Professional Documents
Culture Documents
Intro To Crypto
Intro To Crypto
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Algebraic Foundations of Computer Science.
cryptography
Introduction Applications to Cryptography
Cryptology
RSA
Signatures
Secret sharing
Course readings
Ferucio Laurenţiu Ţiplea
Spring 2017
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 1 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
1 Introduction to cryptography
Introduction to
cryptography
Introduction to cryptography
Introduction Cryptosystem and cryptanalysis
Cryptology
RSA
The RSA cryptosystem
Signatures Digital signatures
Secret sharing
Secret sharing schemes
Course readings
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 2 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Introduction to cryptography
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
The RSA cryptosystem
Secret sharing
Digital signatures
Course readings
Secret sharing schemes
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 3 / 32
Introduction to Cryptography
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Cryptography is the field concerned with techniques for
Tiplea
securing information, particularly in communications;
Introduction to
cryptography Cryptography focuses on the following paradigms:
Introduction
Cryptology Authentication – the process of proving one’s identity (the
RSA
primary forms of host-to-host authentication on the Internet
Signatures
Secret sharing today are name-based or address-based, both of which are
Course readings notoriously weak);
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 4 / 32
Applications of cryptography
Algebraic
Foundations of
Computer Science
Applications of cryptography include:
(AFCS)
Prof.Dr. F.L.
Tiplea
computer and information security: cryptography is necessary
when communicating over any untrusted medium, which
Introduction to
cryptography includes just about any network, particularly the Internet.
Introduction
Cryptology
RSA
e-commerce, e-payment, e-voting, e-auction, e-lottery, and
Signatures
e-gambling schemes, are all based on cryptographic
Secret sharing
Course readings
(security) protocols.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 5 / 32
History of cryptography
Algebraic
Foundations of
Computer Science
A brief history of cryptography is in order:
(AFCS)
Prof.Dr. F.L.
The oldest forms of cryptography date back to at least Ancient
Tiplea Egypt, when derivations of the standard hieroglyphs of the
Introduction to day were used to communicate;
cryptography
Introduction
Cryptology
RSA
Julius Caesar (100-44 BC) used a simple substitution cipher
Signatures
with the normal alphabet (just shifting the letters a fixed
Secret sharing
Course readings
amount) in government communications (Caesar cipher);
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 6 / 32
History of cryptography
Algebraic
Foundations of
Computer Science
(AFCS)
During World War II, two notable machines were employed:
Prof.Dr. F.L. the German’s Enigma machine, developed by Arthur
Tiplea
Scherbius, and the Japanese Purple Machine, developed
Introduction to using techniques first discovered by Herbert O. Yardley;
cryptography
Introduction
Cryptology
RSA William Frederick Friedman, the father of American
Signatures
Secret sharing
cryptanalysis, led a team which broke in 1940 the Japanese
Course readings Purple Code;
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 7 / 32
History of cryptography
Algebraic
Foundations of
Computer Science
(AFCS)
In 1976, Martin Hellman, Whitfield Diffie, and Ralph Merkle,
Prof.Dr. F.L. have introduced the concept of public-key cryptography;
Tiplea
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 8 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Introduction to cryptography
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
The RSA cryptosystem
Secret sharing
Digital signatures
Course readings
Secret sharing schemes
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 9 / 32
Cryptosystem
Algebraic
Foundations of
Computer Science
(AFCS)
Definition 1
Prof.Dr. F.L.
Tiplea A cryptosystem or cipher is a 5-tuple S = (P, C, K, E, D), where:
Introduction to 1 P is a non-empty finite set of plaintext symbols;
cryptography
Introduction 2 C is a non-empty finite set of cryptotext symbols;
Cryptology
RSA 3 K is a non-empty finite set of keys;
Signatures
Secret sharing 4 E and D are two sets of functions (algorithms)
Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 10 / 32
Encryption variants
Algebraic
Foundations of
Computer Science
Let S = (P, C, K, E, D) be a cipher. A plaintext (cryptotext) is a
(AFCS)
finite sequence of plaintext (cryptotext) symbols.
Prof.Dr. F.L.
Tiplea
Encryption modes of a plaintext x = x1 · · · xn :
Introduction to
cryptography (Fixed-key encryption). Generate a key K and encrypt each
Introduction
Cryptology
plaintext symbol by eK :
RSA
Signatures
Secret sharing
y = eK (x1 ) · · · eK (xn );
Course readings
(Variable-key encryption). Generate a sequence of keys
K1 , . . . , Kn and encrypt each plaintext symbol xi by eK1 :
Remark 1
We will mainly use the fixed-key encryption mode.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 11 / 32
Classification of cryptosystems
Algebraic
Foundations of
Computer Science
Cryptosystems can be classified into:
(AFCS)
Prof.Dr. F.L.
symmetric (private-key, single-key) cryptosystems –
Tiplea characterized by the fact that it is easy to compute the
Introduction to decryption rule dK from eK , and vice-versa;
cryptography
Introduction
Cryptology asymmetric (public-key) cryptosystems – characterized by the
RSA
Signatures
fact that it is hard to compute dK from eK . With such
Secret sharing cryptosystems, the key K is split into two subkeys, Ke , for
Course readings
encryption, and Kd , for decryption. Moreover, Ke can be
made public without endangering security.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 12 / 32
Symmetric cryptosystems
Algebraic
Foundations of
Computer Science
(AFCS) Encryption Decryption
Prof.Dr. F.L.
Tiplea
Figure: With symmetric cryptosystems, the same key is used for both
encryption and decryption
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 13 / 32
Asymmetric cryptosystems
Algebraic
Foundations of
Computer Science Encryption Decryption
(AFCS)
Prof.Dr. F.L.
Tiplea
+ = Asymmetric key
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 14 / 32
Symbol – integer correspondence
Algebraic
Foundations of
Computer Science
Most cryptosystems are based on number theory and, therefore, it
(AFCS)
is customary to view each plaintext symbol as an integer, for
Prof.Dr. F.L.
Tiplea instance, based on a one-to-one correspondence like the one
Introduction to
below:
cryptography
Introduction
Cryptology
RSA a b c d e f g h i j k l m
Signatures
Secret sharing
0 1 2 3 4 5 6 7 8 9 10 11 12
Course readings
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 15 / 32
Affine cryptosystems
Algebraic
Foundations of
Computer Science
(AFCS)
Cryptosystem 1 (Affine Cryptosystems)
Prof.Dr. F.L.
Tiplea
An affine cryptosystem is defined as follows:
Introduction to
P = C = Z26 ;
cryptography
Introduction
K = {(a, b) ∈ Z26 × Z26 |gcd(a, 26) = 1};
Cryptology
RSA
for any key K = (a, b) and x, y ∈ Z26 ,
Signatures
Secret sharing
eK (x) = (ax + b) mod 26 and dk (y ) = (a−1 (y − b)) mod 26.
Course readings
Let K = (7, 3) and the plaintext pt = hot (pt = 7, 14, 19). Then,
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 16 / 32
Cryptanalysis of affine cryptosystems
Algebraic
Foundations of
Computer Science
Affine cryptosystems can be easily broken by exhaustive key
(AFCS)
search (EKS), also known as brute-force search, which consists of
Prof.Dr. F.L.
Tiplea trying every possible key until you find the right one.
Introduction to
cryptography Question: If you have a chunk of cryptotext and decrypt it with
Introduction
Cryptology one key after the other, how do you know when you have found
RSA
Signatures
the correct plaintext?
Secret sharing
Answer: You know that you have found the plaintext
Course readings
because it looks like plaintext. Plaintext tends to look like
plaintext. It’s an English-language message, or a data file
from a computer application (e.g., programs like
Microsoft Word have large known headers), or a
database in a reasonable format. When you look at a
decrypted file, it looks like something understandable.
When you look at a cryptotext file, or a file decrypted with
the wrong key, it looks like gibberish.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 17 / 32
Cryptanalysis of affine cryptosystems
Algebraic
Foundations of
Computer Science
Question: How many keys are?
(AFCS)
Prof.Dr. F.L.
Answer: If an affine cryptosystem is developed over Z26 ,
Tiplea then there are only φ(26) × 26 = 12 × 26 = 312 possible
Introduction to keys.
cryptography
Introduction
Cryptology
RSA As a conclusion, given an affine cryptosystem, it is very easy to
Signatures
Secret sharing enumerate all its keys and break it using a laptop (assuming that
Course readings you have a chunk of cryptotext).
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 18 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Introduction to cryptography
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
The RSA cryptosystem
Secret sharing
Digital signatures
Course readings
Secret sharing schemes
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 19 / 32
The RSA cryptosystem
Algebraic
Foundations of
Computer Science
In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman,
(AFCS)
proposed the first public-key cryptosystem which is still secure
Prof.Dr. F.L.
Tiplea and used.
Introduction to
cryptography Cryptosystem 2 (RSA)
Introduction
Cryptology let p and q be two distinct primes, and n = pq;
RSA
Signatures
P = C = Zn ;
Secret sharing
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 20 / 32
The RSA cryptosystem
Algebraic
Foundations of
Computer Science
(AFCS)
Example 2 (RSA with artificially small parameters)
Prof.Dr. F.L. Let p = 61 and q = 53. Then:
Tiplea
n = pq = 3233 and φ(n) = 3120;
Introduction to
cryptography
Introduction
if we chose e = 17, then d can be computed with the
Cryptology extended Euclidean algorithm. We obtain
RSA
Signatures
d = e−1 mod 3120 = 2753;
Secret sharing
n = 3233 and e = 17 are public parameters; p, q, and d
Course readings
secrete;
Let x = 123 be a plaintext. The cryptotext is
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 21 / 32
Security of RSA
Algebraic
Foundations of
Computer Science
Security issues:
(AFCS)
Prof.Dr. F.L.
if p or q is recovered (e.g., by factoring n in reasonable time),
Tiplea then the system is completely broken;
Introduction to
cryptography
if φ(n) can be computed in reasonable time, then the system
Introduction is completely broken;
Cryptology
RSA if d can be easily computed from n and e, then the system is
Signatures
Secret sharing
completely broken.
Course readings
In practice:
p and q are 512-bit primes (or even larger);
√
4
e is small (fast encryption) but chosen such that d > n
(otherwise, an efficient attack can be mounted).
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 22 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Introduction to cryptography
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
The RSA cryptosystem
Secret sharing
Digital signatures
Course readings
Secret sharing schemes
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 23 / 32
Digital signatures
Algebraic
Foundations of
Computer Science
Public key cryptography solves another problem crucial to
(AFCS)
e-commerce and Internet cyber relationship: it lets you emulate
Prof.Dr. F.L.
Tiplea written signatures. This use of public key technology is called a
Introduction to
digital signature.
cryptography
Introduction
Cryptology A digital signature must provide:
RSA
Signatures authenticity and integrity. That is, it must be “impossible” for
Secret sharing
anyone who does not have access to the secret key to forge
Course readings
(x, σ) (x is the original data and σ is its associated signature);
non-repudiation. That is, it must be impossible for the
legitimate signer to repudiate his own signature.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 24 / 32
Digital signatures and message digests
Algebraic
Foundations of
Computer Science
A hash algorithm (function) is an algorithm (function) which,
(AFCS)
applied to an arbitrary-length input data, produces a fixed-length
Prof.Dr. F.L.
Tiplea output data (called a hash value or message digest or fingerprint).
Introduction to
Digital signatures are usually applied to message digests.
cryptography
Introduction
Dear Tom: Original Original
Cryptology Dear Tom:
I have data data
RSA I have
Signatures
reviewed reviewed
the new... the new...
Secret sharing
Course readings
Message
Network digest
Hash Hash
algorithm algorithm
Verification
signature
Signature algorithm
algorithm
Message Digital Digital
digest signature signature
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 25 / 32
Digital signatures from public key cryptosystems
Algebraic
Foundations of
Computer Science
Any public key cipher can be used to produce digital signatures:
(AFCS)
Prof.Dr. F.L.
Assume that Ke is A’s public key and Kd is A’s private key
Tiplea and, moreover, eKe (dKd (x)) = x;
Introduction to
cryptography
Then, the decryption of a message x by Kd is the digital
Introduction signature associated to x. It can be verified by Ke :
Cryptology
RSA
?
Signatures
x = eKe (dKd (x)).
Secret sharing
Course readings
Therefore, in such a case, Kd is used to sign messages (it will
be secret) and Ke is used to verify signatures (it will be public).
The RSA signature is obtained from the RSA public key cipher.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 26 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Introduction to cryptography
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
The RSA cryptosystem
Secret sharing
Digital signatures
Course readings
Secret sharing schemes
2 Course readings
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 27 / 32
Threshold sharing schemes
Algebraic
Foundations of
Computer Science
An important application of the Chinese remainder theorem
(AFCS)
concerns the construction of (k , n)-threshold sharing schemes.
Prof.Dr. F.L.
Tiplea
Introduction to Definition 3
cryptography
Introduction A (k , n)-threshold sharing scheme consists of n people P1 , . . . , Pn
Cryptology
RSA
sharing a secret S in such a way that the following properties hold:
Signatures
Secret sharing
Course readings k ≤ n;
each Pi has an information Ii ;
knowledge of any k of I1 , . . . , Ik enables one to find S easily;
knowledge of less than k of I1 , . . . , Ik does not enable one to
find S easily.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 28 / 32
Mignotte’s threshold sharing schemes
Algebraic
Foundations of
Computer Science
We will show how a (k , n)-threshold sharing scheme can be
(AFCS)
constructed:
Prof.Dr. F.L.
Tiplea let
m < · · · < mk < · · · < mn−k +2 < · · · < mn
Introduction to
cryptography |1 {z } | {z }
Introduction first k numbers last k −1 numbers
Cryptology
RSA
be a sequence of pairwise co-prime numbers such that
Signatures
Secret sharing
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 29 / 32
Soundness of secret recovery
Algebraic
Foundations of
Computer Science
Any group of k people, Pi1 , . . . , Pik , can recover uniquely the secret
(AFCS)
S by solving the system:
Prof.Dr. F.L.
Tiplea
x ≡ Ii1 mod mi1
Introduction to
cryptography (∗) ···
Introduction
x ≡ Iik mod mik
Cryptology
RSA
Signatures
Secret sharing
According to the Chinese remainder theorem, this system has a
Course readings
unique solution modulo mi1 · · · mik , and this solution is S because
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 30 / 32
Security to coalition attack
Algebraic
Foundations of
Computer Science
No group of k − 1 people, Pj1 , . . . , Pjk , can recover uniquely the
(AFCS)
secret S by solving the system:
Prof.Dr. F.L.
Tiplea
x ≡ Ij1 mod mj1
Introduction to
cryptography (∗∗) ···
Introduction
x ≡ Ijk −1 mod mjk −1
Cryptology
RSA
Signatures
Secret sharing
According to the Chinese remainder theorem, this system has a
Course readings
unique solution modulo mj1 · · · mjk −1 , and this solution, denoted x0 ,
satisfies
x0 < mj1 · · · mjk −1 ≤ β,
while β < S.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 31 / 32
Course readings
Algebraic
Foundations of
Computer Science
(AFCS)
1 F.L. Ţiplea: Fundamentele Algebrice ale Informaticii, Ed.
Prof.Dr. F.L. Polirom, Iaşi, 2006, pag. 268–283.
Tiplea
Introduction to
2 S. Iftene: Secret Sharing Schemes with Applications in
cryptography
Introduction
Security Protocols, Ph.D. Thesis, “Al.I.Cuza” University of
Cryptology Iaşi, 2007, http://thor.info.uaic.ro/~tr/tr.pl.cgi.
RSA
Signatures
Secret sharing 3 C.C. Drăgan: Security of CRT-based Secret Sharing
Course readings
Schemes, Ph.D. Thesis, “Al.I.Cuza” University of Iaşi, 2013.
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 32 / 32