The document discusses various cryptographic techniques including:
- Block ciphers like the Shift Cipher, Substitution Cipher, Affine Cipher, Vigenere Cipher, Hill Cipher, and Permutation Cipher.
- Stream ciphers like the Linear Feedback Shift Register (LFSR) cipher.
- Public key cryptography techniques including RSA, Rabin, and the Digital Signature Algorithm (DSA).
- Modes of operation for block ciphers like Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
We experiment with Wiener's attack to break RSA when the secret exponent is short, meaning it is smaller than one quarter of the public modulus size. We discuss cryptanalysis details and present demos of the attack. Our very minor extension of Wiener's attack is also discussed.
If we have an RSA 2048 bits configuration, but our private exponent d is only about 512 bits, then the above attack breaks RSA in a few seconds.
This work uses Continued Fractions to derive the private keys from the given public keys. It turned out that one can derive the private exponent d by approximating it as a ratio of e/n, both are public values.
In a default settings of standard RSA libaries, this attack and my minor extension are not relevant (to the best of our knowledge). However, if we configure our library to choose a very large public encryption exponent e, then our private decryption exponent d could be short enough to mount an attack.
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
The Cryptography puzzle discussed here is part of an online challenge. I demonstrate how I broke RSA when random prime numbers were common among a set of keys. I discuss basic metrics as well as implementation/design of my exploit scripts, too.
Can we reveal the RSA private exponent d from its public key <e, n>? We study this question for two specific cases: e = 3 and e = 65537. Using demos, we verify that RSA reveals the most significant half of the private exponent d when the public exponent e is small. For example, for 2048-bit RSA, the most significant 1024 bits are revealed!
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
We experiment with Wiener's attack to break RSA when the secret exponent is short, meaning it is smaller than one quarter of the public modulus size. We discuss cryptanalysis details and present demos of the attack. Our very minor extension of Wiener's attack is also discussed.
If we have an RSA 2048 bits configuration, but our private exponent d is only about 512 bits, then the above attack breaks RSA in a few seconds.
This work uses Continued Fractions to derive the private keys from the given public keys. It turned out that one can derive the private exponent d by approximating it as a ratio of e/n, both are public values.
In a default settings of standard RSA libaries, this attack and my minor extension are not relevant (to the best of our knowledge). However, if we configure our library to choose a very large public encryption exponent e, then our private decryption exponent d could be short enough to mount an attack.
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
The Cryptography puzzle discussed here is part of an online challenge. I demonstrate how I broke RSA when random prime numbers were common among a set of keys. I discuss basic metrics as well as implementation/design of my exploit scripts, too.
Can we reveal the RSA private exponent d from its public key <e, n>? We study this question for two specific cases: e = 3 and e = 65537. Using demos, we verify that RSA reveals the most significant half of the private exponent d when the public exponent e is small. For example, for 2048-bit RSA, the most significant 1024 bits are revealed!
Results of some basic experiments with the Diffie-Hellman Key Exchange System. I analyse the key-exchange algorithm using brute-force as well using the Baby-step Giant-step algorithm.
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
The slides demonstrate how to reverse the plaintext from the RSA encrypted ciphertext using an oracle that answers the question: is the last bit of the message 0 or 1?
Slides demonstrate how to break RSA when no padding is applied. I replicated the meet-in-the-middle attack discussed in the existing Crypto literature.
We study the behavior of the RSA trapdoor function by repeatedly encrypting the ciphertext sent over the public channel. We discuss the problem of finding a cycle in order to reverse the plaintext from the given ciphertext. Simple demos and algorithms/python programs are also presented. While the attack is not necessarily practical, it is educational to learn how the RSA trapdoor function behaves.
An RSA private key is made of a few private variables. We analyze how these private variables are chained together. Further, we study if one of the private variables is leaked, can we derive the other private variables? Demos of the algorithms are also provided.
Results of some basic experiments with the Diffie-Hellman Key Exchange System. I analyse the key-exchange algorithm using brute-force as well using the Baby-step Giant-step algorithm.
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
The slides demonstrate how to reverse the plaintext from the RSA encrypted ciphertext using an oracle that answers the question: is the last bit of the message 0 or 1?
Slides demonstrate how to break RSA when no padding is applied. I replicated the meet-in-the-middle attack discussed in the existing Crypto literature.
We study the behavior of the RSA trapdoor function by repeatedly encrypting the ciphertext sent over the public channel. We discuss the problem of finding a cycle in order to reverse the plaintext from the given ciphertext. Simple demos and algorithms/python programs are also presented. While the attack is not necessarily practical, it is educational to learn how the RSA trapdoor function behaves.
An RSA private key is made of a few private variables. We analyze how these private variables are chained together. Further, we study if one of the private variables is leaked, can we derive the other private variables? Demos of the algorithms are also provided.
Театральные ужины - это джазовые и поэтические вечера, а также авторские интерактивные спектакли известных режиссеров для взрослых и детей. Это свежий проект в культурной жизни столицы, и он уже набрал сотни постоянных зрителей.
Интереснее чем ресторан, вкуснее чем театр!
Настоящее театральное качество в расслабленной атмосфере ресторана, отеля, усадьбы, а также на свежем воздухе на фоне прекрасных пейзажей. Классические произведения в современном интеллектуальном прочтении, в сопровождении живой музыки и вокала. Это изысканный отдых для души, возможность совместить эстетическое и гастрономическое удовольствие, ощутить энергетику перевоплощения артистов на расстоянии вытянутой руки, обсудить все увиденное с друзьями и семьей, а также при желании блеснуть на одной сцене вместе с артистами.
Это новая волна театрального искусства, участники которой стремятся вернуть людям удовольствие от общения с классической литературой и театром, от творчества, новых открытий и прекрасных переживаний, радость живого общения с выдающимися артистами и друг с другом.
Команда проекта включает разноплановых артистов, объединенных общим видением развития театра и искусства в целом. Это профессиональные артисты и режиссеров театра и кин, которые служат в Губернском Театре п/р Сергея Безрукова, Сатириконе, Мастерской П. Фоменко, Театре им. Евг. Вахтангова, Театре им. К.С. Станиславского, Театре им. Ермоловой, Театре Антона Чехова и других.
Наш формат подходит для корпоративных мероприятий, конференций, презентаций, форумов.
Data Protection Techniques and CryptographyTalha SAVAS
Cryptography:
The study of mathematical techniques related to aspects
of providing information security services (to construct).
Cryptanalysis:
The study of mathematical techniques for attempting to
defeat information security services (to break).
Cryptology:
The study of cryptography and cryptanalysis (both).
Cryptography, Classical Encryption
Breaking the Cryptosystem
Review the Simple attack to break the cryptosystem
Modular Arithmetic, Groups and Rings
One example each in classical substitutive and transposition ciphering.
Caesar/Affine Cipher –Worksheet and Lab Program
Overview on Cryptography and Network SecurityDr. Rupa Ch
These slides give some overview on the the concepts which were in Crytography and network security. I have prepared these slides by the experiece after refer the text bbok as well as resources from the net. Added figures directly from the references. I would like to acknowledge all the authors by originally.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
2. Introduction
Cryptosystem: (E,D,M,K,C)
M is the set of plaintexts
K the set of keys
C the set of ciphertexts
E: M × K→ C the set of enciphering
functions
D: C × K→ M the set of deciphering
functions
3. Introduction
• Shift Cipher: M = C = K = Z26, with
-- eK(x) = x + K mod26
-- dK(y) = y – K mod26
where x,y is in Z26
• Substitution Cipher: P = C = Z26, with K
the set of permutations π on Z26 and
-- eπ(x) = π(x)
-- dπ(y) = π-1
(y).
4. Cryptosystems
Block ciphers
The Shift Cipher and Substitution Cipher are block
ciphers: successive plaintext elements (blocks) are
encrypted using the same key.
We now consider some other block ciphers.
• The Affine Cipher, is a special case of the
• Substitution Cipher with
• -- eK(x) = ax + b mod26
-- dK(y) = a-1
y - a-1
b mod26
where a,b x,y is in Z26 and x is invertible.
5. Block ciphers
The Vigenere Cipher is polyalphabetic.
Let m > 1
• M = C = K = (Z26)m
• For a key K = (k1, …, km)
• -- eK(x1,…,xm) = (x1 + k1, …, xm + km)
-- dK(y1,…,ym) = (y1 - k1, …, ym - km)
where all operations are in Z26.
6. Block ciphers
The Hill Cipher is also polyalphabetic.
Let m > 1
• M = C = (Z26)m
, K is the set of all m by m
invertible matrices over (Z26)m
• For a key K
• -- eK(x) = xK
-- dK(y)= yK-1
with all operations are in Z26.
7. Block ciphers
The Permutation Cipher. Let m > 1
M = C = (Z26)m
,
K is the set of all permutations of {1,…,m}.
• For a key (permutation) π
• -- eπ(x1,…,xm) = (xπ(1),…, xπ(m))
-- dπ(y1,…,ym) = (yπ−1(1),…, yπ−1(1))
where π−1
(1) is the inverse of π.
8. Stream Ciphers
The ciphers considered so far are block ciphers.
Another type of cryptosystem is the stream cipher.
9. Stream Ciphers
• A synchronous stream cipher is a tuple (E,D,M,C,K,L,)
with a function g such that:
• M, C, K, E, D are as before.
• L is the keysteam alphabet
• g is the keystream generator: it takes as input a key K
and outputs an infinite string
z1,z2, …
called the keystream, where zi are in L.
• For each ziare in L there is an encryption rule ez in E,
and a decryption rule dz in D such that:
dz (ez(x)) = x
for all plaintexts x in M.
10. Stream Ciphers
The Linear Feedback Shift Register or LFSR.
The keystream is computed as follows:
Let (k1,k2, … ,km) be the initialized key vector at
time t.
At the next time unit the key vector is updated as
follows:
-- k1 is tapped as the next keystream bit
-- k2, … , km are each shifted one place to the left
-- the “new” value of km is computed by
m-1
km+1 = Σcjkj+1
j=0
11. Stream Ciphers
Let x1,x2, … be the plaintext (a binary string).
Then the ciphertext is:
y1,y2, …
where yi,= xi+ ki, for i=1,2,… and the sum
is bitwise xor .
12. Cryptanalysis
Attacks on Cryptosystems
• Ciphertext only attack: the opponent possesses
a string of ciphertexts: y1,y2, …
• Known plaintext attack: the opponent
possesses a string of plaintexts x1,x2, … and the
corresponding string of ciphertexts: y1,y2, …
13. Attacks on Cryptosystems
• Chosen plaintext attack: the opponent can
choose a string of plaintexts x1,x2, … and
obtain the corresponding string of
ciphertexts: y1,y2, …
• Chosen ciphertext attack: the opponent can
choose a string of ciphertexts: y1,y2, … and
construct the corresponding string of
plaintexts x1,x2, …
14. Cryptanalysis
• Cryptanalysis of the shift cipher and substitution cipher:
Ciphertext attack -- use statistical properties of the
language
• Cryptanalysis of the affine and Vigenere cipher:
Ciphertext attack -- use statistical: properties of the
language
• Attacks on the affine and Vigenere cipher:
Ciphertext attack -- use statistical: properties of the
language
15. Cryptanalysis
• Cryptanalysis of the Hill cipher:
Known plaintext attack
• Cryptanalysis of the LFSR stream cipher:
Known plaintext attack
16. One time pad
This is a binary stream cipher whose key
stream is a random stream
This cipher has perfect secrecy
17. Security
• Computational security
Computationally hard to break: requires super-
polynomial computations (in the length of the
ciphertext)
• Provable security
Security is reduced to a well studied problem
though to be hard, e.g. factorization.
• Unconditional security
No bound on computation: cannot be broken even
with infinite power/space.
Only way to break is by “lucky” guessing.
18. Some Probability Theory
• The random variables X,Y are independent
if:
Pr[x,y] = Pr[x] . Pr[y], for all x,y in X
In general,
Pr[x,y] = Pr[x|y] . Pr[y]
= Pr[y|x] . Pr[x], for all x,y in X
19. Some Probability Theory
• Bayes’ Law:
Pr[x|y] =
• Corollary:
X,Y are independent random variables (r.v.)
iff
Pr[x|y] = Pr[x] for all x,y in X
Pr[y]
Pr[y|x] . Pr[x]
---------------- for all x,y in X
20. Perfect secrecy
• A cryptosystem is perfectly secure if :
Pr[x|y] = Pr[x],
for all x in M and y in C
21. Perfect secrecy
Theorem
Let |K|=|C|=|M| for a cryptosystem.
We have perfect secrecy iff :
• Every key is used with equal probability,
• For each x in P and y in C there is a unique key K
in K that encrypts x to y
1
|K |
------
22. One time pad
We have K = C = M = Z2
n
.
Also given:
x = x1,…,xn and y = y1,…,yn,
the key K = K1,…,Kn is unique because K = x+y mod 2
Finally all keys are chosen equiprobably.
Therefore,
the one time pad has perfect secrecy
29. Attacks on DES
• Brute force
• Linear Cryptanalysis
-- Known plaintext attack
• Differential cryptanalysis
– Chosen plaintext attack
– Modify plaintext bits, observe change in
ciphertext
No dramatic improvement on brute force
30. Countering Attacks
• Large keyspace combats brute force attack
• Triple DES (say EDE mode, 2 or 3 keys)
• Use AES
31. AES
Block length 128 bits.
Key lengths 128 (or 192 or 256).
The AES is an iterated cipher with Nr=10 (or 12 or 14)
In each round we have:
• Subkey mixing
• A substitution
• A permutation
32. Modes of operation
Four basic modes of operation are available for
block ciphers:
• Electronic codebook mode: ECB
• Cipher block chaining mode: CBC
• Cipher feedback mode: CFB
• Output feedback mode: OFB
33. Electronic Codebook mode, ECB
Each plaintext xi is encrypted with the same key K:
yi = eK(xi).
So, the naïve use of a block cipher.
35. Cipher Block Chaining mode, CBC
Each cipher block yi-1 is xor-ed with the next plaintext xi :
yi = eK(yi-1XOR xi)
before being encrypted to get the next plaintext yi.
The chain is initialized with
an initialization vector: y0 = IV
with length, the block size.
37. Cipher and Output feedback
modes (CFB & OFB)
CFB
z0 = IV and recursively:
zi = eK(yi-1) and yi = xiXOR zi
OFB
z0 = IV and recursively:
zi = eK(zi-1) and yi = xiXOR zi
41. Public Key Cryptography
Alice ga
mod p Bob
gb
mod p
The private key is: gab
mod p
where p is a prime and g is a generator of Zp
42. The RSA cryptosystem
Let n = pq, where p and q are primes.
Let M = C = Zn, and let
a,b be such that ab = 1 mod φ(n).
Define
eK(x) = xb
mod n
and
dK(y) = ya
mod n,
where (x,y)ε Zn.
Public key = (n,b), Private key (n,a).
43. Check
We have: ed = 1 mod φ(n), so ed = 1 + tφ(n).
Therefore,
dK(eK(m)) = (me
)d
= med
= mtφ(n)+1
= (mφ(n)
)t
m = 1.m = m mod n
44. Example
p = 101, q = 113, n = 11413.
φ(n) = 100x112 = 11200 = 26
52
7
For encryption use e = 3533.
Then d = e-1
mod11200 = 6597.
Bob publishes: n = 11413, e = 3533.
Suppose Alice wants to encrypt: 9726.
She computes 97263533
mod 11413 = 5761
To decrypt it Bob computes:
57616597
mod 11413 = 9726
45. Security of RSA
1. Relation to factoring.
Recovering the plaintext m from an RSA ciphertext c is
easy if factoring is possible.
2. The RSA problem
Given (n,e) and c, compute: m such that me
= c mod n
46. The Rabin cryptosystem
Let n = pq, p,q primes with p,q 3 mod 4. Let P = C = Zn*
and define K = {(n,p,q)}.
For K = (n,p,q) define
eK(x) = x 2
mod n
dK(y) = mod n
The value of n is the public key, while p,q are the private key.
≡
y
47. The RSA digital signature scheme
Let n = pq, where p and q are primes.
Let P = A = Zn, and define
e,d such that ed = 1 mod φ(n).
Define
sigK(m) = md
mod n
and
verK(m,y) = true y = me
mod n,
where (m,y)εZn.
Public key = (n,e), Private key (n,d).
⇔
48. The Digital Signature Algorithm
Let p be a an L-bit prime prime,
512 ≤ L ≤ 1024 and L ≡ 0 mod 64 ,
let q be a 160-bit prime that divides p-1 and
Let α ε Zp
*
be a q-th root of 1 modulo p.
Let M = Zp-1,
A = Zqx Zq and
K = {(x,y): y = αx
modp }.
• The public key is p,q,α,y.
• The private key is (p,q,α), x.
49. The Digital Signature scheme
• Signing
Let m ε Zp-1 be a message.
For public key is p,g,α,y, with y = αx
modp, and
secret random number k ε Zp-1, define: sigK(m,k) = (s,t), where
– s = (αk
modp) mod q
– t = (SHA1(m)+xs)k-1
modq
• Verification
Let
– e1 = SHA-1(m) t-1
modq
– e2 = st-1
modq
verK(m,(s,t)) = true (αe1
ye2
modp) mod q = s.
⇔
Editor's Notes
&lt;number&gt;
- Brute force we&apos;ve already discussed. If a suitable &quot;Break DES&quot; version were created, brute force could find the key in a matter of hours because of computing power advances.
&lt;number&gt;
One DES round only scrambles half of the input data (the left half). Since the last step in the mangle is to reverse the halfs, the other half of the data is scrambled in the second (and fourth ... and 6th, and 8th, etc. rounds).
Also, as stated by the scribe: &quot;The 32 bit Right half becomes the 32 bit Left half for the next round (not the mangled output) unless the textbook diagram is wrong also (Page 68 of the text Figure 3-6). The Right half goes into the mangler and that output is XOR&apos;d with the 32 bit Left half to create the 32 bit Right half for the next round. The Right half (unmangled) simply becomes the Left half for the next round, according to the book and the formulas they give for reversing it. &quot;
&lt;number&gt;
One DES round only scrambles half of the input data (the left half). Since the last step in the mangle is to reverse the halfs, the other half of the data is scrambled in the second (and fourth ... and 6th, and 8th, etc. rounds).
Also, as stated by the scribe: &quot;The 32 bit Right half becomes the 32 bit Left half for the next round (not the mangled output) unless the textbook diagram is wrong also (Page 68 of the text Figure 3-6). The Right half goes into the mangler and that output is XOR&apos;d with the 32 bit Left half to create the 32 bit Right half for the next round. The Right half (unmangled) simply becomes the Left half for the next round, according to the book and the formulas they give for reversing it. &quot;