Introduction to Information Security

Lecture 1: Introduction & Overview

2009. 6.

Prof. Kwangjo Kim

2

1. Lecture Overview

2. Basic terms

3. Quick overview on information security

4. Basic Number Theory

Contents

3

Lecture Overview

Objective:This course introduces the fundamental understanding on cryptography to apply for any secure system including classical, symmetric and asymmetric cryptosystem with mathematical background. We also deal with the cryptographic protocols and their applications. Experts in this area will give a special talk on hot issues in information security. After finishing this class, the students can gain the general knowledge and background on information security and cryptography to execute advanced research.

Course Webpagehttp://caislab.icu.ac.kr/Lecture/data/2009/summer/ice1212/

4

Instructor: Prof. Kwangjo KimAssistant: Zeen KimText: HandoutsReferences:

1. Wade Trappe, Lawrence C. Washington, “Introduction to Cryptography with Coding Theory”, 2nd Ed, 2005, Prentice Hall ISBN 0-13-186239-1

2. Richard A. Mollin, “An Introduction to Cryptography”, Chapman & Hall/CRC, 2001, ISBN 1-58488-127-5

Grading Policy: Midterm (35%), Final (35%), Quiz (10%), HW (10%), Attendance (10%)

Overview

5

Homework (Programming):

1st Half : Select one of 15 AES candidates after round 2 except Rijndael and program it with your favorite language. (Test: encryption and decryption of given test vector)

Deadline : 7/3, 2009

2nd Half : Select one of SHA-3 (round 1) candidates and program it with your favorite language. (Test: validation of given test vector)

Deadline : 7/31, 2009

6

Week Topic Remark

1 Overview, Number Theory 6/16, TA

2 Algebra and Classical Ciphers 6/18, Prof. & TA

3 Encryptions 6/23, Prof.

4 Digital Signatures 6/25, Prof.

5 Hash Functions 6/30, Prof. & TA

6 Other Cryptographic Primitives 7/2, Prof.

7 Midterm 7/7 or 7/9

Schedule (1/2)

7

Week Topic Remark

8 Special Talk : RFID/WSN Security 7/14, Hyunrok Lee

9 Special Talk : Ubiquitous Security 7/16, Jangseong Kim

10 Special Talk : Hacking and Malware 7/21, Hanyoung Noh and Sungbae Ji

11 Special Talk : ID based cryptography 7/23, Zeen Kim

12 Special Talk : E-passport and E-cash 7/28, Jeongkyu Yang

13 Special Talk : Mobile Phone Security 7/30, Jaemin Park

14 Final Exam 8/4 or 8/6

Schedule (2/2)

8

1. Basic Terms

Lots of new terminologies in every new fields…

9

Data recording of “something” measured Raw material, just measured

Information Information is the result of processing, manipulating and or-

ganizing data in a way that adds to the knowledge of the re-ceiver.

Processed data

Knowledge Knowledge is normally processed by means of structuring,

grouping, filtering, organizing or pattern recognition. Highly structured information

What is Information Security?

10

Information Systems An integrated set of components for collecting, storing, pro-

cessing, and communicating information. Business firms, other organizations, and individuals in con-

temporary society rely on information systems to manage their operations, compete in the marketplace, supply ser-vices, and augment personal lives.

Information Revolution A phrase we use to refer to the dramatic changes taking

place during the last half of the 20th century in which service jobs based on information are more common than jobs in manufacturing or agriculture.

Information becomes more and more important than materi-als, resources.

Competitiveness comes from information How much information do you have?

What is Information Security?

11

Information Security (정보보안 , 정보보호 ) Information security is the process of protecting information

from unauthorized access, use, disclosure, destruction, mod-ification, or disruption

The protection of computer systems and information from harm, theft, and unauthorized use.

Protecting the confidentiality, integrity and availability of in-formation

Information security is an essential infrastructure technology to achieve successful information-based society

Highly information-based company without information secu-rity will lose competitiveness

What kind of protection? Protecting important document / computer Protecting communication networks Protecting Internet Protection in ubiquitous world

What is Information Security?

12

Cryptography : designing secure cryptosystems Cryptography (from the Greek kryptós and gráphein, “to

write”) was originally the study of the principles and tech-niques by which information could be concealed in ciphers and later revealed by legitimate users employing the secret key.

Cryptanalysis : analyzing the security of cryptosystems Cryptanalysis (from the Greek kryptós and analýein, “to

loosen” or “to untie”) is the science (and art) of recovering or forging cryptographically secured information without knowledge of the key.

Cryptology : science dealing with information security Science concerned with data communication and storage in

secure and usually secret form. It encompasses both cryp-tography and cryptanalysis.

Cryptology = Cryptography + Cryptanalysis

13

Cryptography is a basic tool to implement information security

Security goals Secrecy (confidentiality) Authentication Integrity Non-repudiation Verifiability

More application-specific security goals

Achieve these security goals using cryptography

Without cryptography …. ???

Cryptology

14

Secret Key vs. Public Key Systems

Symmetric Key Cryptosystem

Public Key Cryptosystem

Plain Text

Cipher Text

Plain Text

Key Key

Encryption Decryption

Shared key

Plain Text

Cipher Text

Plain Text

Public Key Private Key

Encryption Decryption

Receiver’s key

15

Common Terms (1)

Cryptography(암호설계 ): The study of mathematical techniques

related to aspects of information security

Cryptanalysis(암호분석 ): The study of mathematical techniques

for attempting to defeat cryptographic techniques

Cryptology(암호학 ): The study of cryptography and crypt-

analysis Cryptosystem(암호시스템 ): A general term referring to a set

of cryptographic primitives used to provide information se-

curity Symmetric key primitives; Public key primitives

Steganography: The method of concealing the existence of

message

Cryptography is not the only means of providing information

security, but rather one set of such techniques (physical /

human security)

16

Common Terms (2)

Cipher: Block cipher, Stream cipher, Public key cipher

Plaintext/Cleartext (평문 ), Ciphertext (암호문 )

Encryption/Encipherment(암호화 )

Decryption/Decipherment(복호화 )

Key (or Cryptographic key)

Secret key

Private key / Public key

Hashing (해쉬 )

Authentication (인증 )

Message authentication

User authentication

Digital signature (전자서명 )

17

Attacks

AttacksAn efficient algorithm that, for a given crypto-

graphic design, enables some protected elements of the design to be computed “substantially” quicker than specified by the designer.

Finding overlooked and realistic threats for which the design fails

Attacks on encryption algorithms Exhaustive search (brute force attack) Ciphertext-only attackKnown-plaintext attackChosen-plaintext attackChosen-ciphertext attack

18

Security Threats

Interruption/Denial of service

Interception: eavesdropping, wiretapping, theft …

Modification

Fabrication/Forgery

Unauthorized access

Denial of facts

19

Security Services

Security services

A service that enhances information security using

one or more security mechanisms

Confidentiality/Secrecy (기밀성 ) Interception

Authentication (인증성 ) Forgery

Integrity (무결성 ) Modification

Non-repudiation (부인방지 ) Denial of facts

Access control (접근제어 ) Unauthorized access

Availability (가용성 ) Interruption

20

Security Needs for Network Communications

Interception

Confidentiality

Is Private?

Modification

Integrity

Has been altered?

Forgery

Authentication

Who am I dealing with?

Claim

Non-Repudiation

Who sent/received it?

Not SENT !

Denial of Service

Availability

Wish to access!!

Access Control

Have you privilege?

Unauthorized access

21

Security Mechanisms

Security mechanism

A mechanism designed to detect, prevent, or re-

cover from a security attack

Encryption

Authentication

Digital signature

Key exchange

Access control

Monitoring & Responding

22

Models for Evaluating Security

Conditional vs. Unconditional Security

Unconditional security

Computational security

Provable vs. Ad hoc Security

Provable security

Ad hoc security

23

Basic Number Theory

24

Introduction to Number Theory

• Prime and Relative Prime Num-bers

• Modular Arithmetic• Fermat’s and Euler’s Theorem• Testing for Primality• Euclid’s Algorithm• Chinese Remainder Theorem• Discrete Logarithms

25

Divisors

• b|a (“b divides a”, “b is a divisor of a”) if a = kb for some k, where a, b, and k are integers, and b 0

– If a|1, then a = 1– If a|b and b|a, then a = b– Any b 0 divides 0– If b|g and b|h, then b|(mg + nh) for arbitrary integers m

and n

26

Prime Numbers• An integer p > 1 is a prime number if its only di-

visors are 1 and p• Prime Factorization

– Any integer a>1 can be factored in a unique way as

a = p11 p2

2 … ptt where p1 < p2 < … < pt are

prime numbers and where each i > 0– If P is the set of all prime numbers, then any positive integer

can be written uniquely in the following form

– The value of any positive integer can be specified by listing all nonzero exponents (ap)

– Multiplication of two numbers is equivalent to adding two cor-responding exponents:

» k = mn kp = mp + np for all p– a|b ap bp for all p

0each where pP

a apa p

27

Primes Under 2000

28

Relatively Prime Numbers

• Greatest common divisor– c = gcd(a, b) if c|a and c|b and d that divides a and b: d|c– Equivalently, gcd(a, b) = max{c: c|a and c|b}

• k = gcd(a, b) kp = min(ap, bp) for all p

• a and b are relatively prime if gcd(a, b) = 1

29

Modular Arithmetic• For any integer a and positive integer n, if a is di-

vided by n, the following relationship holds:– a = qn + r 0 r n; q = a/n (q: quotient, r: remainder or

residue)

• If a is an integer and n is a positive integer, a mod n is defined to be the remainder when a is divided by n

– a = a/n n + (a mod n)

• Two integers a and b are said to be congruent modulo n if (a mod n) = (b mod n), and this is writ-ten a b mod n

• Properties of modulo operator– a b mod n if n|(a – b)– (a mod n) = (b mod n) implies a b mod n– a b mod n implies b a mod n– a b mod n and b c mod n implies a c mod n

30

Modular Arithmetic Operations• Modulo arithmetic operation over Zn = {0, 1, …, n-

1}• Properties

– [(a mod n) + (b mod n)] mod n = (a + b) mod n– [(a mod n) (b mod n)] mod n = (a b) mod n– [(a mod n) (b mod n)] mod n = (a b) mod n

31

Properties of Modular Arithmetic• Modulo arithmetic over Zn = {0, 1, …, n-1} (called a set of

residues of modulo n)• Integers modulo n with addition and multiplication form a com-

mutative ring– Commutative laws (a + b) mod n = (b + a) mod n

(a b) mod n = (b a) mod n– Associative laws [(a + b) + c] mod n = [a + (b + c)] mod n

[(a b) c] mod n = [a (b c)] mod n

– Distributive laws [a (b + c)] mod n = [(a b) + (a c)] mod n– Identities (a + 0) mod n = a mod n

(a 1) mod n = a mod n– Additive inverse (-a) a Zn b s.t. a + b 0 mod n– Multiplicative inverse (a-1) a (0) Zn, if a is relative prime to n,

b s.t. a b 1 mod n

• If n is not prime, Zn is a ring, but not a field• Zp is a field

32

Modular 7 Arithmetic

33

Groups, Rings, Fields• Group

– A set of numbers with some addition operation whose result is also in the set (closure)

– Obeys associative law, has an identity, has inverses – If also is commutative its an abelian group

• Ring– An abelian group with a multiplication operation also – Multiplication is associative and distributive over addition – If multiplication is commutative, its a commutative ring – e.g., integers mod N for any N

• Field – An abelian group for addition – A ring – An abelian group for multiplication (ignoring 0) – e.g., integers mod P where P is prime

34

Fermat’s Little Theorem• If p is prime and a is a positive integer not divisible

by p, thenap-1 1 mod p

• Proof– Start by listing the first p – 1 positive multiples of a:

a, 2a, 3a, …, (p-1)aSuppose that ra and sa are the same modulo p, then we have r s mod p, so the p-1 multiples of a above are distinct and nonzero; that is, they must be congruent to 1, 2, 3, …, p-1 in some order. Multiply all these congruences together and we finda 2a 3a … (p-1)a 1 2 3 … (p-1) mod por better, ap-1(p-1)! (p-1)! mod p. Divide both side by (p-1)! to complete the proof

• Corollary– If p is prime and a is any positive integer, then

ap a mod p

35

Euler’s Totient Function

• Euler’s totient function (n) is the number of posi-tive integers less than n (including 1) and relatively prime to n

• (p) = p-1• (1) = 1 (Definition)• Let p and q be distinct prime numbers, n = pq.

Then (pq) = (p)(q) = (p-1)(q-1)

• Proof– Consider Zn = {0, 1, …, pq-1}– The residues not relatively prime to n are 0, {p, 2p, …, (q-1)p},

and {q, 2q, …, (p-1)q}

– So (pq) = pq - (1 + (q-1) + (p-1)) = pq - p - q + 1 = (p-1)(q-1)

36

Euler’s Totient Function

37

Euler’s Theorem• Generalization of Fermat’s little theorem• For every a and n that are relatively prime,

a(n) 1 mod n• Proof

– The proof is completely analogous to that of the Fermat's Theorem except that instead of the set of residues {1,2,...,n-1} we now con-sider the set of residues {x1,x2,...,x(n)} which are relatively prime to n. In exactly the same manner as before, multiplication by a mod-ulo n results in a permutation of the set {x1, x2, ..., x(n)}. Therefore, two products are congruent:

x1x2 ... x(n) (ax1)(ax2) ... (ax(n)) mod n

dividing by the left-hand side proves the theorem.

• Corollary

a(n)+1 a mod n

38

Euler’s Theorem

• Corollaries– Given two prime numbers, p and q, and integers n =

pq and m, with 0<m<n,

m(n)+1 = m(p-1)(q-1)+1 m mod n

(Demonstrate the validity of the RSA algo-rithm)

mk(n) 1 mod n

mk(n)+1 m mod n

39

Testing for Primality (Miller-Ravin’s)

• Miller-Ravin primality test– Can be used to determine if a large number is prime

• Based on the following theorem– If p is an odd prime, then the equation

x2 ≡ 1 (mod p)has only two solutions – namely, x ≡1 (mod p) and x ≡ 1 (mod p)

• Proof– Omitted

• If there exist solutions to x2 ≡ 1 (mod n) other than 1, then n is not prime

40

Modular Exponentiation• An efficient way to compute ab mod n• Repeated squaring• Computes ac mod n as c is

increased from 0 to b• Each exponent computed

in a sequence is either twicethe previous exponent or one more than the previousexponent

• Each iteration of the loopuses one of the identities

a2c mod n = (ac)2 mod n, a2c+1 mod n = a (ac)2 mod n

depending on whether bi = 0 or 1• Just after bit bi is read and processed, the value of c is the same as the

prefix bkbk-1…bi of the binary representation of b• Variable c is not needed (included just for explanation)

Modular-Exponentiation(a, b, n)1. c 02. d 13. let bkbk-1…b0 be the binary representation of b4. for i k downto 05. do c 2c6. d (d d) mod n7. if bi = 18. then c c + 19. d (d a) mod n10. return d

41

Modular Exponentiation - ExampleModular-Exponentiation(a, b, n)1. c 02. d 13. let bkbk-1…b0 be the binary representation of b4. for i k downto 05. do c 2c6. d (d d) mod n7. if bi = 18. then c c + 19. d (d a) mod n10. return d

• Example– Result of Modular-Exponentiation algorithm for ab mod n, where a

= 7, b = 560 = 1000110000, n = 561. The values are shown after each execution of the for loop

42

Testing for Primality (Miller-Ravin’s)• Core algorithm is WITNESS(a, n)

– n : inputs to WITNESS, to be tested for primality, – a : some randomly chosen integer, 1 a < n– WITNESS(a, n) is TRUE if and only if a is a “witness” to the compos-

iteness of n – that is, if it is possible using a to prove that n is com-posite

– If WITENSS returns FALSE, then n may be prime

WITNESS (a, n)1. let bkbk-1…b0 be the binary rep. of (n-1)2. d 13. for i k downto 04. do x d5. d (d d) mod n6. if d =1 and x 1 and x n –17. then return TRUE8. if bi = 19. then d (d a) mod n10. if d 111. then return TRUE12. return FALSE

43

Testing for Primality (Miller-Ravin’s)

WITNESS (a, n)1. let bkbk-1…b0 be the binary rep. of (n-1)2. d 13. for i k downto 04. do x d5. d (d d) mod n6. if d =1 and x 1 and x n –17. then return TRUE8. if bi = 19. then d (d a) mod n10. if d 111. then return TRUE12. return FALSE

• Lines 3-9 compute d as an-1 mod n (identical to that em-ployed by Modular-Exponentiation)

• Whenever squaring step is performed on line 5, lines 6,7 check to see if nontrivial square root of 1 has just been discovered (x 1 (mod n) yet x2 1 (mod n)). If so, returns TRUE

• If WITENSS returns TRUE from line 11, then it has dis-covered that d = an-1 mod n 1. If n is prime, however, by Fermat’s theorem an-1 1 (mod n) for all a. Therefore, n cannot be prime

44

Testing for Primality (Miller-Ravin’s)

MILLER_RAVIN (n, s)1. for j 1 to s2. do a RANDOM(1, n-1)3. if WITNESS(a, n)4. then return COMPOSITE5. return PRIME

• Miller-Ravin Primaility Test• Probabilistic search• Repeatedly invoke s times WITNESS(n,a) using ran-

domly chosen values for a, if return false, then the probability that n is prime is at least 1 – 2-s

45

Euclid’s Algorithm – Finding GCD• Based on the following theorem

– gcd(a, b) = gcd(b, a mod b)– Proof

» If d = gcd(a, b), then d|a and d|b» For any positive integer b, a = kb + r ≡ r mod b, a mod b = r» a mod b = a – kb (for some integer k)

• because d|b, d|kb• because d|a, d|(a mod b)

∴ d is a common divisor of b and (a mod b)» Conversely, if d is a common divisor of b and (a mod b), then

d|kb and d|[ kb+(a mod b)]» d|[ kb+(a mod b)] = d|a∴ Set of common divisors of a and b is equal to the set of com-

mon divisors of b and (a mod b)» ex) gcd(18,12) = gcd(12,6) = gcd(6,0) = 6 gcd(11,10) = gcd(10,1) = gcd(1,0) = 1

46

Euclid’s Algorithm – Finding GCD

• Recursive algorithmFunction Euclid (a, b) /* assume a b 0 */

if b = 0 then return a

else return Euclid(b, a mod b)

• Iterative algorithmEuclid(d, f) /* assume d > f > 0 */

1. X d; Y f2. if Y=0 return X = gcd(d, f)

3. R = X mod Y

4. X Y5. Y R6. goto 2

47

Euclid’s Alg. – Finding Multiplicative In-verse

Extended Euclid(d, f)1. (X1, X2, X3) (1, 0, f); (Y1, Y2, Y3) (0, 1, d)2. If Y3 = 0 return X3 = gcd(d, f); no inverse3. If Y3 = 1 return Y3 = gcd(d, f); Y2 = d-1 mod f4. Q = X3/Y35. (T1, T2, T3) (X1 QY1, X2 QY2, X3 QY3)6. (X1, X2, X3) (Y1, Y2, Y3)7. (Y1, Y2, Y3) (T1, T2, T3)8. goto 2

• If gcd(d, f) =1, d has a multiplicative inverse mod-ulo f

• Euclid’s algorithm can be extended to find the mul-tiplicative inverse

– In addition to finding gcd(d, f), if the gcd is 1, the algorithm re-turns multiplicative inverse of d (modulo f)

48

Euclid’s Alg. – Finding Multiplicative In-verse Extended Euclid(d, f)

1. (X1, X2, X3) (1, 0, f); (Y1, Y2, Y3) (0, 1, d)2. If Y3 = 0 return X3 = gcd(d, f); no inverse3. If Y3 = 1 return Y3 = gcd(d, f); Y2 = d-1 mod f4. Q = X3/Y35. (T1, T2, T3) (X1 QY1, X2 QY2, X3 QY3)6. (X1, X2, X3) (Y1, Y2, Y3)7. (Y1, Y2, Y3) (T1, T2, T3)8. goto 2

Note: Always f Y1 + d Y2 = Y3

49

Chinese Remainder Theorem• Let M = m1 m2 m3 … mk, where mi’s are pairwise relatively

prime, i.e., gcd(mi, mj) = 1, 1 ≤ i≠j ≤ k

• Assertion– A (a1, a2,…..,ak), where A ZM, ai Zmi

, and ai = A mod mi for 1 ≤ i ≤ k

» One to one correspondence(bijection) between ZM and the Cartesian product Zm1 Zm2 …. Zmk

» For every integer A such that 0 ≤ A < M, there is a unique k-tu-ple (a1, a2,…..,ak) with 0 ≤ ai < mi

» For every such k-tuple (a1, a2,…..,ak), there is a unique A in ZM

» Transformation from A to (a1, a2,…..,ak) is unique» Computing A from (a1, a2,…..,ak) is done as follows

• Let Mi = M/mi for 1 ≤ i ≤ k, i.e., Mi = m1 m2 … mi-1 mi+1 … mk

• Note that Mi ≡ 0 (mod mj) for all j ≠ i• Let ci = Mi x (Mi

-1 mod mi) for 1 ≤ i ≤ k• Then A ≡ (a1c1+ a2c2 + … + akck) mod M• ai = A mod mi, since cj ≡ Mj ≡ 0 (mod mi) if j≠ i and ci ≡ 1 (mod

mi)

50

Chinese Remainder Theorem

– Operations performed on the elements of ZM can be equivalently performed on the corresponding k-tuples by performing the opera-tion independently in each coordinate position

» ex) A ↔ (a1, a2, ... ,ak), B ↔ (b1, b2, … ,bk)

(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)

(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)

(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)

• CRT provides a way to manipulate (potentially large) numbers mod M in term of tuples of smaller numbers

51

Chinese Remainder Theorem

• Example– Let m1 = 37, m2 = 49, M = m1 m2 = 1813, A = 973– M1 = 49, M2 = 37– Using the extended Euclid’s alg. M1

-1 = 34 mod m1 and M2-1 = 4

mod m2

– Taking residues modulo 37 and 49, 973 (11, 42)– Suppose we want to add 678 to 973– 678 (12, 41)– Add the tuples element-wise (11+12 mod 37, 42+41 mod 49) =

(23, 34)– To verify, we compute

» (23, 34) (a1c1+ a2c2) mod M = (a1M1M1-1 + a2M2M2

-1 ) mod M= [(23)(49)(34) + (34)(37)(4)] mod 1813 =

1651» which is equal to (678 + 973) mod 1813 = 1651

52

Discrete Logarithms• Consider the powers of an integer a, modulo n

– a mod n, a2 mod n, a3 mod n, …, am mod n, …• The least positive exponent m for which am ≡ 1 mod n is re-

ferred to:– The order of a (mod n)– The exponent to which a belongs (mod n)– The length of the period generated by a

• If a and m are relatively prime, there is at least one integer m that satisfies am ≡ 1 mod n, namely m = (n)

• If a, a2, …, a(n) are distinct (mod n) and all are relatively prime to n, a is called a primitive root (generator)

• In particular, for a prime number p, if a is a primitive root of p, then a, a2, …, ap-1 are distinct

• Not all integers have primitive roots. The only integers with primitive roots are those of the form 2, 4, p, and 2p, where p is any odd prime

53

Powers of Integers, modulo 19

a : primitive root

54

Discrete Logarithms - Indices• For any integer b and primitive root a of prime num-

ber p, there is a unique exponent i s.t.b ≡ ai mod p where 0 ≤ i ≤ (p-1)

• This exponent i is referred to as the index of the number b for the base a (mod p), and denoted as inda,p(b)

– inda,p(1) = 0, (a0 mod p = 1 mod p = 1)– inda,p(a) = 1, (a1 mod p = a)

• Example– Ind2,19(a)

55

Derivation of Indices (Discrete Loga-rithms)• By def. of indices, x = ainda,p(x) mod p, y = ainda,p(y) mod

p, xy = ainda,p(xy) mod p• Using the rules of modular multiplication, ainda,p(xy)

mod p = (ainda,p(x) mod p)(ainda,p(y) mod p) = (ainda,p(x)

+inda,p(y)) mod p• Euler’s theorem state that for every a and n that are

relatively prime, a(n) ≡ 1 mod n• Any positive integer z can be expressed in the form

z = q + k(n). Therefore, by Euler’s theorem az = aq mod n if z = q mod (n)

∴ inda,p(xy) = [inda,p(x) + inda,p(y)] mod (p)

∴ inda,p(yr) = [r inda,p(y)] mod (p)• Demonstrates the analogy between true logarithms

and indices. Indices often referred to as discrete log-arithms

56

Tables of Discrete Logarithms, modulo 19

57

Discrete Logarithms

• Calculation of Discrete Logarithms– y = gx mod p– Given g, x, p, it is a straightforward matter to calculate y– Given g, y, p, it is very difficult to calculate to x (discrete logarithm)

» The difficulty seems to be on the same order as that of factor-ing primes required for RSA

» Time complexity: O(e((ln p)1/3 ln(ln p))2/3)