Date post: | 16-Dec-2015 |
Category: |
Documents |
Upload: | mae-richards |
View: | 213 times |
Download: | 0 times |
CS363Week 3 - Friday
Last time
What did we talk about last time? AES Public key cryptography
Questions?
Assignment 1
Project 1
Security PresentationMatt Shank
Number Theory
Prime
RSA depends in large part on the difficulty of factoring large composite numbers (particularly those that are a product of only 2 primes)
Recall that an integer p is prime if p > 1 p is not divisible by any positive integers other
than 1 and itself Trivia: The largest prime currently known is
257885161 – 1 It has 17,425,170 digits in base 10
Fundamental theorem of arithmetic
Any integer greater than 1 can be factored into a unique series of prime factors: Example: 52 = 22 ∙ 13
Two integers a and b (greater than 1) are relatively prime or coprime if and only if a shares no prime factors with b
Rabin-Miller primality testing We won't get into the number theory behind this (yet) A Rabin-Miller primality test works as follows: Let n be the number you want to prove if it's prime or
not n must be odd, thus n – 1 is even (n – 1) = 2sd where s and d are positive integers and d is
odd If n is prime, then for any integer 1 < a < n, exactly one of
the two is true:▪ ad 1 (mod n) or▪ a2rd -1 (mod n), 1 ≤ r < s
Pick several a values, see if either of the two cases hold If it ever doesn't, you know you have a composite
Rabin-Miller example
What if we want to see if 221 is prime? n – 1 = 220 = 22∙55 s = 2 d = 55 Attempt 1: Let a = 174
a20·d mod n = 17455 mod 221 = 47 ≠ 1, n − 1 a21·d mod n = 174110 mod 221 = 220 = n − 1 Check!
Attempt 2: Let a = 137 a20·d mod n = 13755 mod 221 = 188 ≠ 1, n − 1 a21·d mod n = 137110 mod 221 = 205 ≠ n − 1 Oh no!
Every successful attempt means there is only a 25% chance that the number is composite
So, after k attempts, there is a 4-k chance that the number is composite
Greatest common divisor
The greatest common divisor or GCD of two numbers gives the largest factor they have in common
Example: GCD( 12, 18 ) = GCD( 42, 56 ) =
For small numbers, we can determine GCD by doing a complete factorization
Euclid's algorithm
For large numbers, we can use Euclid's algorithm to determine the GCD of two numbers
Algorithm GCD( a, b)1. If b = 0▪ Return a
2. Else▪ temp = a mod b▪ a = b▪ b = temp
3. Goto Step 1 Example: GCD( 1970, 1066)
Extended Euclid's algorithm We can extend Euclid's
algorithm to give us the multiplicative inverse for modular arithmetic
Example: Find the inverse of 120 mod 23
Let a be the number Let b be the modular
base
Find Inverse(a, b) x = 0 lastx = 1 y = 1 lasty = 0 while b ≠ 0 ▪ quotient = a div b▪ temp = b▪ b = a mod b▪ a = temp▪ temp = x▪ x = lastx-quotient*x ▪ lastx = temp▪ temp = y▪ y = lasty-quotient*y ▪ lasty = temp
Return lastx
More Number Theory!
Fermat’s Little Theorem
If p is prime and a is a positive integer not divisible by p, then:
ap –1 1 (mod p)
Proof of Fermat's Theorem Assume a is positive and less than p Consider the sequence a, 2a, 3a, …, (p – 1)a If these are taken mod p, we will get:
1, 2, 3, …, p – 1 This bit is the least obvious part of the proof However (because p is prime) if you add any non-zero
element repeatedly, you will eventually get back to the starting point, covering all values (except 0) once
Multiplying this sequence together gives: a ∙ 2a ∙ 3a ∙ … ∙ (p – 1)a 1 ∙ 2 ∙ 3 ∙ … ∙ (p – 1) (mod
p) ap – 1(p – 1)! (p – 1)! (mod p) ap – 1 1 (mod p)
Euler's in the mix too
Euler’s totient function (n) (n) = the number of positive
integers less than n and relatively prime to n (including 1)
If p is prime, then (p) = p – 1 If we have two primes p and q
(which are different), then:(pq) = (p)∙(q) = (p – 1)(q – 1)
Take that, Fermat
Euler’s Theorem:For every a and n that are relatively prime,
a(n) 1 (mod n)
This generalizes Fermat’s Theorem because (p) = p – 1 if p is prime
Proof is messier
RSA
RSA Algorithm
Named for Rivest, Shamir, and Adleman
Take a plaintext M converted to an integer
Create an ciphertext C as follows:C = Me mod n
Decrypt C back into M as follows:M = Cd mod n = (Me)d mod n = Med mod n
The pieces
Term Details Source
M Message to be encrypted Sender
C Encrypted message Computed by sender
n Modulus, n = pq Known by everyone
p Prime number Known by receiver
q Prime number Known by receiver
e Encryption exponent Known by everyone
d Decryption exponent Computed by receiver
(n) Totient of n Known by receiver
How it Works
To encrypt:C = Me mod n
e is often 3, but is always publically known
To decrypt:M = Cd mod n = Med mod n
We get d by finding the multiplicative inverse of e mod (n)
So, ed 1 (mod (n))
Why it Works
We know that ed 1 (mod (n)) This means that ed = k(n) + 1 for
some nonnegative integer kMed = Mk(n) + 1 M∙(M(n))k (mod n) By Euler’s Theorem
M(n) 1 (mod n) So, M∙(M(n))k M (mod n)
An example
M = 26p = 17, q = 11, n = 187, e = 3C = M3 mod 187 = 185 (n) = (p – 1)(q – 1) = 160d = e-1 mod 160 = 107Cd = 185107 mod 187 = 26 If you can trust my modular
arithmetic
Why it’s safe
You can’t compute the multiplicative inverse of e mod (n) unless you know what (n) is
If you know p and q, finding (n) is easy
Finding (n) is equivalent to finding p and q by factoring n
No one knows an efficient way to factor a large composite number
Upcoming
Next time…
Key management issues Cryptographic hash functions Yuki Gage presents
Reminders
Finish reading Section 2.7 and 12.3 Start reading Section 2.8 Finish Assignment 1
Due tonight by midnight