1 / 21

Public key ciphers 2

Public key ciphers 2. Session 6. Contents. The discrete logarithm problem The Diffie-Hellman key exchange. The discrete logarithm problem. Over the real numbers, exponentiation (finding y = b x ) is not significantly easier than the inverse operation (finding x = log b ( y ))

gayora
Download Presentation

Public key ciphers 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public key ciphers 2 Session 6

  2. Contents • The discrete logarithm problem • The Diffie-Hellman key exchange

  3. The discrete logarithm problem • Over the real numbers, exponentiation (finding y=bx ) is not significantly easier than the inverse operation (finding x=logb(y)) • Over GF(pn) the algorithm for modular exponentiation or repeated squaring makes exponentiation easy • But finding logb(y) is considered to be a difficult problem

  4. The discrete logarithm problem • Definition (Discrete logarithm) • If G is a finite group, b is an element of G and y is an element of G such that y=bx, then the discrete logarithm of y for the base b is any integer x such that bx= y

  5. The discrete logarithm problem • Example (1) • Let f(x)=x2-x-1 be an irreducible polynomial over GF(32) • The elements of the multiplicative group of the field are the powers of a primitive element  (1) 0=101 1=10 2=2 mod (2--1)=+111 3=2=(+1)=2+=+1+=2+121

  6. The discrete logarithm problem • Example (2) • The elements of the multiplicative group of the field (2) 4=3=(2+1)=22+=2(+1)+=2+2+=202 5=4=220 6=5=2=22=2(+1)=2+222 7=6=(2+2)=22+2=2(+1)+2=2+2+2= = +212 00 is also an element of the field

  7. The discrete logarithm problem • Example (3) • The logarithm log(02)=log(4)=4 • We do not know a polynomial algorithm for determining the discrete log in a general case (i.e. in any group)

  8. The discrete logarithm problem • Known algorithms for solving DLP (1) • Algorithms that work in arbitrary groups • Exhaustive search • Baby-step giant-step algorithm • Etc. • Algorithms that work in arbitrary groups, but are especially efficient if the order of the group has only small prime factors • Example: the Pohlig-Hellman algorithm

  9. The discrete logarithm problem • Known algorithms for solving DLP (2) • The index calculus algorithms, which are efficient only in certain groups

  10. The discrete logarithm problem • Exhaustive search • Requires generating of the whole multiplicative group of the field • That requires O(q) operations, where q=pn is the order of the multiplicative group of the field GF(pn)

  11. The discrete logarithm problem • The Baby step – giant step algorithm (1) • Input • A generator  of a cyclic group G of order n, and an element G • Output • The discrete logarithm x = log

  12. The discrete logarithm problem • The Baby step – giant step algorithm (2) • Set m=  • Construct a table with entries (j,j), 0j<m • Sort the table by its second component • Compute -m mod n and set =

  13. The discrete logarithm problem • The Baby step – giant step algorithm (3) • For 0im-1 do • Check if  is the second component of some entry in the table • If =j then return x=im+j • Set  -m • The algorithm requires O( ) storage and O( ) group multiplications

  14. The discrete logarithm problem • Example: n=113, =3, =57 (1) • Set m= =11 • Construct the table • Sort the table by the second component

  15. The discrete logarithm problem • Example: n=113, =3, =57 (2) • Compute -11 mod 113 = (11)-1 (1) • We use the extended Euclidean algorithm (1) 11 mod 113=311 mod 113=76 • We compute (113,76) 113=176+37 76=237+2 37=182+1 • Then 1=37-182=37-18(76-237)=37-1876+3637= =3737-1876=37(113-76)-1876=37113-3776-1876= =37113-5576

  16. The discrete logarithm problem • Example: n=113, =3, =57 (3) • Compute -11 mod 113 = (11)-1 (2) • We use the extended Euclidean algorithm (2) • If we take both sides mod 113 we get • 1-55 76 (mod 113) • Since -5558 (mod 113), (11)-1=58 • We also set ==57

  17. The discrete logarithm problem • Example: n=113, =3, =57 (4) • For i=0 to 10 we try -m until we get a value from the second row in the table • We conclude that log357=911+1=100

  18. The Diffie-Hellman key exchange • Diffie and Hellman gave the first detailed proposal for the process of agreeing on a key for a classical cryptosystem using a public key system • The key exchange protocol is based on the assumption that it is computationally infeasible to compute gab knowing only ga and gb when g is some fixed element in GF(pn)

  19. The Diffie-Hellman key exchange • The Diffie-Hellman assumption is a priori at least as strong as the assumption that discrete logarithms cannot be feasibly computed in a group • Let p be a prime and let  be a generator

  20. The Diffie-Hellman key exchange • Example, p=53, n=1, =2

  21. The Diffie-Hellman key exchange • The Diffie-Hellman key exchange algorithm gives protection against passive adversaries, but not against active adversaries capable of intercepting, modifying, or injecting messages • Neither party has assurance of the source identity of the incoming message or the identity of the party which may know the resulting key

More Related