Adding files for *all* other attacks.

Move some information from the paper notes that I have always with me to the
respective files of this project.

book/conclusions.tex

@@ -0,0 +1,7 @@
+\chapter{Epilogue}
+
+This project led to this this this that
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority"
+%%% End:

book/dixon.tex

@@ -1 +1,8 @@
-\chapter{Dixon}
+\chapter{Dixon}
+
+dixon!
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority"
+%%% End:

book/pollard+1.tex

@@ -0,0 +1,7 @@
+\chapter{Pollard's $p+1$ factorization method}
+
+pollard!
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority"
+%%% End:

book/pollardrho.tex

@@ -0,0 +1,7 @@
+\chapter{Pollard's $\rho$ factorization method}
+
+$\rho$!
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority"
+%%% End:

book/preface.tex

@@ -1,11 +1,22 @@
 \chapter{Preface}
 
-Even if RSA's keypair generation algorithms is simple and fairly
+Even if the basic RSA keypair generation algorithm is fairly
 straightforward, it turns out that any software willing to provide such a
 feature does have to test the pair candidate against a substantious number of
 tests before claiming its security.
 
-The purpose of this project is to
+The purpose of this project is to examine the TLS protocol, study in deep the
+\openssl library, and survey some of the attacks to which a bad key generation
+is exposed. On the footprint of ~\cite{20years}, we which already analyzed most
+of these, we are going to describe the mathematical basis of each attack, and
+then proceed further reasoning about a clever, possibly optimal, solution in
+procedural programming; finally, we are trying to think about a distributed
+version of it.
+
+Besides the pseudocode already available in this document, the project led to the
+development of a real, open, C implementation consultable at
+\small{\url{https://github.com/mmaker/bachelor}}.
+
 %%% Local Variables:
 %%% mode: latex
 %%% TeX-master: "question_authority"

book/question_authority.tex

@@ -10,17 +10,17 @@
 \usepackage{amsfonts}
 \usepackage{amssymb}
 \usepackage{amsthm}
-\usepackage{cite}
+\usepackage{cancel}
 \usepackage[dvips]{color}
 \usepackage{epigraph}
 \usepackage{fancyhdr}
 \usepackage{graphicx}
+\usepackage{hyperref}
 \usepackage{indentfirst}
 \usepackage{mathtools}
 \usepackage{minted}
 \usepackage{makeidx,shortvrb,latexsym}
 \usepackage{supertabular}
-%\usepackage{algorithmic}
 %\usepackage{xypic}
 %% setting epigraphs
 
@@ -40,32 +40,23 @@
 
 \newcommand{\naturalN}{\mathbb{N}}
 \newcommand{\naturalPrime}{\mathbb{P}}
+\newcommand{\integerZ}{\mathbb{Z}}
 \newcommand{\bigO}[1]{\ensuremath{\operatorname{O}\left(#1\right)}}
 \newcommand{\openssl}{\textsc{OpenSSL}\ }
 \newcommand{\dsqrt}[1]{\ensuremath{sqrt(#1)}}
 \newcommand{\idiv}{\ensuremath{//}}
 \newcommand{\strong}[1]{\textbf{#1}}
+\newcommand{\eulerphi}[1]{\varphi(#1)}
+\newcommand{\abs}[1]{\left|#1\right|}
+\newcommand{\rfrac}[2]{{}^{#1}\!/_{#2}}
 
 %% Optional custom shortcuts commands.
 \usepackage{braket}
-\newenvironment{sistema}
-  {\left\lbrace\begin{array}{@{}l@{}}}
-  {\end{array}\right.}
-\newcommand{\dimo}{\noindent\textit{Dimostrazione.}\\}
-\newtheorem{teo}[thm]{Teorema}
 \newcommand{\pe}{\mathbb{P}_{\mathrm{E}}}
 \newcommand{\pme}{\mathbb{P}_{\mathrm{ME}}}
 \newcommand{\primary}{\blacktriangle}
 \newcommand{\secondary}{{\blacktriangle\!}^{\! \! +}}
 \newcommand{\MM}{\mathcal{M}}
-%\newtheorem{teo}[thm]{Teorema}
-\newtheorem{proposizione}[thm]{Proposizione}
-\newtheorem{corollario}[thm]{Corollario}
-\newtheorem{fatto}[thm]{Fatto}
-\newtheorem{definizione}[thm]{Definizione}
-%\newtheorem{lemma}[thm]{Lemma}
-\newtheorem{osservazione}[thm]{Osservazione}
-\newtheorem{esempio}[thm]{Esempio}
 \newcommand{\DP}{{\D\!}^{\! \! +}}
 \newcommand{\D}{\Delta}
 \newcommand{\Fq}{ \mathbb{F}_{q}}
@@ -173,27 +164,23 @@ $\square$
   \includegraphics[width=80pt]{kopimi.png}
 \end{figure}
 \include{preface}
+
 \part{Prequisites}
 \include{ssl_prequisites}
 \include{math_prequisites}
+
 \part{Factorization Methods}
 \include{fermat}
 \include{wiener}
+\include{pollard-1}
+\include{pollard+1}
+\include{pollardrho}
+
+\include{conclusions}
 
-%\include{chap3}
-%\include{chap5}
-%\part{}
-%\include{chap5}
-%\include{chap6}
-%\part{}
-%\include{chap8}
-%\include{chap7}
-%
-%\part{Appendice }
-%\include{appendice}
 \backmatter
-\bibliography{library.bib}
-\bibliographystyle{plain}
+%%\bibliographystyle{ieeetr}
+\bibliography{library}
 \clearpage
 \addcontentsline{toc}{chapter}{Bibliography}
 \end{document}

book/ssl_prequisites.tex

@@ -1,6 +1,52 @@
-\chapter{The Secure Socket Layer \label{chap:ssl}}
+\chapter{The Secure Layer \label{chap:ssl}}
 
+Transport Layer Security, formerly known as SSL (Secure Socket Layer), aims
+to bring some security features over a communication channel, specifically
+providing \strong{integrity} and \strong{confidentiality} of the message, \strong{authenticity} of the server and
+optionally the client.
+%% fuck osi layers: there is no code explicitly structuring the internet in 7
+%% layers.
+The most allocate TLS in the 6 or 7th OSI Layer, ``Application'', and is nowdays widely adopted
+all over the world, being the de-facto standard for end-to-end  encryption.
+
+\paragraph{Certifications Authority} are at the root of the security of the
+protocol. See section ~\ref{sec:ssl:x509}
+
+\paragraph{The protocol} is actually composed of many sub-protocols:
+
+\begin{itemize}
+\item handshake protocol
+\item record protocol
+\item alert protocol
+\item changespec protocol ?
+\end{itemize}
+We will proceed by describing in deep only the first two of these, due to their
+relevant role inside the conection and furthermore, because they are the only
+two we actually made use of during our investigations.
+
+
+\section{The \texttt{handshake} protocol}
+Different options:
+\begin{itemize}
+\item no session
+\item session
+\item client authenticaton
+\end{itemize}
+
+
+\section{The \texttt{record} protocol}
+
+Until 2005, failure to authenticate, decrypt will result in I/O error and a
+close of the connection
+
+\section{What's inside a certificate \label{sec:ssl:x509}}
+
+\section{Remarks among SSL/TLS versions}
 
 cos'e
 differenze tra le varie versioni
-la certification autority
+la certification autority
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority.tex"
+%%% End:

book/wiener.tex

@@ -1,27 +1,44 @@
 \chapter{Wiener's Attack}
 
-\section{Bombelli's Algoritm}
-
-%% cuz python is pseudocode.
-\begin{minted}[fontsize=\small]{python}
-  def intsqrt(a):
-    i = 0
-    while a > 0:
-        g[i] = a % 100
-        a /= 100
-        i += 1
-
-    x = 0
-    r = 0
-    for j in range(L-1, -1, -1):
-        r = r*100 + g[j]
-        y = 0
-        for d in range(1, 10):
-            yn = d*(20*x + d)
-            if yn < r: y = yn
-            else: break
-        r -= y
-        x = 10*x + d-1
-    return (x, r)
-\end{minted}
-Has complexity $O(\log ^2 n)$.
+Wiener's attack was first published in 1989 as a result of cryptanalysis on the
+use of short RSA secret keys ~\cite{wiener}. It exploited the fact that it is
+possible to find the private key in \emph{polynomial time} using continued fractions
+expansions whenever a good estimate of the fraction $\frac{e}{N}$ is known.
+More specifically, given $d < \frac{1}{3} ^{4}\sqrt{N}$ one can efficiently
+recover $d$ only knowing $\angular{N, e}$.
+\section{A small digression into continued fractions}
+
+\section{The actual attack}
+
+
+As we saw in ~\ref{sec:preq:rsa}, by contruction the two exponents are such that
+$ed \equiv 1 \pmod{\varphi(N)}$. This implies that there exists a
+$k \in \naturalN \mid ed = k\varphi(N) + 1$. But, this can be formalized to be
+the same problem ...: %% decribed in the preceeding section XXX.
+\begin{align*}
+  ed = k\varphi(N) + 1 \\
+  \abs{\frac{ed - k\eulerphi{N}}{d\eulerphi{N}}} = \frac{1}{d\eulerphi{N}} \\
+  \abs{\frac{e}{\eulerphi{N}} - \frac{k}{d}} = \frac{1}{d\eulerphi{N}} \\
+\end{align*}
+
+Now we proceed by substituting $\eulerphi{N}$ with $N$, since for large $N$, one
+approximates the other. We consider also the difference of the two, limited by
+$\abs{\cancel{N} + p + q - 1 - \cancel{N}} < 3\sqrt{N}$.
+For the last step, remember that $k < d < \rfrac{1}{3} {}^4\sqrt{N}$:
+
+\begin{align*}
+  \abs{\frac{e}{N} - \frac{k}{d}} &= \abs{\frac{ed - kN}{Nd}} \\
+  &= \abs{\frac{\cancel{ed} -kN - \cancel{k\eulerphi{N}} + k\eulerphi{N}}{Nd}} \\
+  &= \abs{\frac{1-k(N-\eulerphi{N})}{Nd}} \\
+  &\leq \abs{\frac{3k\sqrt{N}}{Nd}}
+  = \frac{3k}{d\sqrt{N}}
+  < \frac{3(\rfrac{1}{3} {}^4\sqrt{N})}{d\sqrt{N}}
+  = \frac{1}{d{}^4\sqrt{N}}
+\end{align*}
+
+\section{Again on the engine™}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: "question_authority"
+%%% End: