Sie sind auf Seite 1von 408
www.ism.ase.ro Cryptography Fundamentals Lect. Catalin Boja, Ph.D. IT&C Security Master catalin.boja@ie.ase.ro

www.ism.ase.ro

www.ism.ase.ro Cryptography Fundamentals Lect. Catalin Boja, Ph.D. IT&C Security Master catalin.boja@ie.ase.ro
Cryptography Fundamentals
Cryptography
Fundamentals

Lect. Catalin Boja, Ph.D.

IT&C Security Master

catalin.boja@ie.ase.ro

• Course organization Activities: Course 50% + Laboratory 50% • Language: English • Evaluation: Written

Course organization
Course organization

Activities: Course 50% + Laboratory 50%

Language: English

Evaluation: Written Quiz Exam on E-

Evaluation platform

Objective: Gaining theoretical and

practical knowledge needed to understand and use in a correct manner, cryptographic algorithms, and to reason about computer security

www.ism.ase.ro

cryptographic algorithms, and to reason about computer security www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Course objective 2009-2012 © ism.ase.ro Catalin Boja www.ism.ase.ro
Course objective 2009-2012 © ism.ase.ro Catalin Boja
Course objective
2009-2012 © ism.ase.ro Catalin Boja
Course objective 2009-2012 © ism.ase.ro Catalin Boja www.ism.ase.ro

www.ism.ase.ro

Course objective 2009-2012 © ism.ase.ro Catalin Boja www.ism.ase.ro
Course objective
Course objective
Course objective Nearly 150 million people have been affected by a loss of customer data by

Nearly 150 million people have been

affected by a loss of customer data by

Adobe, over 20 times more than the

As well as allowing the data to be stolen in the first place, Adobe made two other serious errors when

storing the data. Firstly, it encrypted all the passwords with the same key; secondly, the encryption used a method (ECB mode) which renders the encrypted data insecure.

Every identical password also looks identical when

encrypted. So if the database shows 1.9 million people whose password, when encrypted, reads “EQ7fIpT7i/Q”, then researchers know that they all have the same password.

www.ism.ase.ro

then researchers know that they all have the same password. www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
References and recommended materials
References and recommended
materials

Ion IVAN, Cristian TOMA Informatics Security Handbook, 2 nd Edition, Editura ASE, 2010

Security Handbook, 2 n d Edition, Editura ASE, 2010 1. 2. 3. 4. 5. 6. 7.
1. 2. 3. 4. 5. 6. 7. 8. 9.
1.
2.
3.
4.
5.
6.
7.
8.
9.

Cristian TOMA Security in Software Distributed Systems, Editura ASE, 2008 Bruce Schneier Applied Cryptography, Second Edition, Wiley, 1996 Niels Ferguson, Bruce Schneier Practical Cryptography, John Wiley, 2003 Tom St Denis, Simon Johnson Cryptography for Developers, Syngress,2007

(http://books.google.com)

Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone Handbook of Applied Cryptography, CRC Press,1977 (http://www.cacr.math.uwaterloo.ca/hac/) William Stallings Cryptography and Network Security Principles and Practices, Fourth Edition, Prentice Hall, 2005

Cryptography and Cryptanalysis, MITOpenCourseware,

www.wikipedia.com / www.google.com

www.ism.ase.ro

www.wikipedia.com / www.google.com www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Cryptography Fundamentals Section I – Cryptography basics • Concepts • Mathematical Background • Prime
Cryptography Fundamentals
Cryptography Fundamentals

Section I Cryptography basics

Concepts

Mathematical Background

Prime numbers

Random and Pseudorandom numbers

Section II hash functions

MD5

SHA-1, SHA-2, SHA-3

www.ism.ase.ro

Section II – hash functions • MD5 • SHA-1, SHA-2, SHA-3 www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Cryptography Fundamentals Section III – Symmetric Algorithms • Transposition ciphers • Substitution ciphers •
Cryptography Fundamentals
Cryptography Fundamentals

Section III Symmetric Algorithms

Transposition ciphers

Substitution ciphers

OTP (One Time Pad) ciphers

Complex ciphers (DES, AES - Rijndael)

Encryption methods

Section IV Asymmetric algorithms + cryptanalysis elements

RSA

www.ism.ase.ro

IV – Asymmetric algorithms + cryptanalysis elements • RSA www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
www.ism.ase.ro Concepts 2009-2010 © ism.ase.ro Catalin Boja

www.ism.ase.ro

www.ism.ase.ro Concepts 2009-2010 © ism.ase.ro Catalin Boja
Concepts
Concepts
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Concepts • Cryptography – secret writing science; the science of information security • Cryptanalysis –
Concepts
Concepts

Cryptography secret writing science; the

science of information security

Cryptanalysis – science of “breaking”

ciphertexts without knowing cipher key

Cryptology mathematic field that studies

the mathematicall fundaments of

cryptography

www.ism.ase.ro

field that studies the mathematicall fundaments of cryptography www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Concepts • Steganography: – the art of hiding information; – the secret message is hidden
Concepts
Concepts

Steganography:

the art of hiding information;

the secret message is hidden in a public one (a image, sound file, text);

is NOT Cryptography.

www.ism.ase.ro

in a public one (a image, sound file, text); – is NOT Cryptography. www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Cryptography • Used to secure data in: – Networks: HTTPS, SSL/TLS, 802.11i WPA2 (Wi-Fi Protected
Cryptography
Cryptography

Used to secure data in:

Networks: HTTPS, SSL/TLS, 802.11i WPA2 (Wi-Fi Protected Access), GSM, Bluetooth

Computers and mobile devices drives: TrueCrypt

DVD and Blu-ray disks: CSS (Content Scrambling System)

Software and Database applications: User authentication

www.ism.ase.ro

System) – Software and Database applications: User authentication www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Cryptography Provides concepts for: • Secret key establishment • Secure communication • Secure data •
Cryptography
Cryptography

Provides concepts for:

Secret key establishment

Secure communication

Secure data

Digital signatures

Anonymous communication (Mix Net)

Anonymous digital cash

Electronic voting or auctions

Protocols (like “Zero knowledge”)

www.ism.ase.ro

voting or auctions • Protocols (like “Zero knowledge”) www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Cryptography is NOT • Is not a solution for all security problems: social engineering, reverse
Cryptography is NOT
Cryptography is NOT

Is not a solution for all security problems:

social engineering, reverse engineering,

software bugs, design errors (see WEP - Wired

Equivalent Privacy);

Is not a solution when is not used or implemented properly

Is not an ad-hoc design or your personal invention (DON’T TRUST PROPRIETARY SOLUTIONS)

www.ism.ase.ro

or your personal invention (DON’T TRUST PROPRIETARY SOLUTIONS) www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
www.ism.ase.ro Cryptographic system E( ) D( ) K e Encryption key K d Decryption key

www.ism.ase.ro

www.ism.ase.ro Cryptographic system E( ) D( ) K e Encryption key K d Decryption key Encryption
Cryptographic system
Cryptographic system
E( ) D( )
E( )
D( )

K

e

Encryption key

K

d

Decryption key

Encryption and decryption

Function (enchiper/dechiper)

key Encryption and decryption Function (enchiper/dechiper) C = E k e (M) C (encrypted message M
key Encryption and decryption Function (enchiper/dechiper) C = E k e (M) C (encrypted message M

C = E ke (M)

decryption Function (enchiper/dechiper) C = E k e (M) C (encrypted message M = D k
decryption Function (enchiper/dechiper) C = E k e (M) C (encrypted message M = D k

C

(encrypted message

(enchiper/dechiper) C = E k e (M) C (encrypted message M = D k d (C)

M = D kd (C)

M

(clear text /plaintext message)

- ciphertext)

2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Concepts • (M) plaintext – original message on clear • (C) ciphertext – encrypted message
Concepts
Concepts

(M) plaintext original message on clear

(C) ciphertext encrypted message

cipher - algorithm for transforming plaintext

to ciphertext

(K) key information used to encrypt/decrypt

(E()) encipher (encrypt) converting plaintext

to ciphertext - encryption algorithm

(D()) decipher (decrypt) converting ciphertext to plaintext decryption algorithm

www.ism.ase.ro

– converting ciphertext to plaintext – decryption algorithm www.ism.ase.ro 2009-2013 © ism.ase.ro Catalin Boja
2009-2013 © ism.ase.ro Catalin Boja
2009-2013 © ism.ase.ro Catalin Boja
Key ingredients of a cryptographic system
Key ingredients of a cryptographic
system

Communication protocol

of a cryptographic system Communication protocol M - plaintext C - ciphertext C - ciphertext M

M - plaintext

C - ciphertext

C - ciphertext

M - plaintext

Communication channel Source Cipher – encryption algorithm Decryption algorithm Destination
Communication
channel
Source
Cipher – encryption algorithm
Decryption algorithm
Destination

Alice

www.ism.ase.ro

Decryption algorithm Destination Alice www.ism.ase.ro E n c r y p t i o n K
Decryption algorithm Destination Alice www.ism.ase.ro E n c r y p t i o n K

Encryption Key

2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Alice www.ism.ase.ro E n c r y p t i o n K e y 2009-2012

Bob

Decryption Key

Concepts • unconditional security: the cipher cannot be broken no matter how much computer power
Concepts
Concepts

unconditional security: the cipher cannot be

broken no matter how much computer power or time is available (one-time-pad);

computational security: the cipher cannot be broken given limited computing resources

(mostly time)

www.ism.ase.ro

cannot be broken given limited computing resources (mostly time) www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
www.ism.ase.ro Cryptographic system Cryptographic System T y p e s Algorithms Substitution Transposition Hash

www.ism.ase.ro

www.ism.ase.ro Cryptographic system Cryptographic System T y p e s Algorithms Substitution Transposition Hash
Cryptographic system
Cryptographic system

Cryptographic

System

Types

Algorithms

Substitution

Transposition

Hash

functions

Symmetric

(DES, AES)

Asymmetric

(RSA)

Complex

computational/Product

Stream ciphers Block ciphers
Stream ciphers
Block ciphers
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Cryptographic system • Based on encryption operations: – substitution – transposition – complex/product •
Cryptographic system
Cryptographic system

Based on encryption operations:

substitution

transposition

complex/product

Based on number of keys:

single-key/private symmetric systems

two-key/public asymmetric systems

Based on the way plaintext is processed:

block cipher: one that breaks a message up into chunks and combines a key with each chunk.

stream cipher: one that applies a key to each bit, one at a

time

www.ism.ase.ro

– stream cipher : one that applies a key to each bit, one at a time
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Vulnerabilities Passive attacks - eavesdropping Internet, communication channel Reads plaintext messages Bob Alice
Vulnerabilities
Vulnerabilities
Vulnerabilities Passive attacks - eavesdropping Internet, communication channel Reads plaintext messages Bob Alice
Vulnerabilities Passive attacks - eavesdropping Internet, communication channel Reads plaintext messages Bob Alice

Passive attacks - eavesdropping

Internet, communication channel
Internet,
communication
channel
attacks - eavesdropping Internet, communication channel Reads plaintext messages Bob Alice Internet, communication

Reads plaintext messages

Internet, communication channel Reads plaintext messages Bob Alice Internet, communication channel 2009-2010 ©

Bob

communication channel Reads plaintext messages Bob Alice Internet, communication channel 2009-2010 ©

Alice

Internet, communication channel
Internet,
communication
channel
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja

Traffic analysis - cryptanalysis

communication channel 2009-2010 © ism.ase.ro Catalin Boja Traffic analysis - cryptanalysis Bob Alice www.ism.ase.ro

Bob

communication channel 2009-2010 © ism.ase.ro Catalin Boja Traffic analysis - cryptanalysis Bob Alice www.ism.ase.ro

Alice

www.ism.ase.ro

communication channel 2009-2010 © ism.ase.ro Catalin Boja Traffic analysis - cryptanalysis Bob Alice www.ism.ase.ro
Vulnerabilities Active attacks - replay Internet, communication channel Sends a message under another identity Bob
Vulnerabilities
Vulnerabilities
Vulnerabilities Active attacks - replay Internet, communication channel Sends a message under another identity Bob Alice
Vulnerabilities Active attacks - replay Internet, communication channel Sends a message under another identity Bob Alice

Active attacks - replay

Internet, communication channel
Internet,
communication
channel
Active attacks - replay Internet, communication channel Sends a message under another identity Bob Alice Resends

Sends a message under another

identity

channel Sends a message under another identity Bob Alice Resends messages captured in an early session

Bob

channel Sends a message under another identity Bob Alice Resends messages captured in an early session

Alice

Resends messages captured in an early session

Bob Alice Resends messages captured in an early session Bob Internet, communication channel 2009-2010 ©

Bob

Internet, communication channel
Internet,
communication
channel
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
in an early session Bob Internet, communication channel 2009-2010 © ism.ase.ro Catalin Boja Alice www.ism.ase.ro

Alice

www.ism.ase.ro

in an early session Bob Internet, communication channel 2009-2010 © ism.ase.ro Catalin Boja Alice www.ism.ase.ro
Vulnerabilities Active attacks - tampering Internet, communication channel Modifies messages and resend them
Vulnerabilities
Vulnerabilities
Vulnerabilities Active attacks - tampering Internet, communication channel Modifies messages and resend them
Vulnerabilities Active attacks - tampering Internet, communication channel Modifies messages and resend them

Active attacks - tampering

Internet, communication channel
Internet,
communication
channel

Modifies messages and resend them

(Man-in-the-middle)

Modifies messages and resend them (Man-in-the-middle) B o b Alice www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin

Bob

Modifies messages and resend them (Man-in-the-middle) B o b Alice www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja

Alice

www.ism.ase.ro

Modifies messages and resend them (Man-in-the-middle) B o b Alice www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Vulnerabilities Attack type Attacker knowledge Ciphertext-only -Encryption algorithm -Encrypted messages
Vulnerabilities
Vulnerabilities
Vulnerabilities Attack type Attacker knowledge Ciphertext-only -Encryption algorithm -Encrypted messages

Attack type

Attacker knowledge

Ciphertext-only

-Encryption algorithm

-Encrypted messages

Known-plaintext

- Encryption algorithm

- Encrypted messages

- Plaintext <-> ciphertext texts

Chosen-plaintext

- Encryption algorithm

- Encrypted messages

- Plaintext <-> ciphertext texts

- Can choose the plaintext to be encrypted

Chosen-ciphertext

- Encryption algorithm

- Can choose the ciphertext to be decrypted

Rubber-hose

- Acquires information by bribery, threatens,

blackmail, theft (many times is the cheapest solution)

www.ism.ase.ro

threatens, blackmail, theft (many times is the cheapest solution) www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Objectives • To secure messages and transactions in software distributed systems • Cryptographic systems
Objectives
Objectives

To secure messages and transactions in software

distributed systems

Cryptographic systems characteristics:

Total or partial confidentiality

Authentication

Data integrity

Nonrepudiation

Security Services:

www.ism.ase.ro

– RFC 2828, http://www.ietf.org/rfc/rfc2828.txt www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Objectives - X.800 • Authentication : Peer entity authentication and Data origin authentication • Access
Objectives - X.800
Objectives - X.800

Authentication: Peer entity authentication and Data

origin authentication

Access Control

Data Confidentiality: Connection, Connectionless and

Selective field confidentiality

Data Integrity

with Recovery

without Recovery

Nonrepudiation

Origin

Destination

www.ism.ase.ro

– without Recovery • Nonrepudiation – Origin – Destination www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Objectives Objectives Properties Confidentiality Hides the message content Implemented by symmetric algorithms that
Objectives
Objectives
Objectives Objectives Properties Confidentiality Hides the message content Implemented by symmetric algorithms that

Objectives

Properties

Confidentiality

Hides the message content

Implemented by symmetric algorithms that generate ciphertexts

Does NOT assures the integrity and accuracy of the content

Integrity

Guarantees the integrity and accuracy of the content Implemented by one-way hash functions that generate message digest values

Authentication

Ensures the communication parties identities It presumes that the communication channel is not safe Implemented by Message Authentication Functions (MAC) that generate message tag values.

Nonrepudiation

Guarantees the message source, the connection between the

source and its sent message. Prevents situations in which the source denies it has sent the message Implemented by public key digital signatures that generates

signature values

2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja

www.ism.ase.ro

Security model Trusted party M C C M Source Alice Communication channel Destination Bob Secret
Security model
Security model

Trusted party

M

C

C

M

Security model Trusted party M C C M Source Alice Communication channel Destination Bob Secret information

Source

Alice

Communication channel
Communication
channel
Trusted party M C C M Source Alice Communication channel Destination Bob Secret information used to

Destination

Bob

M C C M Source Alice Communication channel Destination Bob Secret information used to encrypt data

Secret information used to encrypt data

Destination Bob Secret information used to encrypt data Secret information used to decrypt data Attacker

Secret information

used to decrypt data

used to encrypt data Secret information used to decrypt data Attacker www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin

Attacker

www.ism.ase.ro

used to encrypt data Secret information used to decrypt data Attacker www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Dolev-Yao Security Model What the attacker CAN DO: • Get any transmitted message throughout communication
Dolev-Yao Security Model
Dolev-Yao Security Model

What the attacker CAN DO:

Get any transmitted message throughout communication channel

It is a network user (with rights)

Opens communication channels with other users

He can become the destination of a message

He sends messages in the name of another user

Has full control over the network

www.ism.ase.ro

in the name of another user • Has full control over the network www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Dolev-Yao Security Model What the attacker CAN NOT DO: • He CAN’T guess a random
Dolev-Yao Security Model
Dolev-Yao Security Model

What the attacker CAN NOT DO:

He CAN’T guess a random number from a large enough set

Without the secret key, he CAN’T get the

plaintext and he CAN’T get a valid cipher (depends on the encryption algorithm)

He CAN’T generate the private key related to a

public key

He DOES’T have physicall access to the user machine

www.ism.ase.ro

public key • He DOES’T have physical l access to the user machine www.ism.ase.ro 2009-2012 ©
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Security risks Not knowing the vulnerabilities of • • • cryptographic algorithms Not knowing how
Security risks
Security risks

Not knowing the vulnerabilities of

• • •

cryptographic algorithms

Not knowing how to correct implement them

Example: Dark Age of Camelot-Mythic Entertainment -

www.ism.ase.ro

Entertainment - http://capnbry.net/daoc/advisory20040323/d aoc-advisory2.html www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Security goals • unconditionally secure encryption: – no matter how much ciphertext is available the
Security goals
Security goals

unconditionally secure encryption:

no matter how much ciphertext is available the plaintext can not be determined (only OTP)

computationally secure encryption:

the cost of breaking the cipher > the value of the

encrypted information

the time required to break the cipher > the useful lifetime of the information

www.ism.ase.ro

to break the cipher > the useful lifetime of the information www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
MATHEMATICAL BACKGROUND www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
MATHEMATICAL BACKGROUND
MATHEMATICAL BACKGROUND

www.ism.ase.ro

MATHEMATICAL BACKGROUND www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
XOR logical function • XOR function (exclusive or) – one of the most used function
XOR logical function
XOR logical function

XOR function (exclusive or) one of the most

used function in cryptographic systems

Available in programming languages like C,

C++, Java and represented by the ˆ operator

Implements mod 2 addition

 

X

Y

X

Y

Y

0

0

0

0

1

1

1

0

1

www.ism.ase.ro

1

1

0

Y 0 0 0 0 1 1 1 0 1 www.ism.ase.ro 1 1 0 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
XOR logical function • Has an essential role in OTP ciphers (one-time pad, stream ciphers)
XOR logical function
Has an essential role in OTP ciphers (one-time
pad, stream ciphers) and AES (Advanced
Encryption Standard)
• The sequence rez = a xor c, b =
rez
xor
c
transfers a value to b
temp = a;
a = b;
a = a xor b;
b = a xor b;
b = temp;
a = a xor b;

www.ism.ase.ro

temp = a; a = b; a = a xor b; b = a xor b;
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
XOR logical function M source K C Public channel Secure channel M destination Cryptographic system
XOR logical function
XOR logical function
M source K
M source K
M source K
M source K
M source K
M source K
M source K

M

source

K

C

Public channel

Secure channel

M

destination

Cryptographic system based on XOR:

the fastest

the simplest

the most secure one (!!! in some particular conditions:

2009-2010 © ism.ase.ro Catalin Boja

large messages with an equal size random generated key)

www.ism.ase.ro

2009-2010 © ism.ase.ro Catalin Boja large messages with an equal size random generated key) www.ism.ase.ro
Modular Arithmetic • define modulo operator “ a mod n” to be remainder when a
Modular Arithmetic
Modular Arithmetic

define modulo operator a

mod n” to be

remainder when a is divided by n

use the term congruence for: a

b

mod n

when divided by n, a & b have same remainder

eg. 25 11 mod 7

b is called a residue of a mod n

because: a

usually chose smallest positive remainder as residue

= qn + b

ie. 0 <=

b <= n-1

process is known as modulo reduction

eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7

www.ism.ase.ro

as modulo reduction • eg. -12 mod 7 = -5 mod 7 = 2 mod 7
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Modular Arithmetic • 'clock arithmetic' • uses a finite number of values; • generates results
Modular Arithmetic
Modular Arithmetic

'clock arithmetic'

uses a finite number of values;

generates results in the same set

can do reduction at any point:

a+b mod n = [a mod n + b mod n] mod n

can do modular arithmetic with any group of

integers:

www.ism.ase.ro

arithmetic with any group of integers: www.ism.ase.ro Z n = {0, 1, … , n -

Z n = {0, 1, … , n-1}

2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
www.ism.ase.ro Modular Arithmetic + 0 1 2 3 4 5 6 7 0 0 1

www.ism.ase.ro

www.ism.ase.ro Modular Arithmetic + 0 1 2 3 4 5 6 7 0 0 1 2
Modular Arithmetic + 0 1 2 3 4 5 6 7
Modular Arithmetic
+
0
1
2
3
4
5
6
7

0

0

1

2

3

4

5

6

7

1

1

2

3

4

5

6

7

0

2

2

3

4

5

6

7

0

1

3

3

4

5

6

7

0

1

2

4

4

5

6

7

0

1

2

3

5

5

6

7

0

1

2

3

4

6

6

7

0

1

2

3

4

5

7

7

0

1

2

3

4

5

6

Modulo 8

Addition Example

2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Modular Arithmetic • (a+b) mod n = ((a mod n) + (b mod n)) mod
Modular Arithmetic
Modular Arithmetic

(a+b) mod n = ((a mod n) + (b mod n)) mod n

(a-b) mod n = ((a mod n) - (b mod n)) mod n

(a*b) mod n = ((a mod n) * (b mod n)) mod n

(a*(b+c)) mod n = (((a*b) mod n)+((a*c) mod n)) mod n

for a k bits modulus the intermediate result of any +,-,*

has a maximum of 2k bits

a 8 mod n =

simplest solution: (a*a*a*a*a*a*a*a) mod n

addition chaining: ((a 2 mod n) 2 mod n) 2 mod n

www.ism.ase.ro

n – addition chaining: ((a 2 mod n) 2 mod n) 2 mod n www.ism.ase.ro 2009-2010
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Greatest Common Divisor (GCD)
Greatest Common Divisor (GCD)

a common problem in number theory

GCD (a,b) of a and b is the largest number that

divides evenly into both a and b

GCD(60,24) = 12

used to check relatively prime numbers ( with

no common factors, except 1):

GCD(8,15) = 1

8 & 15 are relatively prime;

www.ism.ase.ro

except 1): – GCD(8,15) = 1 – 8 & 15 are relatively prime; www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
log 2 x • 2 y = x or y = log 2 x •
log 2 x
log 2 x

2 y = x or y = log 2 x

Used by cryptographic systems because of

their accent on binary numbers

tells how many bits it takes to represent x in binary

log 2 x = log e x / log e 2, where log e 2 = 0.69314 71805 59945 30941 72321 (see C example)

www.ism.ase.ro

where log e 2 = 0.69314 71805 59945 30941 72321 (see C example) www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Congruence relation For a given positive integer n , two integers a and b are
Congruence relation
Congruence relation

For a given positive integer n, two

integers a and b are called congruent modulo n, written

a ≡ b (mod n)

if a b is divisible by n (or equivalently if a and b have the same remainder when

divided by n).

www.ism.ase.ro

if a and b have the same remainder when divided by n ). www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Groups • A group is a set of group elements with a binary operation for
Groups
Groups

A group is a set of group elements with a binary

operation for combining any two elements to get a unique third element from the set [wiki].

If # is the group operation and a, b are two group

elements:

a#b = c, a group element;

a#(b#c) = (a#b)#c, it is associative;

a#e = e#a = a, where e is the identity element

a#a -1 = a -1 #a = e, where a -1 is the inverse of a

The group is abelian if # is commutative

www.ism.ase.ro

is the inverse of a • The group is abelian if # is commutative www.ism.ase.ro 2009-2010
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Groups • {Z n , integers mod n}, is an often used group: – the
Groups
Groups

{Z n , integers mod n}, is an often used group:

the operation is addition followed by remainder on division by n;

the identity element is 0;

the inverse of a is n-a (except for 0);

for n fixed, it is a finite group;

Z p , integers mod p, where p is a prime number, is another favorite group;

GF(2 n ) finite group (for AES, the operations of the 2 8 finite group)

www.ism.ase.ro

) finite group (for AES, the operations of the 2 8 finite group) www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Cyclic groups • a group is cyclic if every element is a power of some
Cyclic groups
Cyclic groups

a group is cyclic if every element is a power of

some fixed element:

b = a k , where a and b are from the group

a is the generator of the group;

the identity element is e = a 0 ;

www.ism.ase.ro

generator of the group; • the identity element is e = a 0 ; www.ism.ase.ro 2009-2010
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Ring • a set of “numbers” in which we can do addition, subtraction and multiplication
Ring
Ring

a set of “numbers” in which we can do addition,

subtraction and multiplication without leaving the set

a set with two operations (addition and

multiplication) which form:

an abelian group with addition operation;

and multiplication:

has closure

is associative

distributive over addition: a(b+c) = ab + ac

www.ism.ase.ro

is associative • distributive over addition: a(b+c) = ab + ac www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Field • a set of numbers • with two operations which form: – abelian group
Field
Field

a set of numbers

with two operations which form:

abelian group for addition

abelian group for multiplication (ignoring 0)

ring

have hierarchy with more axioms/laws

group -> ring -> field

Examples: real and complex numbers; NOT

integers

www.ism.ase.ro

-> field • Examples: real and complex numbers; NOT integers www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Galois Fields • finite fields play a key role in cryptography • elements in a
Galois Fields
Galois Fields

finite fields play a key role in cryptography

elements in a finite field must be a power of a prime p n

denoted GF(p n )

in particular often use the fields:

GF(p) - is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p

GF(2 n )

www.ism.ase.ro

, p -1} with arithmetic operations modulo prime p – GF(2 n ) www.ism.ase.ro 2009-2010 ©
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
GF(7) Multiplication www.ism.ase.ro Galois Fields  0 1 2 3 4 5 6 0 1

GF(7) Multiplication

www.ism.ase.ro

GF(7) Multiplication www.ism.ase.ro Galois Fields  0 1 2 3 4 5 6 0 1 2
Galois Fields  0 1 2 3 4 5 6
Galois Fields
0
1
2
3
4
5
6

0

1

2

3

4

5

6

0

0

0

0

0

0

0

0

1

2

3

4

5

6

0

2

4

6

1

3

5

0

3

6

2

5

1

4

0

4

1

5

2

6

3

0

5

3

1

6

4

2

0

6

5

4

3

2

1

2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Polynomial Arithmetic • can compute values using polynomials f ( x ) = a n
Polynomial Arithmetic
Polynomial Arithmetic

can compute values using polynomials

f(x) = a n x n + a n-1 x n-1 + … + a 1 x + a 0 = ∑ a i x i

add or subtract corresponding coefficients

multiply all terms by each other

For f(x) = x 3 + x 2 + 2 and g(x) = x 2 x + 1 f(x) + g(x) = x 3 + 2x 2 x + 3 f(x) g(x) = x 3 + x + 1 f(x) x g(x) = x 5 + 3x 2 2x + 2

www.ism.ase.ro

+ x + 1 f ( x ) x g ( x ) = x 5
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Polynomial Arithmetic with Modulo Coefficients
Polynomial Arithmetic
with Modulo Coefficients

when computing value of each coefficient do

• when computing value of each coefficient do calculation modulo some value – forms a polynomial

calculation modulo some value

forms a polynomial ring

could be modulo any prime

but the most used is mod 2

ie all coefficients are 0 or 1

eg. let f(x) = x 3 + x 2 and g(x) = x 2 + x + 1 f(x) + g(x) = x 3 + x + 1 f(x) x g(x) = x 5 + x 2

www.ism.ase.ro

+ g ( x ) = x 3 + x + 1 f ( x )
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Polynomial Division • can write any polynomial in the form: – f ( x )
Polynomial Division
Polynomial Division

can write any polynomial in the form:

f(x) = q(x) g(x) + r(x)

interpret r(x) as being a remainder

r(x) = f(x) mod g(x)

if have no remainder say g(x) divides f(x)

if g(x) has no divisors other than itself & 1 say

it is irreducible (or prime) polynomial

arithmetic modulo an irreducible polynomial

forms a field

www.ism.ase.ro

• arithmetic modulo an irreducible polynomial forms a field www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Polynomial GCD • can find greatest common divisor for polys – c(x) = GCD( a(x),
Polynomial GCD
Polynomial GCD

can find greatest common divisor for polys

c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree which divides both a(x), b(x)

can adapt Euclid’s Algorithm to find it:

EUCLID[a(x), b(x)]

1.

A(x) = a(x); B(x) = b(x)

2.

if B(x) = 0 return A(x) = gcd[a(x), b(x)]

3.

R(x) = A(x) mod B(x)

4.

A(x) ¨ B(x)

5.

B(x) ¨ R(x)

6.

goto 2

www.ism.ase.ro

3. R( x ) = A( x ) mod B( x ) 4. A( x )
Modular Polynomial Arithmetic
Modular Polynomial Arithmetic

can compute in field GF(2 n )

polynomials with coefficients modulo 2

whose degree is less than n

hence must reduce modulo an irreducible poly of degree n (for multiplication only)

form a finite field

can always find an inverse

can extend Euclid’s Inverse algorithm to find

www.ism.ase.ro

form a finite field • can always find an inverse – can extend Euclid’s Inverse algorithm
Example GF(2 3 )
Example GF(2 3 )

Source: [7]

www.ism.ase.ro

Polynomial Arithmetic with Modulo Coefficients
Polynomial Arithmetic
with Modulo Coefficients

since coefficients are 0 or 1, can represent any

• since coefficients are 0 or 1, can represent any such polynomial as a bit string

such polynomial as a bit string

addition becomes XOR of these bit strings

multiplication is shift & XOR

cf long-hand multiplication

modulo reduction done by repeatedly

substituting highest power with remainder of irreducible poly (also shift & XOR)

www.ism.ase.ro

power with remainder of irreducible poly (also shift & XOR) www.ism.ase.ro 2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Polynomial Arithmetic with Modulo Coefficients
Polynomial Arithmetic
with Modulo Coefficients
Polynomial Arithmetic with Modulo Coefficients • in GF(2 3 ) have (x 2 +1) is 101

in GF(2 3 ) have (x 2 +1) is 101 2 & (x 2 +x+1) is 111 2

so addition is

(x 2 +1) + (x 2 +x+1) = x

101 XOR 111 = 010 2

and multiplication is

(x+1).(x 2 +1) = x.(x 2 +1) + 1.(x 2 +1) = x 3 +x+x 2 +1 = x 3 +x 2 +x+1

011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 101 = 1111 2

polynomial modulo reduction (get q(x) & r(x)) is

(x 3 +x 2 +x+1 ) mod (x 3 +x+1) = 1.(x 3 +x+1) + (x 2 ) = x 2

1111 mod 1011 = 1111 XOR 1011 = 0100 2

www.ism.ase.ro

+x+1) + (x 2 ) = x 2 – 1111 mod 1011 = 1111 XOR 1011
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Theorems • Fermat Theorem: if p is a prime and a is 0<a<p then a
Theorems
Theorems

Fermat Theorem: if p is a prime and a is 0<a<p

then a p-1 mod p = 1; also a x mod p = a x mod(p-1) mod p (because a to a power mod p always starts

repeating after the power reaches p-1)

Euler Theorem: If n is any positive integer and a is any positive integer, a < n, with no divisors in

common with n, then a φ(n) mod n = 1

Where φ(n) (Euler phi function) is n (1-1/p 1 )…(1- 1/p m ), with p 1 …p m prime numbers that divide n

www.ism.ase.ro

1 )…(1 - 1/p m ) , with p 1 …p m prime numbers that divide
2009 © ism.ase.ro
2009 © ism.ase.ro
Algorithms • Euclid algorithm computes the greatest common divisor of two positive integers a and
Algorithms
Algorithms

Euclid algorithm computes the greatest common divisor of two positive integers a and b has a complexity equal to O(log 3 (a))

Extended Euclidean algorithm which

computes the greatest common divisor of two positive integers a and b and also supplies

integers x and y such that x*a + y*b = gcd(a, b)

(needed by RSA).

Methods for fast integer exponentiation

www.ism.ase.ro

x*a + y*b = gcd(a, b) (needed by RSA). • Methods for fast integer exponentiation www.ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Euclidean Algorithm • an efficient way to find the GCD(a,b); • uses theorem that: –
Euclidean Algorithm
Euclidean Algorithm

an efficient way to find the GCD(a,b);

uses theorem that:

GCD(a,b) = GCD(b, a mod b)

Euclidean Algorithm to compute GCD(a,b) is:

EUCLID(a,b)

1. A =

2. if B = 0 return

3. R = A mod B

4. A = B

5. B = R

a; B = b

6. goto 2

A = gcd(a, b)

www.ism.ase.ro

3. R = A mod B 4. A = B 5. B = R a; B
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Extended Euclidean Algorithm EXTENDED EUCLID( m , b ) 1. (A1, A2, A3)=(1, 0, m
Extended Euclidean Algorithm
Extended Euclidean Algorithm

EXTENDED EUCLID(m, b)

1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b)

2. if B3 = 0

return A3 = gcd(m, b); no inverse

3. if B3 = 1 return B3 = gcd(m, b); B2 = b 1 mod m

4. Q = A3 div B3

5. (T1, T2, T3)=(A1 Q B1, A2 Q B2, A3 Q B3)

6. (A1, A2, A3)=(B1, B2, B3)

7. (B1, B2, B3)=(T1, T2, T3)

8. goto 2

www.ism.ase.ro

6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2 www.ism.ase.ro
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Inverse of 550 in GF(1759) Q A1 A2 A3 B1 B2 B3 — 1 0
Inverse of 550 in GF(1759)
Inverse of 550 in GF(1759)
Q A1 A2 A3 B1 B2 B3 — 1 0 1759 0 1 550 3
Q
A1
A2
A3
B1
B2
B3
1
0
1759
0
1
550
3
0
1
550
1
–3
109
5
1
–3
109
–5
16
5
21
–5
16
5
106
–339
4
1
106
–339
4
–111 355
1

Source: [7]

www.ism.ase.ro

5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106
Fast integer exponentiation • x^y = x*x*x… *x for y times – takes a long
Fast integer exponentiation
Fast integer exponentiation

x^y = x*x*x…

*x

for y times

takes a long time for big numbers

It’s faster with the repeating squaring

algorithm

Any number can be written as a sum of power

of 2 based values

 

Y = 53 = (110101)2 = 32 + 16 + 4 +1

www.ism.ase.ro

values   • Y = 53 = (110101)2 = 32 + 16 + 4 +1 •
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Fast integer exponentiation • Write y in binary format – n bits temp= x z
Fast integer exponentiation
Fast integer exponentiation

Write y in binary format n bits

temp= x

z = 1

for each bit in y[] if y[i] == 1 then z = z * temp

else temp= temp* temp return z

www.ism.ase.ro

in y[] if y[i] == 1 then z = z * temp else temp= temp* temp
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Prime numbers “ The problem of distinguishing prime numbers from composite numbers and of resolving
Prime numbers
Prime numbers

The problem of distinguishing prime numbers

from composite numbers and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic.”

Carl Friedrich Gauss (1805)

Test primes

Factor a composite number in primes

www.ism.ase.ro

Gauss (1805) • Test primes • Factor a composite number in primes www.ism.ase.ro 2009-2012 © ism.ase.ro
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Prime numbers • Large random prime integers are important components of a cryptographic system •
Prime numbers
Prime numbers

Large random prime integers are important

components of a cryptographic system

Test that verifies if a number is probably prime

- Simple Pseudo-prime Test; are used to increase the algorithm efficiency; the

probability to get a correct result is so high

that risks are accepted

www.ism.ase.ro

efficiency; the probability to get a correct result is so high that risks are accepted www.ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Prime numbers • there are around 10151 primes, 512 bits in length or less[3] •
Prime numbers
Prime numbers

there are around 10151 primes, 512 bits in

length or less[3]

test a prime number:

checks n%i with i = 2

Solovay-Strassen

Fermat

Rabin-Miller

n-1

www.ism.ase.ro

n%i with i = 2 – Solovay-Strassen – Fermat – Rabin-Miller n-1 www.ism.ase.ro 2009-2010 © ism.ase.ro
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Prime numbers Rabin-Miller test for a prime p : • calculate b , where b
Prime numbers
Prime numbers

Rabin-Miller test for a prime p:

calculate b, where b is the number of times 2 divides p - 1

calculate m, such that p = 1 + 2 b *m.

(1) Choose a random number, a, such that a < p.

(2) Set j = 0 and set z = a m mod p.

(3) If z = 1, or if z = p - 1, then p passes the test and may be prime.

(4) If j > 0 and z = 1, then p is not prime.

(5) Set j=j+1. If j<b and z<>p-1, set z=z 2 mod p and go back to step(4).If z = p - 1, then p passes the test and may be prime.

(6) If j = b and z <>p - 1, then p is not prime.

www.ism.ase.ro

prime. • (6) If j = b and z <>p - 1, then p is not
2009-2010 © ism.ase.ro Catalin Boja
2009-2010 © ism.ase.ro Catalin Boja
Prime numbers • Test (based on Fermat theorem): If a very large random integer p
Prime numbers
Prime numbers

Test (based on Fermat theorem): If a very large

random integer p (100 decimal digits or more) is

not divisible by a small prime a (2 or 3) and if a p-1 mod p = 1, then the number is prime except for a

small probability, that can be ignored

there are non-primes numbers, Carmichael

numbers, that satisfy Fermat’s theorem for all

values of a even though they are not prime (561 = 3 * 11 * 17), but these numbers become very rare in the larger range, such as 1024-bit numbers

www.ism.ase.ro

* 17), but these numbers become very rare in the larger range, such as 1024-bit numbers
2009 © ism.ase.ro
2009 © ism.ase.ro
Prime numbers there are 20,138,200 Carmichael numbers between 1 and 10 2 1 (approximately one
Prime numbers
Prime numbers

there are 20,138,200 Carmichael numbers between 1 and 10 21 (approximately one in 50 trillion (5*10 13 ) numbers)

•

www.ism.ase.ro

) numbers) • ( http://en.wikipedia.org/wiki/Carmichael_number ) www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Factoring composite numbers
Factoring composite numbers
• • •

The best known algorithm: Number Field

Sieve (NFS) factorization of large integers

Current world record: RSA-768 (232 digits) 2 years on hindered of machines

Factoring a 1024 bit integer: estimated about

1000 times harder (Dan Boneh, 2012)

www.ism.ase.ro

1024 bit integer: estimated about 1000 times harder (Dan Boneh, 2012) www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Integer factorization problem
Integer factorization problem

For a positive integer n get the factorization n = p 1 e1 p 2 e2 p k ek where p i are prime values and e i ≥ 1.

Cryptographic algorithms based on this problem:

RSA public key encryption

RSA signature

Rabin public key encryption

www.ism.ase.ro

– RSA public key encryption – RSA signature – Rabin public key encryption www.ism.ase.ro 2009 ©
2009 © ism.ase.ro
2009 © ism.ase.ro
Entropy • the entropy of X represents a mathematical measurement of the amount of information
Entropy
Entropy

the entropy of X represents a mathematical

measurement of the amount of information obtained by analyzing X.

is the uncertainty regarding the result before

analyzing X;

it represent [Claude Shannon] the number of bits

needed to give the shortest binary representation

of the message

Measured by

www.ism.ase.ro

of the message • Measured by www.ism.ase.ro n  i  1 p log i 2

n

i 1

p log

i

2

1  

p

i

2009 © ism.ase.ro
2009 © ism.ase.ro
Entropy What’s the entropy of your 8 case - insensitive alpha (a-z) chars password ?
Entropy
Entropy

What’s the entropy of your 8 case-

insensitive alpha (a-z) chars password ?

www.ism.ase.ro

the entropy of your 8 case - insensitive alpha (a-z) chars password ? www.ism.ase.ro 2009-2012 ©
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Entropy Scenario Available Characters Required Password Length for 56-Bit Key Required Password Length for 128-Bit
Entropy
Scenario
Available Characters
Required Password
Length for 56-Bit Key
Required Password
Length for 128-Bit
Key
Numeric PIN
10 (0–9)
17
40
Case-insensitive
26 (A–Z or a–z)
12
28
alpha
Case-sensitive alpha
52 (A–Z and a–z)
10
23
Case-sensitive alpha
and numeric
62
(A–Z, a–z, and 0–9)
10
22
Case-sensitive alpha,
numeric, and
punctuation
93
(A–Z, a–z, 0–9, and
punctuation)
9
20

www.ism.ase.ro

and punctuation 93 (A–Z, a–z, 0–9, and punctuation) 9 20 www.ism.ase.ro 2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
2009-2012 © ism.ase.ro Catalin Boja
Complexity • Algorithm complexity is measured by: – Input length – Processing time • Complexity
Complexity
Complexity

Algorithm complexity is measured by:

Input length

Processing time

Complexity classes

constant, f(n) = 1;

linear, f(n) = n;

logarithmic, f(n) = log 2 n;

square, f(n) = n 2 ;

cubic, f(n) = n 3

polynomial, f(n) = n c , cu c >1;

exponential, f(n) = 2 n or f(n) = a n , cu a > 1.

factorial, f(n) = n!

www.ism.ase.ro

exponential, f(n) = 2 n or f(n) = a n , cu a > 1. –
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity Complexity Direct access search O(1) Sequential search O(n) Binary search O(log 2 n) Search
Complexity
Complexity
Direct access search
O(1)
Sequential search
O(n)
Binary search
O(log 2 n)
Search in hash tables
O(GU hash )
Search in binary balanced search
trees (AVL, Red & Black)
O(log 2 n)
Search in B trees
1+log N ((n+1)/2), where N is the B tree
order
Sequential search in files
O(n)
Direct access search in files
O(1)
Search in indexed files
O(log 2 n) for
an
index
of
binary
balanced search trees type
Search in reverse files
O(n)

www.ism.ase.ro

n) for an index of binary balanced search trees type Search in reverse files O(n) www.ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity Value n f(n) = 1 f(n) = n f(n)= log 2 n f(n) =
Complexity
Value n
f(n) = 1
f(n) = n
f(n)= log 2 n
f(n) = n 2
f(n) = 2 n
10
1
10
3.32
100
1024
100
1
100
6.64
10000
1,26 * 10 30
1000
1
1000
9.97
1000000
-
10000
1
10000
13.29
100000000
-

www.ism.ase.ro

1,26 * 10 30 1000 1 1000 9.97 1000000 - 10000 1 10000 13.29 100000000 -
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity • Example – students distribution in dormitories Is P = NP? Is NP =
Complexity
Complexity

Example students distribution in dormitories

Is P = NP?

Is NP = co-NP?

P vs NP

One of the unsolved math theories

(http://en.wikipedia.org/wiki/Millennium_Prize_Problems)

Over 3000 NP identified problems

http://en.wikipedia.org/wiki/List_of_NP-complete_problems

www.ism.ase.ro

3000 NP identified problems http://en.wikipedia.org/wiki/List_of_NP-complete_problems www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity www.ism.ase.ro 2009 © ism.ase.ro
Complexity
Complexity
Complexity www.ism.ase.ro 2009 © ism.ase.ro

www.ism.ase.ro

Complexity www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity www.ism.ase.ro 2009 © ism.ase.ro
Complexity
Complexity
Complexity www.ism.ase.ro 2009 © ism.ase.ro

www.ism.ase.ro

Complexity www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Complexity • Definition The complexity class P is the set of all decision problems that
Complexity
Complexity

Definition The complexity class P is the set of all decision

problems that are solvable in polynomial time.

Definition The complexity class NP is the set of all decision problems for which a YES answer can be verified in

polynomial time given some extra information, called a

certificate.

It must be emphasized that if a decision problem is in NP, it may not be the case that the certificate of a YES answer can be easily obtained; what is asserted is that such a certificate does exist, and, if known, can be used to efficiently verify the YES answer. The same is true of the NO answers for problems in co-NP. [6]

www.ism.ase.ro

verify the YES answer. The same is true of the NO answers for problems in co-NP.
2009 © ism.ase.ro
2009 © ism.ase.ro
Complex theories • From a mathematic viewpoint, the strength of a cryptographic algorithm = problem
Complex theories
Complex theories

From a mathematic viewpoint, the strength of a

cryptographic algorithm = problem complexity

A problem is considered simple if it can be solved (or a large part of solutions) in a polynomial time

Are defined based on mathematic problems with

unknown real complexity

In well defined conditions (input data carefully

selected) the solution is almost impossible to be

determined

www.ism.ase.ro

(input data carefully selected) the solution is almost impossible to be determined www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Complex theories • The integer factorization problem • The RSA problem – RSA inversion •
Complex theories
Complex theories

The integer factorization problem

The RSA problem RSA inversion

The knapsack problem subset sum problem

The quadratic residuosity problem

Computing square roots in Zn

The discrete logarithm problem

The generalized discrete logarithm problem

The Diffie-Hellman problem

The generalized Diffie-Hellman problem

* for a mathematical analysis consult [6]

www.ism.ase.ro

• The generalized Diffie-Hellman problem * for a mathematical analysis consult [6] www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Integer factorization problem
Integer factorization problem

For a positive integer n get the factorization n = p 1 e1 p 2 e2 p k ek where p i are prime values and e i ≥ 1.

Cryptographic algorithms based on this problem:

RSA public key encryption

RSA signature

Rabin public key encryption

www.ism.ase.ro

– RSA public key encryption – RSA signature – Rabin public key encryption www.ism.ase.ro 2009 ©
2009 © ism.ase.ro
2009 © ism.ase.ro
RSA problem – RSA inversion
RSA problem – RSA inversion

Being given:

a positive integer number, n that is the product of two prime numbers, p and q

a positive integer number, e and gcd(e, (p−1)(q−1)) = 1

an integer c

find an integer m such that m e ≡ c (mod n)

The conditions imposed by n and e guarantees the uniqueness of the

solution m {0, 1,

, n − 1} for each integer c {0, 1,

, n − 1}

Cryptographic algorithms based on this problem:

RSA public key encryption

RSA signature

www.ism.ase.ro

algorithms based on this problem: – RSA public key encryption – RSA signature www.ism.ase.ro 2009 ©
2009 © ism.ase.ro
2009 © ism.ase.ro
Quadratic residuosity problem
Quadratic residuosity problem

Given an odd composite integer n and an integer

a Jn (having Jacobi symbol =1) decide whether or not a is a quadratic residue modulo n

http://en.wikipedia.org/wiki/Legendre_symbol

http://en.wikipedia.org/wiki/Jacobi_symbol

http://en.wikipedia.org/wiki/Quadratic_residue

Cryptographic algorithms based on this problem:

Goldwasser-Micali public key encryption

Blum-Blum-Shub pseudo-random number generator

www.ism.ase.ro

public key encryption – Blum-Blum-Shub pseudo-random number generator www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Square roots modulo n • Given a composite integer n, with unknown prime factors, and
Square roots modulo n
Square roots modulo n

Given a composite integer n, with unknown

prime factors, and a Qn (the set of quadratic residues modulo n), find a square root of a modulo n; that is, an integer x such that x 2 ≡ a (mod n)

www.ism.ase.ro

find a square root of a modulo n; that is, an integer x such that x
2009 © ism.ase.ro
2009 © ism.ase.ro
Discrete logarithm problem • given a prime p , a generator α of (Z p
Discrete logarithm problem
Discrete logarithm problem

given a prime p, a generator α of (Z p ) group, and an element β (Z p ) , find the integer x, 0 ≤ x ≤ p − 2, such that α x ≡ β (mod p).

Cryptographic algorithms based on this problem:

Diffie-Hellman key agreement protocol

ElGamal encryption

ElGamal electronic signature

www.ism.ase.ro

key agreement protocol – ElGamal encryption – ElGamal electronic signature www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Diffie-Hellman problem • Given a prime number p , a generator α for (Z p
Diffie-Hellman problem
Diffie-Hellman problem

Given a prime number p, a generator α for (Z p ) group, and elements α a mod p and α b mod p, find α ab mod p.

Cryptographic algorithms based on this problem:

Diffie-Hellman key agreement protocol

ElGamal encryption

www.ism.ase.ro

on this problem: – Diffie-Hellman key agreement protocol – ElGamal encryption www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Knapsack problem – subset sum problem
Knapsack problem – subset sum
problem

, a n }

Given a set of positive integers{a 1 , a 2 , and a positive integer value S, determine

whether or not there is a subset of values a j that sums to S

Cryptographic algorithms based on this problem:

The first Merkle-Hellman public key encryption

scheme

www.ism.ase.ro

based on this problem: • The first Merkle-Hellman public key encryption scheme www.ism.ase.ro 2009 © ism.ase.ro
2009 © ism.ase.ro
2009 © ism.ase.ro
Knapsack problem – subset sum problem
Knapsack problem – subset sum
problem

Possible solution 1:

INPUT: a set of positive values {a1, a2,

OUTPUT: x i {0, 1}, 1 ≤ i ≤ n, such that

, an} and the integer s>0. , if x i exists.

a x

i

i

s

n

i 1

1. For each possible array (x 1 , x 2 ,

It is determined l =

If I == s then one solution is (x 1 , x 2 ,

2. If all possible arrays are verified - > there is no solution

, x n ) (Z 2 ) n :

n

i

1

a x

i

i

, x n ).

Solution complexity = O(2 n ) inefficient

www.ism.ase.ro

n  i  1 a x i i , x n ). Solution complexity =
2009 © ism.ase.ro
2009 © ism.ase.ro
Knapsack problem – subset sum problem
Knapsack problem – subset sum
problem

Soution 2 - Meet-in-the-middle

INPUT: a set of positive values {a1, a2,

, an} and the integer s>0.

OUTPUT: x i {0, 1}, 1 ≤ i ≤ n, such that

1. It is determined t = n/2

2. There are defined the arrays ( value; these arrays define a matrix

t

i 1

a x

i

i

n

i 1

a x

i

i

, (x 1 , x 2 ,

s

, if x i exists.

, x t )) sorted by the partial sum

3. For each array (x t+1 , x t+2 ,

, x n ) (Z 2 ) nt :

it is computed l i = S − Si and it is verified if l i is in the previous defined matrix, with S i =

n

i t 1

If I i is in the matrix then the solution is found

a x

i

i

4. If all possible arrays are verified - > there is no solution

Solution complexity = O(2 n/2 ) inefficient

www.ism.ase.ro

- > there is no solution Solution complexity = O(2 n / 2 ) – inefficient
2009 © ism.ase.ro
2009 © ism.ase.ro
Large (Big) numbers • numbers with over 10 digits – mostly 100 Ex [3]: •
Large (Big) numbers
Large (Big) numbers

numbers with over 10 digits mostly 100

Ex [3]:

Age of Universe: 2 34

Numbers of atoms in the planet: 2 170 <-> 10