Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography...

Introduction to Cryptography

--- Foundations of computer security ---

Related Chapters

• Cryptography

– CHAPTER 2, A Cryptography Primer

– CHAPTER 37, Data Encryption

– CHAPTER 39, Public Key Infrastructure

– CHAPTER 70, Advanced Data Encryption

2

Outline

• basic terms in cryptology

• classic secret key ciphers

• modern secret key ciphers

– DES (Data Encryption Standard) and AES (Advanced Encryption Standard)

– how do they work

– how to use DES and AES in practice • 4 modes of operations

3

Basic Terms

• cryptology (to be very precise) – cryptography --- designing

– cryptanalysis --- code breaking

• cryptologist – cryptographer

– cryptanalyst

• encryption/encipherment – scrambling data into unintelligible to unauthorised

parties

4

Basic Terms (2)

• decryption/decipherment

– un-scrambling

• cipher/cryptosystem

5

A Short History

• dividing line is 1976/77

– classic ~1976/77 • 1976: Diffie & Hellman discovered public key cryptography

• 1977: National Bureau of Standards published DES (Data Encryption Standard)

– modern 1976/77 ~ today

6

History (2)

• the word of “cipher”--- from Greek (secret writing)

• ancient Egypt, Julius Caesar, ...

• WWII – Enigma cipher machine

• broken by British team including Alan Turing

– Purple cipher • broken by US, led to the death of Yamamoto

• Mainly for war, diplomacy & politics

7

Good Book on History of Crypto

• David Kahn, The Codebreakers, Macmillan, New York, 1972.

• PS:

– a revised edition was published in 1996

– Not quite complete

8

Cryptography Goals

• Authentication:

– Alice sends a message to Bob. How can Bob verify that the message originated from Alice and not from Eve pretending to be Alice?

• Confidentiality:

– Alice sends a message to Bob. How can Bob be sure that the message was not read by Eve? For example, personal communications need to be maintained as confidential.

9

Cryptography Goals (2)

• Integrity:

– Alice sends a message to Bob. How does Bob verify that Eve did not intercept the message and change its contents?

• Nonrepudiation:

– Alice could send a message to Bob and later deny that she ever sent a message to Bob. In such a case, how could Bob ever determine who actually sent him the message?

10

Types of Ciphers

• private key cryptosystems/ciphers

– Also known as • Secret key ciphers

• Single key ciphers

• Symmetric ciphers

• public key cryptosystems/ciphers

– Also known as • asymmetric ciphers

11

Representation of Data

• By characters

– each character is represented by a 8-bit byte according to the ASCII table

• By binary bits (0’s and 1’s)

– eg. • fax messages

• images

• digitalised voice data

12

Private Key Cipher

13

E Network or Storage

Plain Text Cipher Text Cipher Text Original Plain Text

Bob

Shared Secret Key

Alice

Shared Secret Key

D

Concepts

• A private key cipher is composed of two algorithms

– encryption algorithm E

– decryption algorithm D

• The same key K is used for encryption & decryption

• K has to be distributed beforehand

14

Notations

• Encrypt a plaintext P using a key K & an encryption algorithm E C = E(K,P)

• Decrypt a ciphertext C using the same key K and the matching decryption algorithm D P = D(K,C)

• Note: P = D(K,C) = D(K, E(K,P))

15

Classic Ciphers

• Substitution ciphers (also called shift/additive ciphers) – Monoalphabetic ciphers

– Polyalphabetic ciphers

• Transposition (permutation) ciphers

• Product ciphers – using both

• substitution, and

• transposition

16

The Caesar Cipher

• The Caesar cipher

– a substitution cipher, named after Julius Caesar.

• Operation principle: each letter is translated into the letter a fixed number of positions after it in the alphabet table.

• the fixed number of positions is a key both for encryption and decryption.

17

18

The Caesar Cipher (cnt’d)

Outer: plaintext

Inner: ciphertext

19

The Caesar Cipher (cnt’d)

K=3

An Example

• for a key K=3, plaintext letter: ABCDEF...UVWXYZ ciphertext letter: DEF...UVWXYZABC

• Hence TREATY IMPOSSIBLE is translated into WUHDWB LPSRVVLEOH

20

An Exercise

• Using the Caesar cipher to encode the following message under a key K=3 WAR STARTS TOMORROW

21

Another substitution cipher example

22

Transposition Cipher

• It works by changing the location of characters (characters’ permutation).

• A cyclic group defines the permutation with a single key to encrypt, and the same key is used to decrypt the ciphered message.

23

Polyalphabetic Cipher

• Instead of one-to-one mapping (Cesar cipher), one-to-many mapping is used.

• A single letter can have multiple substitutes.

• A tableau is developed (see next slide). This tableau is a series of shift ciphers.

• The key is repeated over the plaintext. Then, using the tableau, the corresponding letter is used.

• The top row is used to look up the plaintext, and the leftmost column is used to reference the keyword.

24

Polyalphabetic Cipher Example

• Plaintext: “Ask not what your country can do for you”, key: “rockerrooks”.

• Notice that “A” is encrypted to different letters.

26

Plaintext A S K N O T W H A T Y O U R …

Key R O C K E R R O O K S R O C …

Ciphertext R G M X S K N V O D Q F I T …

• Ciphertext only attack: – The cryptanalyst has an

access to the ciphertext only. Frequency analysis is used to infer the key.

• Known plaintext attack: – The cryptanalyst has an an

access to both plaintext and the corresponding cipher text trying to find the key.

• Chosen plaintext attack: – The cryptanalyst can encrypt

plaintext of his choice and analyze the resulting cipher text.

• Chosen Ciphertext attack: – The cryptanalyst can decrypt

ciphertext of his choice to recover the key.

27

Attacks Against Cryptography

• by trial-and error

• by using statistics on letters – frequency distributions of

letters letter percent A 7.49% B 1.29% C 3.54% D 3.62% E 14.00% ..................................

• with the help of fast computers, 99.99% ciphers used before 1976 are breakable by using one of the 4 types of attacks.

• The first computer designed by Alan Turing was used to break the Enigma cipher in WWII.

28

Breaking the Caesar Cipher

MODERN BLOCK CIPHERS

29

Block Ciphers

• Block ciphers provide the backbone algorithmic technology behind most modern-era ciphers

• It is a series of serial operations (rounds).

• In each round, a chunk of the input data is encrypted and fed to the next round. (chaining)

• Each output block is the same size as the input block.

• Each block uses a subkey permuted (derived) from the original key.

30

Modern Private Key Ciphers

• DES (US, 1977) – key -- 56 bits, plaint/ciphertext -- 64 bits

• IDEA (Lai & Massey, Swiss, 1991) – key -- 128 bits, plaint/ciphertext -- 64 bits

• LOKI (ADFA, Australia, 1989) – key, plaint/ciphertext -- 64 bits

• FEAL (NTT, Japan, 1990) – key -- 128 bits, plaint/ciphertext -- 64 bits

• AES (successor to DES, 2001)

31

• a 56-bit key K is expanded into 16 subkeys, each 48 bits (K1, K2, ..., K16)

• Encryption consists of 16 rounds, each using a different 48-bit subkey

• Both a plaintext & a ciphertext are 64 bits long

• Similar to encryption, except that the order in which the subkeys are used is reversed, namely, (K16, K15, ..., K2, K1)

32

Encryption using DES

DES (Encryption)

64-bit plaintext

56-bit key

64-bit ciphertext

DES (Decryption)

64-bit ciphertext

56-bit key

64-bit plaintext

AES Family – AES-128,AES-192, AES-256

33

AES- 128

128-bit plaintext

128-bit key

128-bit ciphertext

AES- 192

128-bit plaintext

192-bit key

128-bit ciphertext

AES- 256

128-bit plaintext

256-bit key

128-bit ciphertext

Examples

• AES128 – PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f – CIPHERTEXT: 69c4e0d86a7b0430d8cdb78070b4c55a

• AES256

– PLAINTEXT: 00112233445566778899aabbccddeeff – KEY: 000102030405060708090a0b0c0d0e0f

101112131415161718191a1b1c1d1e1f – CIPHERTEXT: 8ea2b7ca516745bfeafc49904b496089

34

Use of A Private Key Cipher in Practice

4 Modes of Operation

• Electronic Code Book (ECB)

• Cipher Block Chaining (CBC)

• Cipher Feedback Mode (CFB)

• Output Feedback Mode (OFB)

• (Use AES-128 as an example)

36

Electronic Code Book (ECB)

37

E E E E E E E E E E

plaintext (message)

m1 m2 m3 m4 m5 m6 m7 m8 m9 m10

c1 c2 c3 c4 c5 c6 c7 c8 c9 c10

K

ciphertext (scrambled message)

Encryption mi, ci: 128 bits for AES K: 128 bits (or 192, 256 bits)


38

D D D D D D D D D D

ciphertext (message)

m1 m2 m3 m4 m5 m6 m7 m8 m9 m10

c1 c2 c3 c4 c5 c6 c7 c8 c9 c10

K

plaintext (original message)

Decryption


39

Encryption

Decryption

K

E E E E E E E E E E

plaintext (message)

m1 m2 m3 m4 m5 m6 m7 m8 m9 m10

c1 c2 c3 c4 c5 c6 c7 c8 c9 c10

ciphertext (scrambled message)

K D D D D D D D D D D

ciphertext (message)

m1 m2 m3 m4 m5 m6 m7 m8 m9 m10

c1 c2 c3 c4 c5 c6 c7 c8 c9 c10

plaintext (original message)

Padding

• If the length of a plaintext is not a multiple of 128bits, extra bits (0’s or 1’s) are padded to the end of the original message, so that the last block is 128 bits.

• Padded bits are discarded after decryption.

40

Examples of ECB Mode

• AES128, Encryption, 16 bytes – KEY = 10a58869d74be5a374cf867cfb473859 – PLAINTEXT = 00000000000000000000000000000000 – CIPHERTEXT = 6d251e6944b051e04eaa6fb4dbf78465

• AES256, Decryption, 16 bytes

– KEY = 07eb03a08d291d1b07408bf3512ab40 c91097ac77461aad4bb859647f74f00ee

– CIPHERTEXT = 47cb030da2ab051dfc6c4bf6910d12bb – PLAINTEXT = 00000000000000000000000000000000

41 Source: NIST AES Test Data

ECB, AES128

• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a

ae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710

• Key, 128 bits – 2b7e151628aed2a6abf7158809cf4f3c

• Ciphertext – 3ad77bb40d7a3660a89ecaf32466ef97

f5d3d58503b9699de785895a96fdbaaf 43b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4

42

43

Bit-Wise Exclusive OR (XOR)

0 0 = 0

1 1 = 0

0 1 = 1

1 0 = 1

P 1 0 0 1 0 0 1 0

K 0 1 0 1 1 1 1 1

C 1 1 0 0 1 1 0 1

XOR Table

Useful properties: PKC CKP

In Java, C & C++: C = P ^ K; P = C ^ K;

Cipher Block Chaining (CBC)

44

IV

E

m1

c1

E

m2

c2

E

m3

c3

E

m4

c4

K

Encryption


45

IV

D

m1

c1

D

m2

c2

D

m3

c3

D

m4

c4

K

Decryption

Cipher Block Chaining (CBC) --- Another way to look at decryption

46

c1

m1

c2

m2

c3

m3

IV

c4

m4

D D D D

K

Decryption


47

IV

E

m1

c1

E

m2

c2

E

m3

c3

E

m4

c4

K

Encryption

c1

m1

c2

m2

c3

m3

IV

c4

m4

D D D D

K Decryption

CBC, AES256

• Plaintext, 128 X 4 bits – 6bc1bee22e409f96e93d7e117393172a


• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781

1f352c073b6108d72d9810a30914dff4

• IV, 128 bits – 000102030405060708090a0b0c0d0e0f

• Ciphertext – f58c4c04d6e5f1ba779eabfb5f7bfbd6

9cfc4e967edb808d679f777bc6702c7d 39f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b

48

Cipher Block Chaining (CBC) with Interleave Factor = 2

49

IV

E

m1

c1

E

m2

c2

E

m3

c3

E

m4

c4

K

Encryption

c0

Agreed values


50

Decryption

IV

D

m1

c1

D

m2

c2

D

m3

c3

D

m4

c4

K

c0

Agreed values


51

IV

E

m1

c1

E

m2

c2

E

m3

c3

E

m4

c4

K

Encryption

c1

m1

c2

m2

c3

m3

IV

c4

m4

D D D D

K Decryption

c0

c0

Higher Order Bits & Lower Order Bits

52

128-bit register/storage

Higher order bits Lower order bits

(Note: in line with Java, C, and C++)

The left The right

b127 b0

Cipher Feedback Mode (CFB)

53

Encryption

mi ci

ki: t higher order bits

t bits t bits

E K

128-bit shift register (to the left by t bits)

…

128-bit register

(1)

(2)

(3)

(4) Copy & Feedback t bits

Blocks, Key & Initial Vector for CFB

• Long data is divided into blocks, each having t bits. Typically, t=8.

• Key & initial vector

– Sender & receiver need to agree on 2 pieces of information beforehand: • key K (has to be kept secret)

• an initial vector for the shift register

– it does NOT have to be kept secret !

– a 128-bit all-0 vector may be chosen

54


55

Decryption

ci mi

t bits t bits

E K


... (3)

(2)

(1)


(4) Copy & Feedback t bits


56

Encryption

mi ci


t bits t bits

E K


…

128-bit register

(1)

(2)

(3)

(4)

ci mi

t bits t bits

E K


... (3)

(2)

(4) (1)

Decryption


4 Sub-steps in CFB Decryption

• encrypt (with, say, AES)

• XOR

• Shift (to the left/higher order bit positions)

• Feedback (to the lower order bit positions)

57

CFB with t=1, AES128

• Plaintext, 16 bits – 6bc1 (=0110 1011 1100 00012)


• IV, 128 bits – 000102030405060708090a0b0c0d0e0f

• Ciphertext, 16 bits – 68b3 (=0110 1000 1011 00112)

58

CFB with t=8, AES256

• Plaintext, 18 bytes (=144 bits) – 6bc1bee22e409f96e93d7e117393172aae2d

• Key, 256 bits – 603deb1015ca71be2b73aef0857d7781

1f352c073b6108d72d9810a30914dff4

• IV, 128 bits – 000102030405060708090a0b0c0d0e0f

• Ciphertext, 18 bytes – dc1f1a8520a64d655fcc8ac554844e889700

59

Output Feedback Mode (OFB)

60

Encryption

iiickm

:Note

mi ci

t bits t bits

E K

(2)

(3) Feedback all 128 bits

(1)


128-bit shift register (initially IV)


61

Decryption

ii

iii

iiiii

mm

kkm

kkmkc

00

)(

)(

:Note

ci mi

t bits t bits

E K


(2)


(1)



62

Encryption Decryption

mi ci

t bits t bits

E K


(2)


(1)


ci mi

t bits t bits

E K


(2)


(1)


OFB, AES128

• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a



• IV, 128 bits – 000102030405060708090a0b0c0d0e0f

• Ciphertext, 128 x 4 bits – 3b3fd92eb72dad20333449f8e83cfb4a

7789508d16918f03f53c52dac54ed825 9740051e9c5fecf64344f7a82260edcc 304c6528f659c77866a510d9c1d6ae5e

63

OFB, AES192

• Plaintext, 128 x 4 bits – 6bc1bee22e409f96e93d7e117393172a


• Key, 192 bits – 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b

• IV, 128 bits – 000102030405060708090a0b0c0d0e0f

• Ciphertext, 128 x 4 bits – cdc80d6fddf18cab34c25909c99a4174

fcc28b8d4c63837c09e81700c1100401 8d9a9aeac0f6596f559c6d4daf59a5f2 6d9f200857ca6c3e9cac524bd9acc92a

64

Which Mode to Use ?

• electronic code book (ECB) suffers various potential attacks, including block-replacing attack, it should NOT be used !

• Use one of the other 3 modes

– cipher block chaining (CBC)

– cipher feedback mode (CFB)

– output feedback mode (OFB)

65

Other modes

• Counter mode (CTR)

• Combined modes

– CTR + CFB

– CTR + OFB

– ……

66

Counter Mode (CTR)

67

Encryption

iiickm

:Note

mi ci

t bits t bits

E K

128-bit counter (initialized to 0)

(2)

(3) Increase counter by 1

(1)


Counter

Counter Mode (CTR)

68

Decryption

iiimkc

:Note

ci mi

t bits t bits

E K

128-bit counter (initialized to 0)

(2)

(3) Increase counter by 1

(1)


Counter

How Long a Key should Be to Be Secure

• 56 bits (DES) -- too short

• 64 bits -- OK for a few months

• 80 bits -- OK for non-critical applications

• 128 bits -- OK for all applications

• 256 bits – OK for applications requiring the highest level of security

69

How to Get Long Keys

• use ciphers that support long keys:

– IDEA (128 bits)

– AES (128, 192, 256 bits)

• use triple DES

– results in a key of 112 bits • encrypt using K1

• decrypt using K2

• encrypt again using K1

70

Triple DES (~2030) --- Option 1

71

E E D m c

c m

Encrypt

Decrypt

K1

K2

K3

D D E

K1

K2

K3 Source: NIST SP800-67 rev1, 1/2012

Triple DES (~2030) – Option 2

72

E E D m c

K1

K2

D D E c m

K1

K2

Encrypt

Decrypt

ONE-WAY HASH

73

One-Way Hash Algorithm

74

A document (of any length)

A condensed, short, fixed length output (say of 160 bits)

One-Way Hash Algorithm

• a one-way hash algorithm hashes an input document into a condensed short output (say of 160 bits)

• One-wayness – Given an output, it is infeasible for any one to find an

input document which is hashed to that specific output !

• Collision resistance – it is infeasible for any one to find two or more input

documents which are hashed to the same condensed output !

75

Criteria of Hash Functions

• Preimage resistance: – Given a message m and the hash function hash, if the hash

value h = hash(m) is given, it should be hard to find any m such that h = hash(m).

• Second preimage resistance (weak collision resistance): – Given input m1 , it should be hard to find another message m2

such that hash(m1) = hash(m2) and that m1 ≠ m2

• Strong collision resistance: – It ought to be hard to find two messages m1 ≠ m2 such that

hash(m1) = hash(m2).

76

Finding collision is infeasible

77

(same condensed output)

I, Bob, will pay $1,000 to Alice.

I, Bob, will pay $10,000 to Alice.

• Shredding a newspaper into very fine pieces – Pick & keep only 20 random pieces

out of all those fine pieces & burn off the rest

• It’s “1-way” – Infeasible for one to recover the

original newspaper from the 20 fine pieces

• It’s “collision-resistant” – Infeasible for one to find 2

different newspapers that are shredded to the same set of 20 pieces

78

Confetti Shredder as “1-Way Hash”

• SHA Family – SHA-1 (output: 160 bits)

– SHA-224 (output: 224 bits)




• MD5 (broken, should no longer be used)

79

Examples of 1-Way Hashing

SECURE TWO-WAY COMMUNICATION

80

Secure 1-Directional Communication

81

Network or Storage

Plain Text Cipher Text Cipher Text Original Plain Text

Bob

Shared Secret Key

Alice

Shared Secret Key

E D

Secure Bi-Directional Communication

82

Open Network

Plain Text Cipher Text Cipher Text Plain Text

Bob Alice

Pair of Shared Secret Keys: KAB & KBA

Pair of Shared Secret Keys: KAB & KBA

E D

PUBLIC KEY CRYPTOGRAPHY (ASYMMETRIC CRYPTOGRAPHY)

83

Public Key Cryptosystem

84

Plain Text Cipher Text Cipher Text Plain Text

Alice Bob

Secret Key

(for decryption)

Open

Network

Bob’s Public Key

(for encryption)

Public Key Directory

E D

Public Key Encryption/Decryption Process

85

Main Differences with AES

• The public encryption key is different from the secret decryption key.

• Infeasible for an attacker to find out the secret decryption key from the public encryption key.

• No need for Alice & Bob to distribute a shared secret key beforehand !

• Only one pair of public and secret keys is required for each user !

86

Digital Signature

87

S

Message

V

Message

H

256 bits

Bob

Secret

Signing Key

+

H

Cathy

Signature

Accept

if satisfied

1-way hash

Signature

Public Key

signature

generation

algorithm

256 bits

signature

verification

algorithm

Open

Network

Bob’s Public

Verification Key

Public Key Directory

Digital Signature Operations

88

Applications of Digital Signature • Authentication • Non-repudiation • Digital certification • E-Commerce

– Digital certificates for servers, clients & users

• Secure communication • Digital credentials • Certified software applications (apps, drivers, APIs etc) • Digital money • ……

89

• ePassport – an embedded RFID chip that

contains information about the owner

– Digitally signed --- good !

– Data may be encrypted with a key derived from user info --- not secure at all !

• Ref: – ICAO Doc 9303, Machine

Readable Travel Documents

90

Digital Signature in ePassport

e-Passport

symbol

RFID chip and

antenna is embedded

in the cover

Symmetric Key Encryption (summary)

• One Key.

• Pre-distribution of the key is needed.

• Fast.

• Not scalable (you need a key for each sender/receiver).

• Not suitable for broadcasting messages.

91

Asymmetric Key Encryption (summary)

• Two Keys (public and private).

• Pre-distribution of the key is NOT needed.

• Slow.

• Private key can not be derived from public key.

• Scalable (you need one pair of keys for each user).

• Suitable for broadcasting messages.

92

Using Both Symmetric and Asymmetric Crypto

• Symmetric keys are used to encrypt sessions between users (fast).

• Asymmetric keys are used to distribute the symmetric keys (more secure).

93

Public Key Encryption

• Based on Integer Factorization

– RSA

• Based on Discrete Logarithm

– ElGamal

– Diffie-Hellman

• Based on Elliptic Curves

– Elliptic curve Diffie-Hellman

• Based on Lattices

– NTRU

Digital Signature

• Based on Integer Factorization

– RSA signature

• Based on Discrete Logarithm

– Schnorr

– DSS

• Based on Elliptic Curves

– EC-DSS

• Based on Lattices

– NTRU signature

94

Notable Public Key Encryption and Digital Signature

95

Signcryption (signature+encryption)

• Simultaneously provides the functions of

– digital signature

• unforgeability & non-repudiation

– public key encryption

• confidentiality

• with a significantly smaller computational & communication overhead

Cost (signcryption) << Cost (signature) + Cost (encryption)

• Ref:

– ISO/IEC 29150:2011, Information technology -- Security techniques – Signcryption, International Organization for Standardization, 12/2011.

– www.signcryption.org

RSA Algorithm

Public key Cryptography

• Developed to address two issues:

– key distribution – how to have secure communications in general without having to trust a KDC with your own key.

– digital signatures – to verify a message coming intact from the intended sender.

• Uses two keys, private and public key.

97

RSA

• Invented by Rivest, Shamir and Adleman in 1977

• It is based on exponentiation over integers modulo a prime

• It uses large integers (to make it hard to break)

• Its security due to cost of factoring large numbers

98

Prime Numbers

• Prime numbers have only two divisors, 1 and it self.

• It can’t be written as multiplication of other numbers.

• Eg. 2,3,5,7 are prime numbers; 4,6,8,9,10 are

not.

• List of prime numbers less than 100 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59

61 67 71 73 79 83 89 97

99

Prime Factorization

• Given a number n, factoring n is to write it as multiple of other numbers; n = x * y * z.

• Prime factorization is to write a number n as a product of prime numbers.

• Eg. 91 = 7 * 13

100

Fermat’s Little Theorem

• ap-1 mod p = 1 , where p is prime and gcd(a,p)=1

• In other words, if p is a prime number, and a is any integer, then ap-a is an integer multiple of p

• Eg. a=2, p=7, 27 =128, 128-2=126, 126=7*18, 126 is multiple of 7.

101

Relatively Prime Numbers (Coprimes)

• Two numbers (a and b) are relatively prime if they have no common divisors other than 1 – eg. 8 & 9 are relatively prime since factors of 8 are 1,2,4,8

and factors of 9 are 1,3,9 and 1 is the only common factor

• In other words, relatively prime numbers have a greatest common divisor (GCD) of 1.

102

Euler Totient Function ø(n)

• Is an arithmetic function that calculates the number of relatively prime numbers (<= n) to a given number n.

• Examples: – ø(1) = 0.

– ø(10) = 4 // {1,3,7,9}

– ø(p) = p-1, if p is prime.

– ø(pe) = pe - pe-1 , if p is prime.

– ø(m*n) = ø(m) * ø(n), if m and n are coprimes

103

RSA Key Generation

1. choose two distinct prime numbers, p and q

2. compute n = p*q.

3. find ø(n) = ø(p) * ø(q) = (p-1)*(q-1).

4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 – e is the public key

5. calculate d as d*e ≡ 1 (mod φ(n)) – d is the private key

104

RSA Example

1. Select primes: p=17 & q=11

2. Compute n = pq =17×11=187

3. Compute ø(n)=(p–1)(q-1)=16×10=160

4. Select e : gcd(e,160)=1; choose e=7

5. Determine d: d*e=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1

6. Publish public key{7,187}

7. Keep secret private key{23,17,11}

105

RSA Example cont

• sample RSA encryption/decryption is:

• given message M = 88

• encryption:

C = 887 mod 187 = 11

• decryption:

M = 1123 mod 187 = 88

106

Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography...

Documents

Transcript of Introduction to Cryptographyapkerr/itis6200_02_crypto.pdf · Related Chapters •Cryptography...