t 79 159 cryptography and data security
play

T-79.159 Cryptography and Data Security Lecture 8: - Finite fields - PDF document

Aug 03, 2023 •233 likes •346 views

T-79.159 Cryptography and Data Security Lecture 8: - Finite fields and cyclic groups Kaufman et al: Ch 6 - Discrete Logarithm Problem Stallings: Ch 5, 8, 10 - Diffie-Hellman key agreement scheme - ElGamal public key encryption 1 Axioms:

  1. T-79.159 Cryptography and Data Security Lecture 8: - Finite fields and cyclic groups Kaufman et al: Ch 6 - Discrete Logarithm Problem Stallings: Ch 5, 8, 10 - Diffie-Hellman key agreement scheme - ElGamal public key encryption 1 Axioms: Group Group (G, ∗ ): A set G, with operation ∗ . Additive group: “ ∗ ” is addition + Multiplicative group: “ ∗ ” is multiplication · Axiom 1: G is closed under the operation ∗ , that is, given a ∈ G and b ∈ G, then a ∗ b ∈ G. Axiom 2: Operation ∗ is associative, that is, given a ∈ G,b ∈ G and c ∈ G, then (a ∗ b) ∗ c = a ∗ (b ∗ c). Axiom 3: There is an identity element in (G, ∗ ), that is, an element e ∈ G (identity element) such that a ∗ e = e ∗ a = a, for all a ∈ G. Then e is denoted by 1 (general and multiplicative case), or by 0 (additive case) Axiom 4: Every element has an inverse, that is, given a ∈ G there is a unique b ∈ G such that a ∗ b = b ∗ a = e. Then b is denoted by a -1 (general or multiplicative case) or by –a (additive case). 2 1

  2. Axioms: Abelian Group Axiom 5: Group (G, ∗ ) is Abelian group (or commutative group) if the operation ∗ is commutative, that is, given a ∈ G and b ∈ G, then a ∗ b = b ∗ a. 3 Axioms: Ring (R,+, ·) A set R with two operations + and · is a ring if the following eight axioms hold: A1: Axiom 1 for + A2: Axiom 2 for + (R,+) is an Abelian Group A3: Axiom 3 for + A4: Axiom 4 for + A5: Axiom 5 for + M1: Axiom 1 for · M2: Axiom 2 for · M3: Distributive laws hold, that is, given a ∈ G,b ∈ G and c ∈ G, then a·(b+c) = a·b+a·c and (a+b)·c = a·c+b·c. 4 2

  3. Axioms: Commutative Ring and Field A ring (R,+,·) is commutative if M4: Axiom 5 for multiplication holds A commutative ring (F,+,·) is a field if : M5: Axiom 3 for · in F-{0}, that is, a ∗ 1 = 1 ∗ a = a, for all a ∈ F, a ≠ 0. M6: Axiom 4 for · in F-{0}, that is, given a ∈ F, a ≠ 0, there is a unique a -1 ∈ F such that a ∗ a -1 = a -1 ∗ a = 1. If (F,+,·) is a field, then F ∗ = F-{0} with multiplication is a group. Example: p prime, then Z p ={a | 0 ≤ a<p} with modulo p addition and multiplication is a field and (Z p ∗ ,·) is a group. 5 Polynomial Arithmetic • Modular arithmetic with polynomials • We limit to the case where polynomials have binary coefficients, that is, 1+1 = 0, and + is the same as -. Example: 2 3 ( + + 1 )( + + 1 ) = x x x x 5 3 2 4 2 3 1 + + + + + + + + = x x x x x x x x 5 4 2 4 ( 1 ) (mod( 1 )) + = ⋅ + = ⋅ = + + x x x x x x x x x 4 mod( 1 ) Computation means that everywhere + x + x 4 1 0 we take ,which means, for example, that + x + = x 4 1 . + = x x 6 3

  4. Galois Field Given a binary polynomial f(x) of degree n, consider a set of binary polynomials with degree less than n. This set has 2 n polynomials. With polynomial arithmetic modulo f(x) this set is a ring. Faxt: If f(x) is irreducible, then this set with 2-ary (binary) polynomial arithmetic is a field denoted by GF(2 n ). In particular, every nonzero polynomial has a multiplicative inverse modulo f(x). We can compute a multiplicative inverse of a polynomial using the Extended Euclidean Algorithm. Example: Compute the multiplicative inverse of x 2 modulo x 4 +x+1 7 Extended Euclidean Algorithm for polynomials Example i q i r i u i v i x 4 +x+1 -2 0 1 -1 x 2 1 0 x 2 x 2 0 x+1 1 x 3 +1 1 x x x x 3 +x 2 +1 2 1 1 x+1 8 4

  5. Extended Euclidean Algorithm for polynomials Example cont’d So we get u 2 ⋅ x 2 + v 2 ⋅ (x 4 +x+1) = (x 3 +x 2 +1)x 2 +(x+1)(x 4 +x+1) from where the multiplicative inverse of x 2 modulo x 4 +x+1 is equal to x 3 +x 2 +1. Motivation for polynomial arithmetic: • uses all n-bit numbers • provides uniform distribution of the multiplication result 9 Example: Modulo 2 3 arithmetic compared to GF(2 3 ) arithmetic (multiplication). In GF(2 n ) arithmetic, we identify polynomials of degree less than n: 2 1 L − n + + + + a a x a x a n x 0 1 2 1 − K ( , , , , ) with bit strings of length n: a a a a 0 1 2 − 1 n and further with integers less than 2 n : 2 L − 1 2 2 2 n + + + + a a a a 0 1 2 1 − n Example: In GF(2 3 ) arithmetic with polynomial x 3 +x+1 (see next slide) we get: 4 ⋅ 3 = (100) ⋅ (011) = x 2 ⋅ (x+1)= x 3 + x 2 = (x+1) + x 2 = x 2 + x+1 = (111) = 7 10 5

  6. Multiplication tables modulo 8 arithmetic GF(2 3 ) Polynomial arithmetic 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 1 0 1 2 3 4 5 6 7 2 0 2 4 6 0 2 4 6 2 0 2 4 6 3 1 7 6 3 0 3 6 1 4 7 2 5 3 0 3 6 5 7 4 1 2 4 0 4 0 4 0 4 0 4 4 0 4 3 7 6 2 5 1 5 0 5 2 7 4 1 6 3 5 0 5 1 4 2 7 3 6 6 0 6 4 2 0 6 4 2 6 0 6 7 1 5 3 2 4 7 0 7 6 5 4 3 2 1 7 0 7 5 2 1 6 4 3 11 Generated set Example: Finite field Z 19 i g i g = 7 0 1 g i mod 19 1 7 2 49=11 3 77=1 4 7 5 11 … … 12 6

  7. Generated elements g i g i Example: Finite field Z 19 i i 0 1 10 17 g = 2 1 2 11 15 g i mod 19, i = 0,1,2,… 2 4 12 11 3 8 13 3 Element a = 2 generates 4 16 14 6 all nonzero elements in Z 19 . 5 13 15 12 Such an element is called 6 7 16 5 primitive. 7 14 17 10 8 9 18 1 9 18 13 Cyclic subgroups F finite field, g ∈ F*, let <g> denote the set generated by g; <g> = {1=g 0 ,g 1 ,g 2 ,…,g r-1 }, where r is the least positive number such that g r =1 in F. By Fermat’s and Euler’s theorems r ≤ # F*. r is the order of g. <g> is a subgroup of the multiplicative group F* of F. Axiom 1: g i ⋅ g j = g i+j ∈ <g>. Axiom 2: associativity is inherited from F Axiom 3: 1 = g 0 ∈ <g>. Axiom 4: Given g i ∈ <g> the multiplicative inverse is g r-i , as g i ⋅ g r-i = g r-i ⋅ g i = g r =1 <g> is called a cyclic group. The entire F* is a cyclic group generated by a primitive element, e.g, Z 19 * = <2>. 14 7

  8. Example: Cyclic group in Galois Field GF(2 4 ) with polynomial f(x) = x 4 + x + 1 g = 0011= x+1 g 2 = x 2 +1=0101 g 3 = (x+1)(x 2 +1) = x 3 + x 2 + x + 1 = 1111 g 4 = (x+1)(x 3 + x 2 + x + 1) = x 4 + 1 = x = 0010 g 5 = (x+1)(x 4 + 1) = x 5 + x 4 + x + 1 = x 2 + x = 0110 g 6 = (x+1)(x 2 + x) = x 3 + x = 1010 g 7 = (x+1)(x 3 + x) = x 4 + x 3 + x 2 + x = x 3 + x 2 +1= 1101 g 8 = (x+1)(x 3 + x 2 +1) = x 4 + x 2 +x+1= x 2 =0100 g 9 = (x+1)x 2 = x 3 + x 2 = 1100 g 10 = (x+1)(x 3 + x 2 )= x 2 + x + 1= 0111 g 11 = (x+1)(x 2 + x +1) = x 3 + 1 = 1001 g 12 = (x+1)(x 3 + 1) = x 3 = 1000 g 13 = (x+1)x 3 = x 3 + x + 1 = 1011 g 14 = (x+1)(x 3 + x + 1) = x 3 + x 2 +x = 1110 g 15 = (x+1)(x 3 + x 2 +x) = 1= 0001 15 Discrete logarithm Given a ∈ <g> = {1,g 1 ,g 2 ,…,g r-1 }, there is x, 0 ≤ x < r such that a =g x . The exponent x is called the discrete logarithm of a to the base g. Example: Solve the equation 2 = x 14 mod 19 We find the solution using the table (slide 13): x =7. Without the precomputed table the discrete logarithm is often hard to solve. Cyclic groups, where the discrete logarithm problem is hard, are used in cryptography. 16 8

  9. Diffie-Hellman Key Exchange ALICE BOB a secret b secret A = g a mod p B = g b mod p A B K = B a mod p K = A b mod p 17 Security of Diffie-Hellman Key Exchange • If the Discrete Logarithm Problem (DLP) is easy then DH KE is insecure • Diffie-Hellman Problem (DHP): Given g,g a ,g b , compute g ab . • It seems that in groups where the DHP is easy, also the DL is easy. It is unknown if this holds in general. • DH KE is secure against passive wiretapping. • DH KE is insecure under the active man-in-the-middle attack: Man- in-the-Middle exchanges a secret key with Alice, and another with Bob, while Alice believes that she is talking confidentially to Bob, and Bob believes he is talking confidentially to Alice (see next slide). • This problem is solved by authenticating the Diffie-Hellman key exchange messages. 18 9

  10. Man-in-the-Middle in the DH KE Carl Alice Bob (man-in-the-middle) a c1 g a g c1 g a g c1 b g b g b c2 g c2 g c2 K 1 = (g b ) c1 K 2 = (g a ) c2 K 1 = (g b ) c1 K 2 = (g a ) c2 Protection using K 2 Protection using K 1 19 Recall: The Principle of Public Key Cryptosystems Encryption operation is public Decryption is private anybody Alice decryption encryption Alice’s key for a public key cryptosystem is a pair: (K pub ,K priv ) where K pub is public and K priv is cannot be used by anybody else than Alice. 20 10

  11. Setting up the ElGamal public key cryptosystem • Alice selects a primitive element g in Z p * . • Alice generates a, 0< a < p-1, and computes g a mod p = A. • Alice’s public key: K pub = (g, A ) • Alice’s private key: K priv = a • Encryption of message m ∈ Z p * : Bob generates a secret, unpredictable k, 0< k < p-1. The encrypted message is the pair (g k mod p, (A k ⋅ m) mod p). • Decryption of the ciphertext: Alice computes (g k)a = A k mod p, and the multiplicative inverse of A k mod p. Then m = (A k ) -1 ⋅ (A k ⋅ m) mod p. Diffie-Hellman Key Exchange and ElGamal Cryptosystem can be generalised to any cyclic group, where the discrete logarithm problem is hard. 21 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP

T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP

T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP Kaufman et al: Ch 17, 11.2 SSL/TLS 18, 19 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy Email encryption program

566 views • 8 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography (&quot;secret writing&quot;): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday &amp; Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 19th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography Myth Where does security fail?

758 views • 72 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
Python Cryptography &amp; Security Jos Manuel Ortega | @jmortegac

Python Cryptography &amp; Security Jos Manuel Ortega | @jmortegac

Python Cryptography &amp; Security Jos Manuel Ortega | @jmortegac https://speakerdeck.com/jmortega Security Conferences INDEX 1 Introduction to cryptography 2 PyCrypto and other libraries 3 Django Security 4 OWASP &amp; Best Practices 5

881 views • 61 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
T-79.159 Cryptography and Data Security Lecture 9: Kaufman et al: - Principles of

T-79.159 Cryptography and Data Security Lecture 9: Kaufman et al: - Principles of

T-79.159 Cryptography and Data Security Lecture 9: Kaufman et al: - Principles of authentication Ch. 2; 6.5 - Digital signatures - DSS Stallings: Ch. 11.1-2; 13.1; 13.3 - Random number generation 1 Principles of message authentication

337 views • 6 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008 Outline Products Domains, Telematics, Product Security Cryptography

432 views • 29 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 15ws 1 / 72 Outline Cryptography

903 views • 88 slides
Lie Foliations Producing Harmonic Morphisms Sigmundur Gudmundsson Department of Mathematics

Lie Foliations Producing Harmonic Morphisms Sigmundur Gudmundsson Department of Mathematics

Harmonic Morphisms 3-dimensional Lie groups 4-dimensional Lie groups 5-dimensional Lie groups References Lie Foliations Producing Harmonic Morphisms Sigmundur Gudmundsson Department of Mathematics Faculty of Science Lund University

1.36k views • 54 slides
Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases

Fast Reduction of Bivariate Polynomials with Respect to Sufficiently Regular Gr obner Bases Joris van der Hoeven, Robin Larrieu Laboratoire dInformatique de lEcole Polytechnique (LIX) ISSAC 18 New York, USA 18 / 07 / 2018 Joris

419 views • 27 slides
On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University

On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University

On the Boomerang Uniformity of Cryptographic Sboxes Christina Boura and Anne Canteaut University of Versailles, France Inria Paris, France FSE 2019, Paris Boomerang attacks [Wagner 99] Combine differentials for two sub-ciphers: a E 0 d

634 views • 19 slides
Composition of Monads Jeremy E. Dawson Logic &amp; Computation Programme Automated Reasoning

Composition of Monads Jeremy E. Dawson Logic &amp; Computation Programme Automated Reasoning

Composition of Monads Jeremy E. Dawson Logic &amp; Computation Programme Automated Reasoning Group National ICT Australia Computer Sciences Laboratory Res. Sch. of Inf. Sci. and Eng. Australian National University Jeremy.Dawson@nicta.com.au

450 views • 23 slides
Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris

Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris

Fast Gr obner basis computation and polynomial reduction for generic bivariate ideals Joris van der Hoeven, Robin Larrieu Laboratoire dInformatique de lEcole Polytechnique (LIX) JNCF 2019 Luminy 05th February 2019 Joris van der

881 views • 56 slides
Thermodynamic singularities of QCD in the complex baryo-chemical potential plane and the extended

Thermodynamic singularities of QCD in the complex baryo-chemical potential plane and the extended

Thermodynamic singularities of QCD in the complex baryo-chemical potential plane and the extended analyticity conjecture David Mesterhzy Albert Einstein Center for Fundamental Physics, Universitt Bern In collaboration with: Misha Stephanov,

1.18k views • 29 slides
An accessibility evaluation of faculties websites Katj a Kous University of Maribor The

An accessibility evaluation of faculties websites Katj a Kous University of Maribor The

An accessibility evaluation of faculties websites Katj a Kous University of Maribor The Faculty of Electrical Engineering and Computer S cience Agenda Motivation Web accessibility Web Content Accessibility Guidelines (WCAG

534 views • 18 slides
rtr s tt

rtr s tt

rtr s tt ttrr

668 views • 25 slides

More recommend