• Symmetric encryption

  • Alice: want to send message $m$ to Bob
  • Eve: can check what's being sent on channel
  • encryption scheme
    • $En{c}_k:{\sum }^{\ast }\to {\sum }^{\ast }$
    • $De{c}_k:{\sum }^{\ast }\to {\sum }^{\ast }$
    • s.t. $De{c}_k(En{c}_k(m))=m$
  • public: encrypted text, length of original / encrypted text
  • old ways: maintaining algorithms private
    • problem: leakage requires complete redesign of algorithm
    • thus: let $Enc,Dec$ based on shared key $k$ of Alice and Bob
  • algorithm: called symmetric as same key is used for both encryption & decryption

• One-time pad

  • $m$: binary seq. of length $n$
    • same for $k$
  • let $En{c}_k(m)=m\oplus k$
    • $De{c}_k(c)=c\oplus k$
    • then $De{c}_k(En{c}_k(m))=De{c}_k(m\oplus k)=m\oplus k\oplus k=m$
    • $\forall c\forall m\exists k,c=m\oplus k$
      • given $c$, all $m$ have the same chance of appearing!
  • let $m,k\in [0,n-1]$
    • then $En{c}_k(m)=m+k\mathrm{mod}n$
    • $De{c}_k(c)=c-k\mathrm{mod}n$
      • has the same property
  • reusing $k$: should be avoided (provides statistical data)
    • use RNG from previous $k$ value for $k^{\prime }$
  • but, how can we have shared key in the first place?
    • Diffie-Hellman-Merkle key exchange!

• Diffie-Hellman-Merkle key exchange

  • procedure: (can be done by either Alice / Bob)
    1. choose a large prime number $p$ (~= 1000 digits), and publish
       • from now on: all computation are $\mathrm{mod}p$
    2. choose a primitive root $g$, and announce
       • $g$: p.r. if $\{g^0,g^1,g^2,\dots ,g^{p-2}\}=\{1,2,3,\dots ,p-1\}$
       • e.g. $2$: primitive root for $11$

graph LR
         1((1));2((2));3((3))
         4((4));5((5));6((6))
         7((7));8((8));9((9))
         10((10))
         2-->4;
         4-->8;8-->5;5-->10;
         10-->9;9-->7;7-->3;
         3-->6;6-->1;1-->2

   - finding primitive root: fairly easy
     - choose random number, and check if it is a primitive root
3. Alice and Bob: chooses secret <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8889em;vertical-align:-0.1944em;"></span><span class="mord mathnormal">a</span><span class="mpunct">,</span><span class="mspace" style="margin-right:0.1667em;"></span><span class="mord mathnormal">b</span></span></span></span> respectively
4. Alice: publishes <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.9444em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.6644em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">a</span></span></span></span></span></span></span></span><span class="mord">%</span><span class="mord mathnormal">p</span></span></span></span>, Bob publishes <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1.0435em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span></span></span></span></span><span class="mord">%</span><span class="mord mathnormal">p</span></span></span></span>
   - system: based on discrete logarithm problem
     - which no one knows efficient algorithm
       - 👨‍🏫 yet mathematicians didn't prove it so far
     - problem: given <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8588em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.6644em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">a</span></span></span></span></span></span></span></span><span class="mpunct">,</span><span class="mspace" style="margin-right:0.1667em;"></span><span class="mord mathnormal" style="margin-right:0.03588em;">g</span></span></span></span>, compute <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.4306em;"></span><span class="mord mathnormal">a</span></span></span></span>
5. Alice: computes <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1.0435em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mathnormal mtight">ab</span></span></span></span></span></span></span></span></span><span class="mspace" style="margin-right:0.2778em;"></span><span class="mrel">=</span><span class="mspace" style="margin-right:0.2778em;"></span></span><span class="base"><span class="strut" style="height:1.0991em;vertical-align:-0.25em;"></span><span class="mopen">(</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span></span></span></span></span><span class="mclose"><span class="mclose">)</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.6644em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">a</span></span></span></span></span></span></span></span><span class="mord">%</span><span class="mord mathnormal">p</span></span></span></span>
   - and Bob <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1.0991em;vertical-align:-0.25em;"></span><span class="mopen">(</span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.6644em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">a</span></span></span></span></span></span></span></span><span class="mclose"><span class="mclose">)</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mathnormal mtight">b</span></span></span></span></span></span></span></span><span class="mord">%</span><span class="mord mathnormal">p</span></span></span></span>
   - Eve: cannot compute <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1.0435em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mathnormal mtight">ab</span></span></span></span></span></span></span></span></span></span></span></span> efficiently
     - Diffie-Hellman-Merkle "assumption"
   - <span class="katex"><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.6944em;"></span><span class="mord mathnormal" style="margin-right:0.03148em;">k</span><span class="mspace" style="margin-right:0.2778em;"></span><span class="mrel">:=</span><span class="mspace" style="margin-right:0.2778em;"></span></span><span class="base"><span class="strut" style="height:1.0435em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal" style="margin-right:0.03588em;">g</span><span class="msupsub"><span class="vlist-t"><span class="vlist-r"><span class="vlist" style="height:0.8491em;"><span style="top:-3.063em;margin-right:0.05em;"><span class="pstrut" style="height:2.7em;"></span><span class="sizing reset-size6 size3 mtight"><span class="mord mtight"><span class="mord mathnormal mtight">ab</span></span></span></span></span></span></span></span></span></span></span></span>

• Public key cryptography

  • aka asymmetric encryption
  • different keys are used for encryption & decryption
  • Bob: with key $e,d$
    • $e$: public key, for encryption
    • $d$: private key, for decryption
    • s.t. $De{c}_d(En{c}_e(m))=m$
  • new protocol: ElGamal encryption
    • Bob: chooses a prime $p$, and primitive root $g$, secret value $b$
      • and computes $g^b\%p$
      • publishes: $e:=(p,g,g^b\%p)$
        • anyone: can lookup $e$ and evaluate
        • 👨‍🏫 non-interactive!
      • $d:=b$
    • Alice: to send $m$ to Bob
      • choose secret $a$, compute $g^a$
      • compute $g^{ab}=(g^b{)}^a$
      • sends the result: $Enc(m):=(g^a,m+g^{ab}\%p)$
      • 👨‍🏫 notice, many people can send message to Bob
        • without additional interaction (except decryption)
    • Bob: decrypts message by:
      • compute $g^{ab}=(g^a{)}^b\mathrm{mod}p$
      • and subtract it from $m+g^{ab}$

• RSA

  • 👨‍🏫: why not make keys simpler?
  • let $e,d\in [0,n-1]$
  • $En{c}_e(m)=m^e\mathrm{mod}p$
  • $De{c}_d(c)=c^d\mathrm{mod}p$
  • s.t. $\forall m,m^{ed}=m$
  • $m^{ed-1}=1⟹m^{ed}=m$
    • and $p-1|ed-1⟹m^{ed-1}=1$
    • $ed-1=0\mathrm{mod}(p-1)$
    • $ed=1\mathrm{mod}(p-1)$
    • $e=d^{-1}\mathrm{mod}(p-1)$
  • idea: choose random $d$ s.t. MMI exist
  • Bob: choose $p,d,e=d^{-1}\%p$
    • publish $p,e$
  • Alice: send $m^e\mathrm{mod}p$
  • and $(m^e{)}^d=m^{ed}=m$
  • problem: $e=d^{-1}\mathrm{mod}(p-1)$
    • thus computing $d$ is easy!
    • 👨‍🏫 anyone can decrypt! useless encryption scheme!