The topics covered in this lecture are: using crypto for security, RSA for encryption and message authentication, cracking keys, and modular exponentiation.

**Confidentiality**- Ensuring that others cannot eavesdrop on your data by obscuring it with encryption
**Integrity**- Ensuring that others have not changed the message by computing Message Authentication Codes (MACs) which are like a checksum of the data, but use encryption keys.
**Accountability**- Ensuring that people can be connected to their actions. Crypto can be used to verify identification publicly.

- The p and q are large prime numbers, and n = p*q.
- The public key is (e,n), where e is a number chosen randomly.
- The private key is d, where e*d=1 mod phi(n), and phi(n)=(p-1)(q-1).
- From Euler's theorem, we know that x
^{phi(n)}=1 mod n.

If we are given a message m, we can encrypt and decrypt the message using the
public and private keys of a user.

**Encryption**: Cipher text is computed by:

c = m^{e}mod n

**Decryption**: The original message is computed by:

p = c^{d}mod n

How do we know that the decrypted message p is the same as the original message m? We can use Euler's theorem:

- (m
^{e})^{d}mod n - = m
^{de}mod n - = m
^{1+k*phi(n)}mod n - = m*(m
^{phi(n)})^{k}mod n - = m*1
^{k}mod n

We can also use RSA to cryptographically sign messages. We do this by
computing a cryptographic hash (like MD5 or SHA1) on a message m to
obtain a digest, which we'll call s. Then the signed digest is computed
as r = s^{d} mod n. Then the public can verify that the
message is properly signed if r^{e} mod n==s.

Normally you want to keep information about your keys private. However,
if you know the factorization of n, then you have an advantage. You can
use the *Extended GCD*. The EGCD is like the GCD, but it gives three
outputs, w, z, and g. The value g = GCD(x,y), while EGCD also finds

w*x + z*y = gSo that if we ask for EGCD(e, phi(n)), we know that g=1 with high probability. (g=1 means that e and phi(n) are

w*e + z*phi(n) = g = 1where w is the multiplicative inverse mod phi(n). We use w as the secret decryption exponent (usually called d).

If you wanted to get access to the crypto keys in the library, how could you do that? Having access to the system helps. It turns out that you can compute statistics on the time and/or power required for the processor to compute crypto routines by running the routines many times. Those statistics can give insight into finding the values of the keys. Next time we will see more on how this is done. Until then, here is the code to compute exponentiation mod n.

Int modexp(x, e, n) { Int y = 1, z = x; while (e != 0) { if (e is odd) { y = y * z mod n; } z = z * z mod n; e = e div 2; } return y; }

[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | certserver ]

bsy+cse127w02@cs.ucsd.edu, last updated

email bsy.