Cryptography - Math Is Beauty

tofupootleΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

53 εμφανίσεις

Cryptography
Lowell High School Research Class
1.Private Key Cryptography
Suppose that Alice and Bob are in physical contact with each other and want to set up
a way to communicate when they're far away fromeach other that's secure,in the sense
that an eavesdropper Eve won't be able to understand their messages if she intercepts
them.Alice and Bob can agree on a secret code before parting,which they can use to
encode and decode messages.
Caesar encryption:A basic way of generating secret codes is Caesar encryption.
This was used by Julius Caesar (the rst Roman emperor,who lived from 100 BC to
44 BC) to communicate with his generals.Alice and Bob agree on a number n between
1 and 26,and before one of them sends a message,he or she encodes it by replacing
each letter with the letter that is n letters in the alphabet after it,wrapping around
the letters at the end of the alphabet to the beginning of the alphabet.For example,if
n = 3 then D becomes G,and Z becomes C.The recipient of a message then replaces
each letter of a message that he or she received with the letter that is n letters before
it,in order to decode the message.
Exercise 1:Find a partner.Agree on a number n.If you are the older partner,
encrypt the word\red"using Caesar encryption with the number n,and pass it to
your partner.If you are the younger partner,encrypt the word\blue"and pass it to
your partner.Then decrypt the message that your partner gives you.
Caesar encryption is inadequate.Why?One reason is that there are only 26 possible
choices of n,so that Eve can try decoding the message with each of them and soon
nd the value of n that works.Another problem which applies even to analogs of
Caesar encryption with many more choices of n (for example,involving the replace-
ment chunks of letters instead of individual letters) is that certain letters and chunks
of letters appear much more often than others in the English language (and indeed
any language),and an eavesdropper can use frequency analysis to considerably narrow
down the possible values of n.
One-time pad:A better approach than simple Caesar encryption is the use of a one-
time pad.In this approach,before parting,Alice and Bob create two copies of the same
book,which contains a very long list of randomly generated numbers ranging from 1
to 26.Then before one of them sends a message to the other,he or she encrypts each
letter of his or her message using Caesar encryption with a value of n that varies:to
encode the n
th
letter of a message,they use Caesar encryption with n equal to the n
th
number in the book.
1
2
Exercise 2:Decode\RYK"assuming that it has been encoded with the one time pad
\3,2,25."
Important:Alice and Bob shouldn't use part of the pad more than once,otherwise
Eve can use frequency analysis.Instead,the method is for a sender of a message to
cross out the numbers of the book that he or she used,and for the recipient of the mes-
sage to cross out the part of the pad that the sender used,and for a subsequent sender
to start afresh with the rst numbers of the book that have not been used previously.
As long as no part of the pad is used more than once,and the numbers are random,
Eve cannot break the code without getting access to a copy of the book.
2.Public Key Cryptography
Problem:A customer purchases books on Amazon's website,he or she often enters
their credit card numbers,expiration dates and card security codes (the last of which
are three digit numbers on the backs of credit cards) into the website.When these
pieces of information are sent to Amazon,they go through many computers that are
not owned by Amazon.The owners of these computers could potentially take the
Amazon customer's credit card information and use it to buy things for themselves
without the permission of the credit card owner.
In order to guard against this outcome,it's necessary for the message to be
encrypted.However,Amazon has never met with its customers in person and so it
appears that Amazon and a customer can't share a one time pad with one another to
establish a code to use to communicate with...
Suppose that Alice runs Amazon's credit card processing unit and that Bob is an
Amazon customer.Somewhat surprisingly,Bob can securely transmit his credit card
information to Alice despite the fact that they've never met!One way of doing this
is via Die Hellman key exchange.This is not the method used by Amazon,but the
methods used by Amazon are similar in spirit.In order to place it in context,we will
discuss an important arithmetic fact.
Preliminaries for Die Hellman:
Since we'll frequently be referring to\remainder upon division by p,"and p will
be xed,we will abbreviate the phrase as\remainder."
A fundamental property concerning remainders,which we will use,is that mul-
tiplying two numbers m and n and then taking their remainder gives the same result
as taking the remainders of m and n,multiplying them together,and then taking the
remainder of the result.
3
This is a generalization of the case of p = 10,which is familiar.In the case p = 10,
the remainder of a number is its rightmost digit,and the fundamental property men-
tioned above is that the units digit of a product of two numbers m and n is the same
as the units digit of the product of the units digits of m and n.For example,if you
multiply 26 and 32 you get 26 32 = 832,which has the same nal digit as the product
6  2 = 12 of the nal digits of 26 and 32.
Exercise 3:Verify the fundamental property for p = 10,m= 39 and n = 33 by using
the multiplication algorithm.Verify the fundamental property for p = 7,m = 13 and
n = 23.
Homework:Convince yourself that the fundamental property is always true.
A special case of the fundamental property that we will use below is that the
remainder of g
k
is the same as that of (the remainder of g) to the k
th
power.
The fundamental property can be thought of as saying that a number and its
remainder are interchangeable in the context of computing remainders,so we need not
distinguish between the two,and will not do so below.
Die Hellman key exchange
In the procedure below,\Alice"is really\Alice's computer"and\Bob"is really\Bob's
computer."The procedure is as follows:
(1) Alice and Bob agree on a large ( 300 digit) prime p and a number g less than
p,such that g has about 300 digits.
(2) Alice randomly generates a number a and Bob randomly generates a number b,
each less than p and about 300 digits long.Alice and Bob keep these numbers
secret.
(3) Alice and Bob's shared secret will be the remainder of g
ab
.Because the remain-
der of g
ab
is in the range of 300 digits,it's big enough to use as a one-time pad
to transmit credit card information.
But how can Alice and Bob compute the remainder of g
ab
without communi-
cating a and b to one another and risking that an eavesdropper Eve intercepts
them and so can gure out the remainder of g
ab
herself?
(4) Alice computes the remainder of g
a
and sends it to Bob.Bob computes the
remainder of g
b
and sends it to Alice.
4
(5) As discussed later in this section,Eve cannot infer a from the remainder of g
a
or b from the remainder of g
b
in a reasonable amount of time,so a and b remain
secret in the previous step.
(6) Alice computes the remainder of (g
b
)
a
and Bob computes the remainder of (g
a
)
b
.
(7) Since (g
b
)
a
= g
ba
= g
ab
= (g
a
)
b
,in the previous step,Alice and Bob each com-
puted the remainder of g
ab
.This is their shared secret.
It is not immediately obvious that it is computationally feasible for Alice and Bob to
carry out the procedure,but using some basic ideas fromcomputer science and number
theory,it is in fact possible to program modern computers to carry out the above steps
in a reasonable amount of time.
An Example:For concreteness,here is an example,albeit one with g,p,a and b
much smaller than 300 digits:
(1) Suppose that p = 107 and g = 53,and that Alice chooses a = 102 and Bob
chooses b = 39.
(2) Alice computes the remainder of 53
102
,which is 16,and sends it to Bob.
(3) Bob computes the remainder of 53
39
,which is 13,and sends it to Alice.
(4) Alice computes the remainder of 13
102
,which is 40.
(5) Bob computes the remainder of 16
39
,which is 40.
(6) Thus,Alice and Bob have shared a secret:namely,the number\40".
Security of the Die Hellman Key Exchange
Eve has access to each of g,p,and the remainders of g
a
and g
b
.The only known
way for Eve to discover Alice and Bob's shared secret (the remainder of g
ab
is to gure
out at least one of a and b.The problem of nding b if you know g;p,and the re-
mainder of g
b
is known as the discrete log problem.The only known method of solving
the discrete log problem is to compute the remainders of g
k
for k 2 f1;2;3;:::g un-
til one hits on a value of k that gives a remainder that's the same as the remainder of g
b
.
In the numerical example above,it is feasible for Eve to do this.She only needs
to try the 106 values of k that are less than p = 107,and this doesn't take very long.
However,if p is 300 digits long,then there are nearly 10
300
values of k to check.Even
if Eve had access to all of the computers in the world,she couldn't nish doing this
before the heat death of the universe.Thus,Alice and Bob can be assured that Eve is
unable to eavesdrop.
The above remarks assume that there is no way of nding b other than trial and
error.Though it is widely believed that there is no faster way,nobody has been able
5
prove that this is the case.
More signicantly,the above remarks also assume that the computers that are used
operate based on the same principles that today's computers do.There is a theoretical
type of computer called a quantum computer that utilizes phenomena from quantum
mechanics to carry out computations.In 1994,Peter Shor proved that a quantum
computer that is large enough to do Alice and Bob's calculations in a reasonable
amount of time could also solve the discrete log problem in a comparable amount
of time.So the creation of a quantum computer of size comparable to our current
computers would render the Die-Hellman key exchange insecure.
Prepared by Jonah Sinick,who can be reached at jsinick@gmail.com