Embed Size (px)
Citation preview
Announcements:Announcements: HW3 updated. Due next HW3 updated. Due next ThursdayThursday Written quiz todayWritten quiz today Computer quiz next Computer quiz next Friday Friday on breaking codes from on breaking codes from
chapter 2chapter 2
Today: Today: Three-pass protocol Three-pass protocol QuizQuiz
Questions?Questions?
DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 12Day 12
Wrapping up Fermat and EulerWrapping up Fermat and Euler
We skipped the proof of Fermat’s Little We skipped the proof of Fermat’s Little Theorem in the text.Theorem in the text. Be sure to read itBe sure to read it
You are also prepared to read the rest of You are also prepared to read the rest of chapter 3 at your own pace.chapter 3 at your own pace.
Three-pass protocolThree-pass protocol
How can Alice get a secret message to How can Alice get a secret message to Bob without an established key?Bob without an established key?
Can do it with locks.Can do it with locks.
First 2 volunteers get to do the live demoFirst 2 volunteers get to do the live demo
Three-pass protocolThree-pass protocol
Situation: Alice wants to get a short Situation: Alice wants to get a short message to Bob, but they don’t have an message to Bob, but they don’t have an established key to transmit it.established key to transmit it.
Can do with locks:Can do with locks:
Three-pass protocolThree-pass protocol
Situation: Alice wants to get a short Situation: Alice wants to get a short message to Bob, but they don’t have an message to Bob, but they don’t have an established key to transmit it.established key to transmit it.
Can do with locks:Can do with locks:
Three-pass protocolThree-pass protocol
Situation: Alice wants to get a short Situation: Alice wants to get a short message to Bob, but they don’t have an message to Bob, but they don’t have an established key to transmit it.established key to transmit it.
Can do with locks:Can do with locks:
Three-pass protocolThree-pass protocol
Situation: Alice wants to get a short Situation: Alice wants to get a short message to Bob, but they don’t have an message to Bob, but they don’t have an established key to transmit it.established key to transmit it.
Can do with locks:Can do with locks:
Note: it’s always secured by one of their locks
Now with “Fermat’s locks”Now with “Fermat’s locks”
K: the secret messageK: the secret message
p: a public prime number > Kp: a public prime number > K
The two locks:The two locks: a: Alice’s random #, gcd(a,p-1)=1a: Alice’s random #, gcd(a,p-1)=1 b: Bob’s random #, gcd(b,p-1)=1b: Bob’s random #, gcd(b,p-1)=1
To unlock their locks:To unlock their locks: aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)
Now with “Fermat’s locks”Now with “Fermat’s locks”K: the secret K: the secret messagemessagep: a public prime p: a public prime number > Knumber > KThe two locks:The two locks:
a: Alice’s random a: Alice’s random #, gcd(a,p-1)=1#, gcd(a,p-1)=1
b: Bob’s random b: Bob’s random #, gcd(b,p-1)=1#, gcd(b,p-1)=1
To unlock their To unlock their locks:locks:
aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)
Three-pass protocol:Three-pass protocol:Alice computes KAlice computes Ka a (mod p) and sends to (mod p) and sends to
BobBobBob computes (KBob computes (Kaa))b b (mod p) and sends it (mod p) and sends it
backbackAlice computes ((KAlice computes ((Kaa))b b ))inv(a) inv(a) (mod p) and (mod p) and
sends it backsends it backBob computes (((KBob computes (((Kaa))b b ))inv(a)inv(a)))inv(b) inv(b) (mod p) (mod p)
and reads Kand reads K
Now with “Fermat’s locks”Now with “Fermat’s locks”K: the secret K: the secret messagemessagep: a public prime p: a public prime number > Knumber > KThe two locks:The two locks:
a: Alice’s random a: Alice’s random #, gcd(a,p-1)=1#, gcd(a,p-1)=1
b: Bob’s random b: Bob’s random #, gcd(b,p-1)=1#, gcd(b,p-1)=1
To unlock their To unlock their locks:locks:
aa-1-1 mod (p-1) mod (p-1) bb-1-1 mod (p-1) mod (p-1)
Three-pass protocol:Three-pass protocol:Alice computes KAlice computes Ka a (mod p) and sends to (mod p) and sends to
BobBobBob computes (KBob computes (Kaa))b b (mod p) and sends it (mod p) and sends it
backbackAlice computes ((KAlice computes ((Kaa))b b ))inv(a) inv(a) (mod p) and (mod p) and
sends it backsends it backBob computes (((KBob computes (((Kaa))b b ))inv(a)inv(a)))inv(b) inv(b) (mod p) (mod p)
and reads Kand reads K
Toy example:3617 (mod 59) = 121221 (mod 59) = 454541 (mod 59) = 484847 (mod 59) = 36
36
59
17
21
41
47
Why’s it work?
Recall the basic principleRecall the basic principle
When dealing with numbers mod n, we When dealing with numbers mod n, we can deal with their exponents mod _____can deal with their exponents mod _____
Only look at once you’ve thought about Only look at once you’ve thought about this…this… Given integers a and b,Given integers a and b, Since aaSince aa-1-1=bb=bb-1-1=1(mod p-1)=1(mod p-1) What’s K^(abaWhat’s K^(aba-1-1bb-1-1) (mod p)?) (mod p)?
Final thoughtFinal thought
Trappe and Washington say that it’s Trappe and Washington say that it’s vulnerable to an “intruder-in-the-middle” vulnerable to an “intruder-in-the-middle” attack. Think about this…attack. Think about this…
Some levity before the examSome levity before the exam
http://xkcd.com/c177.htmlhttp://xkcd.com/c177.html
Thanks to Nathan for the link!Thanks to Nathan for the link!
QuizQuiz
Closed book and computerClosed book and computer
Get out note sheet: Get out note sheet: 1 handwritten sheet of 8.5 x 11 paper, one 1 handwritten sheet of 8.5 x 11 paper, one
side only.side only.
