Unit II Algebra1

Cryptography and
Network Security
Unit - II
Fourth Edition by William Stallings
RatnaKumari Challa
Assistant Professor
Dept of CSE
RatnaKumari Challa, Asst Professor
Outline
• Confidentiality using Symmetric Encryption
• Traffic Analysis
• Key Distribution
• Random number generator
• Algebra
• Modular Arithmetic
• Primes
• Fermat’s Therem
• Chinese Remainder theorem
• Discrete Algorithm
Confidentiality using
Symmetric Encryption
• traditionally symmetric encryption is
used to provide message confidentiality

Placement of Encryption
• have two major placement alternatives
• link encryption
– encryption occurs independently on every
link
– implies must decrypt traffic between links
– requires many devices, but paired keys
• end-to-end encryption
– encryption occurs between original source
and final destination
– need devices at each end with shared keys


• when using end-to-end encryption
must leave headers in clear
– so network can correctly route information
• hence although contents protected,
traffic pattern flows are not
• ideally want both at once
– end-to-end protects data contents over
entire path and provides authentication
– link protects traffic flows from monitoring

• can place encryption function at
various layers in OSI Reference
Model
– link encryption occurs at layers 1 or 2
– end-to-end can occur at layers 3, 4, 6, 7
– as move higher less information is
encrypted but it is more secure though
more complex with more entities and
keys

Traffic Analysis
• is monitoring of communications flows
between parties
– useful both in military & commercial spheres
– can also be used to create a covert channel
• link encryption obscures header details
– but overall traffic volumes in networks and at
end-points is still visible
• traffic padding can further obscure flows
– but at cost of continuous traffic

Key Distribution
• symmetric schemes require both
parties to share a common secret
key
• issue is how to securely distribute
this key
• often secure system failure due to a
break in the key distribution scheme

Key Distribution
• given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

Key Hierarchy
• typically have a hierarchy of keys
• session key
– temporary key
– used for encryption of data between users
– for one logical session then discarded
• master key
– used to encrypt session keys
– shared by user & key distribution center

Key Distribution
Scenario

Key Distribution Issues
• hierarchies of KDC’s required for large
networks, but must trust each other
• session key lifetimes should be limited
for greater security
• use of automatic key distribution on
behalf of users, but must trust system
• use of decentralized key distribution
• controlling key usage

Random Numbers
• many uses of random numbers in
cryptography
– nonces in authentication protocols to prevent
replay
– session keys
– public key generation
– keystream for a one-time pad
• in all cases its critical that these values be
– statistically random, uniform distribution,
independent
– unpredictability of future values from previous
values RatnaKumari Challa, Asst Professor
Pseudorandom Number
Generators (PRNGs)
• often use deterministic algorithmic
techniques to create “random
numbers”
– although are not truly random
– can pass many tests of “randomness”
• known as “pseudorandom numbers”
• created by “Pseudorandom Number
Generators (PRNGs)”
Algebra

Introduction
• will now introduce finite fields

• of increasing importance in
cryptography
– AES, Elliptic Curve, IDEA, Public Key
• start with concepts of groups, rings,
fields from abstract algebra

Group
• A group is a non-empty set with a binary
operation defined on it such that the
operation is associative, an identity element
exists, and every element has an inverse
• with some operation whose result is also in
the set (closure)
• Example with Six elements
G6 = { 0, 1, 2, 3, 4, 5 }
• We define an operation on the set
which we call addition and denote by +
• clock arithmetic

Group Properties
• 0 is an identity i.e x + 0 = x

Every element x has an inverse
element x' such that x + x' = 0
• Obeys 5 axioms:
– Closure: If a and b belong to G, then a · b
is also in G
– associative law: (a.b).c = a.(b.c)
– has identity e: e.a = a.e = a
– has inverses a-1: a.a-1 = e
• if commutative a.b = b.a
– then forms an abelian group
Examples of Addition
3+2=5
3 + 3 = 6, so 6 - 6 = 0 is the sum
3 + 4 = 7, so 7 - 6 = 1 is the sum
4+1=5
4 + 4 = 8, so 8 - 6 = 2 is the sum
5 + 5 = 10, so 10 - 6 = 4 is the sum
Note how similar this is to clock
arithmetic
Examples of Multiplication
2*2=4
2 * 3 = 6, so 6 - 6 = 0 is the product
3 * 3 = 9, so 9 - 6 = 3 is the product
3 * 4 = 12, so 12 - 6 - 6 = 0 is the product
1*5=5
4 * 4 = 16, so 16 - 6 - 6 = 4 is the product
5 * 5 = 25, so 25 - 6 - 6 - 6 - 6 = 1 is the
product

Cyclic Group
• define exponentiation as repeated
application of operator
– example: a3 = a.a.a
• and let identity be: e=a0
• a group is cyclic if every element is a
power of some fixed element
– ie b = ak for some a and every b in group
• a is said to be a generator of the group

Definition of a Ring
• A ring <R,+,*> is a non-empty set R
together with two operations + and *,
called addition and multiplication, such
that
• <R,+> is an abelian group (satisfies 5
axioms of groups)
• 1) Multiplication is associative  a(bc) =
(ab)c for all a, b, c in R
• 2) Closure under multiplication  If a and b
belong to R, then ab is also in R.
• 3) Multiplication is distributive  a(b + c) =
ab + ac for all RatnaKumari
a, b, Challa,
c inAsstRProfessor
Additional Properties
• 4) A commutative ring with unity is a ring in
which multiplication is commutative and there
exists a unity element  ab = ba for all a, b in
R
• 5) Multiplicative identity: There is an element 1
in R such that a1 = 1a = a for all a in R
• 6) No zero divisors: If a, b in R and ab = 0, then
either a = 0 or b = 0.
• Ring is Integral domain if it satisfies the
above all (5 plus 6 properties)

Field
• A field F, sometimes denoted by {F, +, x},
is a set of elements with two binary
operations, called addition and
multiplication, such that for all a, b, c in F
the following axioms are obeyed:
– F is an integral domain; that is, F satisfies
axioms 5 group and 6 ring properties
– Multiplicative inverse: For each a in F, except
0, there is an element a-1 in F such that aa-1 =
(a-1)a = 1.

Modular Arithmetic
• define modulo operator “a mod n” to be
remainder when a is divided by n
• use the term congruence for: a = b mod n
– when divided by n, a & b have same remainder
– eg. 100 = 34 mod 11
• b is called a residue of a mod n
– since with integers can always write: a = qn + b
– usually chose smallest positive remainder as
residue
• ie. 0 <= b <= n-1
– process is known as modulo reduction
• eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7
Divisors
• say a non-zero number b divides a if
for some m have a=mb (a,b,m all
integers)
• that is b divides into a with no
remainder
• denote this b|a
• and say that b is a divisor of a
• eg. all of 1,2,3,4,6,8,12,24 divide 24
Modular Arithmetic
Operations
• is 'clock arithmetic'
• uses a finite number of values, and
loops back from either end
• modular arithmetic is when do
addition & multiplication and modulo
reduce answer
• can do reduction at any point, ie
– a+b mod n = [a mod n + b mod n] mod n

Modular Arithmetic
• can do modular arithmetic with any group
of integers: Zn = {0, 1, … , n-1}
• form a commutative ring for addition
• with a multiplicative identity
• note some peculiarities
– if (a+b)=(a+c) mod n
then b=c mod n
– but if (a.b)=(a.c) mod n
then b=c mod n only if a is relatively prime
to n
Modulo 8 Addition
Example
+ 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7
1 1 2 3 4 5 6 7 0
2 2 3 4 5 6 7 0 1
3 3 4 5 6 7 0 1 2
4 4 5 6 7 0 1 2 3
5 5 6 7 0 1 2 3 4
6 6 7 0 1 2 3 4 5
7 7 0 1 2 3 4 5 6
Greatest Common Divisor
(GCD)
• a common problem in number theory
• GCD (a,b) of a and b is the largest number
that divides evenly into both a and b
– eg GCD(60,24) = 12
• often want no common factors (except
1) and hence numbers are relatively
prime
– eg GCD(8,15) = 1
– hence 8 & 15 are relatively prime

Euclidean Algorithm
• an efficient way to find the GCD(a,b)
• uses theorem that:
– GCD(a,b) = GCD(b, a mod b)
• Euclidean Algorithm to compute GCD(a,b)
is:
EUCLID(a,b)
1. A = a; B = b
2. if B = 0 return A = gcd(a, b)
3. R = A mod B
4. A = B
5. B = R
6. goto 2

Example GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)

Galois Fields
• finite fields play a key role in
cryptography
• can show number of elements in a finite
field must be a power of a prime pn
• known as Galois fields - denoted GF(pn)
• in particular often use the fields:
– GF(p)
– GF(2n)

Galois Fields GF(p)
• GF(p) is the set of integers {0,1, … , p-
1} with arithmetic operations modulo
prime p
• these form a finite field
– since have multiplicative inverses
• hence arithmetic is “well-behaved” and
can do addition, subtraction,
multiplication, and division without
leaving the field GF(p)
GF(7) Multiplication
Example
 0 1 2 3 4 5 6
0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6
2 0 2 4 6 1 3 5
3 0 3 6 2 5 1 4
4 0 4 1 5 2 6 3
5 0 5 3 1 6 4 2
6 0 6 5 4 3 2 1

Finding Inverses
Inverse of b in GF(m)
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
Number Theory

Prime Numbers
• prime numbers only have divisors of 1 and
self
– they cannot be written as a product of other
numbers
– note: 1 is prime, but is generally not of interest
• eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
• prime numbers are central to number theory
• list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61
67 71 73 79 83 89 97 101 103 107 109 113 127 131
137 139 149 151 157 163 167 173 179 181 191 193 197
199
Prime Factorisation
• to factor a number n is to write it as a
product of other numbers: n=a x b x c
• note that factoring a number is relatively
hard compared to multiplying the factors
together to generate the number
• the prime factorisation of a number n is
when its written as a product of primes
– eg. 91=7x13 ; 3600=24x32x52
Relatively Prime
Numbers & GCD
• two numbers a, b are relatively prime if
have no common divisors apart from 1
– eg. 8 & 15 are relatively prime since factors of
8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is
the only common factor
• conversely can determine the greatest
common divisor by comparing their prime
factorizations and using least powers
– eg. 300=21x31x52 18=21x32 hence
GCD(18,300)=21x31x50=6

Fermat's Theorem
• If p is prime and a is a positive integer
not divisible by p, then
• also known as Fermat’s Little Theorem

• also ap = p (mod p)
• useful in public key and primality testing

Example

Euler Totient Function
ø(n)
• when doing arithmetic modulo n complete
set of residues is: 0..n-1
• reduced set of residues is those numbers
(residues) which are relatively prime to n
– eg for n=10,
– complete set of residues is {0,1,2,3,4,5,6,7,8,9}
– reduced set of residues is {1,3,7,9}
• number of elements in reduced set of residues
is called the Euler Totient Function ø(n)
Euler Totient Function
ø(n)
• to compute ø(n) need to count number
of residues to be excluded
• in general need prime factorization, but
– for p (p prime) ø(p) = p-1
– for p.q (p,q prime) ø(pq) =(p-1)x(q-
1)
• eg.
ø(37) = 36
ø(21) = (3–1)x(7–1) = 2x6 = 12
Euler's Theorem
• a generalisation of Fermat's Theorem
• aø(n) = 1 (mod n)
– for any a,n where gcd(a,n)=1 ()
• eg.
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11
Primality Testing
• often need to find large prime numbers
• traditionally sieve using trial division
– ie. divide by all numbers (primes) in turn less
than the square root of the number
– only works for small numbers
• alternatively can use statistical primality
tests based on properties of primes
– for which all primes numbers satisfy property
– but some composite numbers, called pseudo-
primes, also satisfy the property
• can use a slower deterministic primality test
Miller Rabin Algorithm
• a test based on Fermat’s Theorem
• algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–
1)=2kq
2. Select a random integer a, 1<a<n–1
3. if aq mod n = 1 then return (“maybe prime");
4. for j = 0 to k – 1 do
5. if (a2jq mod n = n-1)
then return(" maybe prime ")
6. return ("composite")
• n = 29
Example
n-1 = 28 ; 2 (7)  k = 2 and q = 7
2
• First, let us try a = 10

• Compute 107 mod 29 =17
• Compute 1014 mod 29 will give 1 or 28
• n may prime (in - conclusive) then try with other value of
a;
• Example 2
n = 13 x 17 = 221; n-1 = 220; k=2 and q=55;
Let us try a = 5
• 555 mod 221 = 112, which is neither 1 nor 220
• (555)2 mod 221 = 168, which is neither 1 nor
220
Probabilistic
Considerations
• if Miller-Rabin returns “composite” the
number is definitely not prime
• otherwise is a prime or a pseudo-prime
• chance it detects a pseudo-prime is < 1/4
• hence if repeat test with different random
a then chance n is prime after t tests is:
– Pr(n prime after t tests) = 1-4-t
– eg. for t=10 this probability is > 0.99999
Prime Distribution
• prime number theorem states that
primes occur roughly every (ln n)
integers
• but can immediately ignore evens
• so in practice need only test 0.5 ln(n)
numbers of size n to locate a prime
– note this is only the “average”
– sometimes primes are close together
– other times are quite far apart
Chinese Remainder
Theorem
• used to speed up modulo computations
• if working modulo a product of numbers
– eg. mod M = m1m2..mk
• Chinese Remainder theorem lets us
work in each moduli mi separately
• since computational cost is proportional
to size, this is faster than working in the
full modulus M
Chinese Remainder
Theorem
• can implement CRT in several ways
• to compute A(mod M)
– first compute all ai = A mod mi separately
– determine constants ci below, where Mi = M/mi
– then combine results to get answer using:
Primitive Roots
• from Euler’s theorem have aø(n)mod n=1
• consider am=1 (mod n), GCD(a,n)=1
– must exist for m = ø(n) but may be smaller
– once powers reach m, cycle will repeat
• if smallest is m = ø(n) then a is called a
primitive root
• if p is prime, then successive powers of a
"generate" the group mod p
• these are useful but relatively hard to find
Example:
• prime number 19, its primitive roots are 2, 3,
10, 13, 14, and 15
Discrete Logarithms
• the inverse problem to exponentiation is to find
the discrete logarithm of a number modulo p
• that is to find x such that y = gx (mod p)
• this is written as x = logg y (mod p)
• if g is a primitive root then it always exists,
otherwise it may not, eg.
x = log3 4 mod 13 has no answer
x = log2 3 mod 13 = 4 by trying successive powers
• whilst exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem
Summary
• have considered:
– prime numbers
– Fermat’s and Euler’s Theorems & ø(n)
– Primality Testing
– Chinese Remainder Theorem
– Discrete Logarithms

Unit II Algebra1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit II Algebra1

Uploaded by

Copyright:

Available Formats

Cryptography and

Fourth Edition by William Stallings

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

• will now introduce finite fields

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

• also known as Fermat’s Little Theorem

RatnaKumari Challa, Asst Professor

RatnaKumari Challa, Asst Professor

• First, let us try a = 10

You might also like