1 / 21

Public Key Cryptography

Public Key Cryptography. Slides courtesy of Professor Sheridan Houghten. Public Key Cryptography – History. For many years, the idea was attributed to Diffie and Hellman, who presented the idea at a conference in 1976 and published the idea the same year

marsha
Download Presentation

Public Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COSC 4P03 Week 9 Public Key Cryptography Slides courtesy of Professor Sheridan Houghten

  2. COSC 4P03 Week 9 Public Key Cryptography – History • For many years, the idea was attributed to Diffie and Hellman, who presented the idea at a conference in 1976 and published the idea the same year • A recent report indicates the idea was first proposed by J.H.Ellis at CESG in the UK in 1970, but classified as “top secret” • The scheme now known as RSA (named for Rivest, Shamir & Adleman who “invented” it in 1977) was first proposed by C.Cocks in a CESG report in 1973

  3. COSC 4P03 Week 9 Multiplicative Inverse – Algorithm 5.3 MultiplicativeInverse(a,b) // Find b-1 mod a { a0 = a; b0 = b; t0 = 0; t = 1; q = floor(a0/b0); // quotient r = a0 – q * b0; // remainder while(r > 0) { temp = (t0 – q * t) mod a; t0 = t; t = temp; a0 = b0; b0 = r; q = floor(a0/b0); r = a0 – q * b0; } if (b0 != 1) b has no inverse mod a else b-1 = t; }

  4. COSC 4P03 Week 9 Multiplicative Inverse Example – find inverse of 28 mod 75

  5. COSC 4P03 Week 9 Square and Multiply – Algorithm 5.5 SquareAndMultiply(x,c,n) { z = 1; for(i = l-1; i >= 0; i--) { z = z*z mod n; if(c[i] == 1) z = z*x mod n; } }

  6. COSC 4P03 Week 9 Square and Multiply Example n = 11413 and b = 3533 (binary: 110111001101 (so l = 12)) Plaintext: 9726 i b[i] z 11 1 12 * 9726 mod 11413 = 9726 10 1 97262 * 9726 mod 11413 = 2659 9 0 26592 mod 11413 = 5634 8 1 56342 * 9726 mod 11413 = 9167 7 1 91672 * 9726 mod 11413 = 4958 6 1 49582 * 9726 mod 11413 = 7783 5 0 77832 mod 11413 = 6298 4 0 62982 mod 11413 = 4629 3 1 46292 * 9726 mod 11413 = 10185 2 1 101852 * 9726 mod 11413 = 105 1 0 1052 mod 11413 = 11025 0 1 110252 * 9726 mod 11413 = 5761

  7. COSC 4P03 Week 9 Chinese Remainder Theorem Given: x ≡ a1 (mod m1) x ≡ a2 (mod m2) … x ≡ ar (mod mr) There is a unique solution modulo M = m1 * m2 * … * mr: x = Σ(i = 1 to r) ai* Mi * yi mod M where Mi = M/mi and yi = Mi-1 mod mi (i = 1 to r) Note: use MultiplicativeInverse algorithm to find Mi-1’s

  8. COSC 4P03 Week 9 Rabin Cryptosystem – Example • N = 7*11 = 77 • Encryption: eK(x) = x2 mod 77 • Decryption: dK(y) = sqrt(y) mod 77 • Decrypt y = 23: find sqrt(23) mod 77 • Find sqrt(23) mod 7: ± 23(7+1)/4 (mod 7) = ± 232 (mod 7) ≡ ± 22 mod 7 ≡ ± 4 (mod 7) • Find sqrt(23) mod 11: ± 23(11+1)/4 (mod 11) = ± 233 (mod 11) ≡ ± 13 (mod 11) ≡ ± 1 (mod 11)

  9. COSC 4P03 Week 9 Rabin Example, Continued First solution: we have these congruences: x ≡ 4 (mod 7) x ≡ 1 (mod 11) To relate to the Chinese Remainder Theorem, we have: a1 = 4, a2 = 1, m1 = 7, m2 = 11, M = 77. So: M1 = 77/7 = 11 and M2 = 77/11 = 7. Also: y1 = M1-1 mod m1 = 11-1 mod 7 = 2 (check for yourself) And: y2 = M2-1 mod m2 = 7-1 mod 11 = 8 (check for yourself) → solution is x = (4*11*2 + 1*7*8) mod 77 = (88+56) mod 77 = 67. Second solution: x = (-4*11*2 + 1*7*8) mod 77 = (-88+56) mod 77 = -32 mod 77 = 45. Third solution: x = (4*11*2 - 1*7*8) mod 77 = (88-56) mod 77 = 32. Fourth solution: x = (-4*11*2 - 1*7*8) mod 77 = (-88-56) mod 77 = -144 mod 77 = 10.

  10. COSC 4P03 Week 9 Simple Knapsacks The elements of a simple knapsack are super-increasing: si > Σ(j = 1 to i-1)(sj) Algorithm to solve a simple knapsack: for(i = n; i >= 1; i--) { if(T >= s[i]) x[i] = 1; else x[i] = 0; T = T – x[i]*s[i]; } if(T == 0) x[1], …, x[n] is the solution; else there is no solution;

  11. COSC 4P03 Week 9 Merkle-Hellman Cryptosystem Idea: Convert simple knapsack into trapdoor knapsack • Select simple knapsack vector (s1, …, sn) • Choose integer p, p > Σ (for i = 1 to n)(si) • Choose multiplier a, 1 ≤ a ≤ p-1 • Define t[i] = a*s[i] mod p • Public key: t[1], …, t[n] • Private key: (a, p) (and a-1 = inverse of a mod p)

  12. COSC 4P03 Week 9 McEliece Cryptosystem • Based on decoding a linear binary error-correcting code • General case: NP-complete • Special case: codes with polynomial-time decoding algorithms • Let G be the generator matrix of this code. • Let S be an invertible binary k x k matrix. • Let P be an n x n permutation matrix. • Let G’ = SGP. • Public key: G’ • Private key: {S, G, P} • Plaintext: x, a binary vector of length k • Encryption: • Ciphertext: y = xG’ + e, where e is a random vector of weight t.

  13. COSC 4P03 Week 9 • Decryption: • Compute y1 = y P-1 • Decode y1 (look for closest codeword) obtaining y1 = x1 + e1 where x1 is in C • Compute x0 such that x0 G = x1 • Compute x = x0 S-1.

  14. COSC 4P03 Week 9 McEliece Example We use a generator matrix for the (7,4) Hamming code: 1 0 0 0 1 1 0 G = 0 1 0 0 1 0 1 0 0 1 0 0 1 1 0 0 0 1 1 1 1 We also pick the scrambler matrix: 1 1 0 1 S = 1 0 0 1 0 1 1 1 1 1 0 0

  15. COSC 4P03 Week 9 We also select the permutation matrix: 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 P = 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 We make public: 1 1 1 1 0 0 0 G' = SGP = 1 1 0 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 1 1 0

  16. COSC 4P03 Week 9 Encryption: Suppose Alice wants to send a message x = (1 1 0 1) to us. She first constructs a weight 1 error vector, say e = (0 0 0 0 1 0 0) and computes: y = xG' + e = (0 1 1 0 0 1 0) + (0 0 0 0 1 0 0) = (0 1 1 0 1 1 0) Which she sends to us.

  17. COSC 4P03 Week 9 Decryption: When we receive y we first compute y1 = yP-1 where 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 P-1 = 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 obtaining y1 = (1 0 0 0 1 1 1)

  18. COSC 4P03 Week 9 We now decode y1 either by syndrome decoding or by simply selecting the nearest codeword (not shown) to get: y1 = x1 + e1 or (1 0 0 0 1 1 1) = (1 0 0 0 1 1 0) + (0 0 0 0 0 0 1) We now compute x0 such that x0G = x1 (1 0 0 0) * 1 0 0 0 1 1 0 = (1 0 0 0 1 1 0) 0 1 0 0 1 0 1 0 0 1 0 0 1 1 0 0 0 1 1 1 1 So x0 = (1 0 0 0)

  19. COSC 4P03 Week 9 Finally compute x = x0S-1 x = (1 0 0 0) * 1 1 0 1 1 1 0 0 0 1 1 1 1 0 0 1 = (1 1 0 1)

  20. COSC 4P03 Week 9 Secrecy and Authenticity • Secrecy: ensure Oscar cannot understand Alice and Bob’s communication • dK must be protected • Authenticity: ensure Oscar cannot substitute false ciphertext without detection • eK must be protected • But in a public-key system, eK is public • Solution: Alice also has public transformation eA and private transformation dA • Alice computes y = dA(x) • Bob computes x = eA (y) • Only Alice could have sent the message

  21. COSC 4P03 Week 9 Ensuring both Secrecy and Authenticity • Alice computes y = eB(dA(x)) • Bob computes x = eA(dB(y)) • Each person applies their own private transformation, and the other person’s public transformation. • The message must have come from Alice, since only she knows dA → authenticity. • Only Bob can read the message, since only he knows dB → secrecy.

More Related