Cryptology - Unofficial St. Mary's College of California Web Site

More documents

Recommendations

Info

248 CHAPTER 12. RSA 12.11 Authenticity – Proof of Authorship An important disadvantage of all private key cipher systems is that they do nothing to help solve the key management problem. How can we secretly exchange secret keys with people we’ve never met And how can we keep all these secret keys straight, let alone secret As we have discussed, a Public Key cipher takes care of these difficulties. To send someone a private message we don’t have to know them, or have met them, or have agreed on a key or a method. We just look up and use their RSA information from their Internet site. This leads to a problem: If anyone can send you a message, there is no direct way of knowing who sent you that message! It means little for an email to be signed “Bob” as anyone can type B-o-b. How can we be sure that the person whose name is at the bottom of the message really sent it With the knapsack ciphers this is a fairly difficult problem to overcome but with the RSA it’s easy. As usual, we’ll refer to the two parties exchanging messages as Alice and Bob. We will use a subscript A to denote “Alice’s”, so N A is the value of N in Alice’s system. Similarly, e B is the enciphering exponent in Bob’s system. Alice knows her d A but no one else does. Similarly only Bob knows d B . However, they both know e A , N A , e B and N B . When Alice sends a message to Bob she wants to make sure that only he can decipher it, and that he knows it is actually from her. So she writes her message M and then computes ( M d A %N A ) eB %N B , if N A < N B , or ( M e B %N B ) dA %N A , if N B < N A , and sends this ciphertext to Bob. (Unfortunately, while ( ) M d eB ( ) A and M e dA B are equal, they may not be equivalent, that is, when working modulo N A and N B the order of the moduli matters.) Bob needs to be similarly careful when deciphering. If N A < N B , he undoes the e B exponentiation (using d B ) and then undoes the d A exponentiation (with e A ). When N A > N B , the order must be reversed. This is quite clever, and so let’s take a moment to see what each party now knows. Bob receives a ciphertext supposedly from Alice. Since he can look up her modulus N A he knows which order to apply d B and e A to decipher the message. So he can read it. Further, since only he knows d B , Bob is the only person that can decipher this message. Finally, since applying e A led to a readable message, d A must have been applied to the plaintext, and since Alice is the only person that knows d A , it really must have been her that sent the message. Alice can come to quite similar conclusions: Bob is the only person who can read the message she sent, and she knows he will know it was she who sent it. (Make sure you understand why she knows these things.) Finally, Ed the Adversary, even though he knows all of Alice and Bob’s public information,
12.12. SUMMARY 249 cannot read the message; in fact, he cannot even determine if it is actually from Alice! This process is called sending a digital signature. In fact, it is a bit like a person’s signature in that your signature is something that you can easily make and that anyone can compare with others of yours to convince themselves that you are you, but it is something that is hard for other people to fake. Similarly, it is easy for Alice to compute the number (Alice) d A after which anyone else can compute ( (Alice) A) d eA to convince themselves she is really who she says she is. 19 Example: We receive 277763, 165924, 169282 from someone who claims to be David. We know that N David = 273487 and e David = 3. Our values are N = 279827, e = 297 and d = 4757. Did this message come from him and what did it say First, since N David = 273487 < 279827, if it was David who sent this message he would first have computed E = M d D %N D and sent us E e %N. So we must first compute E d %N, and then raise this to the e D modulo N D . Raising the message to the d = 47577-th power modulo 279827 produces 198427, 240953, 178426. Raising these numbers to the e D = 3-rd power modulo N D = 273487 gives 23, 5, 5, 11, 5, 14, 4 or weekend. This message makes sense, so yes, David actually send the message. ⋄ With the idea of digital signatures understood we should modify one of our earlier sections. When one is using the RSA one really sends a message in several parts. Part 1 is a quick note saying who you are and what private key method and what key you will use to encipher part 2 of the message. Part 1 is double enciphered using your d and your recipient’s e as just indicated, which both keeps it secure and proves you sent it. Part 2 is the true message and is enciphered using the method and key you just indicated. Finally, Part 0 is a cover letter saying who you are and where you are sending the message. 12.12 Summary After trying addition (Caesar Ciphers) and multiplication (Decimation Ciphers), it is natural to try exponentiation to create a cipher system, and RSA is exactly that. It enciphers messages by raising them to a power modulo the product of 19 There is a subtlety here. If Alice simply sends Alice d A as her signature for each of her messages, Ed can steal this number and pretend to be her. In practice, Alice would apply a hash function to the message, producing a very short version of it, and it is this that she “signs.” Since Bob can apply the same hash function to the un-deciphered message, he can compare these “digital fingerprints” to see if they are the same, and will then know if it was indeed Alice who sent the message. For our purposes, you can instead think that Alice uses as her name Alice coupled with some nulls that change from message to message – xAliceet or mnAliceW.
Page 1 and 2:
Cryptology: An Historical Introduct
Page 3 and 4:
Contents List of Figures 8 1 Caesar
Page 5 and 6:
CONTENTS 5 9 Digraphic Ciphers 167
Page 7 and 8:
List of Figures 1.1 Saint Cyr Slide
Page 9 and 10:
Chapter 1 Caesar Ciphers There are
Page 11 and 12:
11 Examples: Encipher or decipher t
Page 13 and 14:
1.1. SAINT CYR SLIDE 13 paper turne
Page 15 and 16:
1.3. FREQUENCY ANALYSIS 15 PX PBEE
Page 17 and 18:
1.3. FREQUENCY ANALYSIS 17 A bit mo
Page 19 and 20:
1.3. FREQUENCY ANALYSIS 19 Examples
Page 21 and 22:
1.4. LINQUIST’S METHOD 21 the cip
Page 23 and 24:
1.7. EXERCISES 23 12. What is the m
Page 25 and 26:
1.7. EXERCISES 25 (d) VTXLTKBTG LXV
Page 27 and 28:
1.7. EXERCISES 27 (d) IKSUT JKIOT K
Page 29 and 30:
Chapter 2 Cryptologic Terms Cryptog
Page 31 and 32:
Chapter 3 The Introduction of Numbe
Page 33 and 34:
3.1. THE REMAINDER OPERATOR 33 Exam
Page 35 and 36:
3.1. THE REMAINDER OPERATOR 35 Perf
Page 37 and 38:
3.1. THE REMAINDER OPERATOR 37 As a
Page 39 and 40:
3.2. MODULAR ARITHMETIC 39 While %
Page 41 and 42:
3.3. DECIMATION CIPHERS 41 previous
Page 43 and 44:
3.4. DECIPHERING DECIMATION CIPHERS
Page 45 and 46:
3.6. KOBLITZ’S KID-RSA AND PUBLIC
Page 47 and 48:
3.6. KOBLITZ’S KID-RSA AND PUBLIC
Page 49 and 50:
3.9. EXERCISES 49 8. How do we enci
Page 51 and 52:
3.9. EXERCISES 51 (c) Encipher 54 4
Page 53 and 54:
3.9. EXERCISES 53 (b) Encipher secr
Page 55 and 56:
Chapter 4 The Euclidean Algorithm I
Page 57 and 58:
4.2. GCD’S AND THE EUCLIDEAN ALGO
Page 59 and 60:
4.3. MULTIPLICATIVE INVERSES 59 (2)
Page 61 and 62:
4.3. MULTIPLICATIVE INVERSES 61 (2)
Page 63 and 64:
4.4. DECIPHERING DECIMATION AND LIN
Page 65 and 66:
4.5. BREAKING DECIMATION AND LINEAR
Page 67 and 68:
4.6. SUMMARY 67 To put it more blun
Page 69 and 70:
4.8. EXERCISES 69 5. Here we work w
Page 71 and 72:
Chapter 5 Monoalphabetic Ciphers He
Page 73 and 74:
5.2. KEYWORD MIXED CIPHERS 73 Examp
Page 75 and 76:
5.4. INTERRUPTED KEYWORD CIPHERS 75
Page 77 and 78:
5.6. BASIC LETTER CHARACTERISTICS 7
Page 79 and 80:
5.7. ARISTOCRATS 79 the 69971 or 42
Page 81 and 82:
5.9. TOPICS AND TECHNIQUES 81 5.9 T
Page 83 and 84:
5.10. EXERCISES 83 (h) DYVTP KKIQ.
Page 85 and 86:
5.10. EXERCISES 85 13. Ciphers in w
Page 87 and 88:
5.10. EXERCISES 87 17. General Pier
Page 89 and 90:
Chapter 6 Decrypting Monoalphabetic
Page 91 and 92:
6.2. DECRYPTING MONOALPHABETIC CIPH
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
6.3. SUKHOTIN’S METHOD FOR FINDIN
Page 99 and 100:
6.4. FINAL MONOALPHABETIC TRICKS 99
Page 101 and 102:
6.5. SUMMARY 101 our ciphertext muc
Page 103 and 104:
6.7. EXERCISES 103 Frequency count:
Page 105 and 106:
6.7. EXERCISES 105 53++!305))6*;482
Page 107 and 108:
6.7. EXERCISES 107 93 93 82 48 39 6
Page 109 and 110:
Chapter 7 Vigenère Ciphers It was
Page 111 and 112:
7.2. TRITHEMIUS, THE FATHER OF BIBL
Page 113 and 114:
7.3. BELASO, THE UNKNOWN AND PORTA,
Page 115 and 116:
7.4. VIGENÈRE CIPHERS 115 to encip
Page 117 and 118:
7.6. HOW TO BREAK VIGENÈRE CIPHERS
Page 119 and 120:
7.6. HOW TO BREAK VIGENÈRE CIPHERS
Page 121 and 122:
7.7. THE KASISKI TEST 121 Kasiski
Page 123 and 124:
7.8. SUMMARY 123 Repetition Start P
Page 125 and 126:
7.10. EXERCISES 125 2. Little Miss
Page 127 and 128:
7.10. EXERCISES 127 to Gen. E. K. S
Page 129 and 130:
7.10. EXERCISES 129 MEJMY JKXCD LCN
Page 131 and 132:
7.10. EXERCISES 131 22. (a) Use Kas
Page 133 and 134:
7.10. EXERCISES 133 (a) Construct a
Page 135 and 136:
Chapter 8 Polyalphabetic Ciphers Th
Page 137 and 138:
8.1. COINCIDENCES 137 (being born o
Page 139 and 140:
8.2. THE MEASURE OF ROUGHNESS 139 I
Page 141 and 142:
8.2. THE MEASURE OF ROUGHNESS 141 P
Page 143 and 144:
8.3. THE FRIEDMAN TEST 143 The Frie
Page 145 and 146:
8.4. MULTIPLE ENCIPHERINGS 145 Bein
Page 147 and 148:
8.4. MULTIPLE ENCIPHERINGS 147 Just
Page 149 and 150:
8.5. VIGENÈRE’S AUTO KEY CIPHER
Page 151 and 152:
8.5. VIGENÈRE’S AUTO KEY CIPHER
Page 153 and 154:
8.6. PERFECT SECRECY 153 invent now
Page 155 and 156:
8.8. TERMS AND TOPICS 155 multiple
Page 157 and 158:
8.9. EXERCISES 157 6. As is this on
Page 159 and 160:
8.9. EXERCISES 159 13. It has been
Page 161 and 162:
8.9. EXERCISES 161 This is Equation
Page 163 and 164:
8.9. EXERCISES 163 A: AB CDE FGH I
Page 165 and 166:
8.9. EXERCISES 165 26. Decipher SVQ
Page 167 and 168:
Chapter 9 Digraphic Ciphers Althoug
Page 169 and 170:
9.1. POLYGRAPHIC CIPHERS 169 f a g
Page 171 and 172:
9.2. HILL CIPHERS 171 th 2.96 es 1.
Page 173 and 174:
9.2. HILL CIPHERS 173 We will be us
Page 175 and 176:
9.3. RECOGNIZING AND BREAKING POLYG
Page 177 and 178:
9.4. PLAYFAIR 177 Playfair Ciphers:
Page 179 and 180:
9.5. SUMMARY 179 9.5 Summary Polygr
Page 181 and 182:
9.7. EXERCISES 181 (b) The use of
Page 183 and 184:
9.7. EXERCISES 183 10. Just as we c
Page 185 and 186:
9.7. EXERCISES 185 (d) (For those(
Page 187 and 188:
9.7. EXERCISES 187 The rules that W
Page 189 and 190:
Chapter 10 Transposition Ciphers In
Page 191 and 192:
10.3. TURNING GRILLES 191 1 2 3 7 4
Page 193 and 194:
10.4. COLUMNAR TRANSPOSITION 193 co
Page 195 and 196:
10.5. TRANSPOSITION VS. SUBSTITUTIO
Page 197 and 198: 10.6. LETTER CONNECTIONS 197 F 2 G
Page 199 and 200: 10.7. BREAKING THE COLUMNAR TRANSPO
Page 201 and 202: 10.8. DOUBLE TRANSPOSITION 201 Sinc
Page 203 and 204: 10.9. TRANSPOSITION DURING THE CIVI
Page 205 and 206: 10.9. TRANSPOSITION DURING THE CIVI
Page 207 and 208: 10.10. THE BATTLE OF THE CIVIL WAR
Page 209 and 210: 10.13. EXERCISES 209 14. What is a
Page 211 and 212: 10.13. EXERCISES 211 and the second
Page 213 and 214: 10.13. EXERCISES 213 evening Adam h
Page 215 and 216: 10.13. EXERCISES 215 Several codewo
Page 217 and 218: 10.13. EXERCISES 217 4. (which is t
Page 219 and 220: Chapter 11 Knapsack Ciphers Merkle
Page 221 and 222: 11.3. AN EASY KNAPSACK PROBLEM 221
Page 223 and 224: 11.4. THE KNAPSACK CIPHER SYSTEM 22
Page 225 and 226: 11.4. THE KNAPSACK CIPHER SYSTEM 22
Page 227 and 228: 11.5. PUBLIC KEY CIPHER 227 Even wi
Page 229 and 230: 11.8. EXERCISES 229 2. Given the we
Page 231 and 232: Chapter 12 RSA Take two large prime
Page 233 and 234: 12.1. FERMAT’S THEOREM 233 Exampl
Page 235 and 236: 12.3. COMPLICATION II: A SUBSTANTIA
Page 237 and 238: 12.3. COMPLICATION II: A SUBSTANTIA
Page 239 and 240: 12.5. COMPLICATION IV: THE LAST ONE
Page 241 and 242: 12.6. PUTTING IT ALL TOGETHER 241 1
Page 243 and 244: 12.8. RSA 243 The RSA Algorithm Set
Page 245 and 246: 12.9. RSA AND PUBLIC KEYS 245 There
Page 247: 12.10. HOW TO BREAK RSA 247 had to
Page 251 and 252: 12.14. EXERCISES 251 6. What is a
Page 253 and 254: 12.14. EXERCISES 253 Bob is going t
Page 255 and 256: Bibliography [Antonucci] Michael An
Page 257: BIBLIOGRAPHY 257 [Shamir] [SRA] A.
show all

Cryptology - Unofficial St. Mary's College of California Web Site

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?