Introduction to Information Security Lecture 1: Introduction

1
Introduction to Information Security Lecture 1
Introduction Overview

• 2009. 6.

Prof. Kwangjo Kim
2
Contents
1. Lecture Overview 2. Basic terms 3. Quick
overview on information security 4. Basic
Number Theory
3
Lecture Overview
Objective This course introduces the fundamental
understanding on cryptography to apply for any
secure system including classical, symmetric and
asymmetric cryptosystem with mathematical
background. We also deal with the cryptographic
protocols and their applications. Experts in this
area will give a special talk on hot issues in
information security. After finishing this class,
the students can gain the general knowledge and
background on information security and
cryptography to execute advanced research.
Course Webpage http//caislab.icu.ac.kr/Lecture/da
ta/2009/summer/ice1212/
4
Overview

• Instructor Prof. Kwangjo Kim
• Assistant Zeen Kim
• Text Handouts
• References
• Wade Trappe, Lawrence C. Washington,
  Introduction to Cryptography with Coding
  Theory, 2nd Ed, 2005, Prentice Hall ISBN
  0-13-186239-1
• Richard A. Mollin, An Introduction to
  Cryptography, Chapman Hall/CRC, 2001, ISBN
  1-58488-127-5
• Grading Policy
• Midterm (35), Final (35), Quiz (10),
• HW (10), Attendance (10)

5
Homework (Programming) 1st Half Select one of
15 AES candidates after round 2 except Rijndael
and program it with your favorite language.
(Test encryption and decryption of given test
vector) Deadline 7/3, 2009 2nd Half Select
one of SHA-3 (round 1) candidates and program it
with your favorite language. (Test validation of
given test vector) Deadline 7/31, 2009
6
Schedule (1/2)
Week Topic Remark
1 Overview, Number Theory 6/16, TA
2 Algebra and Classical Ciphers 6/18, Prof. TA
3 Encryptions 6/23, Prof.
4 Digital Signatures 6/25, Prof.
5 Hash Functions 6/30, Prof. TA
6 Other Cryptographic Primitives 7/2, Prof.
7 Midterm 7/7 or 7/9
7
Schedule (2/2)
Week Topic Remark
8 Special Talk RFID/WSN Security 7/14, Hyunrok Lee
9 Special Talk Ubiquitous Security 7/16, Jangseong Kim
10 Special Talk Hacking and Malware 7/21, Hanyoung Noh and Sungbae Ji
11 Special Talk ID based cryptography 7/23, Zeen Kim
12 Special Talk E-passport and E-cash 7/28, Jeongkyu Yang
13 Special Talk Mobile Phone Security 7/30, Jaemin Park
14 Final Exam 8/4 or 8/6
8
1. Basic Terms
Lots of new terminologies in every new fields
9
What is Information Security?

• Data
• recording of something measured
• Raw material, just measured
• Information
• Information is the result of processing,
  manipulating and organizing data in a way that
  adds to the knowledge of the receiver.
• Processed data
• Knowledge
• Knowledge is normally processed by means of
  structuring, grouping, filtering, organizing or
  pattern recognition.
• Highly structured information

10
What is Information Security?

• Information Systems
• An integrated set of components for collecting,
  storing, processing, and communicating
  information.
• Business firms, other organizations, and
  individuals in contemporary society rely on
  information systems to manage their operations,
  compete in the marketplace, supply services, and
  augment personal lives.
• Information Revolution
• A phrase we use to refer to the dramatic changes
  taking place during the last half of the 20th
  century in which service jobs based on
  information are more common than jobs in
  manufacturing or agriculture.
• Information becomes more and more important than
  materials, resources.
• Competitiveness comes from information
• How much information do you have?

11
What is Information Security?

• Information Security (????, ????)
• Information security is the process of protecting
  information from unauthorized access, use,
  disclosure, destruction, modification, or
  disruption
• The protection of computer systems and
  information from harm, theft, and unauthorized
  use.
• Protecting the confidentiality, integrity and
  availability of information
• Information security is an essential
  infrastructure technology to achieve successful
  information-based society
• Highly information-based company without
  information security will lose competitiveness
• What kind of protection?
• Protecting important document / computer
• Protecting communication networks
• Protecting Internet
• Protection in ubiquitous world

12
Cryptology Cryptography Cryptanalysis

• Cryptography designing secure cryptosystems
• Cryptography (from the Greek kryptós and
  gráphein, to write) was originally the study of
  the principles and techniques by which
  information could be concealed in ciphers and
  later revealed by legitimate users employing the
  secret key.
• Cryptanalysis analyzing the security of
  cryptosystems
• Cryptanalysis (from the Greek kryptós and
  analýein, to loosen or to untie) is the
  science (and art) of recovering or forging
  cryptographically secured information without
  knowledge of the key.
• Cryptology science dealing with information
  security
• Science concerned with data communication and
  storage in secure and usually secret form. It
  encompasses both cryptography and cryptanalysis.

13
Cryptology

• Cryptography is a basic tool to implement
  information security
• Security goals
• Secrecy (confidentiality)
• Authentication
• Integrity
• Non-repudiation
• Verifiability
• More application-specific security goals
• Achieve these security goals using cryptography
• Without cryptography . ???

14
Secret Key vs. Public Key Systems

• Symmetric Key Cryptosystem
• Public Key Cryptosystem

15
Common Terms (1)

• Cryptography(????) The study of mathematical
  techniques related to aspects of information
  security
• Cryptanalysis(????) The study of mathematical
  techniques for attempting to defeat cryptographic
  techniques
• Cryptology(???) The study of cryptography and
  cryptanalysis
• Cryptosystem(?????) A general term referring to
  a set of cryptographic primitives used to provide
  information security
• Symmetric key primitives Public key primitives
• Steganography The method of concealing the
  existence of message
• Cryptography is not the only means of providing
  information security, but rather one set of such
  techniques (physical / human security)

16
Common Terms (2)

• Cipher Block cipher, Stream cipher, Public key
  cipher
• Plaintext/Cleartext (??), Ciphertext (???)
• Encryption/Encipherment(???)
• Decryption/Decipherment(???)
• Key (or Cryptographic key)
• Secret key
• Private key / Public key
• Hashing (??)
• Authentication (??)
• Message authentication
• User authentication
• Digital signature (????)

17
Attacks

• Attacks
• An efficient algorithm that, for a given
  cryptographic design, enables some protected
  elements of the design to be computed
  substantially quicker than specified by the
  designer.
• Finding overlooked and realistic threats for
  which the design fails
• Attacks on encryption algorithms
• Exhaustive search (brute force attack)
• Ciphertext-only attack
• Known-plaintext attack
• Chosen-plaintext attack
• Chosen-ciphertext attack

18
Security Threats

• Interruption/Denial of service
• Interception eavesdropping, wiretapping, theft
• Modification
• Fabrication/Forgery
• Unauthorized access
• Denial of facts

19
Security Services

• Security services
• A service that enhances information security
  using one or more security mechanisms
• Confidentiality/Secrecy (???) ? Interception
• Authentication (???) ? Forgery
• Integrity (???) ? Modification
• Non-repudiation (????) ? Denial of facts
• Access control (????) ? Unauthorized access
• Availability (???) ? Interruption

20
Security Needs for Network Communications
21
Security Mechanisms

• Security mechanism
• A mechanism designed to detect, prevent, or
  recover from a security attack
• Encryption
• Authentication
• Digital signature
• Key exchange
• Access control
• Monitoring Responding

22
Models for Evaluating Security

• Conditional vs. Unconditional Security
• Unconditional security
• Computational security
• Provable vs. Ad hoc Security
• Provable security
• Ad hoc security

23
Basic Number Theory
24
Introduction to Number Theory

• Prime and Relative Prime Numbers
• Modular Arithmetic
• Fermats and Eulers Theorem
• Testing for Primality
• Euclids Algorithm
• Chinese Remainder Theorem
• Discrete Logarithms

25
Divisors

• ba (b divides a, b is a divisor of a) if a
  kb for some k, where a, b, and k are integers,
  and b ? 0
• If a1, then a ?1
• If ab and ba, then a ?b
• Any b ? 0 divides 0
• If bg and bh, then b(mg nh) for arbitrary
  integers m and n

26
Prime Numbers

• An integer p gt 1 is a prime number if its only
  divisors are ?1 and ?p
• Prime Factorization
• Any integer agt1 can be factored in a unique way
  as
• a p1?1 p2?2 pt?t where p1 lt p2 lt lt pt
  are prime numbers and where each ?i gt 0
• If P is the set of all prime numbers, then any
  positive integer can be written uniquely in the
  following form
• The value of any positive integer can be
  specified by listing all nonzero exponents (ap)
• Multiplication of two numbers is equivalent to
  adding two corresponding exponents
• k mn ? kp mp np for all p
• ab ? ap ? bp for all p

27
Primes Under 2000
28
Relatively Prime Numbers

• Greatest common divisor
• c gcd(a, b) if ca and cb and ?d that divides
  a and b dc
• Equivalently, gcd(a, b) maxc ca and cb
• k gcd(a, b) ? kp min(ap, bp) for all p
• a and b are relatively prime if gcd(a, b) 1

29
Modular Arithmetic

• For any integer a and positive integer n, if a is
  divided by n, the following relationship holds
• a qn r 0 ? r ? n q ?a/n? (q quotient,
  r remainder or residue)
• If a is an integer and n is a positive integer, a
  mod n is defined to be the remainder when a is
  divided by n
• a ?a/n? ? n (a mod n)
• Two integers a and b are said to be congruent
  modulo n if (a mod n) (b mod n), and this is
  written a ? b mod n
• Properties of modulo operator
• a ? b mod n if n(a b)
• (a mod n) (b mod n) implies a ? b mod n
• a ? b mod n implies b ? a mod n
• a ? b mod n and b ? c mod n implies a ? c mod n

30
Modular Arithmetic Operations

• Modulo arithmetic operation over Zn 0, 1, ,
  n-1
• Properties
• (a mod n) (b mod n) mod n (a b) mod n
• (a mod n) ? (b mod n) mod n (a ? b) mod n
• (a mod n) ? (b mod n) mod n (a ? b) mod n

31
Properties of Modular Arithmetic

• Modulo arithmetic over Zn 0, 1, , n-1
  (called a set of residues of modulo n)
• Integers modulo n with addition and
  multiplication form a commutative ring
• Commutative laws (a b) mod n (b a) mod n
• (a ? b) mod n (b ? a) mod n
• Associative laws (a b) c mod n a (b
  c) mod n
• (a ? b) ? c mod n a ? (b ? c) mod n
• Distributive laws a ? (b c) mod n (a ? b)
  (a ? c) mod n
• Identities (a 0) mod n a mod n
• (a ? 1) mod n a mod n
• Additive inverse (-a) ?a ? Zn ?b s.t. a b ? 0
  mod n
• Multiplicative inverse (a-1) ?a (?0) ? Zn, if a
  is relative prime to n, ?b s.t. a ? b ?
  1 mod n
• If n is not prime, Zn is a ring, but not a field
• Zp is a field

32
Modular 7 Arithmetic
33
Groups, Rings, Fields

• Group
• A set of numbers with some addition operation
  whose result is also in the set (closure)
• Obeys associative law, has an identity, has
  inverses
• If also is commutative its an abelian group
• Ring
• An abelian group with a multiplication operation
  also
• Multiplication is associative and distributive
  over addition
• If multiplication is commutative, its a
  commutative ring
• e.g., integers mod N for any N
• Field
• An abelian group for addition
• A ring
• An abelian group for multiplication (ignoring 0)
• e.g., integers mod P where P is prime

34
Fermats Little Theorem

• If p is prime and a is a positive integer not
  divisible by p, then
• ap-1 ? 1 mod p
• Proof
• Start by listing the first p 1 positive
  multiples of a
• a, 2a, 3a, , (p-1)a
• Suppose that ra and sa are the same modulo p,
  then we have
• r ? s mod p, so the p-1 multiples of a above are
  distinct and nonzero that is, they must be
  congruent to 1, 2, 3, , p-1 in some order.
  Multiply all these congruences together and we
  find
• a ? 2a ? 3a ? ? (p-1)a ? 1 ? 2 ? 3 ? ? (p-1)
  mod p
• or better, ap-1(p-1)! ? (p-1)! mod p. Divide
  both side by (p-1)! to complete the proof
• Corollary
• If p is prime and a is any positive integer, then
• ap ? a mod p

35
Eulers Totient Function

• Eulers totient function ?(n) is the number of
  positive integers less than n (including 1) and
  relatively prime to n
• ?(p) p-1
• ?(1) 1 (Definition)
• Let p and q be distinct prime numbers, n pq.
  Then ?(pq) ?(p)?(q) (p-1)(q-1)
• Proof
• Consider Zn 0, 1, , pq-1
• The residues not relatively prime to n are 0, p,
  2p, , (q-1)p, and q, 2q, , (p-1)q
• So ?(pq) pq - (1 (q-1) (p-1)) pq - p - q
  1 (p-1)(q-1)

36
Eulers Totient Function
37
Eulers Theorem

• Generalization of Fermats little theorem
• For every a and n that are relatively
  prime, a?(n) ? 1 mod n
• Proof
• The proof is completely analogous to that of the
  Fermat's Theorem except that instead of the set
  of residues 1,2,...,n-1 we now consider the set
  of residues x1,x2,...,x?(n) which are
  relatively prime to n. In exactly the same manner
  as before, multiplication by a modulo n results
  in a permutation of the set x1, x2, ..., x?(n).
  Therefore, two products are congruent
• x1x2 ... x?(n) ? (ax1)(ax2) ... (ax?(n)) mod n
• dividing by the left-hand side proves the
  theorem.
• Corollary
• a?(n)1 ? a mod n

38
Eulers Theorem

• Corollaries
• Given two prime numbers, p and q, and integers n
  pq and m, with 0ltmltn,
• m?(n)1 m(p-1)(q-1)1 ? m mod n
• (Demonstrate the validity of the RSA
  algorithm)
• mk?(n) ? 1 mod n
• mk?(n)1 ? m mod n

39
Testing for Primality (Miller-Ravins)

• Miller-Ravin primality test
• Can be used to determine if a large number is
  prime
• Based on the following theorem
• If p is an odd prime, then the equation
• x2 1 (mod p)
• has only two solutions namely, x 1 (mod p)
  and x ?1 (mod p)
• Proof
• Omitted
• If there exist solutions to x2 1 (mod n) other
  than ? 1, then n is not prime

40
Modular Exponentiation

• An efficient way to compute ab mod n
• Repeated squaring
• Computes ac mod n as c is
• increased from 0 to b
• Each exponent computed
• in a sequence is either twice
• the previous exponent or
• one more than the previous
• exponent
• Each iteration of the loop
• uses one of the identities
• a2c mod n (ac)2 mod n,
• a2c1 mod n a ? (ac)2 mod n
• depending on whether bi 0 or 1
• Just after bit bi is read and processed, the
  value of c is the same as the prefix bkbk-1bi
  of the binary representation of b
• Variable c is not needed (included just for
  explanation)

• Modular-Exponentiation(a, b, n)
• c ? 0
• d ? 1
• let bkbk-1b0 be the binary representation of b
• for i ? k downto 0
• do c ? 2c
• d ? (d ? d) mod n
• if bi 1
• then c ? c 1
• d ? (d ? a) mod n
• return d

41
Modular Exponentiation - Example

• Modular-Exponentiation(a, b, n)
• c ? 0
• d ? 1
• let bkbk-1b0 be the binary representation of b
• for i ? k downto 0
• do c ? 2c
• d ? (d ? d) mod n
• if bi 1
• then c ? c 1
• d ? (d ? a) mod n
• return d

• Example
• Result of Modular-Exponentiation algorithm for ab
  mod n, where a 7, b 560 1000110000, n
  561. The values are shown after each execution of
  the for loop

42
Testing for Primality (Miller-Ravins)

• Core algorithm is WITNESS(a, n)
• n inputs to WITNESS, to be tested for
  primality,
• a some randomly chosen integer, 1 ? a lt n
• WITNESS(a, n) is TRUE if and only if a is a
  witness to the compositeness of n that is, if
  it is possible using a to prove that n is
  composite
• If WITENSS returns FALSE, then n may be prime

• WITNESS (a, n)
• let bkbk-1b0 be the binary rep. of (n-1)
• d ? 1
• for i ? k downto 0
• do x ? d
• d ? (d ? d) mod n
• if d 1 and x ? 1 and x ? n 1
• then return TRUE
• if bi 1
• then d ? (d ? a) mod n
• if d ? 1
• then return TRUE
• return FALSE

43
Testing for Primality (Miller-Ravins)

• WITNESS (a, n)
• let bkbk-1b0 be the binary rep. of (n-1)
• d ? 1
• for i ? k downto 0
• do x ? d
• d ? (d ? d) mod n
• if d 1 and x ? 1 and x ? n 1
• then return TRUE
• if bi 1
• then d ? (d ? a) mod n
• if d ? 1
• then return TRUE
• return FALSE

44
Testing for Primality (Miller-Ravins)

• Miller-Ravin Primaility Test
• Probabilistic search
• Repeatedly invoke s times WITNESS(n,a) using
  randomly chosen values for a, if return false,
  then the probability that n is prime is at least
  1 2-s

• MILLER_RAVIN (n, s)
• for j ? 1 to s
• do a ? RANDOM(1, n-1)
• if WITNESS(a, n)
• then return COMPOSITE
• return PRIME

45
Euclids Algorithm Finding GCD

• Based on the following theorem
• gcd(a, b) gcd(b, a mod b)
• Proof
• If d gcd(a, b), then da and db
• For any positive integer b, a kb r r mod b,
  a mod b r
• a mod b a kb (for some integer k)
• because db, dkb
• because da, d(a mod b)
• ? d is a common divisor of b and (a mod b)
• Conversely, if d is a common divisor of b and (a
  mod b), then dkb and d kb(a mod b)
• d kb(a mod b) da
• ? Set of common divisors of a and b is equal to
  the set of common divisors of b and (a mod b)
• ex) gcd(18,12) gcd(12,6) gcd(6,0) 6
• gcd(11,10) gcd(10,1) gcd(1,0) 1

46
Euclids Algorithm Finding GCD

• Recursive algorithm
• Function Euclid (a, b) / assume a ? b ? 0 /
• if b 0 then return a
• else return Euclid(b, a mod b)
• Iterative algorithm
• Euclid(d, f) / assume d gt f gt 0 /
• 1. X ? d Y ? f
• 2. if Y0 return X gcd(d, f)
• 3. R X mod Y
• 4. X ? Y
• 5. Y ? R
• 6. goto 2

47
Euclids Alg. Finding Multiplicative Inverse

• If gcd(d, f) 1, d has a multiplicative inverse
  modulo f
• Euclids algorithm can be extended to find the
  multiplicative inverse
• In addition to finding gcd(d, f), if the gcd is
  1, the algorithm returns multiplicative inverse
  of d (modulo f)

• Extended Euclid(d, f)
• (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
  d)
• If Y3 0 return X3 gcd(d, f) no inverse
• If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
• Q ?X3/Y3?
• (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
• (X1, X2, X3) ? (Y1, Y2, Y3)
• (Y1, Y2, Y3) ? (T1, T2, T3)
• goto 2

48
Euclids Alg. Finding Multiplicative Inverse

• Extended Euclid(d, f)
• (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
  d)
• If Y3 0 return X3 gcd(d, f) no inverse
• If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
• Q ?X3/Y3?
• (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
• (X1, X2, X3) ? (Y1, Y2, Y3)
• (Y1, Y2, Y3) ? (T1, T2, T3)
• goto 2

Note Always f ? Y1 d ? Y2 Y3
49
Chinese Remainder Theorem

• Let M m1 ? m2 ? m3 ? ? mk, where mis are
  pairwise relatively prime, i.e., gcd(mi, mj) 1,
  1 i?j k
• Assertion
• A ? (a1, a2,..,ak), where A ? ZM, ai ? Zmi, and
  ai A mod mi for 1 i k
• One to one correspondence(bijection) between ZM
  and the Cartesian product Zm1 ? Zm2 ? . ? Zmk
• For every integer A such that 0 A lt M, there is
  a unique k-tuple (a1, a2,..,ak) with 0 ai lt
  mi
• For every such k-tuple (a1, a2,..,ak), there is
  a unique A in ZM
• Transformation from A to (a1, a2,..,ak) is
  unique
• Computing A from (a1, a2,..,ak) is done as
  follows
• Let Mi M/mi for 1 i k, i.e., Mi m1 ? m2 ?
  ? mi-1 ? mi1 ? ? mk
• Note that Mi 0 (mod mj) for all j ? i
• Let ci Mi x (Mi-1 mod mi) for 1 i k
• Then A (a1c1 a2c2 akck) mod M
• ? ai A mod mi, since cj Mj 0 (mod mi) if j?
  i and ci 1 (mod mi)

50
Chinese Remainder Theorem

• Operations performed on the elements of ZM can be
  equivalently performed on the corresponding
  k-tuples by performing the operation
  independently in each coordinate position
• ex) A ? (a1, a2, ... ,ak), B ? (b1, b2, ,bk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
  bk) mod mk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
  bk) mod mk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
  bk) mod mk)
• CRT provides a way to manipulate (potentially
  large) numbers mod M in term of tuples of smaller
  numbers

51
Chinese Remainder Theorem

• Example
• Let m1 37, m2 49, M m1 ? m2 1813, A 973
• M1 49, M2 37
• Using the extended Euclids alg. M1-1 34 mod m1
  and M2-1 4 mod m2
• Taking residues modulo 37 and 49, 973 ? (11,
  42)
• Suppose we want to add 678 to 973
• 678 ? (12, 41)
• Add the tuples element-wise ? (1112 mod 37,
  4241 mod 49) (23, 34)
• To verify, we compute
• (23, 34) ? (a1c1 a2c2) mod M (a1M1M1-1
  a2M2M2-1 ) mod M
• (23)(49)(34) (34)(37)(4) mod 1813 1651
• which is equal to (678 973) mod 1813 1651

52
Discrete Logarithms

• Consider the powers of an integer a, modulo n
• a mod n, a2 mod n, a3 mod n, , am mod n,
• The least positive exponent m for which am 1
  mod n is referred to
• The order of a (mod n)
• The exponent to which a belongs (mod n)
• The length of the period generated by a
• If a and m are relatively prime, there is at
  least one integer m that satisfies am 1 mod n,
  namely m ?(n)
• If a, a2, , a?(n) are distinct (mod n) and all
  are relatively prime to n, a is called a
  primitive root (generator)
• In particular, for a prime number p, if a is a
  primitive root of p, then a, a2, , ap-1 are
  distinct
• Not all integers have primitive roots. The only
  integers with primitive roots are those of the
  form 2, 4, p?, and 2p?, where p is any odd prime

53
Powers of Integers, modulo 19
54
Discrete Logarithms - Indices

• For any integer b and primitive root a of prime
  number p, there is a unique exponent i s.t.
• b ai mod p where 0 i (p-1)
• This exponent i is referred to as the index of
  the number b for the base a (mod p), and denoted
  as inda,p(b)
• inda,p(1) 0, (a0 mod p 1 mod p 1)
• inda,p(a) 1, (a1 mod p a)
• Example
• Ind2,19(a)

55
Derivation of Indices (Discrete Logarithms)

• By def. of indices, x ainda,p(x) mod p, y
  ainda,p(y) mod p, xy ainda,p(xy) mod p
• Using the rules of modular multiplication,
  ainda,p(xy) mod p (ainda,p(x) mod p)(ainda,p(y)
  mod p) (ainda,p(x)inda,p(y)) mod p
• Eulers theorem state that for every a and n that
  are relatively prime, a?(n) 1 mod n
• Any positive integer z can be expressed in the
  form z q k?(n). Therefore, by Eulers
  theorem az aq mod n if z q mod ?(n)
• ? inda,p(xy) inda,p(x) inda,p(y) mod ?(p)
• ? inda,p(yr) r ? inda,p(y) mod ?(p)
• Demonstrates the analogy between true logarithms
  and indices. Indices often referred to as
  discrete logarithms

56
Tables of Discrete Logarithms, modulo 19
57
Discrete Logarithms

• Calculation of Discrete Logarithms
• y gx mod p
• Given g, x, p, it is a straightforward matter to
  calculate y
• Given g, y, p, it is very difficult to calculate
  to x (discrete logarithm)
• The difficulty seems to be on the same order as
  that of factoring primes required for RSA
• Time complexity O(e((ln p)1/3 ln(ln p))2/3)