Академический Документы
Профессиональный Документы
Культура Документы
Theory
CS/APMA 202
Rosen section 2.6
Aaron Bloomfield
1
About this lecture set
We are only going to go over parts of section 2.6
Just the ones that deal directly with 2.6
2
Private key cryptography
The function and/or key to encrypt/decrypt
is a secret
(Hopefully) only known to the sender and
recipient
3
Public key cryptography
Everybody has a key that encrypts and a
separate key that decrypts
They are not interchangable!
4
Public key cryptography goals
Key generation should be relatively easy
5
Is that number prime?
Use the Fermat primality test
Given:
n: the number to test for primality
k: the number of times to test (the certainty)
8
Is that number prime?
The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime
Let n = 101
Iteration 1: a = 55: 55100 mod 100 = 1
Iteration 2: a = 60: 60100 mod 100 = 1
Iteration 3: a = 14: 14100 mod 100 = 1
Iteration 4: a = 73: 73100 mod 100 = 1
At this point, 101 has a (½)4 = 1/16 chance of still
being composite
9
More on the Fermat primality test
Each iteration halves the probability that the number is a
composite
Probability = (½)k
If k = 100, probability it’s a composite is (½) 100 = 1 in 1.2 1030
that the number is composite
Greater chance of having a hardware error!
Thus, k = 100 is a good value
Source: http://en.wikipedia.org/wiki/Fermat_primality_test
10
Google’s latest recruitment
campaign
11
RSA
Stands for the inventors: Ron Rivest, Adi
Shamir and Len Adleman
Three parts:
Key generation
Encrypting a message
Decrypting a message
12
Key generation steps
1. Choose two random large prime numbers p ≠ q, and
n = p*q
15
Key generation, step 1
Java code to find a big prime number:
import java.math.*;
import java.util.*;
class BigPrime {
17
Key generation, step 1
Practical considerations
p and q should not be too close together
(p-1) and (q-1) should not have small prime
factors
Use a good random number generator
18
Key generation, step 2
Choose an integer 1 < e < n which is
relatively prime to (p-1)(q-1)
We choose e = 85
85 = 5*17
gcd (85, 10176) = 1
Thus, 85 and 10176 are relatively prime
20
Key generation, step 3
Compute d such that:
d * e ≡ 1 (mod (p-1)(q-1))
Rephrased: d*e mod (p-1)(q-1) = 1
We choose d = 4669
4669*85 mod 10176 = 1
21
Key generation, step 3
Java code to find d:
import java.math.*;
class FindD {
public static void main (String args[]) {
System.out.println (e.modInverse(pq));
}
}
Result: 4669 22
Key generation, step 4
Destroy all records of p and q
d * e ≡ 1 (mod (p-1)(q-1))
23
The keys
We have n = p*q = 10379, e = 85, and
d = 4669
26
Encrypting RSA messages
Formula is c = me mod n
27
Decrypting messages
1. Use the formula m = cd mod n on each
number
28
Decrypting messages example
Encrypted message:
4501 2867 4894 0361 3630 4496 6720
29
modPow computation
1. How to compute c = me mod n or m = cd mod n?
Example: 45014669 mod 10379 = 4181
Other means:
Java: use the BigInteger.modPow() method
Perl: use the bmodpow function in the BigInt library
Etc…
30
Why this works
m = cd mod n
c = me mod n
31
Cracking a message
In order to decrypt a message, we must compute m = cd mod n
n is known (part of the public key)
c is known (the ciphertext)
e is known (the encryption key)
Thus, we must compute d with no other information
Recall: choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
Recall: Compute d such that d * e ≡ 1 (mod (p-1)(q-1))
Thus, we must factor the composite n into it’s component primes
There is no efficient way to do this!
We can tell that n is composite very easily, but we can’t tell what its
factors are
Once n is factored into p and q, we compute d as above
Then we can decrypt c to obtain m
32
Cracking a message example
In order to decrypt a message, we must compute m = cd
mod n
n = 10379
c is the ciphertext being cracked
e = 85
In order to determine d, we need to factor n
d * e ≡ 1 (mod (p-1)(q-1))
We factor n into p and q: 97 and 107
d * 85 ≡ 1 (mod (96)(106))
This would not have been feasible with two large prime
factors!!!
We then compute d as above, and crack the message
33
Signing a message
Recall that we computed
d*e mod (p-1)(q-1) = 1
34
Signing a message
To “sign” a message:
1. Write a message, and determine the MD5
hash
2. Encrypt the hash with your private
(encryption) key
3. Anybody can verify that you created the
message because ONLY the public
(encryption) key can decrypt the hash
4. The hash is then verified against the
message
35
PGP and GnuPG
Two applications which implement the
RSA algorithm
36
The US gov’t and war munitions
37
How to “crack” PGP
Factoring n is not feasible
Thus, “cracking” PGP is done by other
means
Intercepting the private key
“Hacking” into the computer, stealing the computer,
etc.
Man-in-the-middle attack
Etc.
38
Other public key encryption
methods
Modular logarithms
Developed by the US government, therefore
not widely trusted
Elliptic curves
39
Quantum computers
A quantum computer could (in principle) factor n in
reasonable time
This would make RSA obsolete!
Shown (in principle) by Peter Shor in 1993
You would need a new (quantum) encryption algorithm to
encrypt your messages
Link at http://en.wikipedia.org/wiki/RSA
41
Quick survey
I felt I understood the material in this
slide set…
a) Very well
b) With some review, I’ll be good
c) Not really
d) Not at all
42
Quick survey
The pace of the lecture for this
slide set was…
a) Fast
b) About right
c) A little slow
d) Too slow
43
Quick survey
How interesting was the material
in this slide set? Be honest!
a) Wow! That was SOOOOOO cool!
b) Somewhat interesting
c) Rather borting
d) Zzzzzzzzzzz
44