Public Key
The major difficulty in designing a workable
public key cryptosystem is in figuring out how to
create a system in which we can reveal a
transform PA() without thereby revealing how to
compute the corresponding inverse
transformation SA().
PA(): public, SA(): secret, and M = SA(PA(M))
Factoring and Cryptograph
RSA public key system
1. p, q: two large prime numbers, chosen by
the receiver, and told to nobody else (not
even the sender!).
2. n: the product pq is n, and placed in the
public domain.
3. E: a random integer, placed in the public
domain by the receiver, who has first
made sure that E is relatively prime to
(p-1)(q-1).
4. P: a message that the sender would like
to send, though of as a string of bits
whose value lies in the range [0,n-1].
5. D: the decryption key that satisfies
DE 1 (mod (p-1)(q-1)).
1
A. Send a message C, where C PE (mod
n).
B. decode the message
CD PDE (mod n)
P(1 + t(p-1)(q-1)) (mod n)
P P t(p-1)(q-1) (mod n)
P (mod n)
Euler Theorem. P (p-1)(q-1) 1 (mod n)
Theoretical and Algorithmic Events
1. By randomly selecting and multiplying
together two 100-digit primes, one can create
a public key that cannot be “broken” in any
feasible amount of time with current
technology.
2. “The factoring large integer is easy, then
breaking the RSA cryptosystem is easy.”
The converse statement is unproved.
3. The number of primes less than n is
approximated by
(n) ~ n/ln n.
4. [Factoring large integers] We don’t even
know a probabilistic algorithm that return a
factor of a large composite integer, with
probability > 1/2, in polynomial time.
2
5. A probabilistic factoring algorithm that finds
factors in an average time that is only
exp{( 2 o(1)(lg lg lg n ) 0.5 }.
moderately exponential,
Hybrid or Key-management
1. Select a random key K for the fast
non-public-key cryptosystem, and encrypts M
using K, obtaining ciphertext C.
2. Encrypts K using RSA public key. (Note: K is
short, thus, compute PB(K) is easy.)
3. Transmits (C, PB(K)) to the receiver, who
decrypts PB(K) to obtain K, and uses K to
decrypt C, obtain M.
Digital signature: PA( SA (M))
3
The Story
[1976] DES (data encryption standard):
permutation and shuffling
Key distribution
[1975] Idea of the public key: Diffie, Hellman, and
Merkel, Stanford.
Protected by a computational intractable problem
MIT vs. Stanford: Factoring problem vs.
Knapsack problem (special case, failed)
[1977] RSA public key algorithm: Rivest, Shmir
and Adleman
[1977] A challenge of factoring a129 digitals
number, solved by 600 people with many
computers in 1994.
[1973] Another public key solution by Ellis and
Cox at GCHQ.
[1976] DH(Diffie-Hellman) public key algorithm,
Diffie, Hellman, and ElGamal; based upon the
DH Problem (DHP): it is conjectured (but not
proven) to be equivalent to the Discrete
Logarithm Problem (DLP).
"...no one can imagine a way of passing from ga
and gb to gab without first being able to determine
a or b; but it is conceivable that such a way might
exist".
The Diffie-Hellman problem in Z *n is at least as
difficult as the problem of factoring n.
4
Pretty Good Privacy (PGP)
[1991] Pretty good privacy (PGP) by Zimmerman
and ElGamal: DH (RSA, no longer supported
now)+ IDEA (Created by Xuejia Lai, a variation of
DES). http://pgpi.com
Freeware + Internet
Against PGP by FBI, …: 1993~1996
Impact to film makers: Mercury Rising, Enemy of
the State, …
Key escrow
Certification authorities: Verisign 1998
5