Intro To Crypto

Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Algebraic Foundations of Computer Science.
cryptography
Introduction Applications to Cryptography
Cryptology
RSA
Signatures
Secret sharing
Course readings
Ferucio Laurenţiu Ţiplea
Department of Computer Science

“AL.I.Cuza” University of Iaşi
Iaşi, Romania
E-mail: fltiplea@mail.dntis.ro
Spring 2017
Prof.Dr. F.L. Tiplea (UAIC) Algebraic Foundations of Computer Science (AFCS) Spring 2017 1 / 32
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
1 Introduction to cryptography
Introduction to
cryptography
Introduction to cryptography
Introduction Cryptosystem and cryptanalysis
Cryptology
RSA
The RSA cryptosystem
Signatures Digital signatures
Secret sharing
Secret sharing schemes
Course readings
2 Course readings
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
cryptography 1 Introduction to cryptography
Introduction
Cryptology
RSA Cryptosystem and cryptanalysis
Signatures
Secret sharing
Digital signatures
Course readings
2 Course readings
Introduction to Cryptography
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Cryptography is the field concerned with techniques for
Tiplea
securing information, particularly in communications;
Introduction to
cryptography Cryptography focuses on the following paradigms:
Introduction
Cryptology Authentication – the process of proving one’s identity (the
RSA
primary forms of host-to-host authentication on the Internet
Signatures
Secret sharing today are name-based or address-based, both of which are
Course readings notoriously weak);
Privacy/confidentiality – ensuring that no one can read the

message except the intended receiver;
Integrity – assuring the receiver that the received message has

not been altered in any way from the original;
Non-repudiation – a mechanism to prove that the sender really

sent this message.
Applications of cryptography
Algebraic
Foundations of
Computer Science
Applications of cryptography include:
(AFCS)
Prof.Dr. F.L.
Tiplea
computer and information security: cryptography is necessary
when communicating over any untrusted medium, which
Introduction to
cryptography includes just about any network, particularly the Internet.
Introduction
Cryptology
RSA
e-commerce, e-payment, e-voting, e-auction, e-lottery, and
Signatures
e-gambling schemes, are all based on cryptographic
Secret sharing
Course readings
(security) protocols.
Examples of software tools that havily rely on cryptographic

techniques: IPsec, SSL & TLS, DNSsec, S/MIME, SET etc.
History of cryptography
Algebraic
Foundations of
Computer Science
A brief history of cryptography is in order:
(AFCS)
Prof.Dr. F.L.
The oldest forms of cryptography date back to at least Ancient
Tiplea Egypt, when derivations of the standard hieroglyphs of the
Introduction to day were used to communicate;
cryptography
Introduction
Cryptology
RSA
Julius Caesar (100-44 BC) used a simple substitution cipher
Signatures
with the normal alphabet (just shifting the letters a fixed
Secret sharing
Course readings
amount) in government communications (Caesar cipher);
Thomas Jefferson, the father of American cryptography,

invented a wheel cipher in the 1790’s, which would be
redeveloped as the Strip Cipher, M-138-A, used by the US
Navy during World War II;
Algebraic
Foundations of
Computer Science
(AFCS)
During World War II, two notable machines were employed:
Prof.Dr. F.L. the German’s Enigma machine, developed by Arthur
Tiplea
Scherbius, and the Japanese Purple Machine, developed
Introduction to using techniques first discovered by Herbert O. Yardley;
cryptography
Introduction
Cryptology
RSA William Frederick Friedman, the father of American
Signatures
Secret sharing
cryptanalysis, led a team which broke in 1940 the Japanese
Course readings Purple Code;
In the 1970s, Horst Feistel developed a “family” of ciphers, the

Feistel ciphers, while working at IBM’s Watson Research
Laboratory. In 1976, The National Security Agency (NSA)
worked with the Feistel ciphers to establish FIPS PUB-46,
known today as DES;
Algebraic
Foundations of
Computer Science
(AFCS)
In 1976, Martin Hellman, Whitfield Diffie, and Ralph Merkle,
Prof.Dr. F.L. have introduced the concept of public-key cryptography;
Tiplea
Introduction to In 1977, Ronald L. Rivest, Adi Shamir and Leonard M.

cryptography
Introduction
Adleman proposed the first public-key cipher which is still
Cryptology secure and used (it is known as RSA);
RSA
Signatures
Secret sharing
The Electronic Frontier Foundation (EFF) built the first
Course readings
unclassified hardware for cracking messages encoded with
DES. On July 17, 1998, the EFF DES Cracker was used to
recover a DES key in 22 hours. The consensus of the
cryptographic community was that DES was not secure;
In October 2001, after a long searching process, NIST

selected the Rijndael cipher, invented by Joan Daemen and
Vincent Rijmen, as the Advanced Encryption Standard. The
standard was published in November 2002.
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Introduction
Cryptology
Signatures
Secret sharing
Digital signatures
Course readings
2 Course readings
Cryptosystem
Algebraic
Foundations of
Computer Science
(AFCS)
Definition 1
Prof.Dr. F.L.
Tiplea A cryptosystem or cipher is a 5-tuple S = (P, C, K, E, D), where:
Introduction to 1 P is a non-empty finite set of plaintext symbols;
cryptography
Introduction 2 C is a non-empty finite set of cryptotext symbols;
Cryptology
RSA 3 K is a non-empty finite set of keys;
Signatures
Secret sharing 4 E and D are two sets of functions (algorithms)
Course readings
E = {eK : P → C|K ∈ K} and D = {dK : C → P|K ∈ K},
such that dK (eK (x)) = x, for any K ∈ K and x ∈ P.
eK is the encryption rule (algorithm), and dK is the decryption

rule (algorithm), induced by K .
Encryption variants
Algebraic
Foundations of
Computer Science
Let S = (P, C, K, E, D) be a cipher. A plaintext (cryptotext) is a
(AFCS)
finite sequence of plaintext (cryptotext) symbols.
Prof.Dr. F.L.
Tiplea
Encryption modes of a plaintext x = x1 · · · xn :
Introduction to
cryptography (Fixed-key encryption). Generate a key K and encrypt each
Introduction
Cryptology
plaintext symbol by eK :
RSA
Signatures
Secret sharing
y = eK (x1 ) · · · eK (xn );
Course readings
(Variable-key encryption). Generate a sequence of keys
K1 , . . . , Kn and encrypt each plaintext symbol xi by eK1 :
y = eK1 (x1 ) · · · eKn (xn ).
Remark 1
We will mainly use the fixed-key encryption mode.
Classification of cryptosystems
Algebraic
Foundations of
Computer Science
Cryptosystems can be classified into:
(AFCS)
Prof.Dr. F.L.
symmetric (private-key, single-key) cryptosystems –
Tiplea characterized by the fact that it is easy to compute the
Introduction to decryption rule dK from eK , and vice-versa;
cryptography
Introduction
Cryptology asymmetric (public-key) cryptosystems – characterized by the
RSA
Signatures
fact that it is hard to compute dK from eK . With such
Secret sharing cryptosystems, the key K is split into two subkeys, Ke , for
Course readings
encryption, and Kd , for decryption. Moreover, Ke can be
made public without endangering security.
Symmetric cryptosystems
Algebraic
Foundations of
Computer Science
(AFCS) Encryption Decryption
Prof.Dr. F.L.
Tiplea
Dear Tom: BBg Dear Tom:

Introduction to
cryptography I have \lk[mn I have
Introduction
reviewed Bj,nb reviewed
Cryptology
the new... (.l_ the new...
RSA
Signatures
Secret sharing
Original Symmetric Scrambled Symmetric Original
Course readings
data key data key data
Figure: With symmetric cryptosystems, the same key is used for both
encryption and decryption
Asymmetric cryptosystems
Algebraic
Foundations of
Computer Science Encryption Decryption
(AFCS)
Prof.Dr. F.L.
Tiplea
Dear Tom: BBg Dear Tom:

Introduction to
I have \lk[mn I have
cryptography
reviewed Bj,nb reviewed
(.l_
Introduction
Cryptology the new... the new...
RSA
Signatures
Secret sharing
Original Public Scrambled Private Original
Course readings key data
data key data
+ = Asymmetric key
Figure: With asymmetric cryptosystems, a key is used for encryption and

another key is used for decryption
Symbol – integer correspondence
Algebraic
Foundations of
Computer Science
Most cryptosystems are based on number theory and, therefore, it
(AFCS)
is customary to view each plaintext symbol as an integer, for
Prof.Dr. F.L.
Tiplea instance, based on a one-to-one correspondence like the one
Introduction to
below:
cryptography
Introduction
Cryptology
RSA a b c d e f g h i j k l m
Signatures
Secret sharing
0 1 2 3 4 5 6 7 8 9 10 11 12
Course readings
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
For instance, the plaintext “home” becomes the sequence of

integers “7,14,12,4”.
Affine cryptosystems
Algebraic
Foundations of
Computer Science
(AFCS)
Cryptosystem 1 (Affine Cryptosystems)
Prof.Dr. F.L.
Tiplea
An affine cryptosystem is defined as follows:
Introduction to
P = C = Z26 ;
cryptography
Introduction
K = {(a, b) ∈ Z26 × Z26 |gcd(a, 26) = 1};
Cryptology
RSA
for any key K = (a, b) and x, y ∈ Z26 ,
Signatures
Secret sharing
eK (x) = (ax + b) mod 26 and dk (y ) = (a−1 (y − b)) mod 26.
Course readings
Let K = (7, 3) and the plaintext pt = hot (pt = 7, 14, 19). Then,
eK (pt) = eK (7), eK (14), eK (19) = 0, 23, 6,
that is, the cryptotext is ct = axg.
Cryptanalysis of affine cryptosystems
Algebraic
Foundations of
Computer Science
Affine cryptosystems can be easily broken by exhaustive key
(AFCS)
search (EKS), also known as brute-force search, which consists of
Prof.Dr. F.L.
Tiplea trying every possible key until you find the right one.
Introduction to
cryptography Question: If you have a chunk of cryptotext and decrypt it with
Introduction
Cryptology one key after the other, how do you know when you have found
RSA
Signatures
the correct plaintext?
Secret sharing
Answer: You know that you have found the plaintext
Course readings
because it looks like plaintext. Plaintext tends to look like
plaintext. It’s an English-language message, or a data file
from a computer application (e.g., programs like
Microsoft Word have large known headers), or a
database in a reasonable format. When you look at a
decrypted file, it looks like something understandable.
When you look at a cryptotext file, or a file decrypted with
the wrong key, it looks like gibberish.
Cryptanalysis of affine cryptosystems
Algebraic
Foundations of
Computer Science
Question: How many keys are?
(AFCS)
Prof.Dr. F.L.
Answer: If an affine cryptosystem is developed over Z26 ,
Tiplea then there are only φ(26) × 26 = 12 × 26 = 312 possible
Introduction to keys.
cryptography
Introduction
Cryptology
RSA As a conclusion, given an affine cryptosystem, it is very easy to
Signatures
Secret sharing enumerate all its keys and break it using a laptop (assuming that
Course readings you have a chunk of cryptotext).
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Introduction
Cryptology
Signatures
Secret sharing
Digital signatures
Course readings
2 Course readings
Algebraic
Foundations of
Computer Science
In 1977, Ronald Rivest, Adi Shamir, and Leonard Adleman,
(AFCS)
proposed the first public-key cryptosystem which is still secure
Prof.Dr. F.L.
Tiplea and used.
Introduction to
cryptography Cryptosystem 2 (RSA)
Introduction
Cryptology let p and q be two distinct primes, and n = pq;
RSA
Signatures
P = C = Zn ;
Secret sharing
Course readings K = {(n, p, q, e, d)|e ∈ Z∗φ(n) ∧ ed ≡ 1 mod φ(n)};

for any K = (n, p, q, e, d) ∈ K and x, y ∈ Zn ,
eK (x) = x e mod n and dK (y ) = y d mod n;
(n, e) is the public key, and (p, q, d) is the secret key.
Algebraic
Foundations of
Computer Science
(AFCS)
Example 2 (RSA with artificially small parameters)
Prof.Dr. F.L. Let p = 61 and q = 53. Then:
Tiplea
n = pq = 3233 and φ(n) = 3120;
Introduction to
cryptography
Introduction
if we chose e = 17, then d can be computed with the
Cryptology extended Euclidean algorithm. We obtain
RSA
Signatures
d = e−1 mod 3120 = 2753;
Secret sharing
n = 3233 and e = 17 are public parameters; p, q, and d
Course readings
secrete;
Let x = 123 be a plaintext. The cryptotext is
y = 12317 mod 3233 = 855.
In order to decrypt y we have to compute
8552753 mod 3233 = 123.
Security of RSA
Algebraic
Foundations of
Computer Science
Security issues:
(AFCS)
Prof.Dr. F.L.
if p or q is recovered (e.g., by factoring n in reasonable time),
Tiplea then the system is completely broken;
Introduction to
cryptography
if φ(n) can be computed in reasonable time, then the system
Introduction is completely broken;
Cryptology
RSA if d can be easily computed from n and e, then the system is
Signatures
Secret sharing
completely broken.
Course readings
In practice:
p and q are 512-bit primes (or even larger);
√
4
e is small (fast encryption) but chosen such that d > n
(otherwise, an efficient attack can be mounted).
For more details: http://www.rsasecurity.com/.
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Introduction
Cryptology
Signatures
Secret sharing
Digital signatures
Course readings
2 Course readings
Digital signatures
Algebraic
Foundations of
Computer Science
Public key cryptography solves another problem crucial to
(AFCS)
e-commerce and Internet cyber relationship: it lets you emulate
Prof.Dr. F.L.
Tiplea written signatures. This use of public key technology is called a
Introduction to
digital signature.
cryptography
Introduction
Cryptology A digital signature must provide:
RSA
Signatures authenticity and integrity. That is, it must be “impossible” for
Secret sharing
anyone who does not have access to the secret key to forge
Course readings
(x, σ) (x is the original data and σ is its associated signature);
non-repudiation. That is, it must be impossible for the
legitimate signer to repudiate his own signature.
Signing (encrypting with a private key) is extremely slow, so you

usually add a time-saving (and space-saving) step before you
encrypt messages. It is called message digesting or hashing.
Digital signatures and message digests
Algebraic
Foundations of
Computer Science
A hash algorithm (function) is an algorithm (function) which,
(AFCS)
applied to an arbitrary-length input data, produces a fixed-length
Prof.Dr. F.L.
Tiplea output data (called a hash value or message digest or fingerprint).
Introduction to
Digital signatures are usually applied to message digests.
cryptography
Introduction
Dear Tom: Original Original
Cryptology Dear Tom:
I have data data
RSA I have
Signatures
reviewed reviewed
the new... the new...
Secret sharing
Course readings
Message
Network digest
Hash Hash
algorithm algorithm
Verification
signature
Signature algorithm
algorithm
Message Digital Digital
digest signature signature
Figure: Hashing and digital signatures
Digital signatures from public key cryptosystems
Algebraic
Foundations of
Computer Science
Any public key cipher can be used to produce digital signatures:
(AFCS)
Prof.Dr. F.L.
Assume that Ke is A’s public key and Kd is A’s private key
Tiplea and, moreover, eKe (dKd (x)) = x;
Introduction to
cryptography
Then, the decryption of a message x by Kd is the digital
Introduction signature associated to x. It can be verified by Ke :
Cryptology
RSA
?
Signatures
x = eKe (dKd (x)).
Secret sharing
Course readings
Therefore, in such a case, Kd is used to sign messages (it will
be secret) and Ke is used to verify signatures (it will be public).
The RSA signature is obtained from the RSA public key cipher.
Outline
Algebraic
Foundations of
Computer Science
(AFCS)
Prof.Dr. F.L.
Tiplea
Introduction to
Introduction
Cryptology
Signatures
Secret sharing
Digital signatures
Course readings
2 Course readings
Threshold sharing schemes
Algebraic
Foundations of
Computer Science
An important application of the Chinese remainder theorem
(AFCS)
concerns the construction of (k , n)-threshold sharing schemes.
Prof.Dr. F.L.
Tiplea
Introduction to Definition 3
cryptography
Introduction A (k , n)-threshold sharing scheme consists of n people P1 , . . . , Pn
Cryptology
RSA
sharing a secret S in such a way that the following properties hold:
Signatures
Secret sharing
Course readings k ≤ n;
each Pi has an information Ii ;
knowledge of any k of I1 , . . . , Ik enables one to find S easily;
knowledge of less than k of I1 , . . . , Ik does not enable one to
find S easily.
Mignotte’s threshold sharing schemes
Algebraic
Foundations of
Computer Science
We will show how a (k , n)-threshold sharing scheme can be
(AFCS)
constructed:
Prof.Dr. F.L.
Tiplea let
m < · · · < mk < · · · < mn−k +2 < · · · < mn
Introduction to
cryptography |1 {z } | {z }
Introduction first k numbers last k −1 numbers
Cryptology
RSA
be a sequence of pairwise co-prime numbers such that
Signatures
Secret sharing
Course readings α = m1 · · · mk > mn−k +2 · · · mn = β;
let S be a secret, β < S < α;

each Pi gets the information Ii = S mod mi .
This is called Mignotte’s threshold sharing scheme.
Soundness of secret recovery
Algebraic
Foundations of
Computer Science
Any group of k people, Pi1 , . . . , Pik , can recover uniquely the secret
(AFCS)
S by solving the system:
Prof.Dr. F.L.
Tiplea 
 x ≡ Ii1 mod mi1
Introduction to
cryptography (∗) ···
Introduction
x ≡ Iik mod mik

Cryptology
RSA
Signatures
Secret sharing
According to the Chinese remainder theorem, this system has a
Course readings
unique solution modulo mi1 · · · mik , and this solution is S because
S < α ≤ mi1 · · · mik .
Security to coalition attack
Algebraic
Foundations of
Computer Science
No group of k − 1 people, Pj1 , . . . , Pjk , can recover uniquely the
(AFCS)
secret S by solving the system:
Prof.Dr. F.L.
Tiplea 
 x ≡ Ij1 mod mj1
Introduction to
cryptography (∗∗) ···
Introduction
x ≡ Ijk −1 mod mjk −1

Cryptology
RSA
Signatures
Secret sharing
According to the Chinese remainder theorem, this system has a
Course readings
unique solution modulo mj1 · · · mjk −1 , and this solution, denoted x0 ,
satisfies
x0 < mj1 · · · mjk −1 ≤ β,
while β < S.
Course readings
Algebraic
Foundations of
Computer Science
(AFCS)
1 F.L. Ţiplea: Fundamentele Algebrice ale Informaticii, Ed.
Prof.Dr. F.L. Polirom, Iaşi, 2006, pag. 268–283.
Tiplea
Introduction to
2 S. Iftene: Secret Sharing Schemes with Applications in
cryptography
Introduction
Security Protocols, Ph.D. Thesis, “Al.I.Cuza” University of
Cryptology Iaşi, 2007, http://thor.info.uaic.ro/~tr/tr.pl.cgi.
RSA
Signatures
Secret sharing 3 C.C. Drăgan: Security of CRT-based Secret Sharing
Course readings
Schemes, Ph.D. Thesis, “Al.I.Cuza” University of Iaşi, 2013.

Intro To Crypto

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intro To Crypto

Uploaded by

Copyright:

Available Formats

Algebraic

Department of Computer Science

Privacy/confidentiality – ensuring that no one can read the

Integrity – assuring the receiver that the received message has

Non-repudiation – a mechanism to prove that the sender really

Examples of software tools that havily rely on cryptographic

Thomas Jefferson, the father of American cryptography,

In the 1970s, Horst Feistel developed a “family” of ciphers, the

Introduction to In 1977, Ronald L. Rivest, Adi Shamir and Leonard M.

In October 2001, after a long searching process, NIST

E = {eK : P → C|K ∈ K} and D = {dK : C → P|K ∈ K},

such that dK (eK (x)) = x, for any K ∈ K and x ∈ P.

eK is the encryption rule (algorithm), and dK is the decryption

y = eK1 (x1 ) · · · eKn (xn ).

Dear Tom: BBg Dear Tom:

Dear Tom: BBg Dear Tom:

Figure: With asymmetric cryptosystems, a key is used for encryption and

For instance, the plaintext “home” becomes the sequence of

eK (pt) = eK (7), eK (14), eK (19) = 0, 23, 6,

that is, the cryptotext is ct = axg.

Course readings K = {(n, p, q, e, d)|e ∈ Z∗φ(n) ∧ ed ≡ 1 mod φ(n)};

eK (x) = x e mod n and dK (y ) = y d mod n;

(n, e) is the public key, and (p, q, d) is the secret key.

y = 12317 mod 3233 = 855.

In order to decrypt y we have to compute

8552753 mod 3233 = 123.

For more details: http://www.rsasecurity.com/.

Signing (encrypting with a private key) is extremely slow, so you

Figure: Hashing and digital signatures

Course readings α = m1 · · · mk > mn−k +2 · · · mn = β;

let S be a secret, β < S < α;

This is called Mignotte’s threshold sharing scheme.

S < α ≤ mi1 · · · mik .

You might also like