Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10

Announcements:Announcements: Computer exam Computer exam next classnext class

Questions?Questions?

DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 10Day 10

Tomorrow’s examTomorrow’s examFor each problem, I’ll specify the algorithm:For each problem, I’ll specify the algorithm:

Shift Affine Vigenere HillShift Affine Vigenere Hill

and the attack:and the attack:Ciphertext only known plaintextCiphertext only known plaintext

You may use code that you wrote or that you got from You may use code that you wrote or that you got from the textbook.the textbook.

May require you to modify your code some on the flyMay require you to modify your code some on the flyHave your algorithms ready to run…Have your algorithms ready to run…

Can we generalize Fermat’s little theorem to Can we generalize Fermat’s little theorem to composite moduli? composite moduli?

How can Alice get a secret message to How can Alice get a secret message to Bob without an established key?Bob without an established key?

Can do it with locks.Can do it with locks.

First 2 volunteers get to do a live demoFirst 2 volunteers get to do a live demo

The three-pass protocol is an application of Fermat’s The three-pass protocol is an application of Fermat’s little theorem to key exchangelittle theorem to key exchange

Situation: Alice wants to get a short Situation: Alice wants to get a short message to Bob, but they don’t have an message to Bob, but they don’t have an established key to transmit it.established key to transmit it.

Can do with locks:Can do with locks:










Note: it’s always secured by one of their locks


K: the secret messageK: the secret message

p: a large public prime number > Kp: a large public prime number > K

The two locks:The two locks: a: Alice’s random #, gcd(a,p-1)=1a: Alice’s random #, gcd(a,p-1)=1 b: Bob’s random #, gcd(b,p-1)=1b: Bob’s random #, gcd(b,p-1)=1

To unlock their locks:To unlock their locks: aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)

In the three-pass protocol, the “locks” are In the three-pass protocol, the “locks” are random numbers that satisfy specific propertiesrandom numbers that satisfy specific properties

K: the secret K: the secret messagemessagep: a public prime p: a public prime number > Knumber > KThe two locks:The two locks:

a: Alice’s random a: Alice’s random #, gcd(a,p-1)=1#, gcd(a,p-1)=1

b: Bob’s random b: Bob’s random #, gcd(b,p-1)=1#, gcd(b,p-1)=1

To unlock their To unlock their locks:locks:

aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)

Three-pass protocol:Three-pass protocol:Alice computes KAlice computes Ka a (mod p) and sends to (mod p) and sends to

BobBobBob computes (KBob computes (Kaa))b b (mod p) and sends it (mod p) and sends it

backbackAlice computes ((KAlice computes ((Kaa))b b ))aa-1-1 (mod p) and (mod p) and

sends it backsends it backBob computes (((KBob computes (((Kaa))b b )) a a-1-1

)) b b-1-1 (mod p) and (mod p) and reads Kreads K


K: the secret K: the secret messagemessagep: a public prime p: a public prime number > Knumber > KThe two locks:The two locks:

a: Alice’s random a: Alice’s random #, gcd(a,p-1)=1#, gcd(a,p-1)=1

b: Bob’s random b: Bob’s random #, gcd(b,p-1)=1#, gcd(b,p-1)=1

To unlock their To unlock their locks:locks:

aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)

Three-pass protocol:Three-pass protocol:Alice computes KAlice computes Ka a (mod p) and sends to (mod p) and sends to

BobBobBob computes (KBob computes (Kaa))b b (mod p) and sends it (mod p) and sends it

backbackAlice computes ((KAlice computes ((Kaa))b b ))aa-1-1 (mod p) and (mod p) and

sends it backsends it backBob computes (((KBob computes (((Kaa))b b )) a a-1-1

)) b b-1-1 (mod p) and (mod p) and reads Kreads K

Toy example:3617 (mod 59) = 121221 (mod 59) = 454541 (mod 59) = 484847 (mod 59) = 36

36

59

17

21

41

47

Why does it work?


When dealing with numbers mod n, we When dealing with numbers mod n, we can deal with their exponents mod _____can deal with their exponents mod _____

So…So… Given integers a and b,Given integers a and b, Since aaSince aa-1-1=bb=bb-1-1=1(mod p-1)=1(mod p-1) ……what’s Kwhat’s K(aba(aba-1-1bb-1-1)) (mod p)? (mod p)?

The basic principle relates the moduli of the The basic principle relates the moduli of the expressions to the moduli in the exponentsexpressions to the moduli in the exponents

Why isn’t this used in key exchange today?Why isn’t this used in key exchange today?

Trappe and Washington say that it’s Trappe and Washington say that it’s vulnerable to an “intruder-in-the-middle” vulnerable to an “intruder-in-the-middle” attack. Think about this…attack. Think about this…

We’ll revisit 3.7 (primitive roots) and 3.11 We’ll revisit 3.7 (primitive roots) and 3.11 (fields) later(fields) later

The rest is more number theory fun.The rest is more number theory fun.

Tomorrow we start DESTomorrow we start DES

You are now prepared to read as much of the rest of You are now prepared to read as much of the rest of chapter 3 as you likechapter 3 as you like

Maybe Alice and Bob’s exchange wasn’t as secure as Maybe Alice and Bob’s exchange wasn’t as secure as they thought…they thought…

http://xkcd.com/c177.html

Yet one more reason I’m barred from speaking at crypto conferences.

http://xkcd.com/c177.html

Documents

Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10