We study the problem of finding the square roots of unity in a finite group in order to factor composite numbers used in RSA. We implemented Peter Shor’s algorithm to find the square root of unity. Experimental results showed that finding the square roots of unity in a finite group multiplicative group is “hard”.
Results of some basic experiments with the Diffie-Hellman Key Exchange System. I analyse the key-exchange algorithm using brute-force as well using the Baby-step Giant-step algorithm.
Understand the world’s first cyber weapon – Stuxnet in 10 minutes.
* Discovery Of the First Cyber Weapon
* High Level Architecture Overview Of The Target
* How Does Stuxnet Sabotage A Uranium Enrichment Plant – Cyber-physical Attack
* Summary
* References
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Results of some basic experiments with the Diffie-Hellman Key Exchange System. I analyse the key-exchange algorithm using brute-force as well using the Baby-step Giant-step algorithm.
Understand the world’s first cyber weapon – Stuxnet in 10 minutes.
* Discovery Of the First Cyber Weapon
* High Level Architecture Overview Of The Target
* How Does Stuxnet Sabotage A Uranium Enrichment Plant – Cyber-physical Attack
* Summary
* References
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
This ppt is an quick introduction to sqlmap which is a tool used in ethical hacking for detecting and exploiting sql injection flaws and taking over of database servers. This slide covers the history of sqlmap, how it works and important sqlmap queries.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
An RSA private key is made of a few private variables. We analyze how these private variables are chained together. Further, we study if one of the private variables is leaked, can we derive the other private variables? Demos of the algorithms are also provided.
We study the behavior of the RSA trapdoor function by repeatedly encrypting the ciphertext sent over the public channel. We discuss the problem of finding a cycle in order to reverse the plaintext from the given ciphertext. Simple demos and algorithms/python programs are also presented. While the attack is not necessarily practical, it is educational to learn how the RSA trapdoor function behaves.
This ppt is an quick introduction to sqlmap which is a tool used in ethical hacking for detecting and exploiting sql injection flaws and taking over of database servers. This slide covers the history of sqlmap, how it works and important sqlmap queries.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Sqrrl
This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar
A follow on to the Encyclopedia Of Windows Privilege Escalation published by InsomniaSec at Ruxcon 2011, this talk is aimed at detailing not just escalation from user to admin and admin to system, but persistence and forced authentication as well as a few other treats.
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
An RSA private key is made of a few private variables. We analyze how these private variables are chained together. Further, we study if one of the private variables is leaked, can we derive the other private variables? Demos of the algorithms are also provided.
We study the behavior of the RSA trapdoor function by repeatedly encrypting the ciphertext sent over the public channel. We discuss the problem of finding a cycle in order to reverse the plaintext from the given ciphertext. Simple demos and algorithms/python programs are also presented. While the attack is not necessarily practical, it is educational to learn how the RSA trapdoor function behaves.
Can we reveal the RSA private exponent d from its public key <e, n>? We study this question for two specific cases: e = 3 and e = 65537. Using demos, we verify that RSA reveals the most significant half of the private exponent d when the public exponent e is small. For example, for 2048-bit RSA, the most significant 1024 bits are revealed!
The Cryptography puzzle discussed here is part of an online challenge. I demonstrate how I broke RSA when random prime numbers were common among a set of keys. I discuss basic metrics as well as implementation/design of my exploit scripts, too.
The slides demonstrate how to break RSA when used incorrectly without integrity checks. The man-in-the-middle is allowed to edit the RSA public exponent e in such a way that the Extended Euclidean Algorithm can be employed to reconstruct the plaintexts from the given ciphertexts.
Slides demonstrate how to break RSA when no padding is applied. I replicated the meet-in-the-middle attack discussed in the existing Crypto literature.
We experiment with Wiener's attack to break RSA when the secret exponent is short, meaning it is smaller than one quarter of the public modulus size. We discuss cryptanalysis details and present demos of the attack. Our very minor extension of Wiener's attack is also discussed.
If we have an RSA 2048 bits configuration, but our private exponent d is only about 512 bits, then the above attack breaks RSA in a few seconds.
This work uses Continued Fractions to derive the private keys from the given public keys. It turned out that one can derive the private exponent d by approximating it as a ratio of e/n, both are public values.
In a default settings of standard RSA libaries, this attack and my minor extension are not relevant (to the best of our knowledge). However, if we configure our library to choose a very large public encryption exponent e, then our private decryption exponent d could be short enough to mount an attack.
We look into the nitty-gritty details of the RSA key generation algorithm. We study how RSA can be exploited when the public exponent e is not chosen carefully. We examine why many digital certificates use e=65537. We also experiment with Hastad's broadcast attack for short RSA exponents in particular.
The slides demonstrate how to reverse the plaintext from the RSA encrypted ciphertext using an oracle that answers the question: is the last bit of the message 0 or 1?
Slides present a demo of exploiting the homomorphic properties of raw RSA (i.e., without any padding) to reverse an RSA ciphertext, without the private key. We have two roles: Adversary and Challenger. The challenger presents a ciphertext to the adversary to break it. The adversary is allowed to ask for encryption/decryption of any text, except the decryption of the challenge ciphertext. The goal of the adversary is to break the ciphertext.
We study the internal structure of the SRP key exchange protocol and experiment with it. SRP establishes a shared encryption key between communicating parties using passwords that were shared out-of-band. We perform basic cryptanalysis of SRP using open-source implementations. We present a demo of how SRP was compromised due to an implementation bug, allowing the attacker to login without the password. The author of the Go-SRP library promptly fixed the issue on the very same day we reported the vulnerability.
We allow Eve to modify DH parameters as well as public keys of Alice and Bob. This allows Eve to derive the secret key and break the DH crypto system. We demonstrate that the DH key exchange algorithm should not be used without digital signatures.
This was an invited talk at the Central Middle School, Maryland. Without going into a lot of math, I try to explain the fundamental key exchange problem. It was a blast. 8th graders enjoyed it as much as I enjoyed it.
IRSim implements an approach to establish traceability links among artifacts such as requirements, source code, and test cases. This presentation shows how we used IRSim on NASA software to establish traceability links for sofware analysis, program understanding, and quality improvement, etc.
Threat Modeling: Applied on a Publish-Subscribe Architectural StyleDharmalingam Ganesan
1. Introduction to threat modeling.
2. Applying threat modeling to identify security vulnerabilities and security threats on a simplified real-world system.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Computing the Square Roots of Unity to break RSA using Quantum Algorithms
1. Computing the Square Roots of Unity to
break RSA using Quantum Algo
Dr. Dharma Ganesan, Ph.D.,
2. Disclaimer
● The opinions expressed here are my own
○ But not the views of my employer
● The source code fragments and exploits shown here can be reused
○ But without any warranty nor accept any responsibility for failures
● Do not apply the exploit discussed here on other systems
○ Without obtaining authorization from owners
2
3. Goal
● Break RSA using Peter Shor’s quantum algorithm
○ But, we will not look into Quantum Computing
○ We will find the square roots of unity on a classical computer
● Investigate the square root of unity (i.e., sqrt(1)) in a Finite Group
○ Algorithm 1: Naïve/Bruteforce
○ Algorithm 2: Random Search
○ Algorithm 3: Peter Shor’s period calculation algorithm
○ Algorithm 4: Our little tweaks of Peter Shor’s period function (bounded search)
3
4. Prerequisite
Some familiarity with the following topics will help to follow the rest of the slides
● Group Theory
● Number Theory
● Algorithms and Complexity Theory
● If not, it should still be possible to obtain a high-level overview
4
5. Agenda
● Mathematical foundation/facts
● Brief overview of RSA
● Different algorithms to find the square roots of unity (in a finite group)
● Demos of finding the square roots of unity to factor composite numbers
● Conclusion
5
6. 6
Notations and Facts
GCD(x, y): The greatest common divisor that divides integers x and y
Co-prime: If gcd(x, y) = 1, then x and y are co-primes
Zn
= { 0, 1, 2, …, n-1 }, n > 0; we may imagine Zn
as a circular wall clock
Z*
n
= { x ∈ Zn
| gcd(x, n) = 1 }; (additional info: Z*
n
is a multiplicative group)
φ(n): Euler’s Totient function denotes the number of elements in Z*
n
φ(nm) = φ(n).φ(m) (This property is called multiplicative)
φ(p) = p-1, if p is a prime number
7. Notations and Facts ...
● x ≡ y (mod n) denotes that n divides x-y; x is congruent to y mod n
● Euler’s Theorem: aφ(n)
≡ 1 (mod n), if gcd(a, n) = 1
● Fermat’s Little Theorem: ap
≡ a (mod p)
● Gauss’s Fundamental Theorem of Arithmetic: Any integer greater than 1 is
either a prime or can be written as a unique product of primes
○ Euclid’s work is the foundation for this theorem, see The Elements
● Euclid’s Lemma: if a prime p divides the product of two natural numbers a
and b, then p divides a or p divides b
● Euclid’s Infinitude of Primes (c. 300 BC): There are infinitely many primes
7
8. How can Bob send a message to Alice securely?
8
Public Key PuA
● Alice and Bob never met each other
● Bob will encrypt using Alice’s public key
○ Assume that public keys are known to the world
● Alice will decrypt using her private key
○ Private keys are secrets (never sent out)
● Bob can sign messages using his private key
○ Alice verifies message integrity using Bob’s public key
● Note: Alice and Bob need other evidence (e.g., passwords,
certificates) to prove their identity to each other
● Who are Alice, Bob, and Eve?
Private Key PrA
Public Key PuB
Private Key PrB
9. RSA Public Key Cryptography System
● Published in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman
● Rooted in elegant mathematics - Group Theory and Number Theory
● Core idea: Anyone can encrypt a message using recipient's public key but
○ (as far as we know) no one can efficiently decrypt unless they got the matching private key
● Encryption and Decryption are inverse operations (math details later)
○ Work of Euclid, Euler, and Fermat provide the mathematical foundation of RSA
● Eavesdropper Eve cannot easily derive the secret (math details later)
○ Unless she solves “hard” number theory problems that are computationally intractable
9
10. RSA - Key Generation Algo
1. Select an appropriate bitlength of the RSA modulus n (e.g., 2048 bits)
○ Value of the parameter n is not chosen until step 3; small n is dangerous (details later)
2. Pick two independent, large random primes, p and q, of half of n’s bitlength
○ In practice, q < p < 2q to avoid attacks (e.g., Fermat’s factorization)
3. Compute n = p.q (n is also called the RSA modulus)
4. Compute Euler’s Totient (phi) Function φ(n) = φ(p.q) = φ(p)φ(q) = (p-1)(q-1)
5. Select numbers e and d from Zn
such that e.d ≡ 1(mod φ(n))
○ e must be relatively prime to φ(n) otherwise d cannot exist (i.e., we cannot decrypt)
○ d is the multiplicative inverse of e in Zn
6. Public key is the pair <n, e> and private key is 4-tuple <φ(n), d, p, q>
10
11. RSA Trapdoor
● RSA: Zn
→ Zn
● Let x and y ∈ Zn
● y = RSA(x) = xe
mod n
○ We may view x as a plaintext, and y as the corresponding ciphertext
● x = RSA-1
(y) = yd
mod n
● e and d are also called encryption and decryption exponents, respectively
● In practice, some random padding is used (not relevant for this presentation)
11
12. RSA Trapdoor variables’ dependency graph
12
Private variable
Public variable
Note: If we can factor n and find p and q, then private keys are open to the world
13. What are the square roots of unity in Z?
● 1 and -1 are the two square roots of one because (±1)2
= 1
● This is true only if we work in the infinite set of integers Z
● In Cryptography, we often work with finite groups
● There are other non-trivial roots of unity other than ±1 in Z*
n
13
14. Square roots of unity in a finite group Z*
n
Consider this tiny multiplicative group Z*15
= {1, 2, 4, 7, 8, 11, 13, 14}
The square roots of unity are 1, 4, 11, and 14
Note that 14 ≡ -1 mod 15 (basically -1 is the same as 14)
But, we have two other roots 4 and 11 of unity (e.g., 4*4 = 1 mod 15)
1 and 14 are trivial roots of unity, whereas 4 and 11 are non-trivial roots of unity
Fact: Let n = pq, where p and q are odd primes, then there are four roots of unity
14
15. Algorithm: Factor n using the square roots of unity
Problem: Given a composite number n and sqrt(1), find the factors p and q of n
Let x be a square root of 1, then x2
= 1 (mod n)
Thus, x2
- 1 = 0 (mod n) ⇒ (x+1)(x-1) = 0 (mod n)
This means that n divides (x+1)(x-1)
If (x+1) and (x-1) are not multiples of n, then the factors of n are the following:
p = gcd(x+1, n) or gcd(x-1, n); q = n/p
15
16. Toy example: Let’s factor n = 15 using Z*15
Z*15
= {1, 2, 4, 7, 8, 11, 13, 14}
Since 4 and 11 are square roots of unity, we can use one of them to factor n
Let x = 4
x2
= 1 (mod 15)
(x+1)(x-1) = 0 (mod 15)
Factor p = gcd(x+1, 15) = gcd(5, 15) = 5; Factor q = n/p = 15/5 = 3
16
17. Factoring n using the square roots of unity ...
If we can find the non-trivial square roots on n, then we can factor n
Let’s investigate how easy it is to find the sqrt(1) in a finite multiplicative group
Four different algorithms to find the sqrt(1):
1. Bruteforce/Naive
2. Random Search
3. Peter Shor’s Quantum Algorithm
4. Our little tweaks of Shor’s algorithm
17
18. Algorithm 1: Naïve sqrt(1) in Zn
*
Step 1: x = 0
Step 2: if(x < n) goto step 3; otherwise goto step 5
Step 3: if(x2
= 1 mod n) then x is a square root of one.
Step 4: x = x + 1. goto step 2.
Step 5: End.
18
19. 19
~/crypto/RSA$ java SqrtOneNaive 2086784737
Input bit length = 31
Sqrt(n) = 45681
sqrt(1) = 1 bit length = 1
sqrt(1) = 530886943 bit length = 29
sqrt(1) = 1555897794 bit length = 31
sqrt(1) = 2086784736 bit length = 31
Note: sqrt(n) is only 45681, but sqrt(1) can be the same bit length as n
(See the Appendix for the source code of Sqrt(1) naïve method)
Algorithm 1: Find the sqrt(1) in the group Z*2086784737
20. Algorithm 1: Analysis of the naïve algorithm
● The naïve algorithm is simple to understand and implement
● However, it is very slow because we enumerate all numbers of the group Zn
● If n is a 2048-bit composite number, this algorithm will perform 22048
iterations
● In other words, it will take several billion years to calculate sqrt(1)
20
21. Algorithm 2: Random search to find sqrt(1) in Zn
*
Step 1: Pick a random x from Zn
Step 2: if(x = ± 1 mod n) then goto step 1
Step 3: if(x2
= 1 mod n) then x is a sqrt(1) goto step 4; else step 1
Step 4: End.
21
22. 22
dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649
sqrt(1) = 43738
Number of random tries = 236
ddharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649
sqrt(1) = 43738
Number of random tries = 82005
dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649
sqrt(1) = 43738
Number of random tries = 167572
Algorithm 2: Find the sqrt(1) in the group Z*45649
23. 23
Algorithm 2: Analysis of Random Search Algo
● The random algorithm can find the square roots of one (for “small” n)
● But, it just needs a lots of tries to find a needle in the haystack
● In general, the number of tries is the size of the input composite number
● Random search is not able to find sqrt(1) for very large input n
25. 25
Algorithm 3: Peter Shor’s Algorithm (core idea)
● To find an x such that x2
= 1 (mod n), we compute f(x) = ax
mod n, random a
● Fact: Every element of a finite group generates a cyclic subgroup
● In other words, the function f(x) is the same as the cyclic subgroup <a>
● Thus, f(r) = 1 mod n for some r; equivalently, ar
= 1 mod n for some r
● Once we find such an r, (ar/2
)2
= 1 mod n; (if r is even, the hacker is lucky)
● Thus, ar/2
is the sqrt(1); we know how to factor n once the sqrt(1) is exposed!
26. Algorithm 3: Finding the period r of the function f(x)
26
x f(x) = ax
mod n
0 a0
mod n
1 a1
mod n
2 a2
mod n
r ar
mod n = 1
● Peter Shor uses quantum computing
to find the period r of the function f(x)
● We implemented this function on my
classical computer (my laptop)
● Just to better understand the inner
beauty of this algorithm
28. 28
~/crypto/RSA$ time java -ea SqrtOneShor 1421727721
period = 236941974
Sqrt(1) = 521638680
real 0m47.429s
user 0m47.100s
sys 0m0.288s Period is very large
29. 29
~/crypto/RSA$ java FactorShor 45649
period = 22610
p = 191
q = 239
~/crypto/RSA$ java FactorShor 45649
period = 170
p = 239
q = 191
~/crypto/RSA$ java FactorShor 45649
period = 3230
p = 239
q = 191
Algorithm 3: Factor a small number n = 45649
30. 30
Algorithm 3: Analysis of the period of f(x) = ax
mod n
● The above set of runs shows that the period of f(x) can be very large
○ Thus, we cannot apply this algorithm to find sqrt(1) for a large group Zn
used in RSA
● Remember, we are running the algorithm on a classical computer
● It is good to play with this algorithm on a classical computer to understand it
● Algorithm 4 talks about some little tweaks of Algorithm 3
31. Algorithm 4: Let’s tweak Peter Shor’s algorithm
What if we put a bound b on the period r?
Step 1: Initialize bound b (e.g., b = n1/2
, n1/4
, etc.), r = 0, success = false
Step 2: Pick a random a from Zn
*
Step 3: if 0 ≤ r ≤ b goto step 4; otherwise goto step 7
Step 4: Compute f(r) = ar
mod n
Step 5: If f(r) != 1 then r = r+1 and goto step 3
Step 6: If r is even, then success = true; otherwise goto step 2
Step 7: If success = true, we found the period r; otherwise goto step 2
31
32. 32
~/crypto/RSA$ time java -ea SqrtOneShor 1421727721
period = 33738
sqrt(1) = 521638680
real 0m45.786s
user 0m45.510s
sys 0m0.244s
Algorithm 4: bound = n1/2
33. 33
~/crypto/RSA$ time java -ea SqrtOneShor 1421727721
period = 18
Square root of one = 521638680
real 6m14.713s
user 6m12.706s
sys 0m1.759s
Algorithm 4: bound = n1/4
34. 34
~/crypto/RSA$ time java -ea SqrtOneShor 1421727721
period = 18
Square root of one = 521638680
real 2m29.435s
user 2m28.400s
sys 0m0.936s
Algorithm 4: bound = n1/6
35. 35
~/crypto/RSA$ time java -ea SqrtOneShor 1421727721
period = 6
Square root of one = 900089041
real 2m31.106s
user 2m29.703s
sys 0m1.304s
Algorithm 4: bound = n1/8
Amazing, we found a cyclic subgroup of order 6
36. Algorithm 4: Analysis of our tweaks
● Z*
n
has even number of elements; there must be cyclic subgroups for each
divisor of |Zn
*|. (This is a theorem in Group Theory)
● The open question is how easy it is to find small cyclic subgroups of Z*n
● If we quickly find one cyclic subgroup, then sqrt(1) are easily revealed
● If we put a bound b on the period r, then sqrt(1) runs quick for a small n
● Our bounded random search variant of Shor’s algorithm is slow for a large n
36
37. Conclusion
● We studied the problem of finding the square roots of unity in a finite group
● We tried to factor composite numbers using sqrt(1)
● Experimental results showed that finding sqrt(1) in Z*n
where n = pq is “hard”
● We implemented Shor’s function f(x) = ax
mod n on a classical computer
● We learned that in general the period of f(x) is the same size as n
● We made minor tweaks by defining a bound on the period of f(x) = ax
mod n
● More experimentation of our tweaks is part of future work
37
39. 39
import java.math.BigInteger;
import java.security.SecureRandom;
public class SqrtOneNaive implements IBigIntConstants
{
public static void main(String[] args)
{
/* Error handling is omitted */
BigInteger n = new BigInteger(args[0]);
BigInteger x = zero;
while(x.compareTo(n) <= 0) {
// is square(x) = 1 (mod n)?
if(x.multiply(x).mod(n).equals(one)) {
System.out.println(x + " is the square root of one ");
}
x = x.add(one);
}
}
}
Implementation of naïve Sqrt(1) algorithm
40. 40
public static void main(String[] args)
{
BigInteger n = new BigInteger(args[0]); // Error handling code is removed
BigInteger x;
while(true) {
// Pick a random element from Zn
x = BigIntUtil.getRandomElt(n, new SecureRandom());
// We don't want non-trivial roots '1' or '-1'.
// If x = -1 (mod n) or x = 1 (mod n), then we have to restart.
if(x.add(one).mod(n).equals(zero) ||
x.subtract(one).mod(n).equals(zero)) { continue; }
if(x.multiply(x).mod(n).equals(one)) {
System.out.println(x + " is the square root of one ");
System.out.println("Number of random tries = " + counter);
break;
}
}
}
Implementation of random Sqrt(1) algorithm
42. References
● W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE
Transactions on Information Theory, vol. IT-22, no. 6, November, 1976
● R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital
signatures and public-key cryptosystems,” CACM 21, 2, February, 1978
● A. Menezes, P. van Oorschot, and S. Vanstone, “Handbook of Applied
Cryptography,” CRC Press, 1996
● P. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete
Logarithms on a Quantum Computer,” SIAM J.Sci.Statist.Comput. 26 (1997).
42