Lecture 4

Question 1

What is a trapdoor function? What are the two main examples?

Answer 1

A triple of efficient algorithms, the first outputs a random key pair, the second, takes the public key and uses it to produce an encrypted message, the third uses the secret key to invert the encryption done in the second step.
The two main examples are RSA and ECC.

Question 2

How does RSA work?

Answer 2

Create two large primes, p and q. and let their product = N. The public key is (N, e) and the private key is (N, d), where e*d is equivalent to (1 mod (p-1)(q-1)). The encrypting function is then (the original message to the power of e (mod N)) and the decrypting function is (the encrypted message to the power of d (mod N)).

Question 3

When is a trapdoor function secure?

Answer 3

When there is no efficient algorithm given the public key and an encrypted message, that can guess the original message with non-negligible probability.

Question 4

What is a coprime number?

Answer 4

A number that shares no factors.

Question 5

Why is RSA secure?

Answer 5

RSA is reasonably secure as we have no known polynomial alogirhtms for factoring, and find roots is also hard (though it can be easy if a bad root value is chosen).

Question 6

What is an elliptic curve?

Answer 6

The set of points satisfying the equation y^2 = x^3 + ax + b for some parameters a and b. The only rule is that 4a^3 + 27b^2 != 0

Question 7

How does an elliptic curve work for cryptography?

Answer 7

When we have two points on an elliptic curve we can compute the gradient between them and use this to compute the position of a third point. The x coordinate of the third point (R) will be
X_R = (gradient)^2 - X_p - X_o, and the y coordinate will be
Y_R = Y_p + gradient(X_R - X_P).
We then define P + O = X_R, -Y_R.
This process makes elliptic curves into a group.
If we start with a point G we can look at G, 2G, 3G until we get to nG = 0, for some value of n. For any a and b and prime p the size of the curve over p is close to p, the number n must be a divisor of that size, aiming for n to exactly equal it. If this is the case then the sequence of points visited will look pretty random.

Question 8

How is ECC used for Diffie-Hellman key exchange?

Answer 8

All parties agree on a large prime, some elliptic curve over Z/pZ and some generator G of order n on the curve. Each party chooses a public key by taking a private key at random and announcing kG. The common key for two uses to communicate will be a hash of their private key * what the other user announced.

Question 9

What are some of the pros and cons of ECC vs RSA?

Answer 9

ECC needs much smaller key sizes, ECC arithmetic is really simple, and with good choices of the prime the modulo p operation can be accelerated. However, p, a and b (and also G and n to a point) can’t be chosen at the time-of-use, meaning it is reliant on standard curves, which some people don’t trust, though the main ECC functionality is not known to be backdoorable.