Difficult: The steps of the cryptosystems here are all rather difficult to follow, I look forward to seeing examples in class. I'm having trouble understanding how the repeated addition on the elliptic curve should be as difficult to find the coefficient "a" for as it is difficult to solve a discreet log problem. Is there a proof like with the Diffie Helman problem to show that this is the same as solving a discreet log?
Reflective: Wow, last section! This has been a great class, I've really enjoyed all that we have done and learned. It was great to get another practical use out of something as abstract as an elliptic curve. Is there also some RSA type algorithm that you can do with an elliptic curve? I would suppose not since we need to work mod a prime, as in section 16.2, but it seems there might be some other way. Maybe using two elliptic curves mod p_1 and q_1.
Tuesday, November 30, 2010
Wednesday, November 24, 2010
Section 16.4; Due December 6
Difficult: The discussion of addition with these elliptic curves was much more confusing than before. In the example, it seemed to say that (0,0)+(1,1) did not have a solution, then it added (0,0) again to get the identity (which I do not see), and then suddenly there was a solution because (0,0)+(1,1) had to be -(0,0)? It also says that elliptic curves with characteristic 2 are important to cryptography, but I didn't really see where it dicussed why these would be best.
Reflective: The mash up of finite fields with the new (to me) group structure on elliptic curves was more difficult to grasp than I thought it would be. It seems not too different that the curves mod p, but it is still difficult. You would think there would be more description in the book, this was a short section.
Reflective: The mash up of finite fields with the new (to me) group structure on elliptic curves was more difficult to grasp than I thought it would be. It seems not too different that the curves mod p, but it is still difficult. You would think there would be more description in the book, this was a short section.
Section 16.3; Due December 3
Difficult: So we can just pick any elliptic curve and it will probably factor the number? How can we be sure within a good probability that we have a curve that will work? It is interesting that we can just keep picking curves and one may work though, not like the p-1 method. I also did not understand how the singular curves were worked with.
Reflective: So the p-1 and brute force algorithms are just special cases of the elliptic curve algorithm? Never thought of it that way before, of course. Or is it just that there are special cases of the elliptic curve algorithm that are the same as the p-1 and brute force algorithms? The moniker "smooth" for numbers with only small prime factors caught my eye as I have been working with "smooth" functions on manifolds a lot recently. Is there some relation in this terminology? I couldn't think of one.
Reflective: So the p-1 and brute force algorithms are just special cases of the elliptic curve algorithm? Never thought of it that way before, of course. Or is it just that there are special cases of the elliptic curve algorithm that are the same as the p-1 and brute force algorithms? The moniker "smooth" for numbers with only small prime factors caught my eye as I have been working with "smooth" functions on manifolds a lot recently. Is there some relation in this terminology? I couldn't think of one.
Section 16.2; Due December 1
Difficult: I do not quite understand the idea of encrypting messages with an elliptic curve mod p. So, you pick your message and then attempt to build your curve based on using your message as a point? Or do you have the curve first and then try to guess a point on the curve based on your message by adding things to your message? If it is the second method, how would the person you are sending the message to know which part is junk? Or even if you did not have to add any junk?
Reflective: The elliptic curve mod p doesn't seem that much more difficult than the elliptic curve without modular arithmetic. The number of points on the curve being so unpredictable is interesting, but I suppose it is just another "finding square roots mod n" problem. If using a prime p, do we need to ensure that p=3 (mod 4) as we did before?
Reflective: The elliptic curve mod p doesn't seem that much more difficult than the elliptic curve without modular arithmetic. The number of points on the curve being so unpredictable is interesting, but I suppose it is just another "finding square roots mod n" problem. If using a prime p, do we need to ensure that p=3 (mod 4) as we did before?
Section 16.1; Due November 29
Difficult: Why do they define addition of points on the curve as the reflection of the third point where the secant line hits the curve? It seems like it would be more natural to just define the sum of two points on the curve to be the point where the secant line hits the curve. Is there some sort of computational benefit to adding in the reflection that I just do not see? The formulas seem to follow easily from the definition given, but it would seem to me just as easy to come up with formulas for the nonreflected point.
Reflective: Putting a group structure on points of a curve is particularly interesting to me in light of the research I have done in topology. This structure does not seem to be quite as natural a structure as what I am used to, so it is more interesting to think of what it all means. For example, I spent some time thinking about the curve with two components (x(x-1)(x+1)) and what the definition of addition does with that group. It looks like the points on the circle would generate the full group, as you can obtain any point on the line from two points on the circle (including the point at infinity). Possibly they do not generate though, since I see no way you could get a point on the circle from one or two points on the circle.
Reflective: Putting a group structure on points of a curve is particularly interesting to me in light of the research I have done in topology. This structure does not seem to be quite as natural a structure as what I am used to, so it is more interesting to think of what it all means. For example, I spent some time thinking about the curve with two components (x(x-1)(x+1)) and what the definition of addition does with that group. It looks like the points on the circle would generate the full group, as you can obtain any point on the line from two points on the circle (including the point at infinity). Possibly they do not generate though, since I see no way you could get a point on the circle from one or two points on the circle.
Monday, November 22, 2010
Section 2.12, due November 23
Difficult: I do not fully understand the discussion of the permutations used to break Enigma. The text mentions that letters never mapped to themselves in the machine, but the 1 cycles in the examples seem to indicate that they could. Also, how exactly did deciding the cycles reduce the problem to a substitution cipher? The initial keys were still quite random, so it seems that there would be trouble figuring out the permutations you need. How many messages were needed to work out which permutations you were looking at for a day?
Reflective: This is just an extremely interesting section. I enjoyed learning more about the enigma machines. I had no idea that the British then used them to spy on former colonies, that is quite interesting. Good to see governments haven't changed quite so much as we might think. I was disappointed that the links you posted did not work for me, so I could not read the extra information from the NSA.
Thursday, November 18, 2010
Sections 19.1 & 19.2; Due November 19
Difficult: I found it difficult to understand what physicists (and for that matter chemists) believe about photons. Do they really think that a photon does not have a state until it is observed? When did science become a religion? Anyway, that's not really answerable, I just get frustrated when people try to explain something with illogical conclusions. Also, there wasn't much to be confused about in this section really. The theoretical quantum bit key exchange makes sense. They talk about methods to use to transmit these keys (fiber optic etc.) and the distance they can send, does that mean that the method is not really theoretical any more? Also, I remember in my undergraduate chemistry discussing using the chirality of a molecule to encode messages, is there any more information on this method?
Reflective: It seems that just message-sending type cryptography isn't the meat of the quantum computing idea. Isn't the way computers communicate with their internal parts a form of cryptography? They must encode electronic signals and decipher what they mean. Maybe it would be better to be focusing on efficient ways to encode these messages rather than just secure message sending that could be accomplished with a flashlight and some polaroid filters.
Tuesday, November 16, 2010
Sections 14.1 & 14.2; Due November 17
Difficult: I do not entirely understand the use of the hash function in the zero knowledge protocol. Why is it beneficial to use a hash function here when Peggy will still have to give full numbers for her answers? How would a chip be made unreadable? Wouldn't that mean that the machine that Peggy puts the card in would not be able to read the chip either?
Reflective: More importantly, what is to prevent Eve from using the algorithm with the $5 wrench described on the test to find Peggy's numbers? Seriously though, I think I see the use of these protocols. Since not even Victor will know the answers that Peggy uses (his computer throws them away) he cannot give away that information. It seems like it would be easy to adapt one of these protocols using El Gamal also, which might be easier to compute than RSA types like they used.
Saturday, November 13, 2010
Sections 12.1 and 12.2; Due November 15
Difficult: I do not completely understand the Legrange interpolation polynomial, or why it works. It seems like it is not so important anyway, it would be a simple to solve the system that was as it would be to solve the system linearly, as far as I can tell. The rest of these sections made plenty of sense.
Reflective: Yeah, I'd love to see someone work one of these schemes into a spy movie.
--"Quick, we need to launch the nuclear warhead. Get the president, the general, and the secretary of state!"
--"Ok gentlemen, do you remember your point in three space?"
*The next ten minutes are spent setting up a matrix and solving the resulting system of equations by hand because the aliens knocked out the mainframe so only the launch computer works...during this time all of the audience leaves...Except for three kids from a college math class*. It is a neat idea though, I like the ideas on how to have multiple "secret holders" that have to be together to get the secret.
Thursday, November 11, 2010
Exam 2 Review Questions; Due November 12
Which topics or ideas do you think are the most important out of those we have studied?
I think that the most important ideas for these sections are the myriad methods we have studied to factor into primes. While I do not think that we can be asked to use the methods in a serious manner on the test, the ability to factor into primes was needed for breaking all of the new crypto systems we learned in these sections, so we will have to at least be able to explain the theory behind each method. Besides that, we have two new encryption methods (three if you count the Diffie Hellman key exchange), many electronic signature methods, and Hash functions. Oh my gosh, the hash functions!
What kinds of questions do you expect to see on the exam?
I think that we will see many theoretical questions. I expect to be asked how to factor into primes by multiple methods, how to find the square root of numbers in modular arithmatic, and how to use these methods to break RSA and other systems. I expect something on the quadratic sieve, probably just having to explain how it works. I expect to have to be able to find simple discrete logarithms (probably ones small enough to list out the powers for) and explain more sophisticated methods to find discrete logs like the Phlig-Hellman algorithm and birthday attacks. I expect questions on probability of the birthday attack succeeding in various (possibly non-cryptographic) situations. Finally, I expect some questions on hash functions and using them for digital signatures. Mainly I expect things like the definition of a hash function and about strongly collision-free and preimage resistance.
What do you need to work on understanding better before the exam?
I need to work on hash functions some more. I have trouble following the diagrams for the one true hash function we have discussed. Also, with so many factoring and discrete logarithm methods, I get mixed up as to what I should be doing where. Oh, and the prime tests. I almost forgot about them, so I need to look over them for sure.
Are there topics you are especially interested in studying during the rest of the semester? What are they?
I was hoping that we could look at some of the applications of these systems we have been studying. We have discussed how DES is used in television transmission and some uses of systems like one-time pads. But how do digital signatures work in the real world? What happens when I buy something online to keep my data safe? Other than that, I don't mind just learning new cryptosystems and how to break them.
I think that the most important ideas for these sections are the myriad methods we have studied to factor into primes. While I do not think that we can be asked to use the methods in a serious manner on the test, the ability to factor into primes was needed for breaking all of the new crypto systems we learned in these sections, so we will have to at least be able to explain the theory behind each method. Besides that, we have two new encryption methods (three if you count the Diffie Hellman key exchange), many electronic signature methods, and Hash functions. Oh my gosh, the hash functions!
What kinds of questions do you expect to see on the exam?
I think that we will see many theoretical questions. I expect to be asked how to factor into primes by multiple methods, how to find the square root of numbers in modular arithmatic, and how to use these methods to break RSA and other systems. I expect something on the quadratic sieve, probably just having to explain how it works. I expect to have to be able to find simple discrete logarithms (probably ones small enough to list out the powers for) and explain more sophisticated methods to find discrete logs like the Phlig-Hellman algorithm and birthday attacks. I expect questions on probability of the birthday attack succeeding in various (possibly non-cryptographic) situations. Finally, I expect some questions on hash functions and using them for digital signatures. Mainly I expect things like the definition of a hash function and about strongly collision-free and preimage resistance.
What do you need to work on understanding better before the exam?
I need to work on hash functions some more. I have trouble following the diagrams for the one true hash function we have discussed. Also, with so many factoring and discrete logarithm methods, I get mixed up as to what I should be doing where. Oh, and the prime tests. I almost forgot about them, so I need to look over them for sure.
Are there topics you are especially interested in studying during the rest of the semester? What are they?
I was hoping that we could look at some of the applications of these systems we have been studying. We have discussed how DES is used in television transmission and some uses of systems like one-time pads. But how do digital signatures work in the real world? What happens when I buy something online to keep my data safe? Other than that, I don't mind just learning new cryptosystems and how to break them.
Monday, November 8, 2010
Sections 8.3 & 9.5; Due November 10
Difficult: Am I allowed to put "Section 8.3" here and leave it at that? Probably not. SHA-1 is quite confusing though, which is probably its point in the first place. I have a hard time following the steps, partially because of all of the newly defined operations, and partially because of the sudden introduction of Hexadecimal, with which I am only vaguely familiar. The diagrams (8.2 and 8.3) are definitely not clarifying matters. I see that all of the important parts come in step 3 and I understand how they adjust the message to a specified length where it can be split into 512 bit blocks though.
Reflective: While the text does discuss many ways in which the DSA is more secure than ElGamal, it does not mention birthday attacks on this algorithm. I suppose this is because it is assumed to be secure from a birthday attack as long as you choose a large enough prime? Or is it because there are two "coded" parts. You would need to have the right hash first, and then work out the signature from there, so that complicates matters too.
Saturday, November 6, 2010
Sections 9.1-9.4, Due November 8
Difficult: I was a little confused by the hash signature. Is the hash function itself the signature (since they are difficult to duplicate), do you take the hash of the message and then sign it, or do you sign the message and then take the hash of the signature? Other than that these sections were pretty accessible. We have discussed all of the encryption algorithms used, and there is only a slight change in usage for signatures. It is all well explained.
Reflective: I appreciated the discussion of how to defend against the birthday attack on hash functions. It seems like such a simple precaution, just change one piece and you probably win. We still haven't really discussed how exactly these functions are used for securing documents (signatures obviously, but I know that I have no personal encryption function to sign things with) so it makes me wonder how these are used when I make a purchase online. Also, I am never given the option of changing a document online, so how can I know that the document hasn't a birthday "double"?
Reflective: I appreciated the discussion of how to defend against the birthday attack on hash functions. It seems like such a simple precaution, just change one piece and you probably win. We still haven't really discussed how exactly these functions are used for securing documents (signatures obviously, but I know that I have no personal encryption function to sign things with) so it makes me wonder how these are used when I make a purchase online. Also, I am never given the option of changing a document online, so how can I know that the document hasn't a birthday "double"?
Monday, November 1, 2010
Sections 8.4-8.5 & 8.7; Due November 5
Difficult: First off, they do not explain, but it seems that must stand for concatonation? Possibly this was in a section that was not assigned yet, or maybe I just forgot the notation from an earlier assignment. The Birthday attack seems very interesting, especially the paradox part (that you can find two matching birthdays with high probability but not match a given one). It looks like they violate this paradox with the birthday attack on discrete logarithms, however. I understand how they are using the matching of two different groups instead of trying to match a single value, but I do not understand why a similar method cannot be used in many other situations where you want to match a given value.
Reflective: Frequent discussions of how we cannot truly create a random sequence without natural phenomena has lead me to wonder if they have been working on this problem in a manner besides trying to find more and more random mathematical functions. Most of the natural phenomena mentioned as random are inherently slow (such as flipping coins or counting clicks in a second). However, there are many random natural phenomena that occur quickly that can be read with modern machinery. For example, I seem to remember from my chemistry classes that vibrations in a crystal lattice are random, but happen many times in a millisecond. We can "read" these vibrations even in a small sample of crystal, so why could we not use this as a speedy random sequence generator. If the number of vibrations in a millisecond (or less if you need) is even, you get a 0, odd you get a 1. Small crystals and the equipment to read their vibrations could then be installed in your desktop. I may be wrong with the specific example, but I am sure there are many random, small scale, fast phenomena that we know about now.
Reflective: Frequent discussions of how we cannot truly create a random sequence without natural phenomena has lead me to wonder if they have been working on this problem in a manner besides trying to find more and more random mathematical functions. Most of the natural phenomena mentioned as random are inherently slow (such as flipping coins or counting clicks in a second). However, there are many random natural phenomena that occur quickly that can be read with modern machinery. For example, I seem to remember from my chemistry classes that vibrations in a crystal lattice are random, but happen many times in a millisecond. We can "read" these vibrations even in a small sample of crystal, so why could we not use this as a speedy random sequence generator. If the number of vibrations in a millisecond (or less if you need) is even, you get a 0, odd you get a 1. Small crystals and the equipment to read their vibrations could then be installed in your desktop. I may be wrong with the specific example, but I am sure there are many random, small scale, fast phenomena that we know about now.
Sections 8.1-8.2, Due November 3
Difficult: I do not understand the difference between finding h(m) such that h(m)=y for a given y and finding m' such that h(m)=h(m'). It seems that in both cases, you will first need to decide that h(m)=y, and if you have that what is the point of finding a different m' with h(m')=y? Are we just trying to find a random input that would give an output that we do not know?
Reflective: While I do not see why you would want to find the alternate m', it is a neat idea. The book indicates that hash functions are usually used for electronic signatures. This seems to indicate that for some passwords, I would be able to enter a completely different password and have it work anyway! Does limiting the size of the input (as they do with passwords) help ensure that there is only one solution m such that h(m)=y to avoid duplicate passwords?
Reflective: While I do not see why you would want to find the alternate m', it is a neat idea. The book indicates that hash functions are usually used for electronic signatures. This seems to indicate that for some passwords, I would be able to enter a completely different password and have it work anyway! Does limiting the size of the input (as they do with passwords) help ensure that there is only one solution m such that h(m)=y to avoid duplicate passwords?
Subscribe to:
Posts (Atom)