C4-Public Key Cipher
C4-Public Key Cipher
(asymmetric cryptography)
Review
2
Diffie-Hellman new ideas for PKC
3
Diffie-Hellman’s proposal
4
Principles for creating a PKC
a = (a1,a2,...,an)
12
Main idea
13
Main idea
14
RSA public key cryptography
n Key generation:
q Select 2 large prime numbers of about the same size,
𝑝, 𝑞
q Compute 𝑛 = 𝑝𝑞, and 𝜑(𝑛) = (𝑞 − 1)(𝑝 − 1)
q Select a random integer 𝑒, 1 < 𝑒 < φ(𝑛), s.t.
gcd(𝑒, 𝜑(𝑛)) = 1
q Compute d, 1 < 𝑑 < 𝜑(𝑛) s.t. 𝑒𝑑 ≡ 1 𝑚𝑜𝑑 φ(𝑛)
q Public key: 𝒆, 𝒏 and Private key: 𝒅
n Note: 𝒑 and 𝒒 must remain secret
15
RSA public key cryptography
n Encryption
q Given a message 𝑀, 0 < 𝑀 < 𝑛
q Use public key (𝑒, 𝑛) compute :
𝐶 = 𝑀& (𝑚𝑜𝑑 𝑛)
n Decryption
q Given a ciphertext 𝐶, use private key (𝑑) và compute:
n 𝑀 = 𝐶 2 (𝑚𝑜𝑑 𝑛)
n Why work?
q 𝐶𝑑 𝑚𝑜𝑑 𝑛 ≡ 𝑀&' (𝑚𝑜𝑑𝑒 𝑛) ≡ 𝑀(𝑚𝑜𝑑 𝑛)
16
Example
n Parameters:
q Select 𝑝 = 11 và 𝑞 = 13
q 𝑛 = 11 ∗ 13 = 143; 𝑚 = (𝑝 − 1)(𝑞 − 1) = 10 ∗ 12 = 120
q Choose 𝑒 = 37 è gcd(37,120) = 1
q Find 𝑑 such that: 𝑒×𝑑 ≡ 1 (𝑚𝑜𝑑 120) è 𝑑 = 13 (𝑒×𝑑 = 481)
n To encrypt a binary string
q Split it into segments of 𝑢 bits, 23 ≤ 142 è 𝑢 = 7
n each segment presents a number from 1 to 127
q Compute 𝑌 = 𝑋 4 (𝑚𝑜𝑑 𝑛)
E.g.: for 𝑋 = (0000010) = 2, we have 𝑌 ≡ 𝑋37 ≡
12 𝑚𝑜𝑑 143 → 𝑌 = (00001100)
n Decryption : 𝑋 ≡ 12() 𝑚𝑜𝑑 143 = 2 → 𝑋 =
00000010
17
RSA implementation
n 𝑛, 𝑝, 𝑞
q The security of RSA depends on how large 𝑛 is, which is often
measured in the number of bits for 𝑛. Current recommendation is
1024 bits for 𝑛.
q 𝑝 and 𝑞 should have the same bit length, so for 1024 bits RSA, 𝑝
and 𝑞 should be about 512 bits.
q 𝑝 − 𝑞 should not be small
q Way to select 𝑝 and 𝑞
n In general, select large numbers (some special forms), then test for
primality
n Many implementations use the Rabin-Mille test, (probabilistic test)
18
Modular multiplicative inverse
n Bézout lemma:
q Let 𝑎 and 𝑏 be integers with greatest common
divisor 𝑑. Then, there exist integers 𝑥 and 𝑦 such
that 𝑎𝑥 + 𝑏𝑦 = 𝑑. More generally, the integers of the
form 𝑎𝑥 + 𝑏𝑦 are exactly the multiples of 𝑑
n Diophantine equation: ax+by=c
q This equation has solution if and only if 𝑐 ⋮ gcd(𝑎, 𝑏)
n If 1 = 𝐺𝐶𝐷(𝑒, 𝑛) à 1 = 𝑥𝑒 + 𝑦𝑛 à 𝑥𝑒 ≡
1(𝑚𝑜𝑑 𝑛) à 𝑥 ≡ 𝑒 %! (𝑚𝑜𝑑 𝑛)
19
Modular multiplicative inverse
20
Modular multiplicative inverse
n Example
q Determine gcd(252, 198)
252 =198 × 1 + 54
198 = 54 × 3 + 36
54 = 36 × 1 + 18
36 =18 × 2 + 0
Gcd(252, 198) = 18
21
Modular multiplicative inverse
n Example
q Solve: 252x+198y=18
(x, y) = 1, -5
22
Modular multiplicative inverse
n Example
q Solve: 252x+198y=18
(x, y) = 1, -5
23
Modular multiplicative inverse
n Example
q Determine 28-( 𝑚𝑜𝑑 75
75 = 28 × 2 + 19 1 = 19 - 9 × 2
28 = 19 × 1 + 9 1 = 19 – (28 – 19 × 1) × 2 = -28 × 2 + 19 × 3
1 = -28 × 2 + (75 – 28 × 2) × 3 = 75 × 3 - 28 × 8
19 = 9 × 2 + 1
24
Modular exponentiation
n compute 𝑥 S (𝑚𝑜𝑑 𝑛)
n Naïve method:
q 𝑥 . 𝑚𝑜𝑑 𝑛 = 𝑥 𝑚𝑜𝑑 𝑛 × 𝑥 𝑚𝑜𝑑 𝑛 × …×
𝑥 𝑚𝑜𝑑 𝑛
q à repeating modular multiplication for 𝑎 times
n Square and multiply algorithm
25
Square and multiply algorithm
n Representing 𝑎 in binary notation : 𝑎 = ∑U$TR 𝑎$ 2$
𝑧←1 E.g. Compute 𝑥 !* 𝑚𝑜𝑑 𝑛
For 𝑖 = 𝑙 down to 0 19 = 16 + 2 + 1 = 2+ + 2! + 2, = 10011
𝑧 ← 𝑧 - 𝑚𝑜𝑑 𝑛 𝑧←1
if 𝑎' = 1 then 𝑖 = 4: 𝑎+ = 1; 𝑧 ← 𝑧 "×𝑥 ≡ 1"×𝑥 ≡ 𝑥
𝑧 ← 𝑧×𝑥 𝑚𝑜𝑑 𝑛 𝑖 = 3; 𝑎- = 0; 𝑧 ← 𝑧 " ≡ 𝑥 "
𝑖 = 2; 𝑎" = 0; 𝑧 ← 𝑧 " ≡ 𝑥 +
end if
𝑖 = 1; 𝑎! = 1; 𝑧 ← 𝑧 "×𝑥 ≡ 𝑥 .×𝑥 ≡ 𝑥 *
End for 𝑖 = 0; 𝑎! = 1; 𝑧 ← 𝑧 " ≡ 𝑥 !.×𝑥 ≡ 𝑥 !*
Return 𝑧
E.g. Compute 3!* 𝑚𝑜𝑑 5
19 = 10011
𝑧←1
𝑖 = 4: 𝑎+ = 1; 𝑧 ← 1"×3 ≡ 3
𝑖 = 3; 𝑎- = 0; 𝑧 ← 3" ≡ −1
𝑖 = 2; 𝑎" = 0; 𝑧 ← (−1)"≡ 1
𝑖 = 1; 𝑎! = 1; 𝑧 ← 1"×3 ≡ 3
𝑖 = 0; 𝑎! = 1; 𝑧 ← 3"×3 ≡ −3 ≡ 2
26
Exercises
1. Compute
1. 17.) 𝑚𝑜𝑑 101
2. 357.) 𝑚𝑜𝑑 1234
3. 3125.) 𝑚𝑜𝑑 9987
4. 9726-/-- 𝑚𝑜𝑑 11413
5. 127296*,0 (𝑚𝑜𝑑 186101)
2. Given 𝑝 = 61, 𝑞 = 53
1. create a RSA system with these values
2. Suppose the value of plaintext is 123 -> find the cipher text
3. Decrypt the cipher text to obtain the plain text
3. Prove that: 𝑋 (H01)(I01) ≡ 1 (𝑚𝑜𝑑 𝑝𝑞) 𝑝, 𝑞 are primes
4. Write pseudo code for Extended Euclidean algorithm
1. The ones for computing modular multiplicative inverse
5. Prove the correctness of square and multiply algorithm
27
Projects
1. Cryptanalysis for substitution cipher
2. Cryptanalysis for vigenere cipher
3. A program for encryption and cryptanalysis of RSA as follows.
1. Encryption:
1. Input: plain text, and public key (𝑒, 𝑛)
2. Output: cipher text
3. Encryption flow
1. The plaintext is an English document. Each word of the plaintext is encoded as follows
§ DOG à 3×26! + 14×26 + 6 = 2398
§ CAT à 2×26! + 0×26 + 6 = 19
2. Each encoded word then is encrypted using RSA with the public key (𝑒, 𝑛)
§ Applying square and multiply for determining modular exponent
2. Cryptanalysis
1. Input: cipher text, and public key (𝑒, 𝑛)
2. Output: plaintext
3. Hint:
1. Determine primes p, q, s.t. n = p x q
2. Calculate 𝜑(𝑛)
3. Determine private key 𝑑
§ By using extended Euclidean algorithm
4. Decrypt with private key 𝑑
§ Applying square and multiply for determining modular exponent
28