A whirlwind tour of Modern Cryptography!

1

Sharing Secrets

2

Steganography vs Cryptography

Scytale

3

Caesar Cipher

A B CD

EFGHI

JK

LM

ZYX

V

U

NOPQ

RST

AB C D E

FG

HIJKL

M

ZY

X

V

UN

OPQRST

4

5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫: Set of all plaintext strings 𝒞: Set of all ciphertext strings 𝒦: Set of all keys called keyspace ℰ: Set of all encryption functions; each indexed by a key Ek ∈ ℰ 𝒟: Set of all decryption functions; each indexed by a key Dk ∈ 𝒟

Cryptosystem

∀k ∈ 𝒦 ∀p ∈ 𝒫 Dk( Ek (p)) = p

5

Shift Ciphers

5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫 = 𝒞 = ℤ26 𝒦 = ℤ26 ℰ: Set of all encryption functions

Ek(p)= p + k mod 26 𝒟: Set of all decryption functions

Dk(c)= c - k mod 26

6

Affine Ciphers

5 tuple (𝒫, 𝒞, 𝒦, ℰ, 𝒟) 𝒫 = 𝒞 = ℤ26 𝒦 = ℤ*

26 x ℤ26 ℰ: Set of all encryption functions

Ea,k(p)= ap + k mod 26 𝒟: Set of all decryption functions

Da,k(c)= a-1 (c - k) mod 26

gcd(a, 26) = 17

shared key cryptosystems

State of the art: AES implemented in secure file transfer

protocols (HTTPS, SFTP)

Symmetric Ciphers

8

public key cryptosystems

RSA

Asymmetric Ciphers

Results from Number Theory9

Def: Divisibility

For any a, b ∈ ℤ We say a | b iff there is k ∈ ℤ such that b = ka

10

Warm up: Properties of Divisibility

For any a, b, c ∈ ℤ with a ≠ 0 • a | b and a | c ⇒ a | (b + c) • for all k ∈ ℤ a | b ⇒ a | bk • a | b and b | c ⇒ a | c

For all k1, k2 ∈ ℤ • a | b and a | c ⇒ a | (k1 b + k2 c)

11

Def: congruence, modulus

For any a, b ∈ ℤ and m ∈ ℤ+ We say

a = b (mod m) iff

m | (a - b)

12

Result

a = b (mod m)iff

∃ k st a = b + km

13

Bezout’s Lemma

For any a, b ∈ ℤ+

∃ s, t ∈ ℤ gcd(a, b) = sa + tb

14

Suppose a, m are relatively prime integers with m > 1. Then there exists a unique integer a-1 st

a-1 a = 1 (mod m)

Inverse

15

Suppose a, m are relatively prime integers with m > 1. Then there exists a unique integer a-1 st

a-1 a = 1 (mod m)

gcd(a, m) = 1 There exist s, t such that sa + tm = 1 Thus, sa = 1 mod m

Inverse

16

Suppose p is a prime integer and a is an integer such that gcd(a,p) = 1

Then ap-1 = 1 (mod p)

Fermat’s Little Theorem

17

Chinese Remainder TheoremFor any m1, m2, …, mn st

• mi ∈ ℤ+

• mi > 1

• gcd(mi, mj) = 1 (for i ≠ j)

and integers a1, a2, …, an

The following system of congruences has a unique solution mod (m1 m2 … mn)

x ≡ a1 mod m1 x ≡ a2 mod m2

… x ≡ an mod mn

18

Chinese Remainder TheoremDefine Mk = m1 m2 mk-1 mk+1 mn gcd(mk, Mk) = 1

Let Mk-1 = yk mod mk

The following system of congruences has the unique solution x = Σ ai yi Mi mod (m1 m2 … mn)

x ≡ a1 mod m1 x ≡ a2 mod m2

… x ≡ an mod mn

19

Chinese Remainder TheoremFor any m1, m2, …, mn st • mi ∈ ℤ+

• mi > 1

• gcd(mi, mj) = 1 (for i ≠ j)

and integers a1, a2, …, an

The system of congruences x ≡ ai mod mi

has a solution x with 0 ≤ x < m, and all other solutions are congruent (modulo m) to this solution.

20

RSA EncryptionGiven: Plaintext M Construct: Ciphertext C Public Key: (n, e)

• n = p q p, q are primes • gcd(e, (p-1)(q-1)) = 1

21

RSA EncryptionPublic Key: (n, e)

• n = p q p, q are primes • gcd(e, (p-1)(q-1)) = 1

m1 m2 … mk

M

c1 c2 … ck

ci = ( mi ) e mod n

C22

RSA DecryptionPrivate Key: d d e = 1 mod (p-1)(q-1)

m1 m2 … mk

M

c1 c2 … ck

mi = ( ci ) d mod n

C

23

RSA DecryptionClaim: m = cd mod n

• cd mod n = (me)d mod n • (me)d mod n = med mod n

d e = 1 mod (p-1)(q-1) • med mod n

= mk(p-1)(q-1)+1 mod n24

RSA Decryptionmk(p-1)(q-1)+1 mod n = (m mk(p-1)(q-1)) mod n FLT: mp-1 = 1 mod p if gcd(m,p) = 1 (m mk(p-1)(q-1)) mod p = m (mp-1) k(q-1) mod p = m mod p Similarly (m mk(p-1)(q-1)) mod q = m (mq-1) k(p-1) mod q = m mod q

25

Chinese Remainder TheoremFor any p1, p2, …, pn st • pi ∈ ℤ+

• pi > 1

• gcd(pi, pj) = 1 (for i ≠ j)

and integers a1, a2, …, an

The system of congruences x ≡ ai mod pi

has a solution x with 0 ≤ x < p1p2…pn, and all other solutions are congruent (modulo p1p2…pn) to this solution.

26

m = cd mod p m = cd mod q

RSA Decryptionm = cd mod p m = cd mod q

By CRT cd = m mod pq

27

RSA Decryptionmk(p-1)(q-1)+1 mod n = (m mk(p-1)(q-1)) mod n FLT: mp-1 = 1 mod p if gcd(m,p) = 1 (m mk(p-1)(q-1)) mod p = m (mp-1) k(q-1) mod p = m mod p Similarly (m mk(p-1)(q-1)) mod q = m (mq-1) k(p-1) mod q = m mod q

28

RSAc = me mod n m = cd mod n

relies on hardness of factoring large numbers

29

Digital Signature using RSAIdea: sender applies decryption function to each message block

recipient applies encryption function to every block received

30

Suppose p is a prime integer Then a is a primitive root mod p If every non-zero element of ℤp is a power of a ℤp = {0, a, a2,…, ap-1}

primitive root

31

Diffie-Hellman Key ExchangeAlice and Bob agree to use prime p and primitive root a Alice chooses secret k1 Bob chooses secret k2

A → B: ak1 mod p B → A: ak2 mod p

Alice computes key = (ak2)k1 mod p Bob computes key = (ak1)k2 mod p

relies on hardness of discrete log problem32