Académique Documents
Professionnel Documents
Culture Documents
Agenda
Introduction to PK Cryptography
Essential Number Theory
2/47
Security Issues
Sriram Srinivasan
3/47
4/47
Mathematics
Fundamental Theorem of
Arithmetic
10 = 2 * 5,
60 = 2 * 2 * 3 * 5
6/47
c cannot be prime
Let c = c1 . c2
c1, c2 < c c1, c2 S (because c is min{S})
c1, c2 are products of primes c is too
S is an empty set
Sriram Srinivasan
7/47
p1 | q1q2q3q4
p1 | one of q1, q2, q3, q4
p1 = qi which is a contradiction
Sriram Srinivasan
8/47
Euclids algorithm
Sriram Srinivasan
9/47
Euclids algorithm
a
1
r=a%b
b
2
r
r
r1
r1 = b % r
r % r1 = 0.
gcd (a,b) = r1
Sriram Srinivasan
10/47
r1 | b
r1 | a
Sriram Srinivasan
11/47
(contd)
12/47
Linear Combination
Sriram Srinivasan
13/47
(contd.)
Let S = {z = ax + by | z 0 }
Let d = min{S} = ax1 + by1
Let a = qd + r. 0 <= r < d
r = a - qd = a - q(ax1 + by1)
r = a(1 - qx1) + (-qy1)b
If r > 0, r S
But r < d, which is a contradiction, because d = min{S}
r = 0
d | a
Sriram Srinivasan
14/47
(contd.)
Let c | a, c | b, c > 0
a = cm, b = cn
d = ax1 + by1 = c(mx1 + ny1)
c | d
d is the gcd
Sriram Srinivasan
15/47
Summary 1
Sriram Srinivasan
16/47
Modular/Clock Arithmetic
1 13 (mod 12)
a b (mod n)
n is the modulus
a is congruent to b, modulo n
a - b is divisible by n
a%n=b%n
Sriram Srinivasan
17/47
Modular Arithmetic
c - d = kn
a + c - (b + d) = (j + k) n
a + c b + d (mod n)
Multiplication
ac bd (mod n)
Sriram Srinivasan
18/47
Power
a b (mod n) ak bk (mod n)
Using induction,
If ak bk (mod n),
a . ak b . bk (mod n), by multiplication rule
a + kn b (mod n)
Sriram Srinivasan
19/47
20/47
21/47
Multiplicative Inverse
(making y2 = -y1)
ax1 - 1 = by2
ax1 1 (mod b) (x1 is the multiplicative inverse)
Sriram Srinivasan
22/47
Summary 2
Modular arithmetic
23/47
(n) = Totient(n)
= Count of integers n coprime to n
(p) = p - 1, if p is a prime
Sriram Srinivasan
24/47
25/47
Sriram Srinivasan
26/47
m+1
m+2
m+3
m+r
2m
2m+1
2m+2
2m+3
2m+r
3m
(n-1)m+3
(n-1)m+r
nm
(n-1)m+1 (n-1)m+2
Sriram Srinivasan
27/47
Totient lemma #4
(contd.)
If gcd(m,r) = 1, gcd(m,km+r) = 1
All cells under that rth column have no common
factors with m
Others have a common factor with mn, so can be
eliminated
(m) columns survive
Sriram Srinivasan
28/47
Totient lemma #4
(contd.)
Totient lemma #5
1, 3, 5, 7 are coprime to 8.
30/47
Totient lemma #5
(contd.)
31/47
Eulers Theorem
32/47
33/47
RSA Algorithm
m treated as a number
34/47
ed 1 (mod (n))
35/47
Bob
selects
n = pq
p = 3,
q = 11 primes
p, nq =computes
33
(n) = (p)
(q) =- (p
(3 - 1)(11
1) -= 1)
20(q - 1)
Select
e = 7 e, such that gcd(e, (n)) = 1
Compute
the20)
decrypting
d, where
7d = 1 (mod
d = (1 key,
+ 20k)/7
ed 1 (mod (n))
d=3
Bob
publishes
Public
key = (7,public
33) key pair: e, n
Privateprivate
key = (3,
33)
Keeps
key:
d, n
Sriram Srinivasan
36/47
RSA algorithm
Treat eachletter
block
RSA
{18,or19,
1} as m (m < n)
n = 33, e = 7, d = 3
Encryption:
each
77
18
119
%%33
33 for{6,
{6
{6,
1313,m1}
compute c=me (mod n)
3
Decryption:
each19,
c, 1}
633 %
113
%%33
33
33 for {18,
{18
19
compute cd (mod n)
Sriram Srinivasan
37/47
RSA proof
Review:
a b (mod n) ak bk (mod n)
a<n
a = a (mod n)
gcd(a,n) = 1
a(n) 1 (mod n)
38/47
med m (mod q)
m (mod n)
med (mod n) = m
Sriram Srinivasan
40/47
RSA Implementation
n = pq
n = p.multiply(q);
(n) = (p - 1) (q - 1)
phi = p.subtract(BigInteger.ONE)
.multiply(q.subtract(BigInteger.ONE));
Sriram Srinivasan
41/47
RSA Implementation
Sriram Srinivasan
42/47
RSA Implementation
Encrypt/decrypt
BigInteger encrypt (BigInteger message) {
return message.modPow(e, n);
}
BigInteger decrypt (BigInteger message) {
return message.modPow(d, n);
}
Sriram Srinivasan
43/47
Digital Signature
Sriram Srinivasan
44/47
RSA Deployment
Never reuse n
45/47
Exploiting implementation
Low e or d values
Measuring time and power consumption of
smart cards
Exploiting random errors in hardware
Exploiting error messages
46/47
Sriram Srinivasan
47/47
48/47
References
http://crypto.stanford.edu/~dabo
pajhome.org.uk/crypt/index.html
49/47