Cryptology - Unofficial St. Mary's College of California Web Site

More documents

Recommendations

Info

246 CHAPTER 12. RSA First, what about our old standby – frequency analysis If N consists of around 600 decimal digits, then our ciphertext segments will also be about 600 digits long. How many possible 600 digit segments are there Lots: 10 600 . Recall that a traditional estimate for the number of elementary particles in the universe is 10 80 . So even if we wanted to perform frequency analysis, there wouldn’t be enough room in the universe to write down our frequency count! So we must try another method to break a message. As usual, once we have tried the brute force method of frequency analysis, we then turn to the specifics of the system itself. Again, how to decrypt an RSA-enciphered message Well, we can look up our enemy’s e and N, since these are public information. We want M, the true message, we know the value of N and we know that E d %N = M. The only thing we don’t know is d. So we only need to discover d. Well, we know that e and d are chosen so that e·d ≡ 1 (mod (P −1)(Q−1)), and we know e. The only thing we don’t have is (P − 1)(Q − 1). So we only need to discover (P − 1)(Q − 1). Well, we know N, and we know that P · Q = N. Also, (P − 1)(Q − 1) = P · Q − P − Q + 1 = N − P − Q + 1. We know the N and 1 parts of this, but don’t know the P or Q. So we only need to discover P or Q. Well, N/P = Q and N/Q = P , so if we know either P or Q then we know the other and so know them both. But N has only two factors, P and Q. So we only need to factor N. Thus the entire security of the RSA system apparently comes down to the ease or difficulty of factoring N. If we can factor N we can easily decrypt any message enciphered modulo N. And the chain of “well”s above is meant to convince you that factor N is the only way to break RSA. 15 How hard can this be After all, we all spent several weeks in 5th or 7th grade talking about primes and factors and breaking down numbers into their prime factors. So why can’t smart people using fast machines just factor N In fact, why not just set up a really fast computer and do the obvious thing: see if 2 divides N, then see if 3 divides N, then see if 5 divides N, and so on, working your way along the primes until you find either P or Q Remember that N is about 600 digits long. An important theorem, called, logically enough, the Prime Number Theorem, says that less that N there are about N/ ln(N) primes. That means that to find up to P or Q, which means checking up to about 10 300 , we must check about 10 300 / ln(10 300 ) ≈ 10 298 primes. But, again, there are only 10 80 particles in the whole universe! Imagine that I said I hid one specially marked atom somewhere in the universe and you 15 Of course there are other ways to break any particular RSA system. Perhaps our enemy will make some grievous mistake in enciphering, like leaving part of the message unenciphered. Or will allow us to time his/her computer while it is deciphering as many messages as we wish. But, for most practical purposes, the security of RSA comes down to the factoring problem.
12.10. HOW TO BREAK RSA 247 had to find it. This task is almost infinitely easier than the factoring N using a brute force factoring method! OK, perhaps you say that we know that none of the small prime numbers divide N, so let’s not waste our time with those. In fact, let’s only check the primes that have between 299 and 301 digits. This can’t be so many, right Well, the Prime Number Theorem, again, tells us there are 10 301 / ln(10 301 ) − 10 299 / ln(10 299 ) > 10 298 primes in this region. We haven’t eliminated too many! 16 OK, perhaps you will argue that somebody will someday figure out how to factor such big numbers. Really, it is a very simple idea: just factor the darned thing. There are indeed many many people working on exactly this question, developing fancy methods with exotic names like “Pollard’s ρ-method” and the “Number Field Sieve”, and these method have been shown to have the ability to factor numbers of up to 155 digits. 17 So it is possible that in the future 18 people will be able to quickly factor 600 digit numbers. I guess our hope is that by then whatever messages we send today will be so outdated that no one will care to go back and break them. And by then we will have switched so that P and Q are about 300 digits each. The final “OK”. OK, perhaps you will say but isn’t there this thing called the “National Security Agency” and isn’t the US government spending billions of dollars to fund them every year to do cryptographic work for the FBI and CIA and weren’t they smart enough to break the Russians one-time pads when the Russians didn’t use them properly and don’t they hire many many really smart mathematicians that they swear to secrecy Might not they have figured out a way to break RSA ciphers and not be telling us Huh Hey smart guy, what’s your answer to this And I’d have to answer, “dunno”. Maybe they have. No one seems to have any real evidence that they did, but we just don’t know since they aren’t telling. The upshot is that, outside of possibly the NSA (or its equivalents in other countries), as far as I know no one is currently able to break a carefully constructed and properly used RSA cipher in any reasonable amount of time. This is an area of much research in mathematics, so I’m making no promises about the future. But for the time being a well-constructed RSA system appears to be quite secure. 16 In fact, intuitively this makes sense. $10, 000 is a lot of money, but removing that much from $1, 000, 000 still leaves a whole lot left over. Those two extra 0’s are a big deal! 17 See the rsasecurity.com homepage. 18 Two big shots in the field, Arjen Lenstra and Eric Verheul, have guessed that in another 5 or so years (2009) it will be possible to build a computer that can break a 1024-bit RSA key in about a day for $250 million. The National Institute of Standards and Technology recommends that to protect information until 2015 one should use primes of roughly 300 digits.
Page 1 and 2:
Cryptology: An Historical Introduct
Page 3 and 4:
Contents List of Figures 8 1 Caesar
Page 5 and 6:
CONTENTS 5 9 Digraphic Ciphers 167
Page 7 and 8:
List of Figures 1.1 Saint Cyr Slide
Page 9 and 10:
Chapter 1 Caesar Ciphers There are
Page 11 and 12:
11 Examples: Encipher or decipher t
Page 13 and 14:
1.1. SAINT CYR SLIDE 13 paper turne
Page 15 and 16:
1.3. FREQUENCY ANALYSIS 15 PX PBEE
Page 17 and 18:
1.3. FREQUENCY ANALYSIS 17 A bit mo
Page 19 and 20:
1.3. FREQUENCY ANALYSIS 19 Examples
Page 21 and 22:
1.4. LINQUIST’S METHOD 21 the cip
Page 23 and 24:
1.7. EXERCISES 23 12. What is the m
Page 25 and 26:
1.7. EXERCISES 25 (d) VTXLTKBTG LXV
Page 27 and 28:
1.7. EXERCISES 27 (d) IKSUT JKIOT K
Page 29 and 30:
Chapter 2 Cryptologic Terms Cryptog
Page 31 and 32:
Chapter 3 The Introduction of Numbe
Page 33 and 34:
3.1. THE REMAINDER OPERATOR 33 Exam
Page 35 and 36:
3.1. THE REMAINDER OPERATOR 35 Perf
Page 37 and 38:
3.1. THE REMAINDER OPERATOR 37 As a
Page 39 and 40:
3.2. MODULAR ARITHMETIC 39 While %
Page 41 and 42:
3.3. DECIMATION CIPHERS 41 previous
Page 43 and 44:
3.4. DECIPHERING DECIMATION CIPHERS
Page 45 and 46:
3.6. KOBLITZ’S KID-RSA AND PUBLIC
Page 47 and 48:
3.6. KOBLITZ’S KID-RSA AND PUBLIC
Page 49 and 50:
3.9. EXERCISES 49 8. How do we enci
Page 51 and 52:
3.9. EXERCISES 51 (c) Encipher 54 4
Page 53 and 54:
3.9. EXERCISES 53 (b) Encipher secr
Page 55 and 56:
Chapter 4 The Euclidean Algorithm I
Page 57 and 58:
4.2. GCD’S AND THE EUCLIDEAN ALGO
Page 59 and 60:
4.3. MULTIPLICATIVE INVERSES 59 (2)
Page 61 and 62:
4.3. MULTIPLICATIVE INVERSES 61 (2)
Page 63 and 64:
4.4. DECIPHERING DECIMATION AND LIN
Page 65 and 66:
4.5. BREAKING DECIMATION AND LINEAR
Page 67 and 68:
4.6. SUMMARY 67 To put it more blun
Page 69 and 70:
4.8. EXERCISES 69 5. Here we work w
Page 71 and 72:
Chapter 5 Monoalphabetic Ciphers He
Page 73 and 74:
5.2. KEYWORD MIXED CIPHERS 73 Examp
Page 75 and 76:
5.4. INTERRUPTED KEYWORD CIPHERS 75
Page 77 and 78:
5.6. BASIC LETTER CHARACTERISTICS 7
Page 79 and 80:
5.7. ARISTOCRATS 79 the 69971 or 42
Page 81 and 82:
5.9. TOPICS AND TECHNIQUES 81 5.9 T
Page 83 and 84:
5.10. EXERCISES 83 (h) DYVTP KKIQ.
Page 85 and 86:
5.10. EXERCISES 85 13. Ciphers in w
Page 87 and 88:
5.10. EXERCISES 87 17. General Pier
Page 89 and 90:
Chapter 6 Decrypting Monoalphabetic
Page 91 and 92:
6.2. DECRYPTING MONOALPHABETIC CIPH
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
6.3. SUKHOTIN’S METHOD FOR FINDIN
Page 99 and 100:
6.4. FINAL MONOALPHABETIC TRICKS 99
Page 101 and 102:
6.5. SUMMARY 101 our ciphertext muc
Page 103 and 104:
6.7. EXERCISES 103 Frequency count:
Page 105 and 106:
6.7. EXERCISES 105 53++!305))6*;482
Page 107 and 108:
6.7. EXERCISES 107 93 93 82 48 39 6
Page 109 and 110:
Chapter 7 Vigenère Ciphers It was
Page 111 and 112:
7.2. TRITHEMIUS, THE FATHER OF BIBL
Page 113 and 114:
7.3. BELASO, THE UNKNOWN AND PORTA,
Page 115 and 116:
7.4. VIGENÈRE CIPHERS 115 to encip
Page 117 and 118:
7.6. HOW TO BREAK VIGENÈRE CIPHERS
Page 119 and 120:
7.6. HOW TO BREAK VIGENÈRE CIPHERS
Page 121 and 122:
7.7. THE KASISKI TEST 121 Kasiski
Page 123 and 124:
7.8. SUMMARY 123 Repetition Start P
Page 125 and 126:
7.10. EXERCISES 125 2. Little Miss
Page 127 and 128:
7.10. EXERCISES 127 to Gen. E. K. S
Page 129 and 130:
7.10. EXERCISES 129 MEJMY JKXCD LCN
Page 131 and 132:
7.10. EXERCISES 131 22. (a) Use Kas
Page 133 and 134:
7.10. EXERCISES 133 (a) Construct a
Page 135 and 136:
Chapter 8 Polyalphabetic Ciphers Th
Page 137 and 138:
8.1. COINCIDENCES 137 (being born o
Page 139 and 140:
8.2. THE MEASURE OF ROUGHNESS 139 I
Page 141 and 142:
8.2. THE MEASURE OF ROUGHNESS 141 P
Page 143 and 144:
8.3. THE FRIEDMAN TEST 143 The Frie
Page 145 and 146:
8.4. MULTIPLE ENCIPHERINGS 145 Bein
Page 147 and 148:
8.4. MULTIPLE ENCIPHERINGS 147 Just
Page 149 and 150:
8.5. VIGENÈRE’S AUTO KEY CIPHER
Page 151 and 152:
8.5. VIGENÈRE’S AUTO KEY CIPHER
Page 153 and 154:
8.6. PERFECT SECRECY 153 invent now
Page 155 and 156:
8.8. TERMS AND TOPICS 155 multiple
Page 157 and 158:
8.9. EXERCISES 157 6. As is this on
Page 159 and 160:
8.9. EXERCISES 159 13. It has been
Page 161 and 162:
8.9. EXERCISES 161 This is Equation
Page 163 and 164:
8.9. EXERCISES 163 A: AB CDE FGH I
Page 165 and 166:
8.9. EXERCISES 165 26. Decipher SVQ
Page 167 and 168:
Chapter 9 Digraphic Ciphers Althoug
Page 169 and 170:
9.1. POLYGRAPHIC CIPHERS 169 f a g
Page 171 and 172:
9.2. HILL CIPHERS 171 th 2.96 es 1.
Page 173 and 174:
9.2. HILL CIPHERS 173 We will be us
Page 175 and 176:
9.3. RECOGNIZING AND BREAKING POLYG
Page 177 and 178:
9.4. PLAYFAIR 177 Playfair Ciphers:
Page 179 and 180:
9.5. SUMMARY 179 9.5 Summary Polygr
Page 181 and 182:
9.7. EXERCISES 181 (b) The use of
Page 183 and 184:
9.7. EXERCISES 183 10. Just as we c
Page 185 and 186:
9.7. EXERCISES 185 (d) (For those(
Page 187 and 188:
9.7. EXERCISES 187 The rules that W
Page 189 and 190:
Chapter 10 Transposition Ciphers In
Page 191 and 192:
10.3. TURNING GRILLES 191 1 2 3 7 4
Page 193 and 194:
10.4. COLUMNAR TRANSPOSITION 193 co
Page 195 and 196: 10.5. TRANSPOSITION VS. SUBSTITUTIO
Page 197 and 198: 10.6. LETTER CONNECTIONS 197 F 2 G
Page 199 and 200: 10.7. BREAKING THE COLUMNAR TRANSPO
Page 201 and 202: 10.8. DOUBLE TRANSPOSITION 201 Sinc
Page 203 and 204: 10.9. TRANSPOSITION DURING THE CIVI
Page 205 and 206: 10.9. TRANSPOSITION DURING THE CIVI
Page 207 and 208: 10.10. THE BATTLE OF THE CIVIL WAR
Page 209 and 210: 10.13. EXERCISES 209 14. What is a
Page 211 and 212: 10.13. EXERCISES 211 and the second
Page 213 and 214: 10.13. EXERCISES 213 evening Adam h
Page 215 and 216: 10.13. EXERCISES 215 Several codewo
Page 217 and 218: 10.13. EXERCISES 217 4. (which is t
Page 219 and 220: Chapter 11 Knapsack Ciphers Merkle
Page 221 and 222: 11.3. AN EASY KNAPSACK PROBLEM 221
Page 223 and 224: 11.4. THE KNAPSACK CIPHER SYSTEM 22
Page 225 and 226: 11.4. THE KNAPSACK CIPHER SYSTEM 22
Page 227 and 228: 11.5. PUBLIC KEY CIPHER 227 Even wi
Page 229 and 230: 11.8. EXERCISES 229 2. Given the we
Page 231 and 232: Chapter 12 RSA Take two large prime
Page 233 and 234: 12.1. FERMAT’S THEOREM 233 Exampl
Page 235 and 236: 12.3. COMPLICATION II: A SUBSTANTIA
Page 237 and 238: 12.3. COMPLICATION II: A SUBSTANTIA
Page 239 and 240: 12.5. COMPLICATION IV: THE LAST ONE
Page 241 and 242: 12.6. PUTTING IT ALL TOGETHER 241 1
Page 243 and 244: 12.8. RSA 243 The RSA Algorithm Set
Page 245: 12.9. RSA AND PUBLIC KEYS 245 There
Page 249 and 250: 12.12. SUMMARY 249 cannot read the
Page 251 and 252: 12.14. EXERCISES 251 6. What is a
Page 253 and 254: 12.14. EXERCISES 253 Bob is going t
Page 255 and 256: Bibliography [Antonucci] Michael An
Page 257: BIBLIOGRAPHY 257 [Shamir] [SRA] A.
show all

Cryptology - Unofficial St. Mary's College of California Web Site

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?