number theory in cryptographygeo2/ronaldintrocrypto.pdf · 2008-10-12 · number theory in...
TRANSCRIPT
![Page 1: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/1.jpg)
Number Theory in Cryptography
Introduction
September 20, 2006
Universidad de los Andes
1
![Page 2: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/2.jpg)
Guessing Numbers
2
![Page 3: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/3.jpg)
Guessing Numbers
(person x) 7−→ (last 6 digits of phone number of x)
3
![Page 4: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/4.jpg)
Guessing Numbers
(person x) 7−→ (last 6 digits of phone number of x)
A Hash Function is a function f from A to B such that
• It is easy to compute f(x) for any x ∈ A.
• For any y ∈ B, it is hard to find an x ∈ A with f(x) = y.
• It is hard to find x, x′ ∈ A with x 6= x′ and f(x) = f(x′).
4
![Page 5: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/5.jpg)
Caesar Cipher
VIXYVR XS VSQI
5
![Page 6: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/6.jpg)
Caesar Cipher
VIXYVR XS VSQI
A BCDEFGH I J KLMNOPQR S TUVWXYZWXYZABCDEFGH I J K LMNOPQR S TUV
6
![Page 7: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/7.jpg)
Caesar Cipher
VIXYVR XS VSQI
A BCDEFGH I J KLMNOPQR S TUVWXYZWXYZABCDEFGH I J K LMNOPQR S TUV
RETURN TO ROME
7
![Page 8: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/8.jpg)
Caesar Cipher
VIXYVR XS VSQI
A BCDEFGH I J KLMNOPQR S TUVWXYZWXYZABCDEFGH I J K LMNOPQR S TUV
RETURN TO ROME
Breaking the code: just try all 26 shifts.
8
![Page 9: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/9.jpg)
Substitution Cipher
MQWE WE B YXM QBLHGL
ABCDE F GH I J KLMNOPQRST U VWXYZQAZX SWEDCVFRTGBNHYU J MK I OLP
9
![Page 10: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/10.jpg)
Substitution Cipher
MQWE WE B YXM QBLHGL
ABCDE F GH I J KLMNOPQRST U VWXYZQAZX SWEDCVFRTGBNHYU J MK I OLP
THIS IS A LOT HARDER
10
![Page 11: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/11.jpg)
Substitution Cipher
MQWE WE B YXM QBLHGL
ABCDE F GH I J KLMNOPQRST U VWXYZQAZX SWEDCVFRTGBNHYU J MK I OLP
THIS IS A LOT HARDER
Breaking the code:
Can not try 26! = 403291461126605635584000000 permutations...
11
![Page 12: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/12.jpg)
Solution: Letter Frequencies
English Spanish
A 82 125B 14 14C 28 47D 38 59E 131 137F 29 7G 20 10H 53 7I 63 62J 1 4K 4 0L 34 50M 25 31
English Spanish
N 71 67O 80 86P 20 25Q 1 9R 68 69S 61 79T 105 46U 25 39V 9 9W 15 0X 2 2Y 20 9Z 1 5
out of 1000 letters
12
![Page 13: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/13.jpg)
Viginere Cipher
HVD PZAHSQ JMLEIDRXPSG ZVZ UCH OVZZSFUIY
13
![Page 14: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/14.jpg)
Viginere Cipher
HVD PZAHSQ JMLEIDRXPSG ZVZ UCH OVZZSFUIY
Shift the letters of the encrypted message according to the value of the
letters of the secret keyword “LLAVES.” (a= 1, b= 2, . . .).
ABCDEFGH I J K L M N O P Q R S T U VWX Y Z1 2 3 4 5 6 7 8 910111213141516171819202122 23 242526
H VD PZ A H S Q J ML E I DRXP S G ZVZ U C H OVZZ S F U I YL L A VE S L L A V E S L L A VE S L L AVE S L L A VES L L AV ETH E L ETTE R F R EQU E NC I E S ARE NOT P RESERVED
14
![Page 15: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/15.jpg)
Viginere Cipher
HVD PZAHSQ JMLEIDRXPSG ZVZ UCH OVZZSFUIY
Shift the letters of the encrypted message according to the value of the
letters of the secret keyword “LLAVES.” (a= 1, b= 2, . . .).
ABCDEFGH I J K L M N O P Q R S T U VWX Y Z1 2 3 4 5 6 7 8 910111213141516171819202122 23 242526
H VD PZ A H S Q J M L E I D R XP S G ZVZ U C H OVZZ S F U I YL L A VE S L L A V E S L L A V E S L L AVE S L L A VES L L AV ETH E L ETTE R F R EQU E N C I E S ARE N OT P RESERVED
EN ES E N ES
Repeated bigrams stay repeated bigrams
if their distance is a multiple of the length of the key.
15
![Page 16: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/16.jpg)
Security
All these ciphers are breakable
once the enemy knows
the type of encryption.
16
![Page 17: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/17.jpg)
Enigma
A German WW-II encryption machine, broken by the allies
17
![Page 18: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/18.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
18
![Page 19: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/19.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
Weaknesses:
Permutations are involutions
Letter x does not map to x
Rotors can be stolen
Book of initial settings too
19
![Page 20: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/20.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
Weaknesses:
Permutations are involutions
Letter x does not map to x
Rotors can be stolen
Book of initial settings too
User errors:
repeated initial 3 letters
nonrandom initial 3 letters
test message with only T ’s
20
![Page 21: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/21.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
Weaknesses:
Permutations are involutions
Letter x does not map to x
Rotors can be stolen
Book of initial settings too
User errors:
repeated initial 3 letters
nonrandom initial 3 letters
test message with only T ’s
British could decipher until 1932, then extra keyboard permutation.
21
![Page 22: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/22.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
Weaknesses:
Permutations are involutions
Letter x does not map to x
Rotors can be stolen
Book of initial settings too
User errors:
repeated initial 3 letters
nonrandom initial 3 letters
test message with only T ’s
British could decipher until 1932, then extra keyboard permutation.
Polish until 1939, then extra rotors, no repeated 3 letters.
22
![Page 23: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/23.jpg)
F
E
D
C
B
A
RE
FLE
CT
OR
1 2 3
ROTORSPeriod of 263 substitutions
Weaknesses:
Permutations are involutions
Letter x does not map to x
Rotors can be stolen
Book of initial settings too
User errors:
repeated initial 3 letters
nonrandom initial 3 letters
test message with only T ’s
British could decipher until 1932, then extra keyboard permutation.
Polish until 1939, then extra rotors, no repeated 3 letters.
At the end of the war all messages could be deciphered in 2 days.
The Germans were still confident about ENIGMA.
23
![Page 24: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/24.jpg)
Lesson learned
A crypto system should be safe even if
• the enemy knows your encryption algorithm
• the enemy knows lots of plain texts together with their encryptions
(no chosen plain text attacks)
24
![Page 25: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/25.jpg)
Lesson learned
A crypto system should be safe even if
• the enemy knows your encryption algorithm
• the enemy knows lots of plain texts together with their encryptions
(no chosen plain text attacks)
Solution
• Use a public algorithm with a secret key.
25
![Page 26: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/26.jpg)
Data Encryption Standard (DES, 1974)
Xor:
⊕ 0 1
0 0 11 1 0
(x⊕ y)⊕ y = x
26
![Page 27: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/27.jpg)
Data Encryption Standard (DES, 1974)
Xor:
⊕ 0 1
0 0 11 1 0
(x⊕ y)⊕ y = x
message 1010010101001001key 0110100100010010⊕
encryption 1100110001011011
27
![Page 28: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/28.jpg)
Data Encryption Standard (DES, 1974)
Xor:
⊕ 0 1
0 0 11 1 0
(x⊕ y)⊕ y = x
message 1010010101001001key 0110100100010010⊕
encryption 1100110001011011
encryption ⊕ key = message
28
![Page 29: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/29.jpg)
Data Encryption Standard (DES, 1974)
Xor:
⊕ 0 1
0 0 11 1 0
(x⊕ y)⊕ y = x
message 1010010101001001key 0110100100010010⊕
encryption 1100110001011011
encryption ⊕ key = message
message ⊕ encryption = key !DANGER!
29
![Page 30: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/30.jpg)
Data Encryption Standard (DES, 1974)
• Pick a secret shared key of 64 bits.
• Divide the message in blocks of 64 bits.
• Encrypting one block consists of a combination of
repeated ⊕ with parts of the key, permutations,
breaking up in subblocks, and small functions by table.
30
![Page 31: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/31.jpg)
Data Encryption Standard (DES, 1974)
• Pick a secret shared key of 64 bits.
• Divide the message in blocks of 64 bits.
• Encrypting one block consists of a combination of
repeated ⊕ with parts of the key, permutations,
breaking up in subblocks, and small functions by table.
Disadvantage: Need to agree on a key before hand...
System uses a secret shared key
31
![Page 32: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/32.jpg)
Data Encryption Standard (DES, 1974)
• Pick a secret shared key of 64 bits.
• Divide the message in blocks of 64 bits.
• Encrypting one block consists of a combination of
repeated ⊕ with parts of the key, permutations,
breaking up in subblocks, and small functions by table.
Disadvantage: Need to agree on a key before hand...
System uses a secret shared key
Problem: How do you prove a cryptography system is “secure”?
32
![Page 33: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/33.jpg)
Public Keys
English Lonapse
many
English
Lonapse
unique
English
Lonapse
33
![Page 34: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/34.jpg)
Public Keys
English Lonapse
public key
English
Lonapse
private key
English
Lonapse
34
![Page 35: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/35.jpg)
Public Keys
ME ML
ME ML
encrypting, sending,
and decrypting
a message
E2L
L2EB
A
35
![Page 36: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/36.jpg)
Public Keys
ME ML
ME ML
encrypting, sending,
and decrypting
a message
E2L
L2EB
A
English and Lonapse have same words!
36
![Page 37: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/37.jpg)
Public Keys
ME ML
ME ML
encrypting, sending,
and decrypting
a message
E2L
L2E
English and Lonapse have same words!
B
A ?ME? MNL
ME MNL
signing, sending,
and checking the signature
of a message
E2L
L2E
37
![Page 38: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/38.jpg)
Public Keys (RSA)
RSA (Rivest, Shamir, Adleman):
An n >> 0, a public key e, and a private key d,
such that xde ≡ x mod n for all x.
38
![Page 39: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/39.jpg)
Public Keys (RSA)0 < M < n
xde ≡ x mod n
M Me
M ≡ (Me)d Me
encrypting, sending,
and decrypting
a message M
B
A M?≡ (Md)e Md
M Md
signing, sending,
and checking the signature
of a message
39
![Page 40: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/40.jpg)
Public Keys (RSA)
Security of this system is based on our inability to take e-th roots.
A factorization of n allows one to compute d from e.
It is believed that finding d is as hard as factorizing n.
So breaking this system would be as hard as factorizing n.
40
![Page 41: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/41.jpg)
Public Keys (RSA)
Security of this system is based on our inability to take e-th roots.
A factorization of n allows one to compute d from e.
It is believed that finding d is as hard as factorizing n.
So breaking this system would be as hard as factorizing n.
Advantages:
compact, use in smart cards
both encryption and signing
41
![Page 42: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/42.jpg)
Public Keys (RSA)
Security of this system is based on our inability to take e-th roots.
A factorization of n allows one to compute d from e.
It is believed that finding d is as hard as factorizing n.
So breaking this system would be as hard as factorizing n.
Advantages:
compact, use in smart cards
both encryption and signing
Disadvantages:
Computationally intensive
only small messages
man-in-the-middle attack
(weakness of public keys)
42
![Page 43: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/43.jpg)
RSA only encripts small messages
For signing, you can just
sign a hash-function of
the message instead.
B
A H(M)?≡ (H(M)d)e [M, H(M)d]
M [M, H(M)d]
signing, sending,
and checking the signature
of a message
43
![Page 44: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/44.jpg)
RSA only encripts small messages
For encryption, one can use public-key systems to agree
on a shared secret key for a more efficient encryption
algorithm (like triple-DES).
A certain way of doing this is called PGP (Pretty Good Privacy)
44
![Page 45: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/45.jpg)
Public key systems and the man-in-the-middle attack
B A
45
![Page 46: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/46.jpg)
Public key systems and the man-in-the-middle attack
B A
46
![Page 47: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/47.jpg)
Public key systems and the man-in-the-middle attack
B AM
47
![Page 48: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/48.jpg)
Public key systems and the man-in-the-middle attack
B AM
48
![Page 49: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/49.jpg)
Public key systems and the man-in-the-middle attack
B AM
49
![Page 50: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/50.jpg)
Public key systems and the man-in-the-middle attack
B AM
Solution: A trusted third party
(online companies that garantee you are you
by checking your credit card info)
50
![Page 51: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/51.jpg)
Important
• Factorizing integers
51
![Page 52: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/52.jpg)
Important
• Factorizing integers
• Discrete logarithms (tomorrow)
52
![Page 53: Number Theory in Cryptographygeo2/Ronaldintrocrypto.pdf · 2008-10-12 · Number Theory in Cryptography Introduction September20,2006 UniversidaddelosAndes 1. Guessing Numbers 2](https://reader035.vdocument.in/reader035/viewer/2022062317/5edbfb3cad6a402d666672c1/html5/thumbnails/53.jpg)
Important
• Factorizing integers
• Discrete logarithms (tomorrow)
• Coffee (now)
53