exercise in the previous class. Decrypt the following ciphertext .
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Decrypt the following ciphertext.
qiwaufmlyngcmwzyz c mcxaeyoqweocqyaocuwpwoqjwcqkeyogzkmmwe cod vyoqwezlaeqz, yoviyniqiakzcodzajcqiuwqwzlceqynylcqwyo c pceywqfajnamlwqyqyaoz. qiwaufmlyngcmwzicpwnamwqahwewgcedwdczqiwvaeud'zjaewmazqzlaeqznamlwqyqyaoviwewmaewqicoqvaikodewdocqyaozlceqynylcqw. qiwgcmwzcewnkeewoqufiwudwpwefqvafwcez, vyqizkmmwe cod vyoqweaufmlyngcmwzcuqweocqyog, cuqiakgiqiwfannkewpwefjakefwcezvyqiyoqiwyeewzlwnqypwzwczaocugcmwz.
hint: find “typical patterns”of English
use the JAVA applet at;
http://apal.naist.jp/~kaji/crypto/Substitution.html
The Olympic Games is a major international event featuring summer and winter sports, in which thousands of athletes participate in a variety of competitions. The Olympic Games have come to be regarded as the world's foremost sports competition where more than two hundred nations participate. The Games are currently held every two years, with Summer and Winter Olympic Games alternating, although they occur every four years within their respective seasonal games.
B
previous class: commonkey cryptographysymmetrickey―, classic ―, ...
sender
receiver
key agreement
secure channel,
or secure protocol
encrypt
decrypt
B
today: publickey cryptographypublickey cryptography
sender
receiver
send in advance
open channel
encrypt
decrypt
A
B
B
C
D
the difference of the two cryptographykey needed
key needed
key NOT needed
key needed
each individual has its own “post”
a publickey cryptography is a triple of algorithms (G, E, D)
G
seed
ek
dk
E
D
m
c
m
D
B
C
key managementEach user needs to generate his/her own key pair (ek, dk).
only the legitimate (本物の) user can do decryption
anybody can do encryption
dkA
dkB
dkC
ekA
ekB
ekC
A...ekA
B...ekB
C...ekC
proposed by Rivest, Shamir and Adelman in 1977
A
R
S
R
S
A
encryption & decryption: (m3 mod 33)7 mod 33 m21 mod 33
m
m3
m21
m2
m4
m5
m6
m16
m17
m18
m19
m20
m3
m3
m3
m3
(m3)7
How can we choose such numbers?
How to choose e, d and n of the key of RSA:
step 1: choose two prime integersp and q, and let n = pq
step 2: choose e which is coprime (互いに素) with (p – 1)(q – 1)
step 3: determine d such that ed 1 mod (p – 1)(q – 1)
p = 3
q = 11
(p – 1)(q – 1) = 20
a and b are coprimeif gcd(a, b) = 1
ab mod c (a mod c) = (b mod c)
e = 3
key
d = 7
n = 33
Q1: How can we generate prime numbers?
A1: Generate numbers randomly, and do “primality tests”.
Q2: How can we find dsuch that ed 1 mod (p – 1)(q – 1)?
A2: Use the Euclidian algorithm for computing a gcd.
a0
b0
ai
bi
ai+1 = bi
bi+1 = ai mod bi
aj
bj = 0
gcdof a0 and b0
Use the Euclidian algorithm for = (p – 1)(q – 1) and e.
a0 =
b0 = e
a1 = e
b1 = a0mod b0 = a0 – k1b0
= – k1e
a2 = b1
b2 = a1 mod b1 = a1 – k2b1
=– k2+(k1+1)e
bi= xi+ yie
bj–1= 1
aj=1
bj= 0
1 = x+ ye
because
and e are coprime
ye= –x+ 1
choose d = y mod
ye 1 mod
130
59
= 130 – 2×59
59
12
= 59 – 4×12 = – 4×130+ 9×59
12
11
11
1
= 12 – 11 = 5×130– 11×59
1 = x+ ye
1 = 5+ (–11)e
ed = 59×119=7021
= 54×130 +1
ye= –x+ 1
(–11)e= –5+ 1
ed 1 mod
ye 1 mod
(–11)e 1 mod
d = –11 mod 130 = 119
modulus exponential?
... see the page 25 of the slide of the previous class
5
5
3 = 7488 – 1497×5
3
2 = 5 – 3 = –7488 + 1498×5
2
1 = 3 – 2 = 2×7488 – 2995×5
summarizing example: key generation of RSAstep 1: choose p= 79, q = 97, and we have n= pq = 7663
step 2: choose e = 5, which is coprime with (p– 1)(q – 1) = 7488
step 3: determine d with 5d 1 mod 7488 as follows:
all computation in mod (p – 1)(q – 1)
d= – 2995 mod 7488 = 4493
keys: e = 5, d = 4493, n = 7663
c = m5 mod 7663
m = c4493 mod 7663
= c4096c256c128c8c4c mod 7663
all computation in mod n = pq
We need to show that
(me mod n)d mod n = med mod n = m.
two assisting lemmas...
Fermat’s little theorem:
xp–1 1 mod p for a prime number p and any x with gcd(x, p) = 1
Corollary of Chinese Remainder Theorem[孫子算経]:
If x a mod pand x a mod q, then x a mod pq,
where p and q are different prime numbers.
Theorem: med mod n = m.
Proof:
med= (mp–1)k(q–1)m m mod p.
that medmod n = m
n
given an encryption key e and n, and a ciphertextc,
can we find the plaintext m with c = me mod n?
e
c
m?
But, can we factor n?
breaking RSA is not more difficult than factoring
breaking RSA
factoring
easy
difficult
theoretically saying, there are more favorable cryptography...
(Rabin is not efficient and not practical, many people consider...)
breaking Rabin cipher
the security of RSA is NOT a mathematically proved fact...
is decrypting RSA silently...
x
y
ElGamal: encryption & decryptionencryption of m:
decryption of (c1, c2):
c1x
c1
r
(gx)r
(gr)x
m
c2
m
+

mod q
mod q
the exhaustive attack is “more difficult”
c0
c1
m
m
c
m
m
RSA
ElGamal
cq–1
the ciphertext is “longer” in length
(public encryption keys must be delivered correctly)
hybrid use of public and commonkey cryptography is common
We studied very basics of cryptography.
“adhoc handicrafts” to “welldefined theory”.
but professionals of information must know it.
download all needed material before the test starts
必要な資料類は事前にダウンロードしておくこと