1 / 169

# Practical Aspects of Modern Cryptography

This book covers the practical aspects of modern cryptography including public-key history, one-way functions, Diffie-Hellman key exchange, RSA encryption system, and RSA digital signature mechanism.

## Practical Aspects of Modern Cryptography

E N D

### Presentation Transcript

1. Practical Aspects of Modern Cryptography Josh Benaloh Brian LaMacchia John Manferdelli

2. Public-Key History • 1976 New Directions in Cryptography Whit Diffie and Marty Hellman • One-Way functions • Diffie-Hellman Key Exchange • 1978 RSA paper Ron Rivest, Adi Shamir, and Len Adleman • RSA Encryption System • RSA Digital Signature Mechanism Practical Aspects of Modern Cryptography

3. The Fundamental Equation Z=YXmod N Practical Aspects of Modern Cryptography

4. Diffie-Hellman Z=YXmod N When X is unknown, the problem is known as the discrete logarithm and is generally believed to be hard to solve. Practical Aspects of Modern Cryptography

5. Alice Randomly select a large integer aand send A = Ya mod N. Compute the key K =Bamod N. Bob Randomly select a large integer band send B = Yb mod N. Compute the key K =Ab mod N. Diffie-Hellman Key Exchange Ba = Yba = Yab = Ab Practical Aspects of Modern Cryptography

6. One-Way Trap-Door Functions Z=YXmod N Recall that this equation is solvable for Y if the factorization of N is known, but is believed to be hard otherwise. Practical Aspects of Modern Cryptography

7. Alice Select two large random primes P & Q. Publish the product N=PQ. Use knowledge of P & Q to compute Y. Anyone To send message Y to Alice, compute Z=YX mod N. Send Z and X to Alice. RSA Public-Key Cryptosystem Practical Aspects of Modern Cryptography

8. Some RSA Details When N=PQ is the product of distinct primes, YX mod N = Y whenever X mod (P-1)(Q-1) = 1 and 0 YN. Alice can easily select integers E and D such that E•D mod (P-1)(Q-1) = 1. Practical Aspects of Modern Cryptography

9. Remaining RSA Basics • Why is YX mod PQ = Ywhenever X mod (P-1)(Q-1) = 1, 0 YPQ, and P and Q are distinct primes? • How can Alice can select integers E and D such that E•D mod (P-1)(Q-1) = 1? Practical Aspects of Modern Cryptography

10. Fermat’s Little Theorem If p is prime, then x p-1 mod p = 1 for all 0 < x < p. Equivalently … If p is prime, then x p mod p = xmod p for all integers x. Practical Aspects of Modern Cryptography

11. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= p 1 p p–1 p i p! i!(p – i)! Practical Aspects of Modern Cryptography

12. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= If p is prime, then ( )mod p = 0 for 0 < i < p. p 1 p p–1 p i p! i!(p – i)! p i Practical Aspects of Modern Cryptography

13. Proof of Fermat’s Little Theorem The Binomial Theorem (x + y) p = x p + ( )x p-1y + … + ( )xy p-1 + y p where ( )= If p is prime, then ( )mod p = 0 for 0 < i < p. Thus, (x + y) p mod p = (x p + y p) mod p. p 1 p p–1 p i p! i!(p – i)! p i Practical Aspects of Modern Cryptography

14. Proof of Fermat’s Little Theorem Practical Aspects of Modern Cryptography

15. Proof of Fermat’s Little Theorem By induction on x… Practical Aspects of Modern Cryptography

16. Proof of Fermat’s Little Theorem By induction on x… Basis Practical Aspects of Modern Cryptography

17. Proof of Fermat’s Little Theorem By induction on x… Basis If x = 0, then x p mod p = 0 = x mod p. Practical Aspects of Modern Cryptography

18. Proof of Fermat’s Little Theorem By induction on x… Basis If x = 0, then x p mod p = 0 = x mod p. If x = 1, then x p mod p = 1 = x mod p. Practical Aspects of Modern Cryptography

19. Proof of Fermat’s Little Theorem Practical Aspects of Modern Cryptography

20. Proof of Fermat’s Little Theorem Inductive Step Practical Aspects of Modern Cryptography

21. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Practical Aspects of Modern Cryptography

22. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p Practical Aspects of Modern Cryptography

23. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Practical Aspects of Modern Cryptography

24. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Hence, x p mod p = x mod p for integers x ≥ 0. Practical Aspects of Modern Cryptography

25. Proof of Fermat’s Little Theorem Inductive Step Assume that x p mod p = x mod p. Then (x + 1) p mod p = (x p + 1p) mod p = (x + 1) mod p. Hence, x p mod p = x mod p for integers x ≥ 0. Also true for negative x, since (-x) p = (-1) px p. Practical Aspects of Modern Cryptography

26. Proof of RSA Practical Aspects of Modern Cryptography

27. Proof of RSA We have shown … Practical Aspects of Modern Cryptography

28. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P Practical Aspects of Modern Cryptography

29. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! Practical Aspects of Modern Cryptography

30. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … Practical Aspects of Modern Cryptography

31. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … YK(P-1)(Q-1)+1 mod PQ = Y when 0 ≤ Y < PQ Practical Aspects of Modern Cryptography

32. Proof of RSA We have shown … YP mod P = Y whenever 0 ≤ Y < P and P is prime! You will show … YK(P-1)(Q-1)+1 mod PQ = Y when 0 ≤ Y < PQ P and Q are distinct primes and K ≥ 0. Practical Aspects of Modern Cryptography

33. Finding Primes Practical Aspects of Modern Cryptography

34. Finding Primes Euclid’s proof of the infinity of primes Practical Aspects of Modern Cryptography

35. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. Practical Aspects of Modern Cryptography

36. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. Practical Aspects of Modern Cryptography

37. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. Practical Aspects of Modern Cryptography

38. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. • The prime factors of N+1 are not among the finite set of primes multiplied to form N. Practical Aspects of Modern Cryptography

39. Finding Primes Euclid’s proof of the infinity of primes • Suppose that the set of all primes were finite. • Let N be the product of all of the primes. • Consider N+1. • The prime factors of N+1 are not among the finite set of primes multiplied to form N. • This contradicts the assumption that the set of all primes is finite. Practical Aspects of Modern Cryptography

40. The Prime Number Theorem Practical Aspects of Modern Cryptography

41. The Prime Number Theorem The number of primes less than N is approximately N/(ln N). Practical Aspects of Modern Cryptography

42. The Prime Number Theorem The number of primes less than N is approximately N/(ln N). Thus, approximately 1 out of every n randomly selected n-bit integers will be prime. Practical Aspects of Modern Cryptography

43. Testing Primality Recall Fermat’s Little Theorem If p is prime, then a(p-1) mod p = 1 for all a in the range 0 < a < p. Practical Aspects of Modern Cryptography

44. The Miller-Rabin Primality Test Practical Aspects of Modern Cryptography

45. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Practical Aspects of Modern Cryptography

46. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times Practical Aspects of Modern Cryptography

47. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 Practical Aspects of Modern Cryptography

48. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. Practical Aspects of Modern Cryptography

49. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. • If am = ±1 or if some a2im = -1, then N is probably prime – continue. Practical Aspects of Modern Cryptography

50. The Miller-Rabin Primality Test To test an integer N for primality, write N–1 as N–1 = m2k where m is odd. Repeat several (many) times • Select a random a in 1 < a < N–1 • Compute am, a2m, a4m, …, a(N–1)/2 all mod N. • If am = ±1 or if some a2im = -1, then N is probably prime – continue. • Otherwise, N is composite – stop. Practical Aspects of Modern Cryptography

More Related