Cryptography - Sage

More documents

Recommendations

Info

We would like to compute the value of d, but the SAGE function crt complains that themoduli p − 1 and q − 1 have a common factor.sage: gcd(p-1,q-1);6sage: (p-1).factor()2 * 3^3 * 13 * 23767 * 19475307419 * 3609932889503sage: (q-1).factor()2 * 3 * 17 * 5297 * 22123 * 152417 * 165217231734649We can divide q − 1 by 6 to remove the common factor, and so compute the Chineseremainder lifting as follows. Note first that the system is consistent — d 1 and d 2 are thesame modulo 6 since they are both inverses to e mod 6.sage: d1 mod 65sage: d2 mod 65Since (q −1)/6 is not divisible by 2 or 3, we can proceed with the Chinese remainder liftingwith p − 1 and (q − 1)/6.sage: d = crt([d1,d2],[p-1,(q-1).div(6)])sage: d35306758152215111348997570443072341096420788599987705538575Alternatively we could have computed the inverse exponent d in one step bysage: d = inverse_mod(e,lcm(p-1,q-1))sage: d35306758152215111348997570443072341096420788599987705538575Exercise 8.6 Use your exponents e, d, verify the identities mod p:for various random values of a.(a e ) d ≡ a mod n, (a d ) e ≡ a mod n, and a ed ≡ a mod n,Note that after construction of d, the primes p and q are not needed, but that withoutknowing the original factorization of n, Fermat’s little theorem does not apply, and findingthe inverse exponent for e is considered a hard problem.125
Solution. Now we can verify that e and d are inverses modulo p − 1 and modulo q − 1,and, moreover, that they determine inverse exponential maps modulo the RSA modulusn = pq.sage: (e*d).mod(p-1)1sage: (e*d).mod(q-1)1sage: n = p*qsage: m = random_prime(n)sage: c = m.powermod(e,n)sage: m == c.powermod(d,n)Truesage: m == m.powermod(e*d,n)TrueWe use the RSA cryptosystem in SAGE as follows. First begin with encoding ASCII textnumerically:sage: E := RSACryptosystem(128)sage: m = E.encoding(’The dog ate my lunch.’); m0101010001101000011001010010000001100100011011110110011100100\0000110000101110100011001010010000001101101011110010010000001\1011000111010101101110011000110110100000101110sage: E.decoding(m)’The dog ate my lunch.’Note that, as with LFSR cryptosystems, RSA encoding uses the information-preservingASCII bit encoding, and encoding and decoding are true inverses. Caution: we note thatprinting “decoded” ciphertext might render an terminal nonfunctional, since the resultingASCII text might contain escape characters which reset the terminal display.To encipher, first we must create a key pair:sage: (K, L) = E.random_key_pair()sage: K(49338921862830381807760291818994034053, 86398677368792768067556452456311743331)This returns a pair of inverse keys K and L. We will consider K to be the public K and L tobe the private key.N.B. The argument to RSACryptosystem specifies the number of bits in the RSA modulus.126 Appendix C. Solutions to Exercises
Page 1 and 2:
Author (David R. Kohel) /Title (Cry
Page 4 and 5:
CONTENTS1 Introduction to Cryptogra
Page 6:
PrefaceWhen embarking on a project
Page 10 and 11:
information. We introduce here some
Page 12 and 13:
ut strings in A ∗ map injectively
Page 14 and 15:
CHAPTERTWOClassical Cryptography2.1
Page 16 and 17:
LV MJ CW XP QO IG EZ NB YH UA DS RK
Page 18 and 19:
As a special case, consider 2-chara
Page 20 and 21:
Note that if d k = 1, then we omit
Page 22:
ExercisesSubstitution ciphersExerci
Page 25 and 26:
Ciphertext-only AttackThe cryptanal
Page 27 and 28:
of size n, suppose that p i is the
Page 29 and 30:
Note that ZKZ and KZA are substring
Page 31:
Checking possible keys, the partial
Page 34 and 35:
sage: X = pt.frequency_distribution
Page 36 and 37:
CHAPTERFOURInformation TheoryInform
Page 38 and 39:
For each of these we can extend our
Page 40 and 41:
in terms of the cryptosystem), then
Page 42 and 43:
CHAPTERFIVEBlock CiphersData Encryp
Page 44 and 45:
Deciphering. Suppose we begin with
Page 46 and 47:
The Advanced Encryption Standard al
Page 48 and 49:
1. Malicious substitution of a ciph
Page 50 and 51:
locks M j−1 , . . . , M 1 as well
Page 52:
where X = K ⊕ M = (X 1 , X 2 , X
Page 55 and 56:
6.2 Properties of Stream CiphersSyn
Page 57 and 58:
Exercise. Verify that the equality
Page 59 and 60:
n 2 n − 11 12 33 74 155 316 637 1
Page 61 and 62:
Exercise 6.6 In the previous exerci
Page 63 and 64:
Exercise 6.9 Compute the first 8 te
Page 65 and 66:
which holds since −4 = 17 + (−1
Page 67 and 68:
must therefore have a divisor of de
Page 69 and 70:
Shrinking Generator cryptosystemLet
Page 72 and 73:
CHAPTEREIGHTPublic Key Cryptography
Page 74 and 75:
Initial setup:1. Alice and Bob publ
Page 76 and 77:
We apply this rule in the RSA algor
Page 78 and 79:
the discrete logarithm problem (DLP
Page 80 and 81: Man in the Middle AttackThe man-in-
Page 82: Exercise 8.6 Fermat’s little theo
Page 85 and 86: k < p − 1 with GCD(k, p − 1) =
Page 88 and 89: CHAPTERTENSecret SharingA secret sh
Page 90: using any t shares (x 1 , y 1 ), .
Page 93 and 94: sage-------------------------------
Page 95 and 96: sage: x.is_unit?Type:builtin_functi
Page 97 and 98: Python (hence SAGE) has useful data
Page 99 and 100: sage: n = 12sage: for i in range(n)
Page 101 and 102: sage: I = [55+i for i in range(3)]
Page 103 and 104: sage: I = [7, 4, 11, 11, 14, 22, 14
Page 105 and 106: ExercisesRead over the above SAGE t
Page 107 and 108: 102
Page 109 and 110: Solution. The block length is the n
Page 111 and 112: Solution.below.The coincidence inde
Page 113 and 114: analysis of the each of the decimat
Page 115 and 116: arbitrary permutation of the alphab
Page 117 and 118: In order to understand naturally oc
Page 119 and 120: We do this by first verifying the e
Page 121 and 122: Solution.None provided.Linear feedb
Page 123 and 124: Multiplying each through by the con
Page 125 and 126: Solution. The linear complexity of
Page 127 and 128: If a, b, and c are as above, then f
Page 129: Exercise 8.5 Use SAGE to find a lar
Page 133 and 134: which has no common factors with p
Page 135 and 136: sage: p = 2^32+61sage: m = (p-1).qu
Page 137 and 138: sage: a5 := a^n5sage: c5 := c^n5sag
Page 139 and 140: The application of this function E
Page 141 and 142: 5. (∗) How many elements a of G h
Page 143: 1. The value f(0) of the polynomial
show all

Cryptography - Sage

Create successful ePaper yourself

Delete template?

Save as template?