# Elements of Applied Cryptography Public key encryption

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers

2 Asymmetric Encryption Scheme Let us consider two families of algorithms representing invertible transformations: such that: { e } { } Encryption transformations : E : e K, E : M C Decryption transformations : D : d K, D : C M d e d I. e K, a unique d K, such that D d is the inverse of E e II. m M, c C, E e (m) and D d (c) are easy to compute III. Known e K and c C, it is computationally infeasible to find the message m M such that E e (m) = c IV. Known e K, it is computationally infeasible to determine the corresponding key d 2

3 Public key encryption Because of properties III and IV, decryption key d MUST be kept secret encryption key e CAN be made public without compromising the security of the decryption key 3

4 2-party comm with asymmetric encryption Alice e key source unsecure channel Bob d D d (m) unsecure channel c E e (c) m adversary m The encryption key e can be sent on the same channel on which the ciphertext c is being transmitted It is necessary to authenticate public keys to achieve data origin authentication of the public keys themselves 4

5 Objectives of adversary Types of attack break the system: recover plaintext from ciphertext completely break the system: recover the key Types of attacks No asymmetric cipher is perfect Since the encryption keys are public knowledge, a passive adversary can always mount a chosen-plaintext attack A stronger attack is a chosen-ciphertext attack where an active adversary selects ciphertext of its choice, and then obtains by some means (from the victim) the corresponding plain-tex 5

6 A case study THE RSA CRYPTOSYSTEM 6

7 Key generation Rivest Shamir Adleman (1978) 1. Generate two large, distinct primes p, q ( decimal digits) 2. Compute n = p q and φ = (p-1) (q-1) 3. Select a random number 1 < e < φ such that gcd(e, φ) = 1 4. Compute the unique integer 1 < d < φ such that ed 1 mod φ 5. (d, n) is the private key 6. (e, n) is the public key At the end of key generation, p and q must be destroyed 7

8 RSA encryption and decryption Encryption. To generate c from m, Bob should do the following 1. Obtain A's authentic public key (n, e) 2. Represent the message as an integer m in the interval [0, n-1] (0 m < n) 3. Compute c =m e mod n 4. Send c to A Decryption. To recover m from c, Alice should do the following 1. Use the private key d to recover m = c d mod n 8

9 Example with artificially small numbers Key generation Let p = 47 e q = 71 n = p q = 3337 φ= (p-1) (q-1)= = 3220 Let e = 79 ed 1 mod φ(n) 79 d 1 mod 3220 d = 1019 Encryption Let m = Divide m into blocks m i < n m 1 = 966; m 2 = 668; m 3 = 3 Compute c 1 = mod 3337 = 2276 c 2 = mod 3337 = 2423 c 3 = 3 79 mod 3337 = 158 c = c 1 c 2 c 3 = Decryption m 1 = mod 3337 = 966 m 2 = mod 3337 = 668 m 3 = mod 3337 = 3 m =

10 How to encrypt/decrypt efficiently Let a and b be two k-bit integers a + b can be done in time O(k) a b can be done in O(k 2 ) Let c be an (at most) 2k-bit integer c mod a can be done in O(k 2 ) Let d be a k-bit integer a b mod d can be done in O(k 2 ) 10

11 How to encrypt/decrypt efficiently Let a and b be two k-bit integers Addition a + b can be done in time O(k) Subtraction a b can be can be done in time O(k) Multiplication a b can be done in O(k 2 ) Division a = q b + r can be done in time O(k 2 ) 11

12 How to encrypt/decrypt efficiently Bit complexity of basic operations in Z n Operation Bit complexity Modular Addition (a + b) mod n O(log n) Modular Subtraction (a b) mod n O(log n) Modular Multiplication (a b) mod n O((log n) 2 ) Modular inversion a -1 mod n O((log n) 2 ) Modular exponentiation a k mod n, k < n O((log n) 3 ) 12

13 How to encrypt/decrypt efficiently RSA requires modular exponentiation c d mod n Let n have k bits in its binary representation, k = log n + 1 Grade-school algorithm requires (d-1) modular multiplications d is as large as φ which is exponentially large with respect to k The grade-school algorithm is inefficient Square-and-multiply algorithm requires 2r modular multiplications where r is the number of bits in the binary representation of d As r k then the algorithm can be done in O(k 3 ) 13

14 How to encrypt and decrypt efficiently Exponentiation by repeated squaring and multiplication: m e mod n requires at most 2log 2 (e) multiplications and 2log 2 (e) divisions Let e k-1, e k-2,, e 2, e 1, e 0, where k = log 2 e, the binary representation of e k 1 k 2 2 e ( ek ek L + e2 2 + e1 2+ e0 ) m modn = m modn k 1 k 2 2 k 1 k e 2 e 2 e 2 e 2 e0 m m L m m m modn ( L ) e 2 e 2 e 2 e k 2 k 3 k 1 k e0 m m m m m modn k 3 k 4 2 ek 1 ek 2 e2 e1 e0 m m m m m modn ( L ) e 1 e 2 e2 e1 e0 m m L m m m modn ( 2 ( ) ) k k c 1 for (i = k-1; i >= 0; i --) { c c 2 mod n; if (e i == 1) c c m mod n; } always k square operations at most k modular multiplications (equal to the number of 1 in the binary representation of e) 14

15 How to find a large prime repeat b randomodd(); until isprime(b); On average (log x)/2 odd numbers must be tested before a prime b < x can be found Primality tests do not try to factor the number under test probabilistic primality test (Solovay-Strassen, Miller-Rabin) polynomial in log n true primality test (O(n 12 ) in 2002)) Given e, d can be computed efficiently by means of the extended Euclid algorithm It follows that keys can be generated efficiently (polytime) 15

16 Factoring FACTORING. Given n > 0, find its prime factorization; that is, write e1 e2 e n = p1 p2 L p k k where p i are pairwise distinct primes and each e i 1, Primality testing vs. factoring. Deciding whether an integer is composite or prime seems to be, in general, much easier than the factoring problem Factoring algorithms Brute force Special purpose General purpose Elliptic Curve Factoring on Quantum Computer (for the moment only a theorethical construct) 16

17 Factoring algorithms Brute Force Unfeasible if n large and p = q General purpose the running times depend solely on the size of n Quadratic sieve General number field sieve Special purpose the running times depend on certain properties of n (lead to the introduction of strong primes) Trial division Pollard's rho algorithm Pollard's p - 1 algorithm Elliptic curve algorithm 17

18 Running times Trial division: O( n) Quadratic sieve: ( ( ( ) ( ))) ln n lnln n Oe General number field sieve: O e ln lnln ( n) ( ( n) ) 2 18

19 The RSA Problem (RSAP) Security of RSA DEFINITION. The RSA Problem (RSAP): recovering plaintext m from ciphertext c, given the public information (n, e) FACT. RSAP P FACTORING FACTORING is at least as difficult as RSAP or, equivalently, RSAP is not harder than FACTORING It is widely believed that the RSA and the integer factorization problems are computationally equivalent, although no proof of this is known. 19

20 Security of RSA RSAP from yet another viewpoint A possible way to decrypt c = m e mod n is to compute the e-th root of c Computing the e-th root is a computationally easy problem iff n is prime If n is not prime the problem of computing the e-th root is equivalent to factoring 20

21 Security of RSA Relationship between Factoring and totally breaking RSA A possible way to completely break RSA is to discover Φ(n) Computing Φ(n) is computationally equivalent to factoring n Given p and q, s.t. n =pq, computing Φ(n) is immediate. Let Φ(n) be given. From Φ(n) = (p-1)(q-1) = n (p+q) + 1, determine x 1 = (p+q). From (p q) 2 = (p + q) 2 4n, determine x 2 = (p q). Finally, p = (x1 + x2)/2 and q = (x1 x2)/2. 21

22 Security of RSA A possible way to completely break RSA is an exhaustive attack to the private key d This attack could be more difficult than factoring because, according to the choice for e, d can be much greater than p and q. 22

23 Security of RSA: relation to factoring The problem of computing the RSA decryption exponent d from the public key (n, e) and the problem of factoring n are computationally equivalent If the adversary could somehow factor n, then he could subsequently compute the private key d efficiently If the adversary could somehow compute d, then it could subsequently factor n efficiently 23

24 RSA in practice RSA is substantially slower than symmetric encryption RSA is used for the transport of symmetric-keys and for the encryption of small quantities Recommended size of the modulus 512 bit: marginal security 768 bit: recommended 1024 bit: long-term security 24

25 RSA in practice Selecting primes p and q p and q should be selected so that factoring n = pq is computationally infeasible, therefore p and q should be sufficiently large and about the same bitlenght (to avoid the elliptic curve factoring algorithm) p - q should be not too small 25

26 RSA in practice Exponent e should be small or with a small number of 1's e = 3 [1 modular multiplication + 1 modular squaring] subject to small encryption exponent attack e = (Fermat's number) [1 modular multiplication + 16 modular squarings] resistant to small encryption exponent attacks Decryption exponent d should be roughly the same size as n Otherwise, if d is small, it could be possible to obtain d from the public information (n, e) or from a brute force attack 26

27 RSA: low exponent attack c 1 (n 1, 3) c i = m 3 mod n i c 2 c 3 x c mod n x c mod n x c mod n (n 2, 3) (n 3, 3) If n 1, n 2 ed n 3 are pairwise coprime, use CRT to find x = m 3 mod n 1 n 2 n 3 As m < n i by RSA encryption definition then m 3 < n 1 n 2 n 3, then x = m 3 Thus an eavesdropper recovers m by computing the integer cube root of x (non modular!) 27

28 Common modulus attack n Mr Lou Cipher can efficiently factor n from d 5 and then compute all d i (n, e 1 ) (n, e 2 ) (n, e 3 ) (n, e 4 ) (n, e 5 ) 28

29 Chosen-plaintext attack (small message) A, c auctioneer s public key = (n, e) The adversary encrypts all possible bids (2 32 ) until he finds an offer Θ such that E e (Θ) c Thus, the adversary sends a bid containing the minimal offer to win the auction: Θ = Θ + 1 Salting is a solution 29

30 Adaptive chosen-ciphertext attack A chosen-ciphertext attack is one where the adversary selects the ciphertext and is then given the corresponding plaintext. One way to mount such an attack is for the adversary to gain access to the equipment used for decryption (but not the decryption key, which may be securely embedded in the equipment). The objective is then to be able, without access to such equipment, to deduce the plaintext from (different) ciphertext. An adaptive chosen-ciphertext attack is a chosenciphertext attack where the choice of ciphertext may depend on the plaintext received from previous requests 30

31 Homomorphic property of RSA Let m 1 and m 2 two plaintext messages Let c 1 and c 2 their respective encryptions Observe that e e e m1m 2 m1 m2 c mod 1c 2 n ( ) ( ) In other words, the ciphertext of m 1 m 2 is c 1 c 2 mod n 31

32 An adaptive chosen-ciphertext attack based on the homomorphic property of RSA c Bob decrypts ciphertext except a given ciphertext c Mr Lou Cipher wants to determine the ciphertext corresponding to c Mr Lou Cipher selects x, gcd(x, n) =1, at random and sends e Bob the quantity c = cx mod n d d ed Bob decrypts it, producing m = ( c ) = c x = mx( mod n) Mr Lou Cipher determine m by computing m = mx 1 mod n The attack can be contrasted by imposing structural constraints on m 32

33 Hybrid systems An asymmetric cipher is subject to the chosen-plaintex attack An asymmetric cipher is three orders of magnitude slower than a symmetric cipher therefore An asymmetric cipher is often used in conjunction with a symmetric one so producing an hybrid system 33

34 Hybrid systems Alice confidentially sends Bob a file F E K, E F B ( ) ( ) e ab K ab File F is encrypted with a symmetric cipher Session key is encrypted with an asymmetric cipher Alice needs an authentic copy of Bob s public key 34

35 Other asymmetric cryptosystems Discrete Logarithm Systems Let p be a prime, q a prime divisor of p 1 and g [1, p 1] has order q Let x be the private key selected at random from [1, q 1] Let y be the corresponding public key y = g x mod p Discrete Logarithm Problem (DLP) Given (p, q, g) and y, determine x 35

36 ElGamal encryption scheme Encryption select k randomly c1 = g k mod p, c 2 = m y k mod p send (c 1, c 2 ) to recipient Decryption c 1 x = g kx mod p = y k mod p m = c 2 y k mod p Security An adversary needs y k mod p. The task of calculating y k mod p from (g, p, q) and y is equivalent to DHP and thus based on DLP in apple p 36

37 ElGamal in practice Prime p and generator g can be common system-wide Prime p size 512-bit: marginal 768-bit: recommended 1024-bit or larger: long-term Efficiency Encryption requires two modular exponentiations Message expansion by a factor of 2 Security Different random integers k must be used for different messages 37

38 Ellyptic Curve Cryptography Let p and F p Let E be an elliptic curve defined by y 2 = x 3 + ax + b (mod p) where a, b F p and 4a 3 +27b 2 0 Example. E: y 2 = x 3 + 2x + 4 (mod p) The set of points E(F p ) with point at infinity forms an additive abelian group 38

39 Elliptic curves Cryptography in WSN Public Key Cryptography Geometrical approach Gianluca Dini (Univ. of Pisa) Gianluca Dini Security in WSN 39

40 Elliptic Cryptography (ECC) Algebric Approach Elliptic curves defined on finite field define an Abelian finite field Elliptic curve discrete logarithm problem Given points G and Q such that Q=kG, find the integer k No sub-exponential algorithm to solve it is known ECC keys are smaller than RSA ones Gianluca Dini Gianluca Dini (Univ. of Pisa) Security in WSN December 20,

41 Ellyptic Curve Cryptography Let P have order n then the cyclic subgroup generated by P is. P, 2P,, (n 1)P p, E, P and n are the public parameters Private key d is selected at random in [1, n 1] Public key is Q =dp 41

42 Ellyptic Curve Cryptography Encryption A message m is represented as a point M C 1 = kp; C 2 = M + kq send (C 1 ; C 2 ) to recipient Decryption dc 1 = d(kp) = kq M = C 2 dc 1 Security The task of computing kq from the domain parameters, Q, and C 1 =kp, is the ECDHP 42

43 Comparison among crypto-systems DL parameter q EC parameter n RSA modulus n DL modulus p 80 (SKIPJACK) 112 (3DES) Security level (bits) 128 (AES small) 192 (AES medium) 256 (AES large) Private key operations are more efficient in EC than in DL or RSA Public key operations are more efficient in RSA than EC or DL if small exponent e is selected for RSA 43

### Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

### Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Primality Testing and Factorization Methods

Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,

### Communications security

University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm

### Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Public-key cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions

### An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

### CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

### Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

### 9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

### Public-key cryptography RSA

Public-key cryptography RSA NGUYEN Tuong Lan LIU Yi Master Informatique University Lyon 1 Objective: Our goal in the study is to understand the algorithm RSA, some existence attacks and implement in Java.

### On Factoring Integers and Evaluating Discrete Logarithms

On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

### IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE Mrs. Megha Kolhekar Assistant Professor, Department of Electronics and Telecommunication Engineering Fr. C. Rodrigues Institute of Technology,

### Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

### RSA and Primality Testing

and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

### Lecture 3: One-Way Encryption, RSA Example

ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### CRC Press has granted the following specific permissions for the electronic version of this book:

This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has

### Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

### Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

### EXAM questions for the course TTM4135 - Information Security June 2010. Part 1

EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

### CS549: Cryptography and Network Security

CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

### The RSA Algorithm. Evgeny Milanov. 3 June 2009

The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau

### Lecture 6 - Cryptography

Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

### Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

### Cryptography and Network Security Chapter 8

Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

### An Introduction to the RSA Encryption Method

April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems

### Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

### Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique

### Factoring. Factoring 1

Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like

### Security and Authentication Primer

Security and Authentication Primer Manfred Jantscher and Peter H. Cole Auto-ID Labs White Paper WP-HARDWARE-025 Mr. Manfred Jantscher Visiting Master Student, School of Electrical and Electronics Engineering,

### Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

### Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures

Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工

### Factoring & Primality

Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

### Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

### Public Key Cryptography Overview

Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### Computer and Network Security

MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

### FACTORING. n = 2 25 + 1. fall in the arithmetic sequence

FACTORING The claim that factorization is harder than primality testing (or primality certification) is not currently substantiated rigorously. As some sort of backward evidence that factoring is hard,

### Massachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.

Massachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest Quiz 1 1. This quiz is intended to provide a fair measure of your understanding

### Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Primality - Factorization

Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

### Module: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security

CSE543 - Introduction to Computer and Network Security Module: Applied Cryptography Professor Patrick McDaniel Fall 2010 Page 1 Key Distribution/Agreement Key Distribution is the process where we assign

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,

### Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

### Digital signatures. Informal properties

Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.

### Public-Key Cryptanalysis

To appear in Recent Trends in Cryptography, I. Luengo (Ed.), Contemporary Mathematics series, AMS-RSME, 2008. Public-Key Cryptanalysis Phong Q. Nguyen Abstract. In 1976, Diffie and Hellman introduced the

### Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

### Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier http://asecuritysite.com @billatnapier Introduction. Encryption: Public/Private Key. Key Exchange. Authentication.

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

### Communications security

University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm

### Lecture 13: Factoring Integers

CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

### The Mathematics of RSA

The Mathematics of RSA Dimitri Papaioannou May 24, 2007 1 Introduction Cryptographic systems come in two flavors. Symmetric or Private key encryption and Asymmetric or Public key encryption. Strictly speaking,

### Public-Key Cryptanalysis 1: Introduction and Factoring

Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto