SlideShare a Scribd company logo

Computing the Square Roots of Unity to break RSA using Quantum Algorithms

Dharmalingam Ganesan
Dharmalingam Ganesan

We study the problem of finding the square roots of unity in a finite group in order to factor composite numbers used in RSA. We implemented Peter Shor’s algorithm to find the square root of unity. Experimental results showed that finding the square roots of unity in a finite group multiplicative group is “hard”.

1 of 42
Download to read offline
Computing the Square Roots of Unity to break RSA using Quantum Algo Dr. Dharma Ganesan, Ph.D.,
Disclaimer ● The opinions expressed here are my own ○ But not the views of my employer ● The source code fragments and exploits shown here can be reused ○ But without any warranty nor accept any responsibility for failures ● Do not apply the exploit discussed here on other systems ○ Without obtaining authorization from owners 2
Goal ● Break RSA using Peter Shor’s quantum algorithm ○ But, we will not look into Quantum Computing ○ We will find the square roots of unity on a classical computer ● Investigate the square root of unity (i.e., sqrt(1)) in a Finite Group ○ Algorithm 1: Naïve/Bruteforce ○ Algorithm 2: Random Search ○ Algorithm 3: Peter Shor’s period calculation algorithm ○ Algorithm 4: Our little tweaks of Peter Shor’s period function (bounded search) 3
Prerequisite Some familiarity with the following topics will help to follow the rest of the slides ● Group Theory ● Number Theory ● Algorithms and Complexity Theory ● If not, it should still be possible to obtain a high-level overview 4
Agenda ● Mathematical foundation/facts ● Brief overview of RSA ● Different algorithms to find the square roots of unity (in a finite group) ● Demos of finding the square roots of unity to factor composite numbers ● Conclusion 5
6 Notations and Facts GCD(x, y): The greatest common divisor that divides integers x and y Co-prime: If gcd(x, y) = 1, then x and y are co-primes Zn = { 0, 1, 2, …, n-1 }, n > 0; we may imagine Zn as a circular wall clock Z* n = { x ∈ Zn | gcd(x, n) = 1 }; (additional info: Z* n is a multiplicative group) φ(n): Euler’s Totient function denotes the number of elements in Z* n φ(nm) = φ(n).φ(m) (This property is called multiplicative) φ(p) = p-1, if p is a prime number
Notations and Facts ... ● x ≡ y (mod n) denotes that n divides x-y; x is congruent to y mod n ● Euler’s Theorem: aφ(n) ≡ 1 (mod n), if gcd(a, n) = 1 ● Fermat’s Little Theorem: ap ≡ a (mod p) ● Gauss’s Fundamental Theorem of Arithmetic: Any integer greater than 1 is either a prime or can be written as a unique product of primes ○ Euclid’s work is the foundation for this theorem, see The Elements ● Euclid’s Lemma: if a prime p divides the product of two natural numbers a and b, then p divides a or p divides b ● Euclid’s Infinitude of Primes (c. 300 BC): There are infinitely many primes 7
How can Bob send a message to Alice securely? 8 Public Key PuA ● Alice and Bob never met each other ● Bob will encrypt using Alice’s public key ○ Assume that public keys are known to the world ● Alice will decrypt using her private key ○ Private keys are secrets (never sent out) ● Bob can sign messages using his private key ○ Alice verifies message integrity using Bob’s public key ● Note: Alice and Bob need other evidence (e.g., passwords, certificates) to prove their identity to each other ● Who are Alice, Bob, and Eve? Private Key PrA Public Key PuB Private Key PrB
RSA Public Key Cryptography System ● Published in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman ● Rooted in elegant mathematics - Group Theory and Number Theory ● Core idea: Anyone can encrypt a message using recipient's public key but ○ (as far as we know) no one can efficiently decrypt unless they got the matching private key ● Encryption and Decryption are inverse operations (math details later) ○ Work of Euclid, Euler, and Fermat provide the mathematical foundation of RSA ● Eavesdropper Eve cannot easily derive the secret (math details later) ○ Unless she solves “hard” number theory problems that are computationally intractable 9
RSA - Key Generation Algo 1. Select an appropriate bitlength of the RSA modulus n (e.g., 2048 bits) ○ Value of the parameter n is not chosen until step 3; small n is dangerous (details later) 2. Pick two independent, large random primes, p and q, of half of n’s bitlength ○ In practice, q < p < 2q to avoid attacks (e.g., Fermat’s factorization) 3. Compute n = p.q (n is also called the RSA modulus) 4. Compute Euler’s Totient (phi) Function φ(n) = φ(p.q) = φ(p)φ(q) = (p-1)(q-1) 5. Select numbers e and d from Zn such that e.d ≡ 1(mod φ(n)) ○ e must be relatively prime to φ(n) otherwise d cannot exist (i.e., we cannot decrypt) ○ d is the multiplicative inverse of e in Zn 6. Public key is the pair <n, e> and private key is 4-tuple <φ(n), d, p, q> 10
RSA Trapdoor ● RSA: Zn → Zn ● Let x and y ∈ Zn ● y = RSA(x) = xe mod n ○ We may view x as a plaintext, and y as the corresponding ciphertext ● x = RSA-1 (y) = yd mod n ● e and d are also called encryption and decryption exponents, respectively ● In practice, some random padding is used (not relevant for this presentation) 11
RSA Trapdoor variables’ dependency graph 12 Private variable Public variable Note: If we can factor n and find p and q, then private keys are open to the world
What are the square roots of unity in Z? ● 1 and -1 are the two square roots of one because (±1)2 = 1 ● This is true only if we work in the infinite set of integers Z ● In Cryptography, we often work with finite groups ● There are other non-trivial roots of unity other than ±1 in Z* n 13
Square roots of unity in a finite group Z* n Consider this tiny multiplicative group Z*15 = {1, 2, 4, 7, 8, 11, 13, 14} The square roots of unity are 1, 4, 11, and 14 Note that 14 ≡ -1 mod 15 (basically -1 is the same as 14) But, we have two other roots 4 and 11 of unity (e.g., 4*4 = 1 mod 15) 1 and 14 are trivial roots of unity, whereas 4 and 11 are non-trivial roots of unity Fact: Let n = pq, where p and q are odd primes, then there are four roots of unity 14
Algorithm: Factor n using the square roots of unity Problem: Given a composite number n and sqrt(1), find the factors p and q of n Let x be a square root of 1, then x2 = 1 (mod n) Thus, x2 - 1 = 0 (mod n) ⇒ (x+1)(x-1) = 0 (mod n) This means that n divides (x+1)(x-1) If (x+1) and (x-1) are not multiples of n, then the factors of n are the following: p = gcd(x+1, n) or gcd(x-1, n); q = n/p 15
Toy example: Let’s factor n = 15 using Z*15 Z*15 = {1, 2, 4, 7, 8, 11, 13, 14} Since 4 and 11 are square roots of unity, we can use one of them to factor n Let x = 4 x2 = 1 (mod 15) (x+1)(x-1) = 0 (mod 15) Factor p = gcd(x+1, 15) = gcd(5, 15) = 5; Factor q = n/p = 15/5 = 3 16
Factoring n using the square roots of unity ... If we can find the non-trivial square roots on n, then we can factor n Let’s investigate how easy it is to find the sqrt(1) in a finite multiplicative group Four different algorithms to find the sqrt(1): 1. Bruteforce/Naive 2. Random Search 3. Peter Shor’s Quantum Algorithm 4. Our little tweaks of Shor’s algorithm 17
Algorithm 1: Naïve sqrt(1) in Zn * Step 1: x = 0 Step 2: if(x < n) goto step 3; otherwise goto step 5 Step 3: if(x2 = 1 mod n) then x is a square root of one. Step 4: x = x + 1. goto step 2. Step 5: End. 18
19 ~/crypto/RSA$ java SqrtOneNaive 2086784737 Input bit length = 31 Sqrt(n) = 45681 sqrt(1) = 1 bit length = 1 sqrt(1) = 530886943 bit length = 29 sqrt(1) = 1555897794 bit length = 31 sqrt(1) = 2086784736 bit length = 31 Note: sqrt(n) is only 45681, but sqrt(1) can be the same bit length as n (See the Appendix for the source code of Sqrt(1) naïve method) Algorithm 1: Find the sqrt(1) in the group Z*2086784737
Algorithm 1: Analysis of the naïve algorithm ● The naïve algorithm is simple to understand and implement ● However, it is very slow because we enumerate all numbers of the group Zn ● If n is a 2048-bit composite number, this algorithm will perform 22048 iterations ● In other words, it will take several billion years to calculate sqrt(1) 20
Algorithm 2: Random search to find sqrt(1) in Zn * Step 1: Pick a random x from Zn Step 2: if(x = ± 1 mod n) then goto step 1 Step 3: if(x2 = 1 mod n) then x is a sqrt(1) goto step 4; else step 1 Step 4: End. 21
22 dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 236 ddharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 82005 dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 167572 Algorithm 2: Find the sqrt(1) in the group Z*45649
23 Algorithm 2: Analysis of Random Search Algo ● The random algorithm can find the square roots of one (for “small” n) ● But, it just needs a lots of tries to find a needle in the haystack ● In general, the number of tries is the size of the input composite number ● Random search is not able to find sqrt(1) for very large input n
24
25 Algorithm 3: Peter Shor’s Algorithm (core idea) ● To find an x such that x2 = 1 (mod n), we compute f(x) = ax mod n, random a ● Fact: Every element of a finite group generates a cyclic subgroup ● In other words, the function f(x) is the same as the cyclic subgroup <a> ● Thus, f(r) = 1 mod n for some r; equivalently, ar = 1 mod n for some r ● Once we find such an r, (ar/2 )2 = 1 mod n; (if r is even, the hacker is lucky) ● Thus, ar/2 is the sqrt(1); we know how to factor n once the sqrt(1) is exposed!
Algorithm 3: Finding the period r of the function f(x) 26 x f(x) = ax mod n 0 a0 mod n 1 a1 mod n 2 a2 mod n r ar mod n = 1 ● Peter Shor uses quantum computing to find the period r of the function f(x) ● We implemented this function on my classical computer (my laptop) ● Just to better understand the inner beauty of this algorithm
27 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 1330 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 4522 sqrt(1) = 43738 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 4522 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 43738
28 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 236941974 Sqrt(1) = 521638680 real 0m47.429s user 0m47.100s sys 0m0.288s Period is very large
29 ~/crypto/RSA$ java FactorShor 45649 period = 22610 p = 191 q = 239 ~/crypto/RSA$ java FactorShor 45649 period = 170 p = 239 q = 191 ~/crypto/RSA$ java FactorShor 45649 period = 3230 p = 239 q = 191 Algorithm 3: Factor a small number n = 45649
30 Algorithm 3: Analysis of the period of f(x) = ax mod n ● The above set of runs shows that the period of f(x) can be very large ○ Thus, we cannot apply this algorithm to find sqrt(1) for a large group Zn used in RSA ● Remember, we are running the algorithm on a classical computer ● It is good to play with this algorithm on a classical computer to understand it ● Algorithm 4 talks about some little tweaks of Algorithm 3
Algorithm 4: Let’s tweak Peter Shor’s algorithm What if we put a bound b on the period r? Step 1: Initialize bound b (e.g., b = n1/2 , n1/4 , etc.), r = 0, success = false Step 2: Pick a random a from Zn * Step 3: if 0 ≤ r ≤ b goto step 4; otherwise goto step 7 Step 4: Compute f(r) = ar mod n Step 5: If f(r) != 1 then r = r+1 and goto step 3 Step 6: If r is even, then success = true; otherwise goto step 2 Step 7: If success = true, we found the period r; otherwise goto step 2 31
32 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 33738 sqrt(1) = 521638680 real 0m45.786s user 0m45.510s sys 0m0.244s Algorithm 4: bound = n1/2
33 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 18 Square root of one = 521638680 real 6m14.713s user 6m12.706s sys 0m1.759s Algorithm 4: bound = n1/4
34 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 18 Square root of one = 521638680 real 2m29.435s user 2m28.400s sys 0m0.936s Algorithm 4: bound = n1/6
35 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 6 Square root of one = 900089041 real 2m31.106s user 2m29.703s sys 0m1.304s Algorithm 4: bound = n1/8 Amazing, we found a cyclic subgroup of order 6
Algorithm 4: Analysis of our tweaks ● Z* n has even number of elements; there must be cyclic subgroups for each divisor of |Zn *|. (This is a theorem in Group Theory) ● The open question is how easy it is to find small cyclic subgroups of Z*n ● If we quickly find one cyclic subgroup, then sqrt(1) are easily revealed ● If we put a bound b on the period r, then sqrt(1) runs quick for a small n ● Our bounded random search variant of Shor’s algorithm is slow for a large n 36
Conclusion ● We studied the problem of finding the square roots of unity in a finite group ● We tried to factor composite numbers using sqrt(1) ● Experimental results showed that finding sqrt(1) in Z*n where n = pq is “hard” ● We implemented Shor’s function f(x) = ax mod n on a classical computer ● We learned that in general the period of f(x) is the same size as n ● We made minor tweaks by defining a bound on the period of f(x) = ax mod n ● More experimentation of our tweaks is part of future work 37
Appendix 38
39 import java.math.BigInteger; import java.security.SecureRandom; public class SqrtOneNaive implements IBigIntConstants { public static void main(String[] args) { /* Error handling is omitted */ BigInteger n = new BigInteger(args[0]); BigInteger x = zero; while(x.compareTo(n) <= 0) { // is square(x) = 1 (mod n)? if(x.multiply(x).mod(n).equals(one)) { System.out.println(x + " is the square root of one "); } x = x.add(one); } } } Implementation of naïve Sqrt(1) algorithm
40 public static void main(String[] args) { BigInteger n = new BigInteger(args[0]); // Error handling code is removed BigInteger x; while(true) { // Pick a random element from Zn x = BigIntUtil.getRandomElt(n, new SecureRandom()); // We don't want non-trivial roots '1' or '-1'. // If x = -1 (mod n) or x = 1 (mod n), then we have to restart. if(x.add(one).mod(n).equals(zero) || x.subtract(one).mod(n).equals(zero)) { continue; } if(x.multiply(x).mod(n).equals(one)) { System.out.println(x + " is the square root of one "); System.out.println("Number of random tries = " + counter); break; } } } Implementation of random Sqrt(1) algorithm
41 Finding the Sqrt(1) using Peter Shor’s algorithm (simplied)
References ● W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, vol. IT-22, no. 6, November, 1976 ● R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” CACM 21, 2, February, 1978 ● A. Menezes, P. van Oorschot, and S. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1996 ● P. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM J.Sci.Statist.Comput. 26 (1997). 42

Recommended

Hands-on Deep Learning in Python
Hands-on Deep Learning in PythonHands-on Deep Learning in Python
Hands-on Deep Learning in Python
Imry Kissos
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challenges
Dharmalingam Ganesan
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
Dharmalingam Ganesan
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 

Recommended

Hands-on Deep Learning in Python
Hands-on Deep Learning in PythonHands-on Deep Learning in Python
Hands-on Deep Learning in Python
Imry Kissos
 
Solutions to online rsa factoring challenges
Solutions to online rsa factoring challengesSolutions to online rsa factoring challenges
Solutions to online rsa factoring challenges
Dharmalingam Ganesan
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
On deriving the private key from a public key
On deriving the private key from a public keyOn deriving the private key from a public key
On deriving the private key from a public key
Dharmalingam Ganesan
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
Sean Xie
 
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Zararlı Yazılım Analizi Eğitimi Sunumu - Bölüm 1
BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7
Teymur Kheirkhabarov
 
Sqlmap
SqlmapSqlmap
Sqlmap
SiddharthWagh7
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
IIJ
 
Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9
Murat KARA
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Hacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShellHacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShell
Adeo Security
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Stuxnet under the_microscope
Stuxnet under the_microscopeStuxnet under the_microscope
Stuxnet under the_microscope
hiepnhatrang
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Sqrrl
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
CVSS
CVSSCVSS
CVSS
Christian Heinrich
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Michael Gough
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
On First-Order Meta-Learning Algorithms
On First-Order Meta-Learning AlgorithmsOn First-Order Meta-Learning Algorithms
On First-Order Meta-Learning Algorithms
Yoonho Lee
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
waizuq
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Dependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private VariablesDependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private Variables
Dharmalingam Ganesan
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
Dharmalingam Ganesan
 

More Related Content

What's hot

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7
Teymur Kheirkhabarov
 
Sqlmap
SqlmapSqlmap
Sqlmap
SiddharthWagh7
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
IIJ
 
Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9
Murat KARA
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Hacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShellHacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShell
Adeo Security
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
Nikhil Mittal
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Stuxnet under the_microscope
Stuxnet under the_microscopeStuxnet under the_microscope
Stuxnet under the_microscope
hiepnhatrang
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Sqrrl
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
CVSS
CVSSCVSS
CVSS
Christian Heinrich
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
Miroslav Stampar
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Michael Gough
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
Florian Roth
 
On First-Order Meta-Learning Algorithms
On First-Order Meta-Learning AlgorithmsOn First-Order Meta-Learning Algorithms
On First-Order Meta-Learning Algorithms
Yoonho Lee
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
waizuq
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 

What's hot (20)

Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory Forensics
 
Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Hacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShellHacker’ların Yeni Gozdesi - PowerShell
Hacker’ların Yeni Gozdesi - PowerShell
 
0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity0wn-premises: Bypassing Microsoft Defender for Identity
0wn-premises: Bypassing Microsoft Defender for Identity
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Stuxnet under the_microscope
Stuxnet under the_microscopeStuxnet under the_microscope
Stuxnet under the_microscope
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
CVSS
CVSSCVSS
CVSS
 
DNS exfiltration using sqlmap
DNS exfiltration using sqlmapDNS exfiltration using sqlmap
DNS exfiltration using sqlmap
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
 
Ransomware Resistance
Ransomware ResistanceRansomware Resistance
Ransomware Resistance
 
On First-Order Meta-Learning Algorithms
On First-Order Meta-Learning AlgorithmsOn First-Order Meta-Learning Algorithms
On First-Order Meta-Learning Algorithms
 
Mitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptxMitre Attack - Credential Dumping - updated.pptx
Mitre Attack - Credential Dumping - updated.pptx
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 

Similar to Computing the Square Roots of Unity to break RSA using Quantum Algorithms

Dependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private VariablesDependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private Variables
Dharmalingam Ganesan
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
Dharmalingam Ganesan
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private Keys
Dharmalingam Ganesan
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
Dharmalingam Ganesan
 
RSA without Integrity Checks
RSA without Integrity ChecksRSA without Integrity Checks
RSA without Integrity Checks
Dharmalingam Ganesan
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
Dharmalingam Ganesan
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
Dharmalingam Ganesan
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer Factorization
Dharmalingam Ganesan
 
Randomized algorithms ver 1.0
Randomized algorithms ver 1.0Randomized algorithms ver 1.0
Randomized algorithms ver 1.0
Dr. C.V. Suresh Babu
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
Dharmalingam Ganesan
 
Algorithms - A Sneak Peek
Algorithms - A Sneak PeekAlgorithms - A Sneak Peek
Algorithms - A Sneak Peek
BADR
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
Dharmalingam Ganesan
 
2010 3-24 cryptography stamatiou
2010 3-24 cryptography stamatiou2010 3-24 cryptography stamatiou
2010 3-24 cryptography stamatiouvafopoulos
 
RSA final notation change2
RSA final notation change2RSA final notation change2
RSA final notation change2Coleman Gorham
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
Dharmalingam Ganesan
 
Analysis of Shared RSA Modulus
Analysis of Shared RSA ModulusAnalysis of Shared RSA Modulus
Analysis of Shared RSA Modulus
Dharmalingam Ganesan
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Sathish Kumar
 
1_Asymptotic_Notation_pptx.pptx
1_Asymptotic_Notation_pptx.pptx1_Asymptotic_Notation_pptx.pptx
1_Asymptotic_Notation_pptx.pptx
pallavidhade2
 
PKC&RSA
PKC&RSAPKC&RSA
PKC&RSA
Anver S R
 

Similar to Computing the Square Roots of Unity to break RSA using Quantum Algorithms (20)

Dependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private VariablesDependency Analysis of RSA Private Variables
Dependency Analysis of RSA Private Variables
 
Cyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor FunctionCyclic Attacks on the RSA Trapdoor Function
Cyclic Attacks on the RSA Trapdoor Function
 
On the Secrecy of RSA Private Keys
On the Secrecy of RSA Private KeysOn the Secrecy of RSA Private Keys
On the Secrecy of RSA Private Keys
 
RSA cracking puzzle
RSA cracking puzzleRSA cracking puzzle
RSA cracking puzzle
 
RSA without Integrity Checks
RSA without Integrity ChecksRSA without Integrity Checks
RSA without Integrity Checks
 
RSA without Padding
RSA without PaddingRSA without Padding
RSA without Padding
 
Analysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent dAnalysis of Short RSA Secret Exponent d
Analysis of Short RSA Secret Exponent d
 
Security of RSA and Integer Factorization
Security of RSA and Integer FactorizationSecurity of RSA and Integer Factorization
Security of RSA and Integer Factorization
 
Randomized algorithms ver 1.0
Randomized algorithms ver 1.0Randomized algorithms ver 1.0
Randomized algorithms ver 1.0
 
An Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent eAn Analysis of RSA Public Exponent e
An Analysis of RSA Public Exponent e
 
Algorithms - A Sneak Peek
Algorithms - A Sneak PeekAlgorithms - A Sneak Peek
Algorithms - A Sneak Peek
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
 
2010 3-24 cryptography stamatiou
2010 3-24 cryptography stamatiou2010 3-24 cryptography stamatiou
2010 3-24 cryptography stamatiou
 
RSA final notation change2
RSA final notation change2RSA final notation change2
RSA final notation change2
 
NFSFIXES
NFSFIXESNFSFIXES
NFSFIXES
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
 
Analysis of Shared RSA Modulus
Analysis of Shared RSA ModulusAnalysis of Shared RSA Modulus
Analysis of Shared RSA Modulus
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
1_Asymptotic_Notation_pptx.pptx
1_Asymptotic_Notation_pptx.pptx1_Asymptotic_Notation_pptx.pptx
1_Asymptotic_Notation_pptx.pptx
 
PKC&RSA
PKC&RSAPKC&RSA
PKC&RSA
 

More from Dharmalingam Ganesan

.NET Deserialization Attacks
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization Attacks
Dharmalingam Ganesan
 
Reverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdfReverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdf
Dharmalingam Ganesan
 
How to exploit rand()?
How to exploit rand()?How to exploit rand()?
How to exploit rand()?
Dharmalingam Ganesan
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
Dharmalingam Ganesan
 
Thank-a-Gram
Thank-a-GramThank-a-Gram
Thank-a-Gram
Dharmalingam Ganesan
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key Exchange
Dharmalingam Ganesan
 
Can I write to a read only file ?
Can I write to a read only file ?Can I write to a read only file ?
Can I write to a read only file ?
Dharmalingam Ganesan
 
How do computers exchange secrets using Math?
How do computers exchange secrets using Math?How do computers exchange secrets using Math?
How do computers exchange secrets using Math?
Dharmalingam Ganesan
 
Requirements driven Model-based Testing
Requirements driven Model-based TestingRequirements driven Model-based Testing
Requirements driven Model-based Testing
Dharmalingam Ganesan
 
Automated Traceability for Software Engineering Tasks
Automated Traceability for Software Engineering TasksAutomated Traceability for Software Engineering Tasks
Automated Traceability for Software Engineering Tasks
Dharmalingam Ganesan
 
Reverse Engineering of Module Dependencies
Reverse Engineering of Module DependenciesReverse Engineering of Module Dependencies
Reverse Engineering of Module Dependencies
Dharmalingam Ganesan
 
Software Architecture
Software ArchitectureSoftware Architecture
Software Architecture
Dharmalingam Ganesan
 
Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solver
Dharmalingam Ganesan
 
Remote file path traversal attacks for fun and profit
Remote file path traversal attacks for fun and profitRemote file path traversal attacks for fun and profit
Remote file path traversal attacks for fun and profit
Dharmalingam Ganesan
 
20170605135932210 thank you card7
20170605135932210 thank you card720170605135932210 thank you card7
20170605135932210 thank you card7
Dharmalingam Ganesan
 
Threat Modeling: Applied on a Publish-Subscribe Architectural Style
Threat Modeling: Applied on a Publish-Subscribe Architectural StyleThreat Modeling: Applied on a Publish-Subscribe Architectural Style
Threat Modeling: Applied on a Publish-Subscribe Architectural Style
Dharmalingam Ganesan
 

More from Dharmalingam Ganesan (16)

.NET Deserialization Attacks
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization Attacks
 
Reverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdfReverse Architecting using Relation Algebra.pdf
Reverse Architecting using Relation Algebra.pdf
 
How to exploit rand()?
How to exploit rand()?How to exploit rand()?
How to exploit rand()?
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Thank-a-Gram
Thank-a-GramThank-a-Gram
Thank-a-Gram
 
Active Attacks on DH Key Exchange
Active Attacks on DH Key ExchangeActive Attacks on DH Key Exchange
Active Attacks on DH Key Exchange
 
Can I write to a read only file ?
Can I write to a read only file ?Can I write to a read only file ?
Can I write to a read only file ?
 
How do computers exchange secrets using Math?
How do computers exchange secrets using Math?How do computers exchange secrets using Math?
How do computers exchange secrets using Math?
 
Requirements driven Model-based Testing
Requirements driven Model-based TestingRequirements driven Model-based Testing
Requirements driven Model-based Testing
 
Automated Traceability for Software Engineering Tasks
Automated Traceability for Software Engineering TasksAutomated Traceability for Software Engineering Tasks
Automated Traceability for Software Engineering Tasks
 
Reverse Engineering of Module Dependencies
Reverse Engineering of Module DependenciesReverse Engineering of Module Dependencies
Reverse Engineering of Module Dependencies
 
Software Architecture
Software ArchitectureSoftware Architecture
Software Architecture
 
Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solver
 
Remote file path traversal attacks for fun and profit
Remote file path traversal attacks for fun and profitRemote file path traversal attacks for fun and profit
Remote file path traversal attacks for fun and profit
 
20170605135932210 thank you card7
20170605135932210 thank you card720170605135932210 thank you card7
20170605135932210 thank you card7
 
Threat Modeling: Applied on a Publish-Subscribe Architectural Style
Threat Modeling: Applied on a Publish-Subscribe Architectural StyleThreat Modeling: Applied on a Publish-Subscribe Architectural Style
Threat Modeling: Applied on a Publish-Subscribe Architectural Style
 

Recently uploaded

Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
MayankTawar1
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 

Recently uploaded (20)

Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Software Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdfSoftware Testing Exam imp Ques Notes.pdf
Software Testing Exam imp Ques Notes.pdf
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 

Computing the Square Roots of Unity to break RSA using Quantum Algorithms

  • 1. Computing the Square Roots of Unity to break RSA using Quantum Algo Dr. Dharma Ganesan, Ph.D.,
  • 2. Disclaimer ● The opinions expressed here are my own ○ But not the views of my employer ● The source code fragments and exploits shown here can be reused ○ But without any warranty nor accept any responsibility for failures ● Do not apply the exploit discussed here on other systems ○ Without obtaining authorization from owners 2
  • 3. Goal ● Break RSA using Peter Shor’s quantum algorithm ○ But, we will not look into Quantum Computing ○ We will find the square roots of unity on a classical computer ● Investigate the square root of unity (i.e., sqrt(1)) in a Finite Group ○ Algorithm 1: Naïve/Bruteforce ○ Algorithm 2: Random Search ○ Algorithm 3: Peter Shor’s period calculation algorithm ○ Algorithm 4: Our little tweaks of Peter Shor’s period function (bounded search) 3
  • 4. Prerequisite Some familiarity with the following topics will help to follow the rest of the slides ● Group Theory ● Number Theory ● Algorithms and Complexity Theory ● If not, it should still be possible to obtain a high-level overview 4
  • 5. Agenda ● Mathematical foundation/facts ● Brief overview of RSA ● Different algorithms to find the square roots of unity (in a finite group) ● Demos of finding the square roots of unity to factor composite numbers ● Conclusion 5
  • 6. 6 Notations and Facts GCD(x, y): The greatest common divisor that divides integers x and y Co-prime: If gcd(x, y) = 1, then x and y are co-primes Zn = { 0, 1, 2, …, n-1 }, n > 0; we may imagine Zn as a circular wall clock Z* n = { x ∈ Zn | gcd(x, n) = 1 }; (additional info: Z* n is a multiplicative group) φ(n): Euler’s Totient function denotes the number of elements in Z* n φ(nm) = φ(n).φ(m) (This property is called multiplicative) φ(p) = p-1, if p is a prime number
  • 7. Notations and Facts ... ● x ≡ y (mod n) denotes that n divides x-y; x is congruent to y mod n ● Euler’s Theorem: aφ(n) ≡ 1 (mod n), if gcd(a, n) = 1 ● Fermat’s Little Theorem: ap ≡ a (mod p) ● Gauss’s Fundamental Theorem of Arithmetic: Any integer greater than 1 is either a prime or can be written as a unique product of primes ○ Euclid’s work is the foundation for this theorem, see The Elements ● Euclid’s Lemma: if a prime p divides the product of two natural numbers a and b, then p divides a or p divides b ● Euclid’s Infinitude of Primes (c. 300 BC): There are infinitely many primes 7
  • 8. How can Bob send a message to Alice securely? 8 Public Key PuA ● Alice and Bob never met each other ● Bob will encrypt using Alice’s public key ○ Assume that public keys are known to the world ● Alice will decrypt using her private key ○ Private keys are secrets (never sent out) ● Bob can sign messages using his private key ○ Alice verifies message integrity using Bob’s public key ● Note: Alice and Bob need other evidence (e.g., passwords, certificates) to prove their identity to each other ● Who are Alice, Bob, and Eve? Private Key PrA Public Key PuB Private Key PrB
  • 9. RSA Public Key Cryptography System ● Published in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman ● Rooted in elegant mathematics - Group Theory and Number Theory ● Core idea: Anyone can encrypt a message using recipient's public key but ○ (as far as we know) no one can efficiently decrypt unless they got the matching private key ● Encryption and Decryption are inverse operations (math details later) ○ Work of Euclid, Euler, and Fermat provide the mathematical foundation of RSA ● Eavesdropper Eve cannot easily derive the secret (math details later) ○ Unless she solves “hard” number theory problems that are computationally intractable 9
  • 10. RSA - Key Generation Algo 1. Select an appropriate bitlength of the RSA modulus n (e.g., 2048 bits) ○ Value of the parameter n is not chosen until step 3; small n is dangerous (details later) 2. Pick two independent, large random primes, p and q, of half of n’s bitlength ○ In practice, q < p < 2q to avoid attacks (e.g., Fermat’s factorization) 3. Compute n = p.q (n is also called the RSA modulus) 4. Compute Euler’s Totient (phi) Function φ(n) = φ(p.q) = φ(p)φ(q) = (p-1)(q-1) 5. Select numbers e and d from Zn such that e.d ≡ 1(mod φ(n)) ○ e must be relatively prime to φ(n) otherwise d cannot exist (i.e., we cannot decrypt) ○ d is the multiplicative inverse of e in Zn 6. Public key is the pair <n, e> and private key is 4-tuple <φ(n), d, p, q> 10
  • 11. RSA Trapdoor ● RSA: Zn → Zn ● Let x and y ∈ Zn ● y = RSA(x) = xe mod n ○ We may view x as a plaintext, and y as the corresponding ciphertext ● x = RSA-1 (y) = yd mod n ● e and d are also called encryption and decryption exponents, respectively ● In practice, some random padding is used (not relevant for this presentation) 11
  • 12. RSA Trapdoor variables’ dependency graph 12 Private variable Public variable Note: If we can factor n and find p and q, then private keys are open to the world
  • 13. What are the square roots of unity in Z? ● 1 and -1 are the two square roots of one because (±1)2 = 1 ● This is true only if we work in the infinite set of integers Z ● In Cryptography, we often work with finite groups ● There are other non-trivial roots of unity other than ±1 in Z* n 13
  • 14. Square roots of unity in a finite group Z* n Consider this tiny multiplicative group Z*15 = {1, 2, 4, 7, 8, 11, 13, 14} The square roots of unity are 1, 4, 11, and 14 Note that 14 ≡ -1 mod 15 (basically -1 is the same as 14) But, we have two other roots 4 and 11 of unity (e.g., 4*4 = 1 mod 15) 1 and 14 are trivial roots of unity, whereas 4 and 11 are non-trivial roots of unity Fact: Let n = pq, where p and q are odd primes, then there are four roots of unity 14
  • 15. Algorithm: Factor n using the square roots of unity Problem: Given a composite number n and sqrt(1), find the factors p and q of n Let x be a square root of 1, then x2 = 1 (mod n) Thus, x2 - 1 = 0 (mod n) ⇒ (x+1)(x-1) = 0 (mod n) This means that n divides (x+1)(x-1) If (x+1) and (x-1) are not multiples of n, then the factors of n are the following: p = gcd(x+1, n) or gcd(x-1, n); q = n/p 15
  • 16. Toy example: Let’s factor n = 15 using Z*15 Z*15 = {1, 2, 4, 7, 8, 11, 13, 14} Since 4 and 11 are square roots of unity, we can use one of them to factor n Let x = 4 x2 = 1 (mod 15) (x+1)(x-1) = 0 (mod 15) Factor p = gcd(x+1, 15) = gcd(5, 15) = 5; Factor q = n/p = 15/5 = 3 16
  • 17. Factoring n using the square roots of unity ... If we can find the non-trivial square roots on n, then we can factor n Let’s investigate how easy it is to find the sqrt(1) in a finite multiplicative group Four different algorithms to find the sqrt(1): 1. Bruteforce/Naive 2. Random Search 3. Peter Shor’s Quantum Algorithm 4. Our little tweaks of Shor’s algorithm 17
  • 18. Algorithm 1: Naïve sqrt(1) in Zn * Step 1: x = 0 Step 2: if(x < n) goto step 3; otherwise goto step 5 Step 3: if(x2 = 1 mod n) then x is a square root of one. Step 4: x = x + 1. goto step 2. Step 5: End. 18
  • 19. 19 ~/crypto/RSA$ java SqrtOneNaive 2086784737 Input bit length = 31 Sqrt(n) = 45681 sqrt(1) = 1 bit length = 1 sqrt(1) = 530886943 bit length = 29 sqrt(1) = 1555897794 bit length = 31 sqrt(1) = 2086784736 bit length = 31 Note: sqrt(n) is only 45681, but sqrt(1) can be the same bit length as n (See the Appendix for the source code of Sqrt(1) naïve method) Algorithm 1: Find the sqrt(1) in the group Z*2086784737
  • 20. Algorithm 1: Analysis of the naïve algorithm ● The naïve algorithm is simple to understand and implement ● However, it is very slow because we enumerate all numbers of the group Zn ● If n is a 2048-bit composite number, this algorithm will perform 22048 iterations ● In other words, it will take several billion years to calculate sqrt(1) 20
  • 21. Algorithm 2: Random search to find sqrt(1) in Zn * Step 1: Pick a random x from Zn Step 2: if(x = ± 1 mod n) then goto step 1 Step 3: if(x2 = 1 mod n) then x is a sqrt(1) goto step 4; else step 1 Step 4: End. 21
  • 22. 22 dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 236 ddharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 82005 dharmalingam_ganesan11@instance-1:~/crypto/RSA$ java RandomSqrtOne 45649 sqrt(1) = 43738 Number of random tries = 167572 Algorithm 2: Find the sqrt(1) in the group Z*45649
  • 23. 23 Algorithm 2: Analysis of Random Search Algo ● The random algorithm can find the square roots of one (for “small” n) ● But, it just needs a lots of tries to find a needle in the haystack ● In general, the number of tries is the size of the input composite number ● Random search is not able to find sqrt(1) for very large input n
  • 24. 24
  • 25. 25 Algorithm 3: Peter Shor’s Algorithm (core idea) ● To find an x such that x2 = 1 (mod n), we compute f(x) = ax mod n, random a ● Fact: Every element of a finite group generates a cyclic subgroup ● In other words, the function f(x) is the same as the cyclic subgroup <a> ● Thus, f(r) = 1 mod n for some r; equivalently, ar = 1 mod n for some r ● Once we find such an r, (ar/2 )2 = 1 mod n; (if r is even, the hacker is lucky) ● Thus, ar/2 is the sqrt(1); we know how to factor n once the sqrt(1) is exposed!
  • 26. Algorithm 3: Finding the period r of the function f(x) 26 x f(x) = ax mod n 0 a0 mod n 1 a1 mod n 2 a2 mod n r ar mod n = 1 ● Peter Shor uses quantum computing to find the period r of the function f(x) ● We implemented this function on my classical computer (my laptop) ● Just to better understand the inner beauty of this algorithm
  • 27. 27 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 1330 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 4522 sqrt(1) = 43738 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 4522 sqrt(1) = 1911 ~/crypto/RSA$ java -ea SqrtOneShor 45649 period = 22610 sqrt(1) = 43738
  • 28. 28 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 236941974 Sqrt(1) = 521638680 real 0m47.429s user 0m47.100s sys 0m0.288s Period is very large
  • 29. 29 ~/crypto/RSA$ java FactorShor 45649 period = 22610 p = 191 q = 239 ~/crypto/RSA$ java FactorShor 45649 period = 170 p = 239 q = 191 ~/crypto/RSA$ java FactorShor 45649 period = 3230 p = 239 q = 191 Algorithm 3: Factor a small number n = 45649
  • 30. 30 Algorithm 3: Analysis of the period of f(x) = ax mod n ● The above set of runs shows that the period of f(x) can be very large ○ Thus, we cannot apply this algorithm to find sqrt(1) for a large group Zn used in RSA ● Remember, we are running the algorithm on a classical computer ● It is good to play with this algorithm on a classical computer to understand it ● Algorithm 4 talks about some little tweaks of Algorithm 3
  • 31. Algorithm 4: Let’s tweak Peter Shor’s algorithm What if we put a bound b on the period r? Step 1: Initialize bound b (e.g., b = n1/2 , n1/4 , etc.), r = 0, success = false Step 2: Pick a random a from Zn * Step 3: if 0 ≤ r ≤ b goto step 4; otherwise goto step 7 Step 4: Compute f(r) = ar mod n Step 5: If f(r) != 1 then r = r+1 and goto step 3 Step 6: If r is even, then success = true; otherwise goto step 2 Step 7: If success = true, we found the period r; otherwise goto step 2 31
  • 32. 32 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 33738 sqrt(1) = 521638680 real 0m45.786s user 0m45.510s sys 0m0.244s Algorithm 4: bound = n1/2
  • 33. 33 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 18 Square root of one = 521638680 real 6m14.713s user 6m12.706s sys 0m1.759s Algorithm 4: bound = n1/4
  • 34. 34 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 18 Square root of one = 521638680 real 2m29.435s user 2m28.400s sys 0m0.936s Algorithm 4: bound = n1/6
  • 35. 35 ~/crypto/RSA$ time java -ea SqrtOneShor 1421727721 period = 6 Square root of one = 900089041 real 2m31.106s user 2m29.703s sys 0m1.304s Algorithm 4: bound = n1/8 Amazing, we found a cyclic subgroup of order 6
  • 36. Algorithm 4: Analysis of our tweaks ● Z* n has even number of elements; there must be cyclic subgroups for each divisor of |Zn *|. (This is a theorem in Group Theory) ● The open question is how easy it is to find small cyclic subgroups of Z*n ● If we quickly find one cyclic subgroup, then sqrt(1) are easily revealed ● If we put a bound b on the period r, then sqrt(1) runs quick for a small n ● Our bounded random search variant of Shor’s algorithm is slow for a large n 36
  • 37. Conclusion ● We studied the problem of finding the square roots of unity in a finite group ● We tried to factor composite numbers using sqrt(1) ● Experimental results showed that finding sqrt(1) in Z*n where n = pq is “hard” ● We implemented Shor’s function f(x) = ax mod n on a classical computer ● We learned that in general the period of f(x) is the same size as n ● We made minor tweaks by defining a bound on the period of f(x) = ax mod n ● More experimentation of our tweaks is part of future work 37
  • 39. 39 import java.math.BigInteger; import java.security.SecureRandom; public class SqrtOneNaive implements IBigIntConstants { public static void main(String[] args) { /* Error handling is omitted */ BigInteger n = new BigInteger(args[0]); BigInteger x = zero; while(x.compareTo(n) <= 0) { // is square(x) = 1 (mod n)? if(x.multiply(x).mod(n).equals(one)) { System.out.println(x + " is the square root of one "); } x = x.add(one); } } } Implementation of naïve Sqrt(1) algorithm
  • 40. 40 public static void main(String[] args) { BigInteger n = new BigInteger(args[0]); // Error handling code is removed BigInteger x; while(true) { // Pick a random element from Zn x = BigIntUtil.getRandomElt(n, new SecureRandom()); // We don't want non-trivial roots '1' or '-1'. // If x = -1 (mod n) or x = 1 (mod n), then we have to restart. if(x.add(one).mod(n).equals(zero) || x.subtract(one).mod(n).equals(zero)) { continue; } if(x.multiply(x).mod(n).equals(one)) { System.out.println(x + " is the square root of one "); System.out.println("Number of random tries = " + counter); break; } } } Implementation of random Sqrt(1) algorithm
  • 41. 41 Finding the Sqrt(1) using Peter Shor’s algorithm (simplied)
  • 42. References ● W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, vol. IT-22, no. 6, November, 1976 ● R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” CACM 21, 2, February, 1978 ● A. Menezes, P. van Oorschot, and S. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1996 ● P. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM J.Sci.Statist.Comput. 26 (1997). 42