Beruflich Dokumente
Kultur Dokumente
Zeph Grunschlag
Announcements
HW5 due now HW6 will go up by tonight Solutions to midterm available online Midterm 2 moved from Monday 4/8 to Wednesday 4/10 Midterms returned at end of class
Median: 71, Avg.: 68, Stdev.: = 14 Hi: 95, Low: 33 A ! 78 > B ! 62 > C ! 46 > D
2
Agenda
RSA Cryptography
A useful and basically unbreakable method for encoding messages
RSA Cryptography
Most internet shopping sites offer a secure connection option that allows shoppers to disclose personal information such as credit card, address, etc. without fear that a snoop on the communication will be able to tell whats happening:
Mr. Snoop Snoopy Snoop
#24@ &3240 msP28*
RSA Cryptography
There are several encryption methods. Perhaps the simplest unbreakable system is the RSA (Rivest, Shamir, Adleman) system. FrogsRUs.com provides a large number N (e.g. 1024 bit binary number) and an encryption exponent e. Usually the N, e server communicates these directly to web browser behind the scenes.
5
RSA Cryptography
Mr. Smileys browser then converts his message into numbers, as in the modular encryption that we saw before. The letters are then put together into number blocks with each block less than N. Mr. Smileys browser exponentiates each number block by the exponent e modulo N and broadcasts these garbled blocks back to FrogsRUs.com
6
RSA Cryptography
N = 4559, e = 13. Smiley Transmits: Last name Smiley
m e mod N
RSA Cryptography
N = 4559, e = 13. Smiley Transmits: Last name Smiley L A S T N A M E S M I L E Y
m e mod N
RSA Cryptography
N = 4559, e = 13. Smiley Transmits: Last name Smiley L A S T N A M E S M I L E Y
2301 1920 0014 0113 0500 1913 0912 0525
m e mod N
RSA Cryptography
N = 4559, e = 13. Smiley Transmits: Last name Smiley L A S T N A M E S M I L E Y
2301 1920 0014 0113 0500 1913 0912 0525 230113 mod 4559, 192013 mod 4559,
m e mod N
10
RSA Cryptography
N = 4559, e = 13. Smiley Transmits: Last name Smiley L A S T N A M E S M I L E Y
2301 1920 0014 0113 0500 1913 0912 0525 230113 mod 4559, 192013 mod 4559, 1443 0116 1478 2150 3906 4256 1445 2462
m e mod N
11
RSA Cryptography
FrogsRUs.com receives the encrypted blocks n = m e mod N. They have a private decryption exponent d which when applied to n recovers the original blocks m : (m e mod N )d mod N = m For N = 4559, e = 13 the decryptor d = 3397.
12
RSA Cryptography
N = 4559, d = 3397
1443 0116 1478 2150 3906 4256 1445 2462
13
RSA Cryptography
N = 4559, d = 3397
1443 0116 1478 2150 3906 4256 1445 2462 14433397 mod 4559, 01163397 mod 4559,
14
RSA Cryptography
N = 4559, d = 3397
1443 0116 1478 2150 3906 4256 1445 2462 14433397 mod 4559, 01163397 mod 4559, 2301 1920 0014 0113 0500 1913 0912 0525
15
RSA Cryptography
N = 4559, d = 3397
1443 0116 1478 2150 3906 4256 1445 2462 14433397 mod 4559, 01163397 mod 4559, 2301 1920 0014 0113 0500 1913 0912 0525
16
RSA Cryptography
N = 4559, d = 3397
1443 0116 1478 2150 3906 4256 1445 2462 14433397 mod 4559, 01163397 mod 4559, 2301 1920 0014 0113 0500 1913 0912 0525
LA S T
N A M E
S M I L E Y
17
RSA Cryptography
The key to security of RSA cryptosystem: The public key (N,e) must be such that it is very difficult for Snoop Snoopy Snoop to figure out what d is, yet very simple for FrogsRUs.com to come up with.
18
20
21
22
23
24
25
27
28
29
30
31
32
33
34
36
39
40
Modular Inverses
Recall the simple encryption function f (a) = (3a + 9) mod 26 We made the claim that an inverse function is given by: g (a) = (9a 3) mod 26 Check this: g (f (a )) g(3a+9) (mod 26) 9(3a+9)-3 (mod 26) 27a+81-3 (mod 26) 27a+78 (mod 26) a (mod 26). So for a in the range [0,25] we have g (f (a )) = a and so g and f are inverses of each other.
42
Modular Inverses
How could one have inverted f methodically? Do simpler example: f (a ) = 3a mod 26 Look for constant x and an inverse of the form: g(a ) = xa Then condition g(f (a )) a (mod 26) gives: g(f (a )) x3a (mod 26) a (mod 26) If we can solve this for a=1, it will work for all other x as well. So plug in a=1 to get: 3x 1 (mod 26) I.e. we wish to find an inverse of 3 modulo 26.
43
Modular Inverses
DEF: The inverse of e modulo N is the number d between 1 and N-1 such that de 1 (mod N) if such a number exists. Q: What is the inverse of 3 modulo 26?
44
Modular Inverses
A: 9 because 93 = 27 1 (mod 26). Q: What is the inverse of 4 modulo 8?
45
Modular Inverses
A: Trick Question! No inverse can exist because 4x is always 0 or 4 modulo 8! THM1: e has an inverse modulo N if and only if e and N are relatively prime. This will follow from the following useful fact. THM2: If a and b are positive integers, the gcd of a and b can be expressed as an integer combination of a and b. I.e., there are integers s,t for which gcd(a,b) = sa + tb
46
An inverse of 23 modulo 14 is -3
-323 =1- 514 -323 1 (mod 14) 1123 1 (mod 14) The inverse is 11
47
Modular Inverses
Proof of THM1 using THM2: If an inverse d exists for e modulo N, we have de 1 (mod N) so that for some k, de = 1 +kN, so 1 = de kN. This equation implies that any number dividing both e and N must divide 1, so must be 1, so e,N are relatively prime.
48
Modular Inverses
On the other hand, suppose that e,N are relatively prime. Using THM2, write 1 = se + tN. Rewrite this as se = 1-tN. Evaluating both sides mod N gives se 1 (mod N) . Therefore s is seemingly the inverse e except that it may be in the wrong range so set d = s mod N.
49
x = qy + r
-
gcd = ax+by
33 77
51
x = qy + r
-
gcd = ax+by
0 1
33 77
33=077+33 77 33
52
x = qy + r
-
gcd = ax+by
0 1 2
33 77
33=077+33 77 33 77=233+11 33 11
53
x = qy + r
-
gcd = ax+by
0 1 2 3
33 77
54
x = qy + r
-
gcd = ax+by
0 1 2 3
33 77
55
x = qy + r
-
gcd = ax+by
0 1 2 3
33 77
56
x = qy + r
-
gcd = ax+by
11= 77 - 2(33-077) =
0 1 2 3
33 77
-233 + 177
Therefore s = -2 and t = 1
x = qy + r
-
x y 244 117
gcd = ax+by
58
0 1
x = qy + r
gcd = ax+by
59
0 1 2
x = qy + r
gcd = ax+by
60
0 1 2 3
x = qy + r
gcd = ax+by
61
0 1 2 3 4
x = qy + r
gcd = ax+by
62
0 1 2 3 4 5
x = qy + r
gcd = ax+by
63
0 1 2 3 4 5
x y gcd = ax+by 244 117 244=2117+10 117 10 117=1110+7 10 7 10=7+3 7 3 1=7-23 7=23+1 3 1 3=31+0 1 0 Solve for r. Plug it in. x = qy + r
64
0 1 2 3 4 5
x = qy + r
gcd = ax+by
7 3 1
3 1 0
0 1 2 3 4 5
x = qy + r
gcd = ax+by
10 7 3 1
7 3 1 0
x = qy + r
-
0 1 2 3 4 5
x y 244 117
10 7 3 1 0
gcd = ax+by
1= 3117-35(244- 2117) =
-35244+73117
1=7-2(10-7) = -210+37 1=7-23
10 7 3 1
1=-210+3(117-1110) = 3117-3510
modulo 117
x = qy + r
-
0 1 2 3 4 5
x y 244 117
10 7 3 1 0
gcd = ax+by
1= 3117-35(244- 2117) =
-35244+73117
1=7-2(10-7) = -210+37 1=7-23
10 7 3 1
1=-210+3(117-1110) = 3117-3510
Exponential Inverses
Finding modular inverses is good enough for decoding simple modular cryptography. However, in RSA encryption consists of exponentiating modulo N, i.e. m e mod N. We want to find a different exponent d based on e and N which will give us back m, i.e. we want m de mod N =m. In other words, we want an exponential inverse for e modulo N.
70
1. 2. 3. 4. 5. 6.
= = = = = =
3 2 6 4 5 1
71
1. 2. 3. 4. 5. 6.
72
Fermats
Little
Theorem
THM (FLT): Suppose that p is a prime number. If a is not divisible by p then a p1 1 (mod p) . Furthermore, all numbers satisfy a p a (mod p) . EG: Compute 9100 mod 17: p =17, so p-1 = 16. 100 = 616+4. Therefore, 9100=9616+4=(916)6(9)4 . So mod 17 we have 9100 (916)6(9)4 (mod 17) (1)6(9)4 (mod 17) (81)2 (mod 17) (-4)2 (mod 17) 16
73
75
76
78
79
81
N mod 3 = 1
82
N mod 5 = 2
83
N mod 7 = 2
84
86
x an (mod mn )
90