Академический Документы
Профессиональный Документы
Культура Документы
Source: Elementary Number Theory 4th ed., by David M. Burton Prepared by: Jay Kaiser S. Lariosa
Application to Cryptography
Introduction
2
With the growing quantity of digital data stored and communicated by electronic-data processing systems, organizations in both the public and commercial sectors have felt the need to protect information from unwanted intrusion.
Introduction
3
Indeed, the widespread use of electronic funds transfer has made a privacy a pressing concern in most financial transactions. There thus has been a recent surge of interest by mathematicians and computer scientists in cryptography (from the Greek kryptos meaning hidden and graphein meaning to write)
Introduction
4
Cryptography is the only known practical means for protecting information transmitted through public communications networks, such as those using telephone lines, microwaves, or satellites.
Introduction
5
In the language of cryptography, where codes are called ciphers, the information to be concealed is called plaintext. After transformation to a secret form, a message is called ciphertext. The process of converting plaintext to ciphertext is said to be encrypting (or enciphering), while the reverse process of changing from ciphertext back to plaintext is called decrypting (or deciphering)
Introduction
6
One of the earliest cryptographic systems was used by the great Roman emperor Julius Caesar around 50 BC. Caesar wrote to Marcus Cicero using a rudimentary substitution cipher in which each letter of the alphabet is replaced by the letter which occurs three places down the alphabet, with the last three letters cycled back to the first three letters.
Definition
7
P is a finite set of possible plaintext C is a finite set of possible ciphertext K is the keyspace the possible set of possible keys
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Definition
8
4.
For each k K there is an encryption rule ek E and a decryption rule dk D which are functions
ek: P C and C P
such that
dk(ek(x)) = x
Definition
9
P = C = {a, b, c, , z} = 0, 1, 2, , 25}
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
And
dk(y) = y - k (mod 26)
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
A 0
B 1
C 2
D 3
E 4
F 5
G 6
H 7
I 8
J 9
K L M 10 11 12
N O P Q R S T U V W X Y Z 13 14 15 16 17 18 19 20 21 22 23 24 25
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Encrypt the message stone the crows using the shift cipher and a key of 11.
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
To decrypt,
D E Z Y P E S P N C Z H D
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
To be useful
22
2.
ek, dk must be effectively computable and efficient. Oscar (the opponent) must not be able to determine the plaintext or the key from reading the ciphertext.
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Its Drawback
23
We will assume that Oscar knows the cryptosystem being used . Is the shift cipher secure? No, just try all possible keys (< 26) On average, after 13 attempts you should find a sensible message.
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
And
dk(y) = a-1((ax + b) b) (mod 26) = a-1ax =x
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
a has inverse if and only if gcd(a, 26) = 1 If (a, 26) = d 1, then ek(x) is not 1-1.
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Suppose
a = cd and 26 = ed for some integer c and e.
Then
ae = cde = c(ed) = c(26) = 26c 0 (mod 26)
and
ek(0) = a(0) + b = b
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
K = {(a, b)| a, b Z26, (a, 26) = 1} = {(a, b)| b Z26, a = 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Give the key k = (7, 3) in an Affine cipher, decrypt the message JDGAZ.
Here a = 7 and b = 3, then the encryption equation becomes, ek(x) = y = 7x + 3 (mod 26) To decrypt, dk(y) = 7-1(y - 3) (mod 26)
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Working backwards,
1 = 5 2(2) 1 = 5 -2(7 5) 1 = 5(3) 7(2) 1 = [26 7(3)]3 7(2) 1 = 26(3) 7(11) 1 = 26(3) + 7(-11)
:
:
J 9
D 3
G 6
A 0
Z 25
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Subtract b,
ciphertext y
y-3
: :
:
J 9 6
D 3 0
G 6 3
A 0 -3
Z 25 22
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
: :
: :
J 9 6 90
D 3 0 0
G 6 3 45
A Z 0 25 -3 22 -45 330
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
: :
: : :
J 9 6 90 12
D 3 0 0 0
G 6 3 45 19
A Z 0 25 -3 22 -45 330 7 18
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
: :
: : : :
J 9 6 90 12 M
D 3 0 0 0 A
G 6 3 45 19 T
A Z 0 25 -3 22 -45 330 7 18 H S
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Secure?
35
Number of keys is 12x26 Exhaustive key search will uncover the message (try all keys) Not that secure.
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Public-Key Cryptography
36
In conventional cryptographic systems, such as Caesars cipher, the sender and the reciever jointly have the same key. Public-key cryptography differs from the conventional cryptography in that in that it uses two keys, an encryption key and a decryption key.
Public-Key Cryptography
37
Although the two keys effect inverse operations and are therefore related, there is no easily computed method of deriving the decryption key from the encryption key. Thus the encryption key can be made public without compromising the decryption key.
Public-Key Cryptography
38
Each user can encrypt messages, but only the intended recipient (whose decryption key is kept secret) can decipher them. A major advantage of a public-key cryptosystem is that it is unnecessary for each sender and reciever to exchange a key in advance of their decision to communicate with each other.
RSA Cryptosystem
39
In 1977, R. Rivest, A. Shamir, and L. Adleman proposed a public-key cryptosystem which uses only elementary ideas from number theory. Their enciphering system is called RSA. Its security depends on the assumption that in the current state of computer technology, the factorization of composite numbers with large prime factors is prohibitively time-consuming.
RSA Cryptosystem
40
Each user of the RSA system chooses a pair of distinct primes, p and q, large enough that the factorization of their product n = pq, called the enciphering modulus, is beyond all current computational capabilities.
RSA Cryptosystem
41
For instance, one might pick p and q with 200 digits each, so that n has roughly 400 digits. Having selected n, the user then chooses a random positive integer k, the enciphering exponent satisfying
gcd(k, m) = 1
RSA Cryptosystem
42
The pair (n, k) is placed in a public file, analogous to a telephone directory, as the users personal encryption key. This allows anyone else in the communication network to encrypt and send a message to that individual .
RSA Cryptosystem
43
Notice that while n is openly revealed, the listed public key does not mention the factors p and q of n. The encryption process begins with the conversion of the message to be sent into an integer M by means of a digital alphabet in which each letter, number, or punctuation mark of the plaintext is replaced by a two digit integer.
A B C D E F G H I J
= = = = = = = = = =
01 02 03 04 05 06 07 08 09 10
K L M N O P Q R S T
= = = = = = = = = =
11 12 13 14 15 16 17 18 19 20
U V W X Y Z , . ? 0
= = = = = = = = = =
21 22 23 24 25 26 27 28 29 30
1 2 3 4 5 6 7 8 9 !
= = = = = = = = = =
31 32 33 34 35 36 37 38 39 40
RSA System
45
Where
m = (p-1)(q-1)
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
RSA System
46
and
dk(y) = yj (mod n)
x, y Zn
Public keys: values of n and k (announced to public) Private keys: p, q, and j (secret)
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
RSA Algorithm
47
Encrypting,
C Pk (mod n)
Decrypting,
Cj P (mod n) Where
Source: from the notes of Jay Kaiser S. Lariosa in Cryptology under Dr. David Parrott, University of Adelaide
Example 7.5
48
In practice, p and q would be large enough so that the factorization of the nonsecret n = pq is not feasible.
Example 7.5
49
Since
gcd(47, 1456) = 1,
we may chose
k = 47 to be the enciphering exponent.
Example 7.5
50
Then the recovery exponent, the unique integer b satisfying the congruence
kj 1 (mod m),
is
j = 31
Example 7.5
51
To encrypt the message: NO WAY Translate each letter into its digital equivalent, this yields the plaintext number
M = 141500230125
Example 7.5
52
We want each plaintext block to be an integer less than 1537. Given this restriction, it seems reasonable to split M into blocks of three digits each (because M < n).
Example 7.5
53
Example 7.5
54
14147 658 (mod 1537) (1414)10 1417 (778)10 1417 (mod 1537)
(7782)5 1417 (1243)3 (1243)2 1417 (mod 1537)
(574)(364) 1417 1441 1417 (mod 1537) (1441) (141)3 (141)4 (1441) (1270) (778) (mod 1537)
(1040) (778) 658 (mod 1537)
Example 7.5
55
the authorized recipient would begin to recover the plaintext number by computing
65831 141 (mod 1537)
Example 7.5
56
Security
57
For the RSA cryptosystem to be secure it must not be computationally feasible to recover the plaintext, M from the information assumed to be known to a third party, namely, the listed public-key (n, k).
Security
58
The direct method of attack would be to attempt to factor n, an integer of huge magnitude. For once the factors are determined, the recovery exponent j can be calculated from m = (p-1)(q-1) and k.
Security
59
Our confidence in the RSA system rests on what is known as the work factor, the expected amount of computer time needed to factor the product of two large primes. Factoring is computationally more difficult than distinguishing between primes and composites.
Security
60
On todays fastest computers, a 200-digit number can routinely be tested for primality in less than 10 minutes. Whereas the running time required to factor a composite number of the same size is prohibitive.
Security
61
It has been estimated that the quickest factoring algorithm known can approximately can use approximately (1.2)1023 computer operations to resolve an integer with 200 digits into its prime factors.
Security
62
Assuming that each operation takes one microsecond (10-6 seconds), the factorization time would be about (3.8)109 years. Given unlimited computing time and some unimaginably efficient factoring algorithm, the RSA cryptosystem could be broken, but for the present it appears to be quite safe.