A Brief History of Cryptography
Ancient Greeks Scytale Cipher
Julius Caesar Caesar Cipher
“Enigma” Automated Cipher
What is Cryptography?
Secure and private communication
Encryption Rendering a message unintelligible
WEDNESDAY THE SIXTEENTHJRQARFQNL GUR FVKGRRAGU
Symmetric vs. Asymmetric
Symmetric Single key
Asymmetric (Public Key) Two keys
• Public key & Private key Mailbox Concept Digital Signature
Branches of Cryptology
Cryptology
Cryptography Cryptanalysis
Symmetric Asymmetric
Encryption Message AuthenticationEncryption
Advantages of Asymmetric
Secure Exchange of Keys Can’t trust the middleman
Nonrepudiation Keep track of your own key
More Uses Encryption Message Authentication Digital Signatures
Modulus Operation
Formal Definition:
Given integers a, r, and m, we saya ≡ r mod m
if (r – a) is divisible by m
a = r mod m
Note that there are infinitely many remainders
Not to be confused with:
The Ring Zm
Ring of integers with properties: Arithmetic operations always yield result in Zm
• e.g. ∀a, b ε Zm then (a + b) ε Zm
Neutral elements 0 for addition, 1 for multiplication• e.g. ∀a ε Zm, a + 0 ≡ a mod m
Additive inverse always exists
• i.e. ∀a ε Zm, ∃b = -a such that a + b ≡ 0 mod m
Multiplicative inverse only exists for some elements
Euclidean Algorithm
Calculates Greatest Common Divisor (GCD)
Simplify the problem
GCD(a, b) = GCD(a – b, b)
Euclidean Algorithm
a = bq + r
a = sub = tu
r = a – bq
r = (su) – (qt)u
r = (s – qt)u
a = bq + r
a = (s’v)q + (t’v)
a = (s’q + t)v
b = s’vr = t’v
Euclidean Algorithm
1 q1 = a / b a = bq1 + r1 r1 = a – b q1
2 q2 = b / r1 b = q2 r1 + r2 r2 = b – q2 r1
3 q3 = r1 / r2 r1 = q3 r2 + r3 r3 = r1 – q3 r2
n qn = rn-2 / rn-1 rn-2 = qn rn-1 + rn rn = rn-2 – qn rn-1
n+1 qn+1 = rn-1 / rn rn-1 = qn+1 rn + 0 ---
Procedure of Euclidean Algorithm
Extended Euclidean Algorithm
Modular Division Multiplication by multiplicative inverse ba-1 instead of b/a
Multiplicative Inverse: aa-1 ≡ 1 mod m
Extended Euclidean Algorithm: Fast, efficient way to find multiplicative inverse
Extended Euclidean Algorithm
Perform regular Euclidean Algorithm
GCD(a, b) must be 1
Then for ax + by = 1, x is the multiplicative inverse of a, and y is the multiplicative inverse of b
Extended Euclidean Algorithm
a = bq1 + r1
b = q2 r1 + r2
r1 = q3 r2 + r3
rn-2 = qn rn-1 + 1
r1 = a – bq1
r2 = b – q2 r1
r3 = r1 – q3 r2
1 = rn-2 – qn rn-1
1 = rn-2 – qn rn-1
1 = rn-2 – qn (r1 – q3 r2)
1 = rn-2 – qn (r1 – q3 (b – q2 r1))
1 = rn-2 – qn (r1 – q3 (b – q2 (a – b q1)))
1 = ax + by
Euler’s Totient Function
Essential for RSA Scheme and most likely others
Totient (n) Number of totatives of an integer n Totative: An integer m, 0 < m < n, GCD(m, n) = 1
Prime factorization of n must be known
{1, 2, 3, …, 30}
Example: (30)
1
2
34
5
6
7
89
10
11
12
13
14
15
16
17
18
19
20
2122
23
24
25
2627
28
29
30
(5)
(2) (3)
S =
C =
A = = B
Example: (30)
Calculate totients from frequencyDe Morgan’s Theorem:
Probability a number is in a subset is equal to Probability a number is not in all other subsets
Probability a number is NOT in a set is equal to 1 – (Probability of being IN the set)
Probability = (1 – 1/2) * (1 – 1/3) * (1 – 1/5)Frequency = (1 – 1/2) * (1 – 1/3) * (1 – 1/5) * 30
Euler’s Totient Function
Formula:
(n) = n(1 – 1/p1)(1 – 1/p2)…(1 – 1/pm)
=
(n) = (p1 – 1)p1k1–1(p2 – 1)p2
k2–1 …(pm – 1)pmkm–1
RSA
Ronald Rivest, Adi Shamir, Leonard Adleman 1977
Most widely used asymmetric scheme todayTwo main uses:
Secure exchange of keys Digital signatures
How RSA Works
Keys are pairs of integers Encrypting key: (e, n) Decrypting key: (d, n)
Encryption/Decryption: Exponentiation within Zn
Encrypt message: C = Me
Decrypt cyphertext: M = Cd
Before encrypting: Convert plaintext to integer with hash function
RSA: Key Generation
1. Choose two arbitrary prime numbers p and q
2. Calculate n = pq
3. Calculate (n) = (p – 1)(q – 1)
4. Choose arbitrary integer e < (n) – 1such that GCD(e, (n)) = 1
5. Calculate d = multiplicative inverse of e mod (n)using Extended Euclidean Algorithm
RSA: Key Generation
Basic requirement: After choosing p, q, choose e, d, k satisfying:
• ed – 1 = k(p – 1)(q – 1)
Extended Euclidean Algorithm requires two integers that are relatively prime Thus, requiring e and (n) to be relatively prime
ensures that there will be a matching private key
How RSA Works
Me = C; Cd = M Prove Cd ≡ (Me)d ≡ Med ≡ M mod n
Fermat’s Little Theorem M(n) ≡ 1 mod n if M and n are relatively prime
Mk(n) ≡ 1 mod nM*Mk(n) ≡ M mod nMk(n)+1 ≡ M mod n
Med ≡ M mod n
ed – 1 = k(p – 1)(q – 1)ed = k(p – 1)(q – 1) + 1ed = k (n) + 1
RSA: Faster Encryption
“Square-and-Multiply” Algorithm Quick and efficient, even with large numbers
Based on binary representation of exponentIterative through bits, left to rightConsider y = xh mod n
Starting with 2nd bit from left:1. Calculate y = x
2. Calculate y = y2 mod n
3. If current bit of h is 1, calculate y = yx mod n
4. Repeat steps 2 and 3 for each bit in exponent
RSA: Faster Encryption
Example: y = 226 mod 5
Iteration Current Bit Calculation Value of y
y = x 2
1 1 [1] 0 1 0 y = y2 mod n 4 mod 5 = 4
1 1 [1] 0 1 0 y = y * x mod n 8 mod 5 = 3
2 1 1 [0] 1 0 y = y2 mod n 9 mod 5 = 4
3 1 1 0 [1] 0 y = y2 mod n 16 mod 5 = 1
3 1 1 0 [1] 0 y = y * x mod n 2 mod 5 = 2
4 1 1 0 1 [0] y = y2 mod n 4 mod 5 = 4
RSA: Faster Encryption
Square-and-Multiply has complexity O(log n), where n is the number of bits in the exponent
Relatively efficient
Although still intensive for small devices
Speed up encryption more: smaller public key No significant loss of security
RSA: Faster Decryption
Can’t use smaller private key Major security loss
Chinese Remainder Theorem Allows computation of y = x mod (pq) given:
• y1 = x mod p and y2 = x mod q
Break down Cd mod n into smaller computationsMore computations, but less intensiveRequires knowledge of p and q, thus cannot be
used to speed up encryption
RSA: Faster Decryption
Variation of Fermat’s Little Theorem: xp-1 ≡ 1 mod p
Using this, break down exponent d into d1 = d mod (p – 1) and d2 = d mod (q – 1)
Decryption now requires two exponentiations:
Using Chinese Remainder Theorem, compute:y ≡ y1q(q–1 mod p) + y2p(p–1 mod q) mod n
On average, four times faster
Practical Uses of RSA
Even with these methods to speed up RSA, it is still much slower than symmetric systems
Not typically used for large-scale encryptionEncrypt smaller messages
Passwords Symmetric keys
Digital SignaturesUsed together with symmetric systems
Secure key exchange + fast, efficient encryption
Problem
Modern computers becoming more efficientFactoring large numbers is becoming easier
•Larger keys required for RSA to remain secure–RSA becoming slower and slower
Alternative
Elliptic Curve Cryptography (ECC) 1985 Neal Koblitz, Victor S. Miller Estimated to be widespread within next decade
Elliptic Curve Cryptography: Premise
Point “Addition” (addition of ordered pairs)
Given a set E of points, and an operator “+”: Compute “sum” of two points as another point P + Q = R; P, Q, R ɛ E NOT actual arithmetic addition
Point “Multiplication” G = P + P + … + Pk = kP; G, P ɛ E, k ɛ R
Elliptic Curve Cryptography: Premise
The set E is drawn from points of an elliptic curve y2 = x3 + ax + b
Security comes from difficulty of finding k if given G and P Elliptic Curve Discrete Logarithm Problem Can’t just divide G by P
• Not arithmetic multiplication! More similar to finding k in a = bk
No efficient algorithm exists to solve this problem
Computing P + Q
Since elliptic curves are cubic, there are generally three points a line intersects the curve
Use this fact to calculate P + Q1. Draw line from P to Q
2. Define the third point of intersection to be –R
3. Thus R is the mirror reflection of –R
Computing P + Q
If there is no third point (the line is vertical), P + Q is said to be “infinity”, denoted as O
O is an additive identity (P + O = P)
To compute P + P, use P’s tangent line instead
Elliptic Curve Algebra
Algebraic Formulae: P + Q
• xP+Q = β2 – xP – xQ
• yP+Q = β(xP – xR) – yP
– β is the slope of the line
P + P (or 2P)• x2P = ([3x2
P + a] / 2yP)2 – 2xP
• y2P = ([3x2P + a] / 2yP) * (xP
– xR) – yP
– a is the same parameter from the cubic equation
How it is Applied to Cryptography
To ensure security, some restrictions: Curve must be smooth (no cusps, intersections, etc) Can’t use all real numbers – must be discrete
• In particular, prime numbers or binary numbers No longer a “curve,” but algebra still holds
Why ECC is harder to crack than RSA: Algebra is more complex than factoring numbers
Secure Key Exchange
Variation of Diffie-Hellman Scheme1. Alice and Bob agree on parameters for curve
a, b in y2 = x3 + ax + b and a point G ɛ E
2. Alice chooses a private integer XA and calculates a point YA = XAG
3. Bob does similar, calculating YB from integer XB
4. Alice and Bob publicly exchange YA and YB
5. The secret key K is computed by: For Alice, K = XAYB
For Bob, K = XBYA
Secure Key Exchange
Alice and Bob get the same private key, because: K = XAYB
= XA(XBG)
= XBXAG
= XBYA
= K
The Bigger Picture
ECC found to be 10x faster than RSA
Requires less memory and computational power
Equal security as RSA
Ideal for use on: Smart cards Wireless devices Other constrained devices RSA is unsuitable for
The Bigger Picture
Security of RSA Increasingly more vulnerable
Security of ECC No significant increase in vulnerability over 25 years
Symmetric Key Size RSA Key Size ECC Key Size80 1024 160112 2048 224128 3072 256192 7680 384256 15360 521
NIST Recommended Key Sizes for Equal Security
References
[1] Alayont, Feryâl. (2005). “RSA: A Public Key Cryptosystem”. <http://faculty.gvsu.edu/alayontf/talks/rsa.pdf> [2] Kak, Avi. (2011). “Elliptic Curve Cryptography and Digital Rights Management”. Lecture Notes on Computer and Network Security.
<https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture14.pdf> [3] Kotas, William A. (2000). “A Brief History of Cryptography”. University of Tennessee Honors Thesis Projects.
<http://trace.tennessee.edu/utk_chanhonoproj/398> [4] National Security Agency. (2009). “The Case for Elliptic Curve Cryptography”. <http://www.nsa.gov/business/programs/elliptic_curve.shtml> [5] Paar, Christof and Pelzl, Jan. (2010). “Introduction to Cryptography”. Understanding Cryptography – A Textbook for Students and Practitioners (online
slides). <http://www.crypto-textbook.com> [6] Paar, Christof and Pelzl, Jan. (2010). “The RSA Cryptosystem”. Understanding Cryptography – A Textbook for Students and Practitioners (online slides). <http://www.crypto-textbook.com> [7] RSA Laboratories. (2000). “RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, Version 4.1”.
<http://www.rsasecurity.com/rsalabs/faq/files/rsalabs_faq41.pdf> [8] Turner, Clay S. (2008). “Euler’s Totient Function and Public Key Cryptography”.
<http://web.cs.du.edu/~ramki/courses/security/2011Winter/notes/RSAmath.pdf> [9] Vinck, A.J. Han. (2011). “Introduction to Public Key Cryptography”. <http://www.exp-math.uni-essen.de/~vinck/crypto/script-crypto-pdf/add-to-3.pdf> [10] Wagner, Neal R. (2003). “The RSA Public Key Cryptosystem”. The Laws of Cryptography with Java Code.
<http://www.cs.utsa.edu/~wagner/lawsbookcolor/laws.pdf> [11] Weisstein, Eric W. “Euclidean Algorithm”. MathWorld – A Wolfram Web Resource. <http://mathworld.wolfram.com/EuclideanAlgorithm.html>
References
Additional images for this presentation retrieved from:
• http://en.wikipedia.org/wiki/Enigma_machine• http://en.wikipedia.org/wiki/Public-key_cryptography• http://www.usc.edu/dept/molecular-science/RSA-2003.htm• http://en.wikipedia.org/wiki/Leonhard_Euler• http://physicsworld.com/cws/article/news/47723• http://en.wikipedia.org/wiki/Credit_card