Cryptography - Arnes

daughterinsectΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

85 εμφανίσεις

Cryptography.RSA cryptographic



Cryptography

is the art or science of keeping messages secret.
Cryptography

used to protect information of real value against
organized criminals, multinational corporations, and major
governments.
Cryptography

used to be
only military business;
however, in the information society it has become one of the central
tools for maintaining privacy and confidentiality. Suppose that
someone wants to send a message to a receiver, and wants to be sure
that no
-
one else can read the m
essage. However, there is the
possibility that someone else opens the letter or hears the electronic
communication,so to make sure that something like that never
happened we use cryptographic methods.

Cryptology

is the branch of mathematics that studies t
he mathematical
foundations of cryptographic methods."Public key cryptography," a
method for encrypting messages to be transmitted over an insecure
channel is emerging as fundamental tools for conducting business
securely over the Internet. This technology

is widely expected to be
used to conduct billions of dollars in electronic commerce within the
next few years.


As we move into an information society, the technological means for
global surveillance of millions of individual people are becoming
available

to major govenments. Cryptography has become one of the
main tools for privacy, trust, access control, electronic payments,
corporate security, and countless other fields.

Cryptography is no longer a military thing that should not be messed
with. It is ti
me to demystify cryptography and make full use of the
advantages it provides for the modern society. Widespread
cryptography is also one of the few defenses people have against
suddenly finding themselves in a totalitarian surveillance society that
can mon
itor and control everything they do.

In cryptographic terminology, the message is called
plaintext
or
cleartext
. Encoding the contents of the message in such a way that
hides its contents from outsiders is called
encryption
. The encrypted
message is called

the
ciphertext
. The process of retrieving the
plaintext from the ciphertext is called
decryption
. Encryption and
decryption usually make use of a
key
, and the coding method is such
that decryption can be performed only by knowing the proper key.

Cryptanal
ysis

is the art of
breaking

ciphers, i.e. retrieving the
plaintext without knowing the proper key. People who do
cryptography are
cryptographers
, and practitioners of cryptanalysis
are
cryptanalysts
.

Cryptography deals with all aspects of secure messaging,

authentication, digital signatures, electronic money, and other
applications.

A method of encryption and decryption is called a
cipher
. Some
cryptographic methods rely on the secrecy of the algorithms; such
algorithms are only of historical interest and
are not adequate for
real
-
world needs. All modern algorithms use a key to control
encryption and decryption; a message can be decrypted only if the key
matches the encryption key. The key used for decryption can be
different from the encryption key, but fo
r most algorithms they are the
same.

There are two classes of key
-
based algorithms,
symmetric

(or secret
-
key) and
asymmetric

(or public
-
key) algorithms. The difference is that
symmetric algorithms use the same key for encryption and decryption
(or the decr
yption key is easily derived from the encryption key),
whereas asymmetric algorithms use a different key for encryption and
decryption, and the decryption key can not be derived from the
encryption key.


Symmetric algorithms can be divided into
stream ciph
ers

and
block
ciphers
. Stream ciphers can encrypt a single bit of plaintext at a time,
whereas block ciphers take a number of bits (typically 64 bits in
modern ciphers), and encrypt them as a single unit. Asymmetric
ciphers (also called public
-
key algorith
ms or generally public
-
key
cryptography) permit the encryption key to be public (it can even be
published in a newspaper), allowing anyone to encrypt with the key,
whereas only the proper recipient (who message. The encryption key
is also called the public

key and the knows the decryption key) can
decrypt the decryption key the private key or secret key.


Generally, symmetric algorithms are much faster to execute on a
computer than asymmetric ones. In practice they are often used
together,so that a public
-
k
ey algorithm is used to encrypt a randomly
generated encryption key, and the random key is used to encrypt the
actual message using a symmetric algorithm.

The RSA Algorithm

is only one implementation of the more
general concept of public key cryptography,
which permits two parties
who have never met and who can only communicate on an insecure
channel to nonetheless send secure and verifiable messages to each
other. The RSA Algorithm was named after Ronald Rivest, Adi Shamir
and Leonard Adelman, who first pu
blished the algorithm in April,
1977.Since that time,









the
algorithm
has been employed in the most widely
-
used Internet electronic
communications encryption program, Pretty Good Privacy (PGP).The
Internet as currently structured is an insecure co
mmunications
encryption


secret
message


public key


P


cryption
message


decryption


secret
message


S


secret key


Source message


Get message



-

a
symmetric ciphers
-



channel with an obvious use for such technologies. Indeed, the
greatest expected growth for public key techniques is in Internet
-
related communications.


With public key techniques, each user has two different keys, one
made available to the
public and the other kept secret. One of the keys
is used to encrypt a message, and the other is used to decrypt the
message. If Alice wants to send a secret message to Bob, for example,
she looks up Bob's public key and uses it to encrypt the message.
Bec
ause Bob's public key cannot undo the encryption process, no one
who intercepts the message can read it. Only Bob, who posseses the
secret key corresponding to his public key, can read the message.
Alice never has to meet Bob out of the hearing of others t
o exchange
keys or passwords; this is a substantial improvement over older
encryption methods in which an exchange of private keys was
necessary. This system can also be used as a means for Bob to be sure
a message comes from Alice. If Alice wants to sign
a message, she can
encrypt it with her private key.When Bob receives an encrypted
message which purports to be from Alice, he can obtain Alice's public
key and decrypt the message. If a readable message emerges, Bob can
have confidence that the message cam
e from Alice, because Alice's
public key would only properly unlock a message which was locked
with her private key (known only to Alice).

RSA algorithm is basen on modular arithemetic.Modular arithmetic is
a variation of ordinary arithemic.

Theorem

Selec
t two prime numbers p and q (p and q aren’t equals). Compute n
= pq and φ(n)=(p
-
1)(q
-
1)(φ
-
Euler’s function).Pick an integer d
relatively prime to m=(p
-
1)(q
-
1) (1<d<m) then there is only one
integer e (1<e<m) d*e=1 (mod m) or every non
-
zero has
multiplicati
ve inverse.Pick M (1<M<n) and C=M
e

mod n (1<C<n)
then M=C
d

mod n.

This theorem is matemathical foundation of RSA cryptographyc
system.Lets see what steps we have to take to build cryptographic
system ussing this theorem.

First of all we have to view person

B Bob who want to recive massage
from other people.First Bob must compute two large numbers p and
q,then right away compute n=p*q and m=(p
-
1)(q
-
1).Next step is
picking d.When he picked d he find e like in theorem d*e=1 mod
m.After he computed n and e he h
ave to announce them and also that
he ussing RSA method.Bob job is done now.Pair (n,e) is his public
key,d is his secret key.Only Bob knows value of d.

Lets see what will hepend if person A alice want to send message to
Bob.Her message is number M (1<M<n)
.

A plain A plaintext message
is easily converted to a number by using either the alphabet position
of each letter (a=01, b=02, ..., z=26) or using the standard ASCII
table. If necessary (so that m<n), the message can be broken into
several blocks.
Certainl
y she wont send M to Bob,she will send coded
message C ,C=M
e
mod n.Bob will recive C and compute M=C
d

mod n.

M message ,C cipertext,e encrypt,d decrypt.


Probably comunication chanel isn’t secure enough and third person
C,Carol can also read contents of ci
pertext.Carol knows (n,e) and
cipertext and that is not enough.To find out original message Carol
need d.

We constucted system.How much does it take.First Bob have to find
two large prime numbers p & q.This task take some time.Computing
φ(n)=pq is simple.Euklid algorithm is used to find d relatively prime
to φ(n) and he is effective.

To encrypt text Alice have

to find M
e

mod φ(n) and this task isn’t
complicated.

To break system and read message Carol have to find divisiors of
n.For large numbers this cant be done in real time.Bob have to find
prime numbers which have more than 100 digits,so n will have more
tha
n 200.Today effective algorithm for finding divisiors of large
numbers isnt known.Security of RSA is based on this fact and only on
this fact.If some create efective algorthm RSA would become usless.


Encryption Operation

C = M
e

mod n

C = M
e
mod p

De
cryption Operation

M = C
e

mod n

M = C
e

mod p

modulus

p * q (prime numbers)

p (prime number)

Encryption exponent
(e)

e relatively prime to

(p
-
1)*(q
-
1)

e relatively prime to
(p
-
1)

Decryption exponent
(d)

d = e
-
1

mod ((p
-
1)*(q
-
1))

d = e
-
1

mod (
p
-
1)


RSA Usage
:


RSA is used in security protocols such as:


-
IPSEC/IKE
-

IP data security

-
TLS/SSL
-

transport data security (web)

-
PGP
-

email security

-
SSH
-

terminal connection security

-
SILC
-

conferencing service security

-
Many m
any more…




Electronic Commerce and Digital Signature



A Word about Electronic Commerce



Large number of business systems in Montenegro and region still
operate on fundamental principles developed in the middle
-
ages but it
is becoming increasingly evi
dent that the era of electronic commerce
started. Locally
and internationally, more and more companies are
developing Internet business models, advertising and selling their
products on
-
line.


In order to remain competitive with region, businesses and ind
ustries
from Montenegro will have to aggressively embrace electronic
commerce (EC) over the next few years. The same can be said for
state government if they want to be recognized in the world of
European e
-
commerce in tourism, industries, jobs and other b
usiness.


There are a couple of reasons for such growing interest in EC:



Rapid improvements in all areas of Information Technology
makes EC possible and cost
-
efective

The fundamental opportunity offered by the Internet as the main
engine for electronic c
ommerce is for suppliers to gain direct
access to consumers, without the attendant costs associated with
the maintenance of physical distribution channels
-

people,
buildings,etc. In the electronic medium competitors can emerge
from anywhere in the world.
They are not necessarily limited by
geography. The strategic implications for all businesses are
profound (especially for retailers and financial services
organisations). The value chains of most markets will
fundamentally change.

In last decade Internet i
n Montenegro started firstly shy and then
more and more intensive. Result of that is rapidly growing number
of internet users. Two mobile operators : Promonte and Monet
covers approximately 90% of the state, all banks offers electronic
credit cards, bank
omats are all around us,etc.


Heavy competition makes it necessary

To survive, businesses must realize the importance of technology and
the part it will play in future. Markets and marketing concepts will
change radically, driven by those companies

who successfully rise to
the challenge. Furthermore, we will see the emergence of integrated
software products
-

actively sharing business processes, capturing
and re
-
using customer information, along with the capability to
communicate and transact busine
ss via modern communication
mediums (the Internet).


Within the next year we will see the emergence of secure, cost
-
effective electronic payment systems to augment these technologies. In
future years this combination will be seen as the starting point for
the
age of Electronic Commerce
-

the most fundamental change in trade
since paper money was invented.


Those waiting for clear signs of this new age before acting will
forever be destined to observe from the sidelines.


Digital signature


introduction


Li
ke a written signature, the purpose of a digital signature is to
guarantee that the individual sending the message really is who he or
she claims to be.When government(s) adopt electronic commerce as
the normal way of doing business, the hand
-
written signa
ture may
become a thing of the past. As more and more transactions are
performed and documents are passed over
open
,
common
,
insecure
,
and
general purpose

routes like the Internet, a signature of some sort
will still be needed.

01.07.2000 US Signature Law

10.08.2000 E
-
signatures legal in UK

20.08.2000 Japan and its Digital Signature Act


How Digital Signature Technology Works



A

key to the success of the Internet is the ability to send encrypted
data that no one but the intended recipient can read, and
the ability to
send a digital signature such that the recipient is able to verify the
sender’s identity with absolute certainty. The rapidly growing industry
of electronic commerce depends on the ability to send a credit card or
bank account number to a co
mpany securely in order to withdraw
funds. This document would also be signed, so that the bank could
verify the sender’s authority to withdraw funds.


Digital signatures are created and verified by cryptography, the
branch of applied mathematics that con
cerns itself with transforming
messages into seemingly unintelligible forms and back again. Digital
signatures use what is known as "public key cryptography," which
employs an algorithm using two different but mathematically related
"keys;" one for creatin
g a digital signature or transforming data into
a seemingly unintelligible form, and another key for verifying a digital
signature or returning the message to its original form. Computer
equipment and software utilizing two such keys are often collectively

termed an "asymmetric cryptosystem."



Digital signatures are especially important for electronic commerce
and are a key component of most authentication schemes. To be
effective, digital signatures must be unforgivable. There are a number
of different en
cryption techniques to guarantee this level of security.






RSA cryptosystem and digital signature




Analysis of RSA cryptosystem

Task 1
.Prime Num
ber Distribution

RSA requires generation of two large prime numbers per user. This
means that tens of millions of 100
-
digit (or larger) prime number have
to be found if RSA is to be widely used. A common perception is that
prime numbers become increasingly

rare as integers become very
large.

This was tested by Mathematica 3.0 program that plots the
distribution of prime numbers.


Figure shows the distr
ibution of prime numbers near (a) one, (b) a
thousand, (c) a million, and (d) a billion. It is immediately noticeable
that the plots are quite linear, showing that, at least locally, prime
numbers are distributed quite evenly. However, the slopes of the li
nes,
which indicate the percentage of numbers that are prime, are (a)
16.8% near one, (b) 13.5% near one thousand, (c) 7.5% near one
million, and (d) 4.9% near one billion.

It appears that prime numbers do become rarer as you get to large
numbers, but at
a fairly slow rate. What will the density of prime
numbers be near the incredibly large number 10^100 ? To answer
this, we use the Prime Number Theorem. It states that, for large n:



where
(n)

is the number of prime numbers less than or equal to
n

and
ln

is the natural logarithm function. To calculat
e the percentage of
prime numbers between
N

and
N+1,000
, where
N

is a large number
like 10^100, we see that the number of primes between
N

and
N +
1,000

is given by:

(N+1000)
-
(N)



where we have used the fact that
ln(N+1000)

and
ln(N)

differ by an
insignificant amount since
N

is so large. Thus, the percentage of
primes near
N

is

[(N+1000)
-

(N)]/1000 x 100%


The percentage of prime numbers near
N = 10^100

is therefore 100 /
ln(10
100
) = 0.43 %. While this may seem small, the number of 101
-
digit integers is equal to 10
101

-

10
100

= 9 x 10
100
.
Therefore, the
number of 101
-
digit prime numbers is 9 x 10
100

x 0.0043 = 3.98 x
1098. We do not have to worry about running out of prime numbers.
Not only are there enough 100
-
digit primes for every person on the
planet, there are enough such prime numbers

for every atom in the
universe.

Task 2
. How to multiply?


In step 1. we show that there are enough primes ?and that is easy to
find two for our cryptosystem. In step 2. we have to multiply that 100+
digits primes.For that we will use some of famous algor
ithms for
multiplying of large numbers.For example Fast Fourier Transform
will calculate the product of large numbers of n digits in time
O(nlog(n)) (instead of O(n
2
) with the classic algorithm).

Task 3. Factoring Algorithims

The only known way to crack th
e RSA code is to factor the extremely
large number
n
. I decided to use the Pollard Rho large number
factoring heuristic to do this. This heuristic has the attractive ability
to (almost all the time) factor a large number
n

in approximately n
1/4

arithmetic
operations. The algorithm to factor n is shown below:

i = 1

x = random number from 0 to n
-
1

y = x

k = 2

do (until all factors are found)

i = i + 1

x = x
2

-

1 (mod n) Essentially picks a random x

d = gcd(y
-

x, n) Finds greatest common divisor

if d is a no
n
-
trivial factor (isn’t 1 or n)

print d We’ve found a factor

if i = k

y = x

k = 2k



This algorithm essentially generates a sequence of random numbers
less than n, and determines whether each one is a non
-
trivial factor
(not one or n). The sequence is cons
tructed in such a way that a prime
factor
p

is found in less than p
1/2

steps. The average of the prime
factors of
n

is on the order of (close to) p
n
1
/2
. Therefore, the average
number of steps required to factor
n

is (n
1/2
)
1/2

= n
1/4
. This makes it
very fast, especially for the large numbers we will be working with.
The Java program I wrote which implements this heuristic, and
evaluates its performance,

is described in the Results section.


Security


Suppose Eve, an eavesdropper, intercepts the public key
N

and
e
, and
the ciphertext
c
. However, she is unable to directly obtain
d
, which
Alice keeps secret. The most obvious way for Eve to deduce
n

from
c

i
s
to factor
N

into
p

and
q
, in order to compute (
p
-
1)(
q
-
1) which allows
the determination of
d

from
e
. No polynomial
-
time method for
factoring large integers on a classical computer has yet been found,
but it has not been proven that none exists.

It has n
ot been proven that factoring
N

is the only way of deducing
n

from
c
, but no easier method has been discovered (at least to public
knowledge.)

Therefore, it is generally assumed that Eve is defeated if
N

is
sufficiently large.

If
N

is 256
bits

or shorter, it can be factored in a few hours on a
personal computer
, using software freely available on the
Internet
. If
N

is 512 bits or shorter, it can be factored by several hundred
computers as of
1999
. It is currently recommended that
N

be
at least
1024 bits long.

In
1993
,
Peter Shor

showed that a
quantum computer

could in
principle perform the factorization in polynomial time. If (or when)
quantum computers become a practical technology,
Sho
r's algorithm

will make RSA and related algorithms obsolete.

Should an efficient classical factorization code be discovered or a
practical quantum computer constructed, using still larger key lengths
would provide a stopgap measure. However, any such sec
urity break
in RSA would be
retroactive
. An eavesdropper can record the key and
the ciphertext, and wait until it becomes practical to
decipher

the
message. Therefore, it is inherently un
safe to exchange long
-
term
secrets with RSA.


Prime Number Factorization

The
Factor

class implements Pollard’s rho heuristic for factoring
large numbers (Program 4). A number
n

can be factored by calling
the
factorRho(n)

method. This method will return th
e first factor it
finds. Since
n

is known to be the product of two prime numbers, this is
sufficient for cracking an RSA secret key.

The time required by this program to factor the products of two large
prime numbers varied greatly. It depended on such th
ings as whether
the two primes were close together or not and whether the digits
making up the primes were random or had a lot of repeated digits.
Averaging the time taken for many factorizations, I came up with an
average time of 2.4 seconds to factor a 4
0 digit number. In contrast, a
sample 129
-
digit number published in Scientific American was
factored by Atkins, et al in March 1994. The team used over 6000
computers on the Internet running the quadratic sieve algorithm for
eight months to factor the numb
er.

Time constraints prevented me from running my computer for eight
months to see the largest number I could factor in that time. However,
I can calculate this number by making use of the property of the
Pollard
-
rho algorithm that the number of arithmeti
c operations
needed,
r
, to factor a number n is approximately n
1/4
. We can also
write this as
n = r
4
. In eight months, my computer could have
performed 8.76 x 106 times more arithmetic operations than in 2.4
seconds. Thus the size of the number that I coul
d factor would be
larger by (8.76 x 106)
4

= 5.9 x 1027. This means that the largest
number I could factor in eight months is a (40+28) or 68 digit
number. In summary, it is possible to factor a 50
-
digit number within
one week and a 70
-
digit number within o
ne year using a typical home
computer at the present time.

What will happen to this number as computers get more powerful in
the future? According to Moore’s Law, the capacity of integrated
circuits (as measured by such things as memory size, number of
tr
ansistors in the CPUs, or arithmetic operations per second)
increases by a factor of two every eighteen months. This means that it
increases by a factor of over one hundred every ten years. This has
held true from 1970 to the present time. If the processin
g power
increases by one hundred, then the largest number that can be
factored using the Pollard
-
rho heuristic increases by a factor of
(102)
4

= 108. That is, computers will be able to factor numbers with 8
more digits every decade (in the same amount of t
ime) assuming that
Moore’s law continues to hold. Since RSA is now starting to use 200
-
digit keys, the RSA public
-
key cryptosystem is quite safe from hackers
(even in a distributed effort) for the next few decades.


[1] Legal News on Electronic Signatures


http://www.ccls.edu/eclip2news/topics/esignature/7
-
10
-
00.htm

[2]
The Strategic Challenges of Electronic Commerce


http://www.enix.co.uk/electron.htm

[3]
Digital Signatures and Encryption
ANR
-
ISP Project # 17


http://www.anr.state.vt.us/isp/DIGSIG.HTM

[4]