Cryptography: Where Complexity Comes in Handy
Cryptography: Where Complexity Comes in Handy
Cryptography: Where Complexity Comes in Handy
Complexity 1
©D.Moshkovitz
The Amazing Adventures of
Alice and Bob
extremely
secret
message
Alice Bob
eavesdropper
Complexity 2
©D.Moshkovitz
PAP 279-298
Introduction
• Objectives:
– To introduce the subject of cryptography
and its tight connection to complexity
• Overview:
– Public key cryptography
– One-Way Functions and Trapdoor functions
– RSA
Complexity 3
©D.Moshkovitz
Intuitive Approach
encoding decoding
key key
E(e, )D(d, )
extremely
secret
message
Alice Bob
eavesdropper
Complexity 4
©D.Moshkovitz
Simple Implementation:
Problem!
Just XOR!
Agree first on some random string e.
e e( )
extremely
secret
message
Alice Bob
eavesdropper
Complexity 5
©D.Moshkovitz
Solution:
Public-Key Cryptosystems
• Bob generates a pair of keys
• Publishes E
• Keeps D private
Bob
E(x)
D(y)
Complexity 6
©D.Moshkovitz
Encryption: Requirements
• “Easy”
(so everyone can send Bob encrypted
messages)
• “Hard to invert”
(so no one can break the encryption)
Complexity 7
©D.Moshkovitz
SIP 375
M
kkN
M Nnn N
NPr
PrM,w
M,w
nn
R
R
M
M f
f w
w
y
y where
where f
f y
y
f
f w
w
n
n
kk
Complexity 8
©D.Moshkovitz
One-Way
For sufficiently
large natural n
M inverts f correctly on
For any Turing
Machine M
at most n-k of the inputs
choices made by M
random selection of w
Complexity 9
©D.Moshkovitz
Applications: Authentication
• Many users may login to a network
• Each user has a password
• The database can be read by everyone
Complexity 10
©D.Moshkovitz
How to Authenticate Using
OWF? One-Way Function
• Encrypt each password with a OWF.
• Store only the encrypted password.
• When this user tries to login…
– Encrypt the password she entered
– Compare to the stored password
MyPass1234 2iB>S\]1%^o
MyPass1234 2iB>S\]1%^o
Complexity 11
©D.Moshkovitz
Do One-Way Functions Exist?
• Believed to…
• OWF P≠NP.
Complexity 12
©D.Moshkovitz
Do One-Way Functions
Suffice?
Problem: How would Bob generate D(y)?
D is so hard,
I don’t know how to
compute it myself…
Bob
Complexity 13
©D.Moshkovitz
Trapdoor Functions
family of functions which are
hard to invert
probabilistic
polynomial-time f1
TM
index f2
f3
G
…
the key to
invert that
function
Complexity 14
©D.Moshkovitz
SIP 376-377
Definition:
A length preserving indexing function
f:** * is a trapdoor function,
if there exist f(i,w)=f (w)
i
• a function h:** *
decoder
which satisfy:
Complexity 15
©D.Moshkovitz
SIP 376-377
Complexity 16
©D.Moshkovitz
RSA
• A public-key cryptosystem developed
by Rivest, Shamir and Adleman.
• Based on the (conjectured) hardness
of factoring.
Complexity 17
©D.Moshkovitz
Plan
1. Prime numbers: basic facts
and recent results.
2. Euler’s function.
3. Description of the RSA
cryptosystem.
Complexity 18
©D.Moshkovitz
PRIMES
• Instance: A number in binary
representation.
• Problem: To decide if this number is prime.
Complexity 19
©D.Moshkovitz
Is PRIMES in P ?!
What’s the problem with the following
trivial algorithm?
Input: a number N
Output: is N prime?
for i in 2..N do
for j in 2..N do
if i*j=N, return FALSE
return TRUE
Complexity 20
©D.Moshkovitz
Prime Numbers
• Fact 1: There are many prime numbers
(k/log k in the range [k]={1,…,k})
• Fact 2: ([AKS02]) Primality testing can
be done in time polynomial in log k.
• Question: How to choose a random
prime in [k] in time poly-log k?
Complexity 21
©D.Moshkovitz
Picking a Random Prime
• while didn’t-find-one
uniformly at random
– choose x R [k] [k]
– if x PRIMES
• return x
Complexity 22
©D.Moshkovitz
De-Randomization
• By Alon et Al and Naor and Naor,
there’s a deterministic construction
X of O(logk/2) numbers in [k] which
is -close to uniform.
If Prx [xS] > XS≠
R[k]
Complexity 23
©D.Moshkovitz
Euler’s Function
(n) = { m | 1 m < n AND gcd(m,n)=1 }
• Euler’s function: (n)=|(n)|
Example: (12)={1,2,3,4,5,6,7,8,9,10,11}
(12)={1,2,3,4,5,6,7,8,9,10,11} (12)=4
(12)=4
Complexity 24
©D.Moshkovitz
RSA
• To encrypt a message, write it as a number m, and
compute
EN,e(m) = me (mod N)
• To decrypt a cipher text c, compute
Dd(c) = cd (mod N)
• Now for (almost) any m,
– med m (mod N)
– And therefore: (me)d m (mod N)
Complexity 25
©D.Moshkovitz
The Public and Private Keys
• Choose two long random prime numbers p, q
– set N = pq
• Randomly choose an odd number e s.t:
– 1 < e < (N) Compute d
– gcd(e, (N)) = 1 using Euclid’s
• Let d be the inverse of e, namely gcd algorithm
ed 1 (mod (n))
Complexity 26
©D.Moshkovitz
Summary
• We presented the notion of Public Key
Cryptosystems and its well-known
implementation, RSA.
• We examined some of the underlying
assumptions of cryptography:
– Existence of one-way functions
– Existence of trapdoor functions
• These assumptions are stronger than the
standard complexity assumption P≠NP.
Complexity 27
©D.Moshkovitz