Скачать книгу

each. Of course, with longer keys, transmission errors become more and more prevalent.

      Several additional remarks are in order.

      1 P. Shor has proved that factoring numbers is computationally feasible with a quantum computer. Thus, if quantum computers ever become a reality, RSA will no longer be viable: it will be completely insecure.

      2 The problem of transmission errors has to be addressed given that primes , should be at least 308 digits (1024 bits) each, ensuring a modulus of 617 digits (2048 bits) for long‐term security.

      3 Despite the recent mathematical results of Agrawal et al., [AKS04] which shows that one can quickly test for primality3 of a given number, one still has to generate large primes , of roughly the same size which are suitable for RSA use. In particular, they must be resistant to factorization algorithms, one of which is discussed later in the book.

      4 For frequent RSA communications, one also needs a fast algorithm for ensuring that has no factors in common with and .

      5 The RSA algorithm is slow relative to some comparable symmetric‐key algorithms.

      6 The security of RSA is in jeopardy without extensive “preprocessing” of plain text message units before encryption (see Mollin [Mol02]).

      7 Other attacks on RSA include timing attacks and “man‐in‐the‐middle” attacks. These are discussed in Chapter 7.

      Apart from guaranteeing the secrecy of the message from A to B (or B to A), other fundamental issues in cryptography are as follows:

      1 Authentication. Roughly, how can B be sure that the message came from A?

      2 Message integrity. How can B be sure that the message has not been altered?

      3 Digital signatures. How can a user “sign” a message?

      4 Nonrepudiation. How can B prove (in court, for example) that A sent the message?

      Technically, authentication has two aspects. One relates to the verification of the origin of received data. The other refers to verifying the identity of a user. Traditional methods include passwords, P.I.N. numbers, etc. Biometric data has been used in recent years as well, for example, for logging into a smart phone. We discuss this in Chapter 8.

      Message integrity can be achieved using hash functions as described in Chapter 4. Digital Signatures can be carried out using either symmetric or public key encryption. This is also described in Chapter 4.

      

      A basic issue in cryptography is this: If we are trying to guess one of n possible passwords in order to log on (or n possible keys say), then how many guesses will we have to make on average until we are successful? The answer is easy to find.

      On the average, when trying to guess one of n possible keys, we only need left-parenthesis n plus 1 right-parenthesis slash 2 guesses.

      First, we explain the concept of average value which is discussed also in Chapter 9. Suppose that, in a class of 6 students, 3 get 70%, 2 get 80%, and 1 gets 92%. What is the average grade? One can write this average as left-parenthesis left-parenthesis 3 right-parenthesis left-parenthesis 70 right-parenthesis plus left-parenthesis 2 right-parenthesis left-parenthesis 80 right-parenthesis plus left-parenthesis 1 right-parenthesis left-parenthesis 92 right-parenthesis right-parenthesis slash 6 equals 77. So the average grade is 77%. We could also calculate the average as three sixths left-parenthesis 70 right-parenthesis plus two sixths left-parenthesis 80 right-parenthesis plus one sixth left-parenthesis 92 right-parenthesis, where three sixths comma two sixths comma one sixth are the probabilities of getting 70, 80, and 92, respectively. Now, we proceed to the proof.

      Proof. The probability of guessing correctly the first time is 1 slash n. To get it right in exactly 2 guesses, we must get it wrong on the first guess and then, having discarded the unsuccessful guess, we must guess correctly on the next attempt. So the probability of being successful in exactly 2 guesses is left-parenthesis 1 minus StartFraction 1 Over n EndFraction right-parenthesis left-parenthesis StartFraction 1 Over n minus 1 EndFraction right-parenthesis equals left-parenthesis StartFraction n minus 1 Over n EndFraction right-parenthesis left-parenthesis StartFraction 1 Over n minus 1 EndFraction right-parenthesis equals StartFraction 1 Over n EndFraction. Similarly, the probability of being successful in exactly 3 comma 4 comma ellipsis comma n minus 1 comma n guesses is also 1 slash n. To get the average number of guesses, we multiply the number of guesses by the probability and add up. This gives the average number of trials until success to be left-parenthesis 1 right-parenthesis left-parenthesis 1 slash n right-parenthesis plus left-parenthesis 2 right-parenthesis left-parenthesis 1 slash n right-parenthesis plus left-parenthesis 3 right-parenthesis left-parenthesis 1 slash n right-parenthesis plus midline-horizontal-ellipsis plus left-parenthesis n minus 1 right-parenthesis left-parenthesis 1 slash n right-parenthesis plus n left-parenthesis StartFraction 1 Over n EndFraction right-parenthesis equals left-parenthesis 1 plus 2 plus 3 plus midline-horizontal-ellipsis plus left-parenthesis n minus 1 right-parenthesis plus n right-parenthesis left-parenthesis 1 slash n right-parenthesis equals left-parenthesis n plus 1 right-parenthesis slash 2. So on average, you get the correct password after left-parenthesis n plus 1 right-parenthesis slash 2 attempts.

      Public key algorithms and symmetric algorithms were compared in Section 3.4. With any public key algorithm such as RSA (or elliptic curve cryptography), given sufficient time and computing power, the eavesdropper is certain to recover the message. In fact, with RSA it is generally quicker to try to solve the factoring problem than

Скачать книгу