Secret Codes
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Secret Codes , Unforgeable Signatures , and Coin Flipping on the Phone Martin Tompa PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

Secret Codes , Unforgeable Signatures , and Coin Flipping on the Phone Martin Tompa Computer Science & Engineering University of Washington. Secret Codes , Unforgeable Signatures, and Coin Flipping on the Phone. What Is a Cryptosystem?. K AB. K AB. A Sender. B Receiver. M.

Download Presentation

Secret Codes , Unforgeable Signatures , and Coin Flipping on the Phone Martin Tompa

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secret codes unforgeable signatures and coin flipping on the phone martin tompa

Secret Codes,

Unforgeable Signatures,

and

Coin Flipping on the Phone

Martin Tompa

Computer Science & Engineering

University of Washington


Secret codes unforgeable signatures and coin flipping on the phone martin tompa

Secret Codes,

Unforgeable Signatures,

and

Coin Flipping on the Phone


What is a cryptosystem

What Is a Cryptosystem?

KAB

KAB

A

Sender

B

Receiver

M

C = EAB(M)

M = DAB(C)

Cryptanalyst

(bad guy)

M C KAB

MessageEncryptionKey

PlaintextCyphertext

Cleartext


What is a public key cryptosystem

What Is a Public Key Cryptosystem?

KAB

KAB

A

Sender

B

Receiver

M

C = EAB(M)

M = DAB(C)

Cryptanalyst

(bad guy)

M C KBEB

MessageEncryption Private Key Public Key

PlaintextCyphertext

Cleartext


The rsa public key cryptosystem

The RSA Public Key Cryptosystem

  • Invented by Rivest, Shamir, and Adleman in 1977.

  • Has proven resistant to cryptanalytic attacks.


Receiver s set up

Receiver’s Set-Up

  • Choose 500-digit primes p and q,

    with p 2 (mod 3) and q 2 (mod 3)

    p = 5, q = 11

  • Let n = pq.

    n = 55

  • Let s = (1/3) (2(p - 1)(q - 1) + 1).

    s = (1/3) (2  4  10 + 1) = 27

  • Publish n.

    Keep p, q, and s secret.


Note on the version presented here

Note on the Version Presented Here

  • I have simplified RSA to make it clearer.

  • The version presented here is not considered secure, because of the small exponent 3 used in encryption. See http://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf, Section 4.2, first two paragraphs for an explanation of the vulnerability of small exponents.

  • See Rosen’s textbook for the secure version of RSA.

  • Thanks to DimitriosGklezakos for pointing out this vulnerability to me.


Encrypting a message

Encrypting a Message

  • Break the message into chunks.

    H I C H R I S …

  • Translate each chunk into an integer M (0 < M < n) by any convenient method.

    8 9 3 8 18 9 19 …

  • Let E(M) = M3 mod n.

    M = 8, n = 55

    83 = 512 = 9×55 + 17

    E(8) = 17


Decrypting a cyphertext c

Decrypting a Cyphertext C

  • Let D(C) = Cs mod n.

    C = 17, n = 55, s = 27

    1727 = 1,667,711,322,168,688,287,513,535,727,415,473

    = 30,322,024,039,430,696,136,609,740,498,463 × 55 + 8

    D(17) = 8

  • Translate D(C) into letters.

    H


Decrypting a cyphertext c efficiently

Decrypting a Cyphertext C Efficiently

  • C = 17, n = 55, s = 27

    172 289  14 (mod 55)

    174 172  172 14 14 196  31 (mod 55)

    178 174  174 31 31 961  26 (mod 55)

    1716 178  178 26 26 676  16 (mod 55)

    1727 1716  178  172  171 16  26  14  17 416  14  17  31  14  17  434  17  (-6)  17  -102  8 (mod 55)

    D(17) = 8


Why does it work

Why Does It Work?

Euler’s Theorem (1736): Suppose

  • p and q are distinct primes,

  • n = pq,

  • 0 <M < n, and

  • k > 0.

    Then Mk(p-1)(q-1)+1mod n = M.

    (M3)s = (M3) (1/3)(2(p-1)(q-1)+1)

    = M 2(p-1)(q-1)+1  M (mod n)


Leonhard euler 1707 1783

Leonhard Euler 1707-1783


Why is it secure

Why Is It Secure?

  • To find M = D(C), you seem to need s.

  • To find s, you seem to need p and q.

  • All the cryptanalyst has is n = pq.

  • How hard is it to factor a 1000-digit number n?

    With the grade school method,

    doing 1,000,000,000,000 steps per second

    it would take …

    10480 years.


State of the art in factoring

State of the Art in Factoring

  • 1977: Inventors encrypt a challenge using “RSA129,” a 129-digit number n= pq.

  • 1981: Pomerance invents Quadratic Sieve factoring method.

  • 1994: Using Quadratic Sieve, RSA129 is factored over 8 months using 1000 computers on the Internet around the world.

  • 1999: Using Number Field Sieve, RSA140 is factored over one month using 200 computers, about 8.9 CPU-years.

  • 2009: Using Number Field Sieve, RSA-768, a 232-digit number, is factored over two years using hundreds of machines, about 1500 CPU-years.


Secret codes unforgeable signatures and coin flipping on the phone martin tompa

Secret Codes,

Unforgeable Signatures,

and

Coin Flipping on the Phone


Signed messages

Signed Messages

  • How A sends a secret message to B

    A B

    C = EB(M)

    M = DB(C)

  • How A sends a signed message to B

    A B

    C = DA(M)

    M = EA(C)

C

C


Signed and secret messages

Signed and Secret Messages

  • How A sends a secret message to B ...

    A B

    C = EB(M)

    M = DB(C)

  • How A sends a signed secret message to B ...

    A B

    C = EB(DA(M))

    M = EA (DB(C))

C

C


Secret codes unforgeable signatures and coin flipping on the phone martin tompa

Secret Codes,

Unforgeable Signatures,

and

Coin Flipping on the Phone


Flipping a coin over the phone

Flipping a Coin Over the Phone

AB

Choose random x < x <

y = EA(x)

Guess ifxis even or odd.

Checky = EA(x).

  • B wins if the guess about x was right, or y= EA(x).

y

“even”

“odd”

x


  • Login