Cryptography - The University of West Georgia

Download Report

Transcript Cryptography - The University of West Georgia 

Cryptography
Public Key vs. Private Key
Cryptosystems
by William M. Faucette
Department of Mathematics
State University of West Georgia
What is Cryptography?
Cryptography is a scientific mix of
mathematical theory and
computational application which
allows the confidential transfer of
information.
What is Cryptography?
Please allow me to introduce the main
characters in our drama:
Alice and Bob wish to perform some form
of communication while Eve is an
eavesdropper who wishes to spy on or
tamper with the communications
between Alice and Bob.
What is Cryptography?
Cryptography is concerned with four
facets of data transfer:
 Confidentiality
 Authenticity
 Integrity
 Non-repudiation
Confidentiality
A message sent from Alice to Bob cannot
be read by anyone else.
Authenticity
Bob knows that only Alice could have
sent the message he has just received.
Integrity
Bob knows that the message from Alice
has not been tampered with in transit.
Non-Repudiation
It is impossible for Alice to turn around
later and say she did not send the
message.
Cryptography in
Ancient Times
Cryptography in
Ancient Times
Perhaps one of the most ancient
methods of cryptography, attributed to
Julius Caesar, involves fixing an
alphabet and choosing a “shift index”.
Cryptography in
Ancient Times
The “shift index” tells you how many
letters down the alphabet to shift a
letter in order to encode it.
Cryptography in
Ancient Times
For example, if we use the standard 26letter English alphabet and choose a
shift index of 4, then
A is encoded to E,
B is encoded to F,
C is encoded to G,
and so forth.
Cryptography in
Ancient Times
For letters at the end of the alphabet,
we simply wrap around to the
beginning of the alphabet:
V is encoded to Z,
W is encoded to A,
X is encoded to B,
and so forth.
A Modern Description
of this Cryptosystem
A Modern Description
of this Cryptosystem
Take each letter, A through Z, and assign
it a number in the ring Z/26Z by taking
A to 1, B to 2, C to 3, . . . , Y to 25,
and Z to 0.
This allows us to convert any string of
text, called plaintext, into a string of
numbers between 0 and 25.
A Modern Description
of this Cryptosystem
Once we have the message as a string of
digits, to encode the message, we
simply apply the function
where n is the shift index.
A Modern Description
of this Cryptosystem
The encoding is completed by turning
the resulting string of digits back into
characters using the original
correspondence.
Oops!
Oops!
The only problem with this cryptosystem
is that it is easily broken. That is, it is
possible for an unauthorized person to
convert the ciphertext back to
plaintext.
Oops!
In order to break this code, you need
only perform a frequency analysis,
counting the number of times each
letter occurs in the ciphertext.
Oops!
Knowing that the letter E is the most
commonly occurring letter in English
text, we can (probably) assume that
the letter E maps to the most
commonly occurring letter in the
ciphertext.
Oops!
Knowing the correspondence of one
plaintext letter to one ciphertext
letter gives you enough information to
decode the intercepted ciphertext.
A Better Cryptosystem
A Digraph Cipher
A Better Cryptosystem
One problem with the preceding
cryptosystem is that it takes one letter
and encodes it to the same letter
every time. This enables us to conduct
a frequency analysis and break the
cipher.
A Better Cryptosystem
Rather than encode one letter at a time,
we can encode blocks of letters at a
time. For example, we can encode
pairs of letters. Such a cryptosystem is
known as a digraph cipher.
Digraph Cipher
Use the same function taking the English
alphabet into the ring Z/26Z. For a
pair of plaintext letters, this gives us a
pair of integers modulo 26. We can
consider this ordered pair as a vector
in (Z/26Z)2.
Digraph Cipher
To encipher this vector, v, we need an
enciphering matrix, M. That is, a 2x2
matrix with entries in Z/26Z which is
invertible in Z/26Z.
Such a matrix is invertible if and only if
its determinant is relatively prime to
26.
Digraph Cipher
The enciphering is then accomplished by
multiplying the vector v by the
enciphering matrix M, and then
converting the resulting vector back
into letters.
Example
Example
Start with the plaintext
West Georgia
This message has an odd number of
letters, so we add a random letter ‘x’
and break the message into digraphs:
WE ST GE OR GI AX
Example
Next, we convert the
Z/26Z:
WE
ST
GE
OR
GI
AX
digraphs to vectors in
(23, 5)
(19, 20)
(7, 5)
(15, 18)
(7, 9)
(1, 24)
Example
For our enciphering matrix, we’ll use the
matrix
é2 3ù
ê
ú
ë3 4û
Example
We encipher all the vectors at once using
matrix multiplication:
é2 3ù é23 19 7 15 7 1 ù
ê
úê
ú
ë3 4û ë 5 20 5 18 9 24û
Example
The product of these two matrices is
é 9 20 3 6 15 22ù
ê
ú
ë11 7 15 13 5 21û
remembering that we are working in Z/26Z.
Example
Converting these vectors back into
digraphs, we get the ciphertext
IKTGCOFMOEVU
Example
Comparing the ciphertext
IKTGCOFMOEVU
with the plaintext
WESTGEORGIAX
we see that the two Es go to two different
letters, K and O, making breaking this cipher
more difficult.
Variations on a Theme
Other Variations
Of course, there’s nothing special about
digraphs: We can divide the plaintext
into blocks of k letters and use a kxk
enciphering matrix.
Other Variations
We can also add a fixed vector b after
multiplying by the enciphering matrix
M.
If P is the plaintext message, the
ciphertext message is given by
MP+b mod 26
Private Key Cryptography
Private Key Cryptography
The cryptosystems we have described so
far are all private key cryptosystems.
Private Key Cryptography
The enciphering keys in the last variation
are the matrices M and the vector b.
These keys must be kept private because
knowing the enciphering keys allows
one to compute the deciphering keys.
Private Key Cryptography
For example, if the cryptosystem uses
the enciphering function
C=MP+b
Then we can solve this matrix equation
for P to get
P=M-1(C-b)=M-1C-M-1b
Private Key Cryptography
So, we see that if the data (M, b) are the
enciphering keys, the deciphering keys
are (M-1-M-1b).
From this we see that anyone who knows
the enciphering keys can compute the
deciphering keys.
Public Key Cryptography
Public Key Cryptography
In contrast, with public key
cryptography, knowledge of the
enciphering key does not allow one to
compute the deciphering key.
Public Key Cryptography
Similarly, knowledge of the deciphering
key does not allow one to compute the
enciphering key.
Why Would Someone Use
Public Key Cryptography?
Why Would Someone Use
Public Key Cryptography?
If knowledge of an enciphering key
allows one to compute the
corresponding deciphering key, it is
possible for this party to intercept and
read a ciphertext message intended for
another party. This defeats
confidentiality.
Why Would Someone Use
Public Key Cryptography?
If knowledge of a deciphering key allows
one to compute the corresponding
enciphering key, it is possible for this
party to code and send a ciphertext
message to a third party. This defeats
authenticity.
When Would Someone Use
Public Key Cryptography?
When Would Someone Use
Public Key Cryptography?
Public key cryptography tends to be
slower than private key cryptography,
so why would anyone use it?
When Would Someone Use
Public Key Cryptography?
Public key cryptography is used in an
auxiliary capacity, say to agree upon
keys for a traditional private key
cryptosystem.
When Would Someone Use
Public Key Cryptography?
It is possible for two parties to initiate
secret communications without ever
having had any prior contact, without
having established any prior trust,
without exchanging any preliminary
information.
How Does Public Key
Cryptography Work?
How does Public Key
Cryptography Work?
In order to implement public key
cryptography, each person, Alice and
Bob, has a public enciphering key, KE,
and a private deciphering key, KD.
How does Public Key
Cryptography Work?
The public keys are published and made
available to the public, while the
private keys are kept confidential.
How does Public Key
Cryptography Work?
Since the enciphering keys are made
public, in order to ensure the security
of the cryptosystem, it must be
computationally infeasible to find the
private keys from the public keys.
How does Public Key
Cryptography Work?
Computationally infeasible does not
mean that the computation is
impossible. Rather, it means that the
amount of computer time necessary to
perform the computation is
prohibitively long.
How does Public Key
Cryptography Work?
So, in order to implement public key
cryptography, we must have some
function that is easy to compute, but
whose inverse function cannot be
computed in any reasonable sense.
How does Public Key
Cryptography Work?
That is, in order to implement public key
cryptography, we must have a
trapdoor function.
Trapdoor Functions
Trapdoor Functions
A trapdoor function is a function f which
is easy to compute, but whose inverse
function f-1 is impossible to compute
without performing a prohibitively
lengthy computation.
Trapdoor Functions
Two types of trapdoor functions that are
used in the RSA cryptosystem and
Elliptic Curve cryptosystems are these:
 The prime factorization problem
 The discrete logarithm problem
The Prime Factorization
Problem
The Prime Factorization
Problem
The Fundamental Theorem of Arithmetic
states that every natural number can
be factored (essentially) uniquely into
a product of prime numbers.
The Prime Factorization
Problem
However, given a very large number n,
say on the order of 10100, it is
computationally infeasible to factor n.
A Little Computation
In order to factor n, one systematic way
which is easily implemented on a
computer is to divide n by
2, 3, 4, . . . , n1/2
to test for a divisor.
A Little Computation
If we try this approach with a natural
number of the order of 10100, this
technique would take 1050 operations
to complete.
A Little Computation
In 1997, the Department of Energy
announced the world’s fastest
computer performed one trillion
floating point operations per second, a
teraflop.
A Little Computation
This computer would take more than
3x1033 years to factor a 100 digit
number by this systematic method.
The Discrete Logarithm
Problem
The Discrete Logarithm
Problem
To describe the discrete logarithm
problem, we start with a finite abelian
group G of very large order.
The Discrete Logarithm
Problem
Typically, G is a group such as (Z/nZ)*,
the group of invertible elements in the
ring Z/nZ, or Fq*, the group of nonzero
elements in the finite field with q
elements.
The Discrete Logarithm
Problem
For a fixed element b in G consider the
map from the natural numbers into G
given by n maps to bn.
The Discrete Logarithm
Problem
For any element y in G, the discrete
logarithm of y base b is the smallest
natural number n so that bn=y.
The Discrete Logarithm
Problem
Like the prime factorization problem, the
discrete logarithm problem is believed
to be difficult and also to be the hard
direction of a trapdoor function.
The Discrete Logarithm
Problem
The discrete logarithm problem has
received much attention in recent
years. The best discrete logarithm
problems have expected running times
similar to those of the best factoring
algorithms.
The Discrete Logarithm
Problem
Rivest has analyzed the expected time to
solve the discrete logarithm problem
both in terms of computing power and
cost.
See R.L. Rivest. Response to NIST's
proposal. Communications of the ACM,
35: 41-47, July 1992.
The Discrete Logarithm
Problem
The discrete logarithm problem appears
to be much harder over arbitrary
groups than over finite fields; this is the
motivation for cryptosystems based on
elliptic curves.
Next Time
In the next two lectures, we will
systematically look at two public key
cryptosystems: The RSA cryptosystem
and elliptic curve cryptosystems.
Thanks for Attending