security of number theoretic public key cryptosystems against random attack l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security of Number Theoretic Public Key Cryptosystems against Random Attack PowerPoint Presentation
Download Presentation
Security of Number Theoretic Public Key Cryptosystems against Random Attack

Loading in 2 Seconds...

play fullscreen
1 / 23

Security of Number Theoretic Public Key Cryptosystems against Random Attack - PowerPoint PPT Presentation


  • 263 Views
  • Uploaded on

Security of Number Theoretic Public Key Cryptosystems against Random Attack Paper by: Rob Blakley and G.R. Blakley Presentation by: Jason Bourg Historical Aspect Paper written in 1978 Then 0 < log(p) < 19,937 4.3 x 10 6001 Now 0 < log(p) < 13,466,917 2 144000 = 2.0 x 10 43348

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security of Number Theoretic Public Key Cryptosystems against Random Attack' - Jeffrey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security of number theoretic public key cryptosystems against random attack

Security of Number Theoretic Public Key Cryptosystems against Random Attack

Paper by: Rob Blakley and G.R. Blakley

Presentation by: Jason Bourg

historical aspect
Historical Aspect
  • Paper written in 1978
  • Then
    • 0 < log(p) < 19,937
    • 4.3 x 106001
  • Now
    • 0 < log(p) < 13,466,917
    • 2144000 = 2.0 x 1043348
overview
Overview
  • Introduction
  • The RSA number theoretic method
  • The background in modular arithmetic
  • Coding moduli which are products of distinct safe primes
  • Complementarity properties of safe primes
overview4
Overview
  • The directorate and the message receiver in an RSA public key cryptosystem
  • The cryptanalyst and the sender in an RSA public key cryptosystem
  • Summary
1 introduction
1. Introduction

Public Key Cryptosystems

  • Concentrate on RSA
  • Goal of receiver:
    • Produce lists (c, d, m) of three positive integers where xcd = x mod(m) holds for every integer x
square free m please
Square Free m Please
  • c and d > 1 exist if and only if m is square free
  • What is square free?
    • A positive integer m is square free if and only if it is the product of distinct primes belonging to some finite set T of primes.
2 the rsa number theoretic method
2. The RSA number theoretic method
  • Same stuff we talked about in class
3 the background in modular arithmetic
3. The background in modular arithmetic
  • Let Y be a finite set of pairwise relatively prime positive integers. Let m be the product of the members of Y. Then cyc[x,m] = LCM {cyc[x,y] | y € Y}
    • 9 lemma’s
    • 6 theorem’s
    • 3 corollary’s
4 coding moduli which are products of distinct safe primes
4. Coding moduli which are products of distinct safe primes
  • p – 1 and q – 1 should have large prime factors
  • Safe primes
    • p is safe if there is an odd prime a such that 2a + 1 = p
  • More bad math
    • 2 lemma’s
    • 5 theorem’s
    • 2 corollary’s
5 complementarity properties of safe primes
5. Complementarity properties of safe primes
  • Suppose p and q are safe primes whose product is m
  • Find one nontrivial pair x, e such that

xe = x mod(m) can factor m

  • If x is small then e must be large, and conversely
6 the directorate and the message receiver in an rsa public cryptosystem
6. The directorate and the message receiver in an RSA public cryptosystem
  • If the directorate chooses a width w > 2
  • It allows every message receiver N to pick primes p(N) and q(N) at random such that

q < log(p(N)) < g + 1 < g + w / 2 < g + w < log(q(N)) < g + 3w / 2

6 cont
6. cont.
  • This guarantees that

2g < 2g + w < log(p(N)q(N)) < 2g + 2w

and

2p(N) < q(N)

  • Whence random search for factors of m = p(N)q(N) new sqrt(m) becomes expensive if g gets large
6 cont13
6. cont.
  • Assuming w > 2 the directorate will
  • Choose at random an odd positive integer a such that g – 1 < log(a) < g + w / 2 – 1
  • Form
    • GCD (r ,a) and GCD (r, 2a+1) for every prime r <= u.
    • GCD (a, (u-1)/2)

If either of these numbers is unequal to 1, forget a and return to step 1

6 cont14
6. cont.
  • Test whether a and 2a+1 are both prime to all intents and purposes. If either is demonstrably composite, forget a and return to step 1.
  • Choose at random an off positive integer b such that:

g + w – 1 < log(b) < g + 3w / 2 - 1

6 cont15
6. cont.
  • Form
    • GCD{r,b} and GCD{r,2b+1} for every prime r <= u.
    • GCD{b, (u-1) / 2}

If any of these numbers is unequal to 1, forget b and return to step 4.

  • Test whether b and 2b+1 are both prime to all intents and purposes. If either is demonstrably composite, forget b and return to step 4.
6 cont16
6. cont.
  • Form
    • GCD{a,b}
    • GCD{a, 2b+1}
    • GCD{2a+1,b}
    • GCD{2a+1, 2b+1}

If any of these numbers is unequal to 1, forget a and b and return to step 1.

6 cont17
6. cont.
  • Solve the six pairs of simultaneous linear congruences
    • A  0 mod(2a + 1) and A  1 mod(2b + 1)
    • B  1 mod(2a + 1) and B  0 mod(2b + 1)
    • C  0 mod(2a + 1) and C  -1 mod(2b + 1)
    • D  -1 mod(2a + 1) and D  0 mod(2b + 1)
    • E  1 mod(2a + 1) and E  -1 mod(2b + 1)
    • F  -1 mod(2a + 1) and F  1 mod(2b + 1)
6 cont18
6. cont.
  • cont.
    • Examine the Hollerith character typescripts which correspond to A, B, C, D, E, and F.
    • If all six of these typescripts are hopeless gibberish, go on to step 9. Otherwise forget a and b and go back to step 1.
6 cont19
6. cont.
  • Let
    • p(N) = 2a + 1
    • q(N) = 2b + 1
    • m(N) = p(N)q(N) = (2a + 1)(2b + 1)
    • a(p(N)) = a
    • a(q(N)) = b
    • v = 2ab
6 cont20
6. cont.
  • Comments on Step 9
    • The receiver N now knows that m(N) is square free if both p(N) and q(N) are square free.
    • The receiver believes that the integers a(p(N)), a(q(N)), p(N), q(N) are all primes.
      • This belief need not be correct.
6 cont21
6. cont.
  • Solve the linear congruence ud  1 mod(v) for d.
    • Call its smallest positive integer solution d(N)
  • Send the list (N, m(N)) to the directorate for inclusion as a listing in the directory.
  • Keep p(N), q(N), and d(N) secret.
7 the cryptanalyst and the sender in an rsa public key cryptosystem
7. The cryptanalyst and the sender in an RSA public key cryptosystem.
  • Eve needs to factor m….hard.
  • Same as in class, nice and secure.
8 summary
8. Summary
  • RSA is strong because it is hard to factor m.
    • Essential you pick your numbers correctly.
  • These guys must have known what they were talking about since RSA is still strong today.

Questions?