![Page 1: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/1.jpg)
Cryptography
Lecture 9
![Page 2: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/2.jpg)
民间传说着一则故事——“韩信点兵”。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿兵马也返回大本 营。当行至一山坡,忽有后军来报,说有楚军骑兵追来。只见远方尘土飞扬,杀声震天。汉军本来已十分疲惫,这时队伍大哗。韩信兵马到坡顶,见来敌不足五百 骑,便急速点兵迎敌。他命令士兵3 人一排,结果多出 2 名;接着命令士兵 5 人一排,结果多出 3 名;他又命令士兵 7 人一排,结果又多出 2 名。韩信马上向将士们 宣布:我军有 1073名勇士,敌人不足五百,我们居高临下,以众击寡,一定能打败敌人。汉军本来就信服自己的统帅,这一来更相信韩信是“神仙下凡”、“神 机妙算”。于是士气大振。一时间旌旗摇动,鼓声喧天,汉军步步进逼,楚军乱作一团。交战不久,楚军大败而逃。
Ancient Application of Number Theory
(from http://yangwen.blog.51cto.com/337928/98089)
![Page 3: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/3.jpg)
Ancient Application of Number Theory
![Page 4: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/4.jpg)
Cryptography
Alice Bob
Cryptography is the study of methods for
sending and receiving secret messages.
adversary
Goal: Even though an adversary can listen to your conversation,
the adversary can not learn what the message was.
message
![Page 5: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/5.jpg)
Cryptography
Alice Bob
adversary
Goal: Even though an adversary can listen to your conversation,
the adversary can not learn what the message was.
message -> f(message)
f(message)
encrypt the message decrypt the message
f(message) -> message
But the adversary has no clue how to obtain message from f(message)
A difficult goal!
![Page 6: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/6.jpg)
Key
Alice Bob
adversary
Goal: Even though an adversary can listen to your conversation,
the adversary can not learn what the message was.
message -> f(message,key)
f(message, key)
encrypt the message using the key decrypt the message using the key
f(message,key) -> message
But the adversary can not decrypt f(message,key) without the key
Use number theory!
![Page 7: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/7.jpg)
Turing’s Code (Version 1.0)
The first step is to translate a message into a number
“v i c t o r y”
-> 22 09 03 20 15 18 25
Beforehand The sender and receiver agree on a secret
key, which is a large number k.
Encryption The sender encrypts the message m by
computing:
m* = m · k
Decryption The receiver decrypts m by computing:
m*/k = m · k/k = m
![Page 8: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/8.jpg)
Turing’s Code (Version 1.0)
Alice Bob
adversary
mk
m = message k = keyencrypted message = mk
Why the adversary cannot figure out m?
mk = received message k = keydecrypted message = mk/k=m
The adversary doesn’t have the key k,
and so can only factor mk to figure out m,
but factoring is a difficult task to do.
![Page 9: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/9.jpg)
Turing’s Code (Version 1.0)
Alice Bob
adversary
mk
m = message k = keyencrypted message = mk
mk = received message k = keydecrypted message = mk/k=m
So why don’t we use this Turing’s code today?
Major flaw: if you use the same key to send two messages m and m’,
then from mk and m’k,
we can use gcd(mk,m’k) to figure out k,
and then decrypt every message.
![Page 10: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/10.jpg)
Turing’s Code (Version 2.0)
Beforehand The sender and receiver agree on a large prime p, which
may be made public. (This will be the modulus for all our arithmetic.)
They also agree on a secret key k in {1, 2, . . . , p − 1}.
Encryption The message m can be any integer in the set {0, 1, 2, . . .
, p − 1}. The sender encrypts the message m to produce m* by
computing:
m* = rem(mk, p)
Decryption Let k’ be the multiplicative inverse of k under modulo p.
m* mk (mod p)
m*k’ m (mod p)
m*k’ = m
![Page 11: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/11.jpg)
Turing’s Code (Version 2.0)
Alice Bob
adversary
m* = rem(mk,p)
m = message k = keyencrypted message = rem(mk,p)
Why the adversary cannot figure out m?
m* = received message k = keydecrypted message = m*k’ =m
Many m and k can produce m* as output,
just impossible to determine m without k.
Public information p
![Page 12: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/12.jpg)
Turing’s Code (Version 2.0)
Alice Bob
adversary
m* = rem(mk,p)
m = message k = keyencrypted message = rem(mk,p)
m* = received message k = keydecrypted message = m*k’ =m
If the adversary somehow knows m, then first compute m’ := multiplicative inverse of mm* mk (mod p)m*m’ k (mod p)So the adversary can figure out k.
Public information p
So why don’t we use this Turing’s code today?
plain-text attack
![Page 13: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/13.jpg)
Private Key Cryptosystem
Alice Bob
adversarymessage -> f(message,key)
f(message, key)
encrypt the message using the key decrypt the message using the key
f(message,key) -> message
But the adversary can not decrypt f(message,key) without the key
Two parties have to agree on a secret key, which may be difficult in practice.
If we buy books from Amazon, we don’t need to exchange a secret code.
Why is it secure?
![Page 14: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/14.jpg)
Public Key Cryptosystem
Alice Bob
adversarymessage -> f(message,Bob’s key)
f(message, Bob’s key)
encrypt the message using Bob’s key decrypt the message
f(message,Bob’s key) -> message
But the adversary can not decrypt f(message, Bob’s key)!
Public information: Key for Alice Public information: Key for Bob
Only Bob can decrypt the message sent to him!
How is it possible???
There is no need to have a secret key between Alice and Bob.
![Page 15: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/15.jpg)
RSA Cryptosystem
RSA are the initials of three ComputerScientists, Ron Rivest, Adi Shamir andLen Adleman, who discovered their algorithm when they were working together at MIT in 1977.
![Page 16: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/16.jpg)
How to Choose Public Key?
(The following slides are from HKUST COMP170.)
![Page 17: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/17.jpg)
How to Encrypt and Decrypt?
![Page 18: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/18.jpg)
Decryption
![Page 19: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/19.jpg)
Decryption
![Page 20: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/20.jpg)
Easy Case
![Page 21: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/21.jpg)
Interesting Case
![Page 22: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/22.jpg)
Decryption
![Page 23: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/23.jpg)
Decryption
![Page 24: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/24.jpg)
Prime Factors
![Page 25: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/25.jpg)
Decryption
![Page 26: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/26.jpg)
Correctness of RSA Cryptosystem
![Page 27: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/27.jpg)
Why is this Secret?
![Page 28: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/28.jpg)
RSA Example
![Page 29: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/29.jpg)
RSA Example
![Page 30: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/30.jpg)
Exponentiation mod n
![Page 31: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/31.jpg)
Exponentiation mod n
![Page 32: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/32.jpg)
Exponentiation mod n
![Page 33: Cryptography Lecture 9. 民间传说着一则故事 ——“ 韩信点兵 ” 。 秦朝末年,楚汉相争。一次,韩信将 1500 名将士与楚王大将李锋交战。 苦战一场,楚军不敌,败退回营,汉军也死伤四五百人,于是韩信整顿](https://reader035.vdocuments.mx/reader035/viewer/2022081415/56649cc25503460f94989848/html5/thumbnails/33.jpg)
Repeated Squaring