Upload
asher-randolph-simmons
View
227
Download
2
Embed Size (px)
Citation preview
Introduction to Information Security
Lecture 1: Introduction & Overview
2009. 6.
Prof. Kwangjo Kim
2
1. Lecture Overview
2. Basic terms
3. Quick overview on information security
4. Basic Number Theory
Contents
3
Lecture Overview
Objective:This course introduces the fundamental understanding on cryptography to apply for any secure system including classical, symmetric and asymmetric cryptosystem with mathematical background. We also deal with the cryptographic protocols and their applications. Experts in this area will give a special talk on hot issues in information security. After finishing this class, the students can gain the general knowledge and background on information security and cryptography to execute advanced research.
Course Webpagehttp://caislab.icu.ac.kr/Lecture/data/2009/summer/ice1212/
4
Instructor: Prof. Kwangjo KimAssistant: Zeen KimText: HandoutsReferences:
1. Wade Trappe, Lawrence C. Washington, “Introduction to Cryptography with Coding Theory”, 2nd Ed, 2005, Prentice Hall ISBN 0-13-186239-1
2. Richard A. Mollin, “An Introduction to Cryptography”, Chapman & Hall/CRC, 2001, ISBN 1-58488-127-5
Grading Policy: Midterm (35%), Final (35%), Quiz (10%), HW (10%), Attendance (10%)
Overview
5
Homework (Programming):
1st Half : Select one of 15 AES candidates after round 2 except Rijndael and program it with your favorite language. (Test: encryption and decryption of given test vector)
Deadline : 7/3, 2009
2nd Half : Select one of SHA-3 (round 1) candidates and program it with your favorite language. (Test: validation of given test vector)
Deadline : 7/31, 2009
6
Week Topic Remark
1 Overview, Number Theory 6/16, TA
2 Algebra and Classical Ciphers 6/18, Prof. & TA
3 Encryptions 6/23, Prof.
4 Digital Signatures 6/25, Prof.
5 Hash Functions 6/30, Prof. & TA
6 Other Cryptographic Primitives 7/2, Prof.
7 Midterm 7/7 or 7/9
Schedule (1/2)
7
Week Topic Remark
8 Special Talk : RFID/WSN Security 7/14, Hyunrok Lee
9 Special Talk : Ubiquitous Security 7/16, Jangseong Kim
10 Special Talk : Hacking and Malware 7/21, Hanyoung Noh and Sungbae Ji
11 Special Talk : ID based cryptography 7/23, Zeen Kim
12 Special Talk : E-passport and E-cash 7/28, Jeongkyu Yang
13 Special Talk : Mobile Phone Security 7/30, Jaemin Park
14 Final Exam 8/4 or 8/6
Schedule (2/2)
8
1. Basic Terms
Lots of new terminologies in every new fields…
9
Data recording of “something” measured Raw material, just measured
Information Information is the result of processing, manipulating and or-
ganizing data in a way that adds to the knowledge of the re-ceiver.
Processed data
Knowledge Knowledge is normally processed by means of structuring,
grouping, filtering, organizing or pattern recognition. Highly structured information
What is Information Security?
10
Information Systems An integrated set of components for collecting, storing, pro-
cessing, and communicating information. Business firms, other organizations, and individuals in con-
temporary society rely on information systems to manage their operations, compete in the marketplace, supply ser-vices, and augment personal lives.
Information Revolution A phrase we use to refer to the dramatic changes taking
place during the last half of the 20th century in which service jobs based on information are more common than jobs in manufacturing or agriculture.
Information becomes more and more important than materi-als, resources.
Competitiveness comes from information How much information do you have?
What is Information Security?
11
Information Security (정보보안 , 정보보호 ) Information security is the process of protecting information
from unauthorized access, use, disclosure, destruction, mod-ification, or disruption
The protection of computer systems and information from harm, theft, and unauthorized use.
Protecting the confidentiality, integrity and availability of in-formation
Information security is an essential infrastructure technology to achieve successful information-based society
Highly information-based company without information secu-rity will lose competitiveness
What kind of protection? Protecting important document / computer Protecting communication networks Protecting Internet Protection in ubiquitous world
What is Information Security?
12
Cryptography : designing secure cryptosystems Cryptography (from the Greek kryptós and gráphein, “to
write”) was originally the study of the principles and tech-niques by which information could be concealed in ciphers and later revealed by legitimate users employing the secret key.
Cryptanalysis : analyzing the security of cryptosystems Cryptanalysis (from the Greek kryptós and analýein, “to
loosen” or “to untie”) is the science (and art) of recovering or forging cryptographically secured information without knowledge of the key.
Cryptology : science dealing with information security Science concerned with data communication and storage in
secure and usually secret form. It encompasses both cryp-tography and cryptanalysis.
Cryptology = Cryptography + Cryptanalysis
13
Cryptography is a basic tool to implement information security
Security goals Secrecy (confidentiality) Authentication Integrity Non-repudiation Verifiability
More application-specific security goals
Achieve these security goals using cryptography
Without cryptography …. ???
Cryptology
14
Secret Key vs. Public Key Systems
Symmetric Key Cryptosystem
Public Key Cryptosystem
Plain Text
Cipher Text
Plain Text
Key Key
Encryption Decryption
Shared key
Plain Text
Cipher Text
Plain Text
Public Key Private Key
Encryption Decryption
Receiver’s key
15
Common Terms (1)
Cryptography(암호설계 ): The study of mathematical techniques
related to aspects of information security
Cryptanalysis(암호분석 ): The study of mathematical techniques
for attempting to defeat cryptographic techniques
Cryptology(암호학 ): The study of cryptography and crypt-
analysis Cryptosystem(암호시스템 ): A general term referring to a set
of cryptographic primitives used to provide information se-
curity Symmetric key primitives; Public key primitives
Steganography: The method of concealing the existence of
message
Cryptography is not the only means of providing information
security, but rather one set of such techniques (physical /
human security)
16
Common Terms (2)
Cipher: Block cipher, Stream cipher, Public key cipher
Plaintext/Cleartext (평문 ), Ciphertext (암호문 )
Encryption/Encipherment(암호화 )
Decryption/Decipherment(복호화 )
Key (or Cryptographic key)
Secret key
Private key / Public key
Hashing (해쉬 )
Authentication (인증 )
Message authentication
User authentication
Digital signature (전자서명 )
17
Attacks
AttacksAn efficient algorithm that, for a given crypto-
graphic design, enables some protected elements of the design to be computed “substantially” quicker than specified by the designer.
Finding overlooked and realistic threats for which the design fails
Attacks on encryption algorithms Exhaustive search (brute force attack) Ciphertext-only attackKnown-plaintext attackChosen-plaintext attackChosen-ciphertext attack
18
Security Threats
Interruption/Denial of service
Interception: eavesdropping, wiretapping, theft …
Modification
Fabrication/Forgery
Unauthorized access
Denial of facts
19
Security Services
Security services
A service that enhances information security using
one or more security mechanisms
Confidentiality/Secrecy (기밀성 ) Interception
Authentication (인증성 ) Forgery
Integrity (무결성 ) Modification
Non-repudiation (부인방지 ) Denial of facts
Access control (접근제어 ) Unauthorized access
Availability (가용성 ) Interruption
20
Security Needs for Network Communications
Interception
Confidentiality
Is Private?
Modification
Integrity
Has been altered?
Forgery
Authentication
Who am I dealing with?
Claim
Non-Repudiation
Who sent/received it?
Not SENT !
Denial of Service
Availability
Wish to access!!
Access Control
Have you privilege?
Unauthorized access
21
Security Mechanisms
Security mechanism
A mechanism designed to detect, prevent, or re-
cover from a security attack
Encryption
Authentication
Digital signature
Key exchange
Access control
Monitoring & Responding
22
Models for Evaluating Security
Conditional vs. Unconditional Security
Unconditional security
Computational security
Provable vs. Ad hoc Security
Provable security
Ad hoc security
23
Basic Number Theory
24
Introduction to Number Theory
• Prime and Relative Prime Num-bers
• Modular Arithmetic• Fermat’s and Euler’s Theorem• Testing for Primality• Euclid’s Algorithm• Chinese Remainder Theorem• Discrete Logarithms
25
Divisors
• b|a (“b divides a”, “b is a divisor of a”) if a = kb for some k, where a, b, and k are integers, and b 0
– If a|1, then a = 1– If a|b and b|a, then a = b– Any b 0 divides 0– If b|g and b|h, then b|(mg + nh) for arbitrary integers m
and n
26
Prime Numbers• An integer p > 1 is a prime number if its only di-
visors are 1 and p• Prime Factorization
– Any integer a>1 can be factored in a unique way as
a = p11 p2
2 … ptt where p1 < p2 < … < pt are
prime numbers and where each i > 0– If P is the set of all prime numbers, then any positive integer
can be written uniquely in the following form
– The value of any positive integer can be specified by listing all nonzero exponents (ap)
– Multiplication of two numbers is equivalent to adding two cor-responding exponents:
» k = mn kp = mp + np for all p– a|b ap bp for all p
0each where pP
a apa p
27
Primes Under 2000
28
Relatively Prime Numbers
• Greatest common divisor– c = gcd(a, b) if c|a and c|b and d that divides a and b: d|c– Equivalently, gcd(a, b) = max{c: c|a and c|b}
• k = gcd(a, b) kp = min(ap, bp) for all p
• a and b are relatively prime if gcd(a, b) = 1
29
Modular Arithmetic• For any integer a and positive integer n, if a is di-
vided by n, the following relationship holds:– a = qn + r 0 r n; q = a/n (q: quotient, r: remainder or
residue)
• If a is an integer and n is a positive integer, a mod n is defined to be the remainder when a is divided by n
– a = a/n n + (a mod n)
• Two integers a and b are said to be congruent modulo n if (a mod n) = (b mod n), and this is writ-ten a b mod n
• Properties of modulo operator– a b mod n if n|(a – b)– (a mod n) = (b mod n) implies a b mod n– a b mod n implies b a mod n– a b mod n and b c mod n implies a c mod n
30
Modular Arithmetic Operations• Modulo arithmetic operation over Zn = {0, 1, …, n-
1}• Properties
– [(a mod n) + (b mod n)] mod n = (a + b) mod n– [(a mod n) (b mod n)] mod n = (a b) mod n– [(a mod n) (b mod n)] mod n = (a b) mod n
31
Properties of Modular Arithmetic• Modulo arithmetic over Zn = {0, 1, …, n-1} (called a set of
residues of modulo n)• Integers modulo n with addition and multiplication form a com-
mutative ring– Commutative laws (a + b) mod n = (b + a) mod n
(a b) mod n = (b a) mod n– Associative laws [(a + b) + c] mod n = [a + (b + c)] mod n
[(a b) c] mod n = [a (b c)] mod n
– Distributive laws [a (b + c)] mod n = [(a b) + (a c)] mod n– Identities (a + 0) mod n = a mod n
(a 1) mod n = a mod n– Additive inverse (-a) a Zn b s.t. a + b 0 mod n– Multiplicative inverse (a-1) a (0) Zn, if a is relative prime to n,
b s.t. a b 1 mod n
• If n is not prime, Zn is a ring, but not a field• Zp is a field
32
Modular 7 Arithmetic
33
Groups, Rings, Fields• Group
– A set of numbers with some addition operation whose result is also in the set (closure)
– Obeys associative law, has an identity, has inverses – If also is commutative its an abelian group
• Ring– An abelian group with a multiplication operation also – Multiplication is associative and distributive over addition – If multiplication is commutative, its a commutative ring – e.g., integers mod N for any N
• Field – An abelian group for addition – A ring – An abelian group for multiplication (ignoring 0) – e.g., integers mod P where P is prime
34
Fermat’s Little Theorem• If p is prime and a is a positive integer not divisible
by p, thenap-1 1 mod p
• Proof– Start by listing the first p – 1 positive multiples of a:
a, 2a, 3a, …, (p-1)aSuppose that ra and sa are the same modulo p, then we have r s mod p, so the p-1 multiples of a above are distinct and nonzero; that is, they must be congruent to 1, 2, 3, …, p-1 in some order. Multiply all these congruences together and we finda 2a 3a … (p-1)a 1 2 3 … (p-1) mod por better, ap-1(p-1)! (p-1)! mod p. Divide both side by (p-1)! to complete the proof
• Corollary– If p is prime and a is any positive integer, then
ap a mod p
35
Euler’s Totient Function
• Euler’s totient function (n) is the number of posi-tive integers less than n (including 1) and relatively prime to n
• (p) = p-1• (1) = 1 (Definition)• Let p and q be distinct prime numbers, n = pq.
Then (pq) = (p)(q) = (p-1)(q-1)
• Proof– Consider Zn = {0, 1, …, pq-1}– The residues not relatively prime to n are 0, {p, 2p, …, (q-1)p},
and {q, 2q, …, (p-1)q}
– So (pq) = pq - (1 + (q-1) + (p-1)) = pq - p - q + 1 = (p-1)(q-1)
36
Euler’s Totient Function
37
Euler’s Theorem• Generalization of Fermat’s little theorem• For every a and n that are relatively prime,
a(n) 1 mod n• Proof
– The proof is completely analogous to that of the Fermat's Theorem except that instead of the set of residues {1,2,...,n-1} we now con-sider the set of residues {x1,x2,...,x(n)} which are relatively prime to n. In exactly the same manner as before, multiplication by a mod-ulo n results in a permutation of the set {x1, x2, ..., x(n)}. Therefore, two products are congruent:
x1x2 ... x(n) (ax1)(ax2) ... (ax(n)) mod n
dividing by the left-hand side proves the theorem.
• Corollary
a(n)+1 a mod n
38
Euler’s Theorem
• Corollaries– Given two prime numbers, p and q, and integers n =
pq and m, with 0<m<n,
m(n)+1 = m(p-1)(q-1)+1 m mod n
(Demonstrate the validity of the RSA algo-rithm)
mk(n) 1 mod n
mk(n)+1 m mod n
39
Testing for Primality (Miller-Ravin’s)
• Miller-Ravin primality test– Can be used to determine if a large number is prime
• Based on the following theorem– If p is an odd prime, then the equation
x2 ≡ 1 (mod p)has only two solutions – namely, x ≡1 (mod p) and x ≡ 1 (mod p)
• Proof– Omitted
• If there exist solutions to x2 ≡ 1 (mod n) other than 1, then n is not prime
40
Modular Exponentiation• An efficient way to compute ab mod n• Repeated squaring• Computes ac mod n as c is
increased from 0 to b• Each exponent computed
in a sequence is either twicethe previous exponent or one more than the previousexponent
• Each iteration of the loopuses one of the identities
a2c mod n = (ac)2 mod n, a2c+1 mod n = a (ac)2 mod n
depending on whether bi = 0 or 1• Just after bit bi is read and processed, the value of c is the same as the
prefix bkbk-1…bi of the binary representation of b• Variable c is not needed (included just for explanation)
Modular-Exponentiation(a, b, n)1. c 02. d 13. let bkbk-1…b0 be the binary representation of b4. for i k downto 05. do c 2c6. d (d d) mod n7. if bi = 18. then c c + 19. d (d a) mod n10. return d
41
Modular Exponentiation - ExampleModular-Exponentiation(a, b, n)1. c 02. d 13. let bkbk-1…b0 be the binary representation of b4. for i k downto 05. do c 2c6. d (d d) mod n7. if bi = 18. then c c + 19. d (d a) mod n10. return d
• Example– Result of Modular-Exponentiation algorithm for ab mod n, where a
= 7, b = 560 = 1000110000, n = 561. The values are shown after each execution of the for loop
42
Testing for Primality (Miller-Ravin’s)• Core algorithm is WITNESS(a, n)
– n : inputs to WITNESS, to be tested for primality, – a : some randomly chosen integer, 1 a < n– WITNESS(a, n) is TRUE if and only if a is a “witness” to the compos-
iteness of n – that is, if it is possible using a to prove that n is com-posite
– If WITENSS returns FALSE, then n may be prime
WITNESS (a, n)1. let bkbk-1…b0 be the binary rep. of (n-1)2. d 13. for i k downto 04. do x d5. d (d d) mod n6. if d =1 and x 1 and x n –17. then return TRUE8. if bi = 19. then d (d a) mod n10. if d 111. then return TRUE12. return FALSE
43
Testing for Primality (Miller-Ravin’s)
WITNESS (a, n)1. let bkbk-1…b0 be the binary rep. of (n-1)2. d 13. for i k downto 04. do x d5. d (d d) mod n6. if d =1 and x 1 and x n –17. then return TRUE8. if bi = 19. then d (d a) mod n10. if d 111. then return TRUE12. return FALSE
• Lines 3-9 compute d as an-1 mod n (identical to that em-ployed by Modular-Exponentiation)
• Whenever squaring step is performed on line 5, lines 6,7 check to see if nontrivial square root of 1 has just been discovered (x 1 (mod n) yet x2 1 (mod n)). If so, returns TRUE
• If WITENSS returns TRUE from line 11, then it has dis-covered that d = an-1 mod n 1. If n is prime, however, by Fermat’s theorem an-1 1 (mod n) for all a. Therefore, n cannot be prime
44
Testing for Primality (Miller-Ravin’s)
MILLER_RAVIN (n, s)1. for j 1 to s2. do a RANDOM(1, n-1)3. if WITNESS(a, n)4. then return COMPOSITE5. return PRIME
• Miller-Ravin Primaility Test• Probabilistic search• Repeatedly invoke s times WITNESS(n,a) using ran-
domly chosen values for a, if return false, then the probability that n is prime is at least 1 – 2-s
45
Euclid’s Algorithm – Finding GCD• Based on the following theorem
– gcd(a, b) = gcd(b, a mod b)– Proof
» If d = gcd(a, b), then d|a and d|b» For any positive integer b, a = kb + r ≡ r mod b, a mod b = r» a mod b = a – kb (for some integer k)
• because d|b, d|kb• because d|a, d|(a mod b)
∴ d is a common divisor of b and (a mod b)» Conversely, if d is a common divisor of b and (a mod b), then
d|kb and d|[ kb+(a mod b)]» d|[ kb+(a mod b)] = d|a∴ Set of common divisors of a and b is equal to the set of com-
mon divisors of b and (a mod b)» ex) gcd(18,12) = gcd(12,6) = gcd(6,0) = 6 gcd(11,10) = gcd(10,1) = gcd(1,0) = 1
46
Euclid’s Algorithm – Finding GCD
• Recursive algorithmFunction Euclid (a, b) /* assume a b 0 */
if b = 0 then return a
else return Euclid(b, a mod b)
• Iterative algorithmEuclid(d, f) /* assume d > f > 0 */
1. X d; Y f2. if Y=0 return X = gcd(d, f)
3. R = X mod Y
4. X Y5. Y R6. goto 2
47
Euclid’s Alg. – Finding Multiplicative In-verse
Extended Euclid(d, f)1. (X1, X2, X3) (1, 0, f); (Y1, Y2, Y3) (0, 1, d)2. If Y3 = 0 return X3 = gcd(d, f); no inverse3. If Y3 = 1 return Y3 = gcd(d, f); Y2 = d-1 mod f4. Q = X3/Y35. (T1, T2, T3) (X1 QY1, X2 QY2, X3 QY3)6. (X1, X2, X3) (Y1, Y2, Y3)7. (Y1, Y2, Y3) (T1, T2, T3)8. goto 2
• If gcd(d, f) =1, d has a multiplicative inverse mod-ulo f
• Euclid’s algorithm can be extended to find the mul-tiplicative inverse
– In addition to finding gcd(d, f), if the gcd is 1, the algorithm re-turns multiplicative inverse of d (modulo f)
48
Euclid’s Alg. – Finding Multiplicative In-verse Extended Euclid(d, f)
1. (X1, X2, X3) (1, 0, f); (Y1, Y2, Y3) (0, 1, d)2. If Y3 = 0 return X3 = gcd(d, f); no inverse3. If Y3 = 1 return Y3 = gcd(d, f); Y2 = d-1 mod f4. Q = X3/Y35. (T1, T2, T3) (X1 QY1, X2 QY2, X3 QY3)6. (X1, X2, X3) (Y1, Y2, Y3)7. (Y1, Y2, Y3) (T1, T2, T3)8. goto 2
Note: Always f Y1 + d Y2 = Y3
49
Chinese Remainder Theorem• Let M = m1 m2 m3 … mk, where mi’s are pairwise relatively
prime, i.e., gcd(mi, mj) = 1, 1 ≤ i≠j ≤ k
• Assertion– A (a1, a2,…..,ak), where A ZM, ai Zmi
, and ai = A mod mi for 1 ≤ i ≤ k
» One to one correspondence(bijection) between ZM and the Cartesian product Zm1 Zm2 …. Zmk
» For every integer A such that 0 ≤ A < M, there is a unique k-tu-ple (a1, a2,…..,ak) with 0 ≤ ai < mi
» For every such k-tuple (a1, a2,…..,ak), there is a unique A in ZM
» Transformation from A to (a1, a2,…..,ak) is unique» Computing A from (a1, a2,…..,ak) is done as follows
• Let Mi = M/mi for 1 ≤ i ≤ k, i.e., Mi = m1 m2 … mi-1 mi+1 … mk
• Note that Mi ≡ 0 (mod mj) for all j ≠ i• Let ci = Mi x (Mi
-1 mod mi) for 1 ≤ i ≤ k• Then A ≡ (a1c1+ a2c2 + … + akck) mod M• ai = A mod mi, since cj ≡ Mj ≡ 0 (mod mi) if j≠ i and ci ≡ 1 (mod
mi)
50
Chinese Remainder Theorem
– Operations performed on the elements of ZM can be equivalently performed on the corresponding k-tuples by performing the opera-tion independently in each coordinate position
» ex) A ↔ (a1, a2, ... ,ak), B ↔ (b1, b2, … ,bk)
(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)
(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)
(A B) mod M ↔ ((a1 b1) mod m1, … ,(ak bk) mod mk)
• CRT provides a way to manipulate (potentially large) numbers mod M in term of tuples of smaller numbers
51
Chinese Remainder Theorem
• Example– Let m1 = 37, m2 = 49, M = m1 m2 = 1813, A = 973– M1 = 49, M2 = 37– Using the extended Euclid’s alg. M1
-1 = 34 mod m1 and M2-1 = 4
mod m2
– Taking residues modulo 37 and 49, 973 (11, 42)– Suppose we want to add 678 to 973– 678 (12, 41)– Add the tuples element-wise (11+12 mod 37, 42+41 mod 49) =
(23, 34)– To verify, we compute
» (23, 34) (a1c1+ a2c2) mod M = (a1M1M1-1 + a2M2M2
-1 ) mod M= [(23)(49)(34) + (34)(37)(4)] mod 1813 =
1651» which is equal to (678 + 973) mod 1813 = 1651
52
Discrete Logarithms• Consider the powers of an integer a, modulo n
– a mod n, a2 mod n, a3 mod n, …, am mod n, …• The least positive exponent m for which am ≡ 1 mod n is re-
ferred to:– The order of a (mod n)– The exponent to which a belongs (mod n)– The length of the period generated by a
• If a and m are relatively prime, there is at least one integer m that satisfies am ≡ 1 mod n, namely m = (n)
• If a, a2, …, a(n) are distinct (mod n) and all are relatively prime to n, a is called a primitive root (generator)
• In particular, for a prime number p, if a is a primitive root of p, then a, a2, …, ap-1 are distinct
• Not all integers have primitive roots. The only integers with primitive roots are those of the form 2, 4, p, and 2p, where p is any odd prime
53
Powers of Integers, modulo 19
a : primitive root
54
Discrete Logarithms - Indices• For any integer b and primitive root a of prime num-
ber p, there is a unique exponent i s.t.b ≡ ai mod p where 0 ≤ i ≤ (p-1)
• This exponent i is referred to as the index of the number b for the base a (mod p), and denoted as inda,p(b)
– inda,p(1) = 0, (a0 mod p = 1 mod p = 1)– inda,p(a) = 1, (a1 mod p = a)
• Example– Ind2,19(a)
55
Derivation of Indices (Discrete Loga-rithms)• By def. of indices, x = ainda,p(x) mod p, y = ainda,p(y) mod
p, xy = ainda,p(xy) mod p• Using the rules of modular multiplication, ainda,p(xy)
mod p = (ainda,p(x) mod p)(ainda,p(y) mod p) = (ainda,p(x)
+inda,p(y)) mod p• Euler’s theorem state that for every a and n that are
relatively prime, a(n) ≡ 1 mod n• Any positive integer z can be expressed in the form
z = q + k(n). Therefore, by Euler’s theorem az = aq mod n if z = q mod (n)
∴ inda,p(xy) = [inda,p(x) + inda,p(y)] mod (p)
∴ inda,p(yr) = [r inda,p(y)] mod (p)• Demonstrates the analogy between true logarithms
and indices. Indices often referred to as discrete log-arithms
56
Tables of Discrete Logarithms, modulo 19
57
Discrete Logarithms
• Calculation of Discrete Logarithms– y = gx mod p– Given g, x, p, it is a straightforward matter to calculate y– Given g, y, p, it is very difficult to calculate to x (discrete logarithm)
» The difficulty seems to be on the same order as that of factor-ing primes required for RSA
» Time complexity: O(e((ln p)1/3 ln(ln p))2/3)