Cryptography

Where Complexity Finally Comes In Handy«

Complexity ©D.Moshkovitz

1

The Amazing Adventures of Alice and Bob
extremely secret message

Alice
eavesdropper

Bob

Complexity ©D.Moshkovitz

2

PAP 279-298

Introduction
‡ Objectives:
² To introduce the subject of cryptography and its tight connection to complexity

‡ Overview:
² Public key cryptography ² One-Way Functions and Trapdoor functions ² RSA

Complexity ©D.Moshkovitz

3

Intuitive Approach
encoding key decoding key
extremely secret message

E(e,
Alice

)D(d,
eavesdropper

)
Bob

Complexity ©D.Moshkovitz

4

Simple Implementation:
Problem!

Just XOR!
secret message

Agree first on some random string e.


Alice

extremely

e‡(
eavesdropper

)
Bob

Complexity ©D.Moshkovitz

5

Solution: Public-Key Cryptosystems
‡ Bob generates a pair of keys ‡ Publishes E ‡ Keeps D private
E(x) D(y)

Bob

Complexity ©D.Moshkovitz

6

Encryption: Requirements
‡ ´Easyµ (so everyone can send Bob encrypted messages) ‡ ´Hard to invertµ (so no one can break the encryption)

Complexity ©D.Moshkovitz

7

SIP 375

One-Way Functions: Formally
Definition: A length preserving function f is a oneway function if: some 1. f is computable in polynomial time. textbooks 2. f-1 cannot be computed in probabilistic demand f is one-to-one polynomial time, i.e 
MkNn " NPrM,w
R7 n

«M f w ! y where f y ! f w » e n k ­ ½

Complexity ©D.Moshkovitz

8

One-Way For sufficiently
large natural n For any Turing Machine M

M inverts f correctly on at most n-k of the inputs 

MkNn " N PrM w 7n «M f w ! y where f y ! f w » e nk ­ ½
For any natural constant k
  ¡

Probability taken over: choices made by M random selection of w

Complexity ©D.Moshkovitz

9

Applications: Authentication
‡ Many users may login to a network ‡ Each user has a password ‡ The database can be read by everyone

‡ Problem: secure authentication
Complexity ©D.Moshkovitz

10

How to Authenticate Using OWF? One-Way Function
‡ Encrypt each password with a OWF. ‡ Store only the encrypted password. ‡ When this user tries to login«
² Encrypt the password she entered ² Compare to the stored password MyPass1234 MyPass1234 2iB>S\]1%^o 2iB>S\]1%^o 

11

Complexity ©D.Moshkovitz

Do One-Way Functions Exist?
‡ Believed to« ‡ OWF   P P.

Complexity ©D.Moshkovitz

12

Do One-Way Functions Suffice?
Problem: How would Bob generate D(y)?
D is so hard, I don·t know how to compute it myself«

Bob
Complexity ©D.Moshkovitz

13

Trapdoor Functions
probabilistic polynomial-time TM G
family of functions which are hard to invert

f1 index f2 f3

«
the key to invert that function

Complexity ©D.Moshkovitz

14

SIP 376-377

Trapdoor Functions : Formally
Definition: A length preserving indexing function f:§*v§*p §* is a trapdoor function, if there exist f(i,w)=fi(w) <index, key> generator ‡ a poly-time TM G ‡ a function h:§*v§*p §* decoder which satisfy:
Complexity ©D.Moshkovitz

15

SIP 376-377

Trapdoor Functions : Formally
1. f and h are computable in polynomial time. 2. ´fi is hard to invert in the absence of tµ
<i,t> is output by G

3. ´fi is easy to invert when t is knownµ

Complexity ©D.Moshkovitz

16

RSA
‡ A public-key cryptosystem developed by Rivest, Shamir and Adleman. ‡ Based on the (conjectured) hardness of factoring.

Complexity ©D.Moshkovitz

17

Plan
1. Prime numbers: basic facts and recent results. 2. Euler·s function. 3. Description of the RSA cryptosystem.

Complexity ©D.Moshkovitz

18

PRIMES
‡ Instance: A number in binary representation. ‡ Problem: To decide if this number is prime.

Yes instance: o instance:

10111 10110

Complexity ©D.Moshkovitz

19

Is PRIMES in P ?!
What·s the problem with the following trivial algorithm?
Input: a number Output: is prime? for i in 2..˜ do for j in 2..˜ do if i*j= , return FALSE return TRUE
Complexity ©D.Moshkovitz

20

Prime

umbers

‡ Fact 1: There are many prime numbers (k/log k in the range [k]={1,«,k}) ‡ Fact 2: ([AKS02]) Primality testing can be done in time polynomial in log k. ‡ Question: How to choose a random prime in [k] in time poly-log k?

Complexity ©D.Moshkovitz

21

Picking a Random Prime
‡ while didn·t-find-one
² choose x R [k] ² if x  PRIMES
‡ return x Expected time: O(polylogk) primes
uniformly at random

[k]

Complexity ©D.Moshkovitz

22

De-Randomization
‡ By Alon et Al and aor and aor, there·s a deterministic construction XI of O(logk/I2) numbers in [k] which is I-close to uniform. ‡ By using it with I < log-1k, we can obtain O(polylogk) run-time (not just expectedly!)
Complexity ©D.Moshkovitz

If PrxR[k] [xS] > I   XI‰Sˆ

23

Euler·s Function
‡ *(n) = { m | 1e m < n A D gcd(m,n)=1 } ‡ Euler·s function: J(n)=|*(n)|
Example: *(12)={1,2,3,4,5,6,7,8,9,10,11} J(12)=4

Observe: For any prime p, *(p)={1,...,p-1}

Complexity ©D.Moshkovitz

24

RSA
‡ To encrypt a message, write it as a number m, and compute E ,e(m) = me (mod ) ‡ To decrypt a cipher text c, compute Dd(c) = cd (mod ) ‡ ow for (almost) any m, ² med | m (mod ) ² And therefore: (me)d | m (mod ) Therefore: Dd(E
Complexity ©D.Moshkovitz

,e(m))

| m

(mod

)
25

The Public and Private Keys
‡ Choose two long random prime numbers p, q ² set = pq ‡ Randomly choose an odd number e s.t: ² 1 < e < J( ) Compute d using Euclid·s ² gcd(e, J( )) = 1 ‡ Let d be the inverse of e, namely gcd algorithm ed | 1 (mod J(n)) Public key: < , e>
Complexity ©D.Moshkovitz

;

Private key: d
26

Summary

†

‡ We presented the notion of Public Key Cryptosystems and its well-known implementation, RSA. ‡ We examined some of the underlying assumptions of cryptography:
² Existence of one-way functions ² Existence of trapdoor functions

‡ These assumptions are stronger than the standard complexity assumption P P.
Complexity ©D.Moshkovitz

27

Sign up to vote on this title
UsefulNot useful