key (p,α, αa ); 2. Represent the message as an integer m in the range of {0,1,2…p-1} 3. Select a random integer k, between 1 and p-2 4. Compute γ = αk mod p and ζ = m.(αa)k mod p 5. Send the cipher text c=(γ, ζ ) to A

Decryption: Recover plaintext m from c, A should do the following:

1. Use the private key a to compute γ p-1-a mod p 2. Recover m by computing (γ -a ). ζ mod p

Page 27: Cryptography Computations

04/22/23 07:01 27

ElGamal- ExampleKey generation: A select the primes p=2357 and generate α=2 of Z 2357

* . A chooses the private key a=1751 and computes:αa mod p=2 1751 mod 2357 =1185A’s public key is (p=2357, α=2, αa =1185)

Encryption: To encrypt the message m=2035, B selects a random integer k=1520 and computes:

γ = 21520 mod 2357=1430ζ = 2035 . 11851520. mod 2357 = 697

B sends γ = 1430 and ζ = 697 to A Decryption: to decrypt c, A computes:

γ p-1-a = 1435605 mod 2357 = 872 and recover m by computing m = 872.697 mod 2357 m= 2035

Page 28: Cryptography Computations

04/22/23 07:01 28

ConclusionsFundaments of theory of cryptography and several powerful algorithms to protect the data integrity, authenticating, authorization and confidentiality were discussed during this presentation.

A variety of cryptographic techniques have been developed to support the communications an insecure network. The goal of this presentation is present the Fundaments of theory of cryptography and several powerful algorithms to protect the data integrity, authenticating, authorization and confidentiality .