Exercise 1 Perfect Secrecy

Similar documents
CIS 5371 Cryptography. 8. Encryption --

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Public Key Cryptography: RSA and Lots of Number Theory

The application of prime numbers to RSA encryption

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Elements of Applied Cryptography Public key encryption

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

Advanced Cryptography

Factoring Algorithms

Factoring. Factoring 1

Overview of Public-Key Cryptography

Chapter 2 Homework 2-5, 7, 9-11, 13-18, 24. (9x + 2)(mod 26) y 1 1 (x 2)(mod 26) 3(x 2)(mod 26) U : y 1 = 3(20 2)(mod 26) 54(mod 26) 2(mod 26) c

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Cryptography and Network Security

Cryptography and Network Security Chapter 9

Notes on Network Security Prof. Hemant K. Soni

Some practice problems for midterm 2

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

CSCE 465 Computer & Network Security

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Factoring Algorithms

Introduction to Hill cipher

Basic Algorithms In Computer Algebra

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

An Introduction to the RSA Encryption Method

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

RSA and Primality Testing

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Software Tool for Implementing RSA Algorithm

A SOFTWARE COMPARISON OF RSA AND ECC

Cryptography and Network Security

Public Key Cryptography and RSA. Review: Number Theory Basics

Lecture 13 - Basic Number Theory.

The Mathematics of the RSA Public-Key Cryptosystem

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

How To Know If A Message Is From A Person Or A Machine

Computing exponents modulo a number: Repeated squaring

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

EXAM questions for the course TTM Information Security June Part 1

CS 758: Cryptography / Network Security

Symmetric Key cryptosystem

Public-key cryptography RSA

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Digital Signatures. Prof. Zeph Grunschlag

Number Theory and Cryptography using PARI/GP

Cryptography Exercises

RSA Encryption. Tom Davis October 10, 2003

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

Public Key (asymmetric) Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography

Introduction to Cryptography CS 355

Applications of Fermat s Little Theorem and Congruences

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Computer Security: Principles and Practice

An Overview of Integer Factoring Algorithms. The Problem

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Communications security

Massachusetts Institute of Technology Handout : Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.

Chapter. Number Theory and Cryptography. Contents

On Generalized Fermat Numbers 3 2n +1

Study of algorithms for factoring integers and computing discrete logarithms

Integer Factorization using the Quadratic Sieve

Lecture 3: One-Way Encryption, RSA Example

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

Public-Key Cryptanalysis 1: Introduction and Factoring

Crittografia e sicurezza delle reti. Digital signatures- DSA

Cryptography and Network Security Chapter 10

Solutions to Problem Set 1

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Notes on Factoring. MA 206 Kurt Bryan

Lecture 6 - Cryptography

Primality - Factorization

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

CS Computer Security Third topic: Crypto Support Sys

Cryptography: RSA and Factoring; Digital Signatures; Ssh

Digital Signature. Raj Jain. Washington University in St. Louis

Number Theory and the RSA Public Key Cryptosystem

CRYPTOGRAPHY IN NETWORK SECURITY

Network Security. Omer Rana

Security in Distributed Systems. Network Security

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Shor s algorithm and secret sharing

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

SOLUTIONS FOR PROBLEM SET 2

Cryptography: Authentication, Blind Signatures, and Digital Cash

CS549: Cryptography and Network Security

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

Public Key Cryptography. Performance Comparison and Benchmarking

Transcription:

Exercise 1 Perfect Secrecy Let us consider the following cryptosystem P = {a, b, c}; Pr(a) = 1/2; Pr(b) = 1/3; Pr(c) = 1/6 K = {k1, k2, k3}; Pr(k1) = Pr(k2) = Pr(k2) = 1/3; P=Plaintext C=Ciphertext K=Key Encryption Matrix C = {1, 2, 3, 4}; a b c k1 1 2 3 k2 2 3 4 k3 3 4 1 2

Exercise 1 Perfect Secrecy Compute the probability distribution of the ciphertext Compute the Conditional probability distribution on the Plaintext, given that a certain ciphertext has been observed (using Bayes) [ x y] Pr = Pr [ y x] Pr[ x] Pr[ y] DOES THIS CRYPTOSYSTEM HAVE PERFECT SECRECY? 3

Exercise 1 - Solution P(1)=2/9, P(2)=5/18, P(3)=1/3, P(4)=1/6 P(a 1)=3/4 P(b 1)=0 P(c 1)=1/4 P(a 2)=3/5 P(b 2)=2/5 P(c 2)=0 P(a 3)=1/2 P(b 3)=1/3 P(c 3)=1/6 P(a 4)=0 P(b 4)=2/3 P(c 4)=1/3

Exercise 2 Affine Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Encrypt the plaintext howareyou using the affine function: e(x) = 5x+7 mod 26 Find the decryption function d(y) Check that it works by decyphering what you obtained In practical situations, the «invmodn» function found here can be used http://www2.math.umd.edu/~lcw/matlabcode/

Exercise 2 - Solution Changing the plaintext to numbers yields 7, 14, 22, 0, 17, 4, 24, 14, 20. Applying 5x+7 to each yields 5 7+7 = 42 16 (mod 26), 5 14+7 = 77 25 Changing back to letters yields QZNHOBXZD as the ciphertext. y= 5x+7 mod26, x=5-1 (y-7) mod26 x=21y+9 mod26 Note that 5*21=105=1 mod 26

Exercise3 Key spaceof Affine Ciphers Suppose weuse an affine cipher modulo 26. How many keys are possible? What if we work modulo 27? What if we work modulo 29?

Exercise3 -Solution For an affine cipher mx + n (mod 26), we must have gcd(26,m) = 1, and we can always take 1 n 26. φ(26)= φ(2*13)=(2-1)*(13-1)= 12, hence we have 12*26=312 possible keys. For an affine cipher mx + n (mod 27), we must have gcd(27,m) = 1, and we can always take 1 n 27. φ(27)=φ(3 3 )=3 3-3 2 =27-9 = 18 All 27 values of n are possible So we have 18 27 = 486 keys. When we work mod 29, all values 1 m 28 are allowed, φ(29)=29-1=28, so we have 28 29 = 812 keys.

Exercise4 Shift Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Caesar wants to arrange a secret meeting with Marc Antony, eitherat the Tiber (the river) or at the Coliseum (the arena). He sends the ciphertext EVIRE. However, Marc Antony does not know the key, so he tries all possibilities. Where will he meet Caesar?

Exercise4 -Solution Among the shifts of EVIRE, there are two words: arena and river. Therefore, Marc Anthony cannot determine where to meet Caesar!

Exercise1 -RSA Let us consideran RSA Public Key Crypto System Alice selects 2 prime numbers: p=5, q=11 Compute n, and Φ(n) Alice selects her public exponent e = 3 Is this choice for e valid here? Is this choice always valid? Compute d, the private exponent of Alice In practical situations, the «invmodn» function found here can be used http://www2.math.umd.edu/~lcw/matlabcode/

Exercise2 -RSA Nowyouwantto send message M=4 to Alice Encrypt your plaintext M using Alice public exponent/ What is the resulting ciphertext C? Now Alice receives C Verify that Alice can obtain M from C, using her private decryption exponent Hint: use square and multiply

Exercise2 -Solution n=pq=55 Φ(n) = (p-1)(q-1)=4x10=40 Gcd(3,40)=1, e=3 is a valid choice (note that 3 is a prime number) Alice private exponent d: de=1 mod Φ(n), hence 3d=1 mod 40 d=27 since 3*27=81 = 1 mod 40 You send: C = M e mod n = 4 3 mod 55 = 64 mod 55 = 9 Alice receives C and computes C d mod n = 9 27 mod 55=4

Exercise2 -Solution Let us compute 9 27 mod55 x=9, n=55, c=27 = 11011 (binary form) i c i z 4 1 1 2 X 9=9 3 1 9 2 X 9=729 mod 55 = 14 2 0 14 2 =31 1 1 31 2 X 9=14 0 1 14 2 X 9=4

Exercise3 Alice uses the RSA Crypto System to receive messages from Bob. She chooses p=13, q=23 her public exponent e=35 Alice published the product n=pq=299 and e=35. Check that e=35 is a valid exponent for the RSA algorithm Compute d, the private exponent of Alice Bob wants to send to Alice the (encrypted) plaintext P=15. What does he send to Alice? Verify she can decrypt this message

Exercise3 -Solution First of all, Φ(n) = (p-1)(q-1)=264 To be valid, gcd(e, Φ(n)) must be = 1 Gcd(35,264)=1, indeed since 35=5*7 and 264=2 3 *3*11 The private exponent d = e -1 modφ(n) = 35-1 mod264 d=83 2 3 d = 35 Φ(264) 1 = 35 Φ(8) Φ(3) Φ(11) 1 = 35 4*2*10 1 = 35 79 mod264= 83 i c i z 6 1 1 2 X 35=35 5 0 35 2 =169 4 0 169 2 =49 3 1 49 2 X 35=83 2 1 83 2 X 35=83 1 1 83 2 X 35=83 0 1 83 2 X 35=83

Exercise3 -Solution So, C=P e mod n = 15 35 mod299 = 189 And P= C d mod n = 189 83 mod299 = 15

Exercise4 Digital Signature withrsa Alice publishes the following data n = pq= 221 and e = 13. Bob receivesthe message P = 65 and the corresponding digital signature S = 182. Verify the signature

Exercise4 Solution The signatureisvalide if P = S e modn. In ourcase: S e mod n = 182 13 mod 221 = 65, which is valid

Attacks against RSA 20

Math-Based Key Recovery Attacks Three possible approaches: 1. Factor n = pq 2. Determine Φ(n) 3. Find the private key d directly All the above are equivalent to factoring n 21

Knowing Φ(n) Implies Factorization If a cryptanalyst can learn the value of Φ(n), then he can factor n and break the system. In other words, computing Φ(n) is no easier than factoring n In fact, knowing both n and Φ(n), one knows n = pq Φ(n) = (p-1)(q-1) = pq p q + 1 = n p n/p + 1 pφ(n) = np p 2 n + p p 2 np + Φ(n)p p + n = 0 p 2 (n Φ(n) + 1) p + n = 0 There are two solutions of p in the above equation. Both p and q are solutions. 22

Exercise1 -Factorization Alice set us an RSA cryptosystem. Unfortunately, the cryptalysthaslearnedthat n = 493 and Φ(n) = 448. Find out the two factors of n. Supposing the public exponent of Alice is e=3, find her private exponent d. 23

Exercise1 -Solution Find out the two factors of n. p 2 (493 448 + 1) p + 493 = 0 p 2 46 p + 493 = 0 Two roots are p=17, q=29 Supposing the public exponent of Alice is e=3, find her private exponent d. d=3-1 mod Φ(n)=3-1 mod 448=299 d can be easily computed as 3 Φ(448) 1 mod 448 = 3 191 mod 448 =299 (square & multiply) 24

Factoring Large Numbers RSA-640 bits, Factored Nov. 2 2005 RSA-200 (663 bits) factored in May 2005 RSA-768 has 232 decimal digits and was factored on December 12, 2009, latest. Three most effective algorithms are quadratic sieve elliptic curve factoring algorithm number field sieve 25

Fermat Factorization: example Let us suppose Alice publishes the following information (her public key): n=6557, e=131 If we assume p > q, we can always write: = = - 2 2 An odd integer is the difference of 2 squares Fermat factorization is efficient if p q. In this case we have 0 26

Exercise 2 -Fermat Factorization Let us try, in order, all integernumbersy>, calculatingeachtime: = - Wego on until isa perfectsquare In ourexampley> = 80.9 Let us try y=81. In this case we have =6561-6557= 4 In fact, n=6557 and 6557+2 2 =81 2 p=81+2=83, q=81-2=79 What is the private exponent of Alice? 27

Exercise 2 -solution Φ(n)=(p-1)(q-1)=6396 e=131 The private exponent of Alice is d = e -1 modφ(n) = 131-1 mod 6396 d=2783 We can compute it also as follows (square & multiply): d = 131 Φ(6396) 1 mod 6396 = 131 1920 1 mod 6396 = 131 1919 mod 6396= 2783 28

Exercise 3 -Fermat Factorization Try to factor,usingfermat factorization, the following numbers: n = 295927 n = 213419 n = 1707 29

Exercise 3 -Solution Try to factor, using Fermat factorization, the following numbers: n = 295927 Sqrt(n)=543.99, and 544 2 -n=9=3 2 Hence p = 544-3=541, q=544+3=547 n = 213419 Sqrt(n)=461.79, and 462 2 -n=25=5 2 Hence p = 462-5=457, q=462+5=467 n = 1707 n=1707, 286 2-1707=283 2 hence p=286+283=569, q=286-283=3 30

Exercise4 Let us consideran RSA Public Key Cryptosystem Alice publishes her public key, namely: n=221 e (her public exponent), e=13 Try to break Alice cryptosystem, factoring n

Exercise4 -Solution Let us consider an RSA Public Key Cryptosystem Alice publishes her public key, namely: n=221 e (her public exponent), e=13 Try to break Alice cryptosystem, factoring n p=13, q=17 Φ(n) = (p-1)(q-1) =12*16+192 Private exponent d: de=1 mod 192. Hence d=invmodn(13,192)=133 In practical situations, the «invmodn» function found here can be used http://www2.math.umd.edu/~lcw/matlabcode/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information