Successfully reported this slideshow.
Upcoming SlideShare
×

# Modern Mathematics and the Evolution of Cryptography

158 views

Published on

• Full Name
Comment goes here.

Are you sure you want to Yes No
• My personal experience with research paper writing services was highly positive. I sent a request to ⇒ www.HelpWriting.net ⇐ and found a writer within a few minutes. Because I had to move house and I literally didn’t have any time to sit on a computer for many hours every evening. Thankfully, the writer I chose followed my instructions to the letter. I know we can all write essays ourselves. For those in the same situation I was in, I recommend ⇒ www.HelpWriting.net ⇐.

Are you sure you want to  Yes  No
• I like this service ⇒ www.WritePaper.info ⇐ from Academic Writers. I don't have enough time write it by myself.

Are you sure you want to  Yes  No
• Be the first to like this

### Modern Mathematics and the Evolution of Cryptography

2. 2. 3 Diﬃe-Hellman’s algorithm and The Discrete Logarithm I will now try to describe one of the most complex and beautiful mathematical objects and a centerpiece of modern mathematics: The Group. Roughly speaking, a group is a set of abstract elements, which admit a binary operation, a neutral element, and each element has an inverse. Examples: 1. The integers Z = {. . . , −2, −1, 0, 1, 2, . . .} form a group under the addition operation. The neutral element is 0, because n + 0 = 0 + n = n for any n ∈ Z. The inverse (with respect to addition) of any element n ∈ Z is −n (so the inverse of 7 is -7). Rational numbers (fractions) and real numbers with the + operation also form a group. 2. The real numbers R, but without 0 (which I will call R∗ ) with multiplication form a group. The neutral element is 1, because x · 1 = x · 1 = x and the inverse of x is 1/x (this is the reason why 0 needs to be thrown away). 3. The cyclic groups Zn where n is a natural number, with addition as binary operation. We are already used to them: Z24 is the clock with 24 hours. We never say the current hour is 24, but we go back to 0. That is, we take the remainder modulo 24. I will put a hat over the numbers, to emphasize the cyclic structure. A few cyclic groups Z2 = 0, 1 Z3 = 0, 1, 2 Z4 = 0, 1, 2, 3 Z5 = 0, 1, 2, 3, 4 + 0 1 0 0 1 1 1 0 + 0 1 2 0 0 1 2 1 1 2 0 2 2 0 1 + 0 1 2 3 0 0 1 2 3 1 1 2 3 0 2 2 3 0 1 3 3 0 1 2 + 0 1 2 3 4 0 0 1 2 3 4 1 1 2 3 4 0 2 2 3 4 0 1 3 3 4 0 1 2 4 4 0 1 2 3 Observe that all the cyclic groups Zn have a generator: 1 (meaning that if you add 1 enough times, you span the whole group). But he might not be the only generator. For example, in Z4 the element 3 is also a generator: the list of elements 3, 3 + 3, 3 + 3 + 3, 3 + 3 + 3 + 3 gives the elements 3 +3 −−−−→ 2 +3 −−−−→ 1 +3 −−−−→ 0 Hence we found all of Z4. On the other hand, in Z4 the element 2 is not a generator: 2, 2 + 2, 2 + 2 + 2, 2 + 2 + 2 + 2 gets stuck in a smaller cycle (a subgroup): 2 +2 −−−−→ 0 +2 −−−−→ 2 +0 −−−−→ 0 For example, in Z10, the generators are 1, 3, 7, 9 and all the others can’t be generators. The Diﬃe-Hellman algorithm is based on the following groups: Choose a prime number p. Then in the same way as in example 2 above, we can throw away the element 0 from Zp and change the internal operation from addition to multiplication. This new set will be denoted Z∗ p. It is not that obvious that what’s left, with multiplication, is a group. Primality of p is crucial for the existence of the inverses. The truly remarkable thing is the following: Wedderburn’s Theorem:2 Let p be a prime. Then the groups Z∗ p are cyclic. That is, there exists an element x ∈ Z∗ p which generates the group. For example, let’s choose p = 7. Then Z∗ 7 = 1, 2, 3, 4, 5, 6 . The binary operation is multiplication this time, not addition! 2Joseph Henry Maclagan Wedderburn (1882-1948) was a Scottish Mathematician, Professor at Princeton. The above statement is just a particular case of a more general statement. 2
3. 3. The multiplication table of this group is the following: · 1 2 3 4 5 6 1 1 2 3 4 5 6 2 2 4 6 1 3 5 3 3 6 2 5 1 4 4 4 1 5 2 6 3 5 5 3 1 6 4 2 6 6 5 4 3 2 1 Observe the computational diﬃculty in constructing the multiplication table for this group, compared to its additive version. Multiplication itself is harder to manage, and combined with taking the remainder modulo p = 7 complicates the problem very much, if p is very big. For example, 5·6 = 2 because 5·6 = 30 and 30 divided by 7 gives remainder 2. Same strategy holds for all of them. The apparent random character of this group, i.e. the fact that it is so hard to predict what will happen (if p is huge) makes it useful for cryptography. In the same way the German Enigma machine was meant to ”mix” the input in a way hard to predict, same analogy holds here. We will start searching for a generator (more might exist, as before). We know at least one has to exist, but we have no clue right now which one it is. We will test them one by one. Once again, p = 7. • Test 1: It is easy to see that by multiplying him, you get stuck from the very beginning: 1 ·1 −−−−−→ 1 ·1 −−−−−→ 1 so you always get 1. • Test 2: Starting the generation process and remembering we always take the remainder modulo p = 7, we obtain 2 ·2 −−−−−→ 4 ·2 −−−−−→ 1 ·2 −−−−−→ 2 and we see that we return back to 2, hence we can’t span the whole group Z∗ 7. • Test 3: Starting the generation process and remembering we always take the remainder modulo p = 7, we obtain: 3 ·3 −−−−−→ 2 ·3 −−−−−→ 6 ·3 −−−−−→ 4 ·3 −−−−−→ 5 ·3 −−−−−→ 1 and we spanned the whole group. Thus, we found a generator in Z7, the element 3. We can now describe the key-exchange algorithm, using the group Z∗ p. So Alice and Bob want to be able to securely decide on a key. The key will be a an element of Z∗ p. In practice p is a very big prime number. I will say more about big prime numbers in the next section. 1. Alice and Bob agree on a prime number p and a generator of Z∗ p, call it g. These need not be protected, meaning that Oscar can have this information. 2. Alice chooses a secret natural number a and sends to Bob the element ga (i.e. she computes ga and takes the remainder modulo p). Oscar can intercept this. 3. Bob chooses a secret natural number b and sends to Alice the element gb (i.e. he computes gb and takes the remainder modulo p). Oscar can intercept this. 4. Alice receives the element gb and she computes gb a 5. Bob receives the element ga and he computes ga b 6. Now both Alice and Bob end up with the same number, but Oscar does not have enough information to easily compute this number. We will see below why. A worked example for p = 23. 1. Say Alice and Bob decide to use p = 23. The element g = 5 is a generator of Z∗ 23. Oscar can intercept these. 2. Say Alice chooses a = 8, which she doesn’t send to anyone. She then computes 58 = 390, 625 = 16 (because 390, 625 = 23 · 16, 983 + 16 hence the remainder of 390,625 when divided by 23 is 16). Hence Alice 16 −−→ Bob and Oscar can intercept this. 3
4. 4. 3. Say Bob chooses b = 3, which he doesn’t send to anyone. He then computes 53 = 125 = 10 (because 125 = 23 · 5 + 10 hence the remainder of 125 when divided by 23 is 10). Hence Bob 10 −−→ Alice and Oscar can intercept this. 4. Alice receives the number 10 and then she computes 10 8 = 100, 000, 000 = 2 (because 100, 000, 000 = 23 · 4347826 + 2 hence the remainder of 100,000,000 when divided by 23 is 2). 5. Bob receives the number 16 and then he computes 16 3 = 4, 096 = 2 (because 4, 096 = 23 · 178 + 2 hence the remainder of 4,096 when divided by 23 is 2). 6. They obtain the same number at the end: 2. This is the key they will use for encryption. It is not hard to see that this will always happen, because both Alice and Bob compute gab . But let’s analyze what Oscar has: He has p = 23, g = 5 and the numbers 16 and 10 which Alice and Bob exchanged on the public channel of communication. It is hard for him to obtain the key 2 (in practice the prime numbers used are very big). Oscar does not have the numbers a = 8 and b = 3. He only knows that 5a = 16 5b = 10 Solving for a or b is known as the Discrete Logarithm problem. In analogy with the group of positive real numbers R∗ + (hence not hats) where the logarithm log function satisﬁes (for example) log 5(125) = 3 =⇒ 53 = 125 we have that in the ﬁnite group Z∗ 7 the discrete logarithm dlog satisﬁes (for example) dlog 5(16) = 8 =⇒ 58 = 16 4 Attacks on Diﬃe-Hellman The brute-force attack that Oscar can try would be to test all the numbers 1 ≤ i ≤ 22 (in general, from 1 to p−1), compute 5i (that is, he computes 5i and takes the remainder modulo p = 23). This is actually why the element g should be a generator. Observe that the previous scheme would still work if g is not a generator, but it is unsafe: a non-generator g generates a subgroup, not the whole group, which might be much smaller than the original Z∗ p. As we can see, it is very important to have very big prime numbers. Same holds true for the RSA algorithm, which I only presented intuitively. Like Diﬃe-Hellman, RSA also requires a group that involves prime numbers. As the computational power increases, both for Alice and Bob, but also for Oscar (the hacker), there is a need for bigger and bigger prime numbers every day. The second part of the table consists of prime numbers that need to be double checked (computation in progress). Discovery date Number of Digits Location Processor September 4, 2006 9,808,358 University of Central Missouri Pentium 4 (3 GHz) September 6, 2008 11,185,272 UCLA Intel Core 2 Duo E6600 CPU (2.4 GHz) August 23, 2008 12,978,189 UCLA Intel Core 2 Duo E6600 CPU (2.4 GHz) April 12, 2009 12,837,064 Melhus, Norway Intel Core 2 Duo (3 GHz) January 25, 2013 17,425,170 University of Central Missouri Intel Core 2 Duo E8400 (3.00GHz) January 7, 2016 22,338,618 University of Central Missouri Intel Core i7-4790 This doesn’t mean that we know all the prime numbers up to the last one found. There are many other primes, much smaller, that haven’t been discovered yet. Understanding the density of prime numbers is one of mathematics’ 4