Chapter 12: Cryptography

innocentsickΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

93 εμφανίσεις

Chapter 12: Cryptography

MAT 320 Spring 2008

Cryptography: Basic Ideas


We want to encode information so that
no one other than the intended recipient
can decode it.


Essentially we have two functions: an
encoding function E, and a decoding
function, D.

Two Functions


If x is a message (and it’s not hard to
express messages as numbers), then E(x)
should be the encoded message


Once the message is received, D(E(x)) is
the original message x


So E and D are inverse functions

Options


One option is to keep both functions
secret


The advantage of this method is that if
unintended recipients do not know your
functions, they should be unable to
decode your message


The disadvantage of this method is that
the more people who know your
functions, the less able you will be to
keep them secret

Personal Keys


In a more advanced system, each person
has their own functions.


Anne has her functions E
Anne

and D
Anne


Bob has his functions E
Bob

and D
Bob


The problem with this method is that so
far, Anne and Bob can only send
messages to themselves, not to each
other

Public Keys


To fix this problem, we make everyone’s E
function
public
.


So anyone can encode a message using
anyone else’s key.


However, we need to keep the D
functions
private
, or else our information
could be stolen.

How It Works


Anne wants to send a message to Bob.


Anne knows E
Bob
, so she sends
E
Bob
(message) to Bob


Only Bob knows D
Bob
, so only Bob can
compute D
Bob
(E
Bob
(message)) = message

Signatures


Another advantage of a public
-
key is the
ability to “sign” messages.


Suppose that the bank receives an encoded
message claiming to be from Anne.


Anyone can send
E
Bank
(message) to the Bank.


But only Anne can send
E
Bank
(
D
Anne
(message))


The bank knows
D
Bank

and
E
Anne
, so they can
decode the message by applying these
functions

Troubles


The main problem that comes up with
public
-
key cryptography is that we need
to make sure that it’s very difficult to
figure out how the D function works from
knowing how the E function works.


One method that accomplishes this is RSA
cryptography.

Intermission


Lemma 12.1

(Limited Cancelling)


Lemma 12.2

(Fermat’s Little Theorem)

How RSA Works


Let p and q be distinct primes. Let n =
pq
.


In practice, we let p and q be quite large,
with hundreds of digits. It is difficult to
factor large numbers,
even by computer
,
and if someone were able to factor n,
they would be able to break our code.


Go ahead and choose primes now. For
purposes that will become clear soon,
make sure that n is at least 270,000.


Again, in practice, n is much, much larger.

How RSA Works, continued


Let k = (p


1)(q


1), and choose d so that
(d, k) = 1.


Using Bezout’s Theorem, find e so that

de


1 (mod k)


The numbers e and n are made public,
and the number d is kept private.


The encoding function is E(x) = x
e

mod n


The decoding function is D(x) = x
d

mod n

Let’s Try It


Following the example on your handout, enter
your numbers p, q, n, and k into
Mathematica
.


Choose a number d so that (d, k) = 1. You may
have to try a few times to get a d that works.


Once you find a value of d, use the
ExtendedGCD

command to find e so that
ed



1 (mod k).


If
Mathematica

gives you a negative value of e,
add k to it (since we’re working mod k, this will be
congruent)


Sending Messages


First we need to convert our message to
numbers. Converting the entire message to a
single number would make our calculations
difficult, so instead we break it up into blocks.


Using A = 01, B = 02, …, Z = 26, break your
message into 3
-
letter blocks and convert them to
numbers.


Now you see why we needed to have n be at least
270,000.


Add extra zeros to the end of your message if it
doesn’t break up evenly into three
-
letter blocks.

Encoding


Now we are ready to plug these numbers
into our encoding function.


When x and d are large, computing x
d
,
dividing it by n, and computing the
remainder is very time consuming.


However, there are many computational
shortcuts Mathematica can use, including
the PowerMod command.


PowerMod[x,d,n] computes x
d

mod n

One More Proof


In order to convince ourselves that RSA
always works, we need to prove this
theorem:


Theorem 12.3

(RSA Works!)

Let p and q be distinct primes, and let

n = pq and k = (p


1)(q


1). If d and e
are chosen so that (d, k) = 1 and ed


1
(mod k), then for all integers x, x
ed



x
(mod n).