number theory modern cryptographycarbunar/teaching/cnt...cnt-4403: 2.april.2015 1 week 12 number...
TRANSCRIPT
CNT-4403: 2.April.2015 1
Week 12
Number Theory
&
Modern Cryptography
Stallings: Ch 4, 8, 9, 10
CNT-4403: 2.April.2015 2
Increasing importance in cryptography
Public Key Crypto and Signatures
Concern operations on “numbers”
Introduction
CNT-4403: 2.April.2015 3
Basic Number Theory
Modern Cryptography: Public Key Cryptosystems
Today’s Class
CNT-4403: 2.April.2015 4
Divisors
A non-zero number b divides a if For some m, a=mb (a,b,m all integers)
b divides into a with no remainder
Denote this b|a
b is a divisor of a
Example What are the divisors of 24 ?
1, 2, 3, 4, 6, 8, 12, 24
Other examples 13 | 182; –5 | 30; 17 | 289; 17 | 0
CNT-4403: 2.April.2015 5
Properties of Divisibility
1. If a|1, then a = ±1
2. If a|b and b|a, then a = ±b
3. Any b != 0 divides 0
4. If a | b and b | c, then a | c
Example: 11 | 66 and 66 | 198 → 11 | 198
5. If b|g and b|h, then b|(mg + nh) for arbitrary m and n
Example
b = 7; g = 14; h = 21; m = 3; n = 2
7|14 and 7|21 → 7|84
CNT-4403: 2.April.2015 6
Division Algorithm
If divide a by n get integer quotient q and integer remainder r such that:
a = qn + r where 0 <= r < n; q = floor(a/n)
Remainder r often referred to as a residue
CNT-4403: 2.April.2015 7
Greatest Common Divisor (GCD)
A common problem in number theory
GCD (a,b) of a and b
The largest integer that divides evenly into both a and b
Example: GCD(60,24) = 12
Define gcd(0, 0) = 0
Relative primality
No common factors: GCD(a,b) = 1
Example: GCD(8,15) = 1 : 8 & 15 are relatively prime
CNT-4403: 2.April.2015 8
Efficient way to find the GCD(a,b)
Theorem: GCD(a,b) = GCD(b, a mod b)
Euclidean Algorithm to compute GCD(a,b):
Euclid(a,b){
if (b=0) then return a;
else return Euclid(b, a mod b);
}
Euclidean Algorithm
CNT-4403: 2.April.2015 9
1970 = 1 x 1066 + 904 → gcd(1066, 904) 1066 = 1 x 904 + 162 → gcd(904, 162) 904 = 5 x 162 + 94 → gcd(162, 94) 162 = 1 x 94 + 68 → gcd(94, 68) 94 = 1 x 68 + 26 → gcd(68, 26) 68 = 2 x 26 + 16 → gcd(26, 16) 26 = 1 x 16 + 10 → gcd(16, 10) 16 = 1 x 10 + 6 → gcd(10, 6) 10 = 1 x 6 + 4 → gcd(6, 4) 6 = 1 x 4 + 2 → gcd(4, 2) 4 = 2 x 2 + 0 → gcd(2, 0) = 2
Example: GCD(1970,1066)
CNT-4403: 2.April.2015 10
Modulo operator a mod n: Remainder when a is divided by n
Integer n is called the modulus
b is called a residue of a mod n if a = qn + b
Smallest positive remainder as residue: 0 <= b <= n-1
Modulo reduction: eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7
Congruence a ≡ b a mod n = b mod n
When divided by n, a & b have same remainder
Example: 100 ≡ 34 (mod 11)
Modular Arithmetic
CNT-4403: 2.April.2015 11
Perform arithmetic with residues
Use a finite number of values
Zn = {0, 1, . . . , (n – 1)}
Modular arithmetic
Addition & multiplication then
Modulo reduce answer
Reduction can be done at any point
a+b mod n = [a mod n + b mod n] mod n
Modular Arithmetic Operations
CNT-4403: 2.April.2015 12
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
2. [(a mod n) – (b mod n)] mod n = (a – b) mod n
3. [(a mod n) x (b mod n)] mod n = (a x b) mod n
Examples:
[(11 mod 8) + (15 mod 8)] mod 8 = (3+7) mod 8 = 2 =(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = (3-7) mod 8 = 4 = (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = (3 x 7) mod 8 = 5 = (11 x 15) mod 8 = 165 mod 8 = 5
Modular Operations (cont’d)
CNT-4403: 2.April.2015 13
Modular Arithmetic Properties
CNT-4403: 2.April.2015 14
Set of integers
{0,1, … , p-1}
With arithmetic operations modulo prime p
Form a finite field
Have multiplicative inverses
Find inverse with Extended Euclidean algorithm
Arithmetic is well-behaved can do
Addition, subtraction
Multiplication, and division
With closure: within the field GF(p)
Galois Field: GF(p)
CNT-4403: 2.April.2015 15
Basic Number Theory
Modern Cryptography: Public Key Cryptosystems
RSA
Today’s Class
CNT-4403: 2.April.2015 16
Most significant advance in the 3000 year history of cryptography !
Uses two keys – a public and a private key
Asymmetric: parties are not equal
Public Key Cryptosystems (PKC)
Public invention Whitfield Diffie & Martin Hellman at Stanford University in
1976
Known earlier in classified community
CNT-4403: 2.April.2015 17
Addresses two key issues:
Key distribution – how to have secure communications in general without having to trust a KDC with your key
Digital signatures – how to verify a message comes intact from the claimed sender
Why Public Key ?
CNT-4403: 2.April.2015 18
PKC in a Nutshell
Plaintext
Encryption
Algorithm
Encryption Key Decryption Key
Plaintext
Decryption
Algorithm
CNT-4403: 2.April.2015 19
PKC in Real Life!
Alice
Bob
Malory
C= Encrypt(pubKeyB, M) 1
pubKeyB - public
privKeyB - private
pubKeyB - public
Cannot Infer privKeyB
from pubKeyB !
Intercept C 2
Cannot Obtain M !
M= Decrypt(privKeyB, C)
Has message M
CNT-4403: 2.April.2015 20
ap-1 = 1 (mod p)
p is prime and gcd(a,p)=1
Known as Fermat’s Little Theorem
Note: ap = a (mod p)
Fermat’s Theorem
CNT-4403: 2.April.2015 21
Arithmetic modulo n
Complete set of residues is: 0..n-1
Euler Totient Function ø(n):
Number of residues that are relatively prime to n
n prime ø(p)=p-1
n = p x q (p,q prime) ø(p.q)=(p-1)x(q-1)
Example:
ø(37) = 36
ø(21) = (3–1) x (7–1) = 2 x 6 = 12
Euler’s Totient: ø(n)
CNT-4403: 2.April.2015 22
Generalisation of Fermat's Theorem
aø(n) = 1 (mod n) for any a,n where gcd(a,n)=1
Example:
a=3; n=10; ø(10)=4;
Hence 34 = 81 = 1 mod 10
Note: aø(n)+1 = a (mod n)
Euler’s Theorem
CNT-4403: 2.April.2015 23
Rivest, Shamir & Adleman - MIT in 1977
Equivalent introduced by Clifford Cocks (UK intelligence agency GCHQ) in 1973 Classified top secret until 1998
Best known & widely used public-key scheme Uses large integers (eg. 1024, 2048 bits) Security due to cost of factoring large numbers
RSA
CNT-4403: 2.April.2015 24
Select two large primes at random: p, q
Compute modulus n = p x q
ø(n)=(p-1) x (q-1)
Select at random the encryption key e
where 1<e<ø(n), gcd(e,ø(n))=1
Solve following equation to find decryption key d
e x d=1 mod ø(n) and 0≤d≤n
Publish public encryption key: pubKey = {e,n}
Keep secret private decryption key: privKey = {d,p,q}
RSA Key Setup
CNT-4403: 2.April.2015 25
Given message M
Given public encryption key: pubKey = {e,n}
Compute ciphertext:
C = Me mod n
RSA Encryption
CNT-4403: 2.April.2015 26
Given cyphertext C
Given private decryption key: privKey = {d,p,q}
Compute plaintext
M = Cd mod n
RSA Decryption
CNT-4403: 2.April.2015 27
RSA Key Setup
Bob
privKeyB = {d,p,q}
pubKeyB = {e,n}
Alice
Cannot Infer privKeyB
from pubKeyB !
n = p x q
pubKeyB = {e,n}
Cannot get d given e and n
Need p and q !
CNT-4403: 2.April.2015 28
RSA Encryption and Decryption
Bob
privKeyB = {d,p,q}
pubKeyB = {e,n}
Alice
n = p x q
pubKeyB = {e,n}
C= Me mod n 1
Has message M (<n !)
M = Cd mod n
Malory
Intercept C 2
Cannot obtain M
from Me mod n !
CNT-4403: 2.April.2015 29
1. Select primes: p=17 and q=11
2. Calculate n = pq =17 x 11=187
3. Calculate ø(n)=(p–1)x(q-1)=16x10=160
4. Select e, gcd(e,160)=1 e=7
5. Determine d
de=1 mod 160 and d < 160 d=23
since 23 * 7=161= 10 * 160+1
6. Publish public key pubKey = {7,187}
7. Keep secret private key privKey = {23,187}
RSA Example: Key Setup
CNT-4403: 2.April.2015 30
Message M = 88
M < n: 88<187
Encryption:
C = 887 mod 187 = 11
Decryption:
M = 1123 mod 187 = 88
RSA Example: Encryption/Decryption