ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Transcription

1 ECE 646 Lecture 5 Mathematical Background: Modular Arithmetic

2 Motivation: Public-key ciphers

3 RSA as a trap-door one-way function PUBLIC KEY message ciphertext M C = f(m) = M e mod N C M = f -1 (C) = C d mod N PRIVATE KEY N = P Q P, Q - large prime numbers e d 1 mod ((P-1)(Q-1))

4 RSA keys PUBLIC KEY PRIVATE KEY { e, N } { d, P, Q } P, Q: N: e: d: P, Q - large prime numbers N = P Q gcd(e, P-1) = 1 and gcd(e, Q-1) = 1 e d 1 mod ((P-1)(Q-1))

5 Mini-RSA keys PUBLIC KEY PRIVATE KEY { e, N } { d, P, Q } P, Q: N: P = 5 Q = 11 N = P Q = 55 e: gcd(e, 5-1) = 1 and gcd(e, 11-1) = 1 e=3 d: 3 d 1 mod 40 d=27

6 Mini-RSA as a trap-door one-way function PUBLIC KEY message ciphertext M=2 C = f(2) = 2 3 mod 55 = 8 C=8 M = f -1 (C) = 8 27 mod 55 = 2 PRIVATE KEY N = , 11 - prime numbers mod ((5-1)(11-1))

7 Basic definitions

8 General Notation Z integers - there exists - belongs to - for all! - there exists unique - does not belong to

9 Divisibility a b a divides b a is a divisor of b a b iff c Z such that b = c a a b a does not divide b a is not a divisor of b

10 True or False?

11 Prime vs. composite numbers An integer p 2 is said to be prime if its only positive divisors are 1 and p. Otherwise, p is called composite.

12 See Prime or composite? The Prime Pages: prime number research, records, and resources by Chris Caldwell

13 Greatest common divisor Greatest common divisor of a and b, denoted by gcd(a, b), is the largest positive integer that divides both a and b. d = gcd (a, b) iff 1) d a and d b 2) if c a and c b then c d

14 gcd (8, 44) = gcd (-15, 65) = gcd (45, 30) = gcd (31, 15) = gcd (0, 40) = gcd (121, 169) =

15 Relatively prime integers Two integers a and b are relatively prime or co-prime if gcd(a, b) = 1

16 Properties of the greatest common divisor gcd (a, b) = gcd (a-kb, b) for any k Z

17 Quotient and remainder Given integers a and n, n>0! q, r Z such that a = q n + r and 0 r < n q quotient r remainder (of a divided by n) q = a n = a div n r = a - q n = a = a mod n a n n =

18 32 mod 5 = -32 mod 5 =

19 Integers coungruent modulo n Two integers a and b are congruent modulo n (equivalent modulo n) written a b iff a mod n = b mod n or a = b + kn, k Z or n a - b

20 Laws of modular arithmetic

21 Rules of addition, subtraction and multiplication modulo n a + b mod n = ((a mod n) + (b mod n)) mod n a - b mod n = ((a mod n) - (b mod n)) mod n a b mod n = ((a mod n) (b mod n)) mod n

22 9 13 mod 5 = mod 26 =

23 Laws of modular arithmetic Regular addition a+b = a+c iff b=c Regular multiplication If a b = a c and a 0 then b = c Modular addition a+b a+c (mod n) iff b c (mod n) Modular multiplication If a b a c (mod n) and gcd (a, n) = 1 then b c (mod n)

24 Modular Multiplication: Example (mod 8) (mod 8) 3 7 (mod 8) x 6 x mod x 5 x mod

25 Algorithms

26 Euclid s Algorithm for computing gcd(a,b) i q i r i r i+1 = r i-1 mod r i q -1 q 0 q 1 r -2 = max(a, b) r -1 = min(a, b) r 0 r 1 q i = r i-1 r i t-1 t q t-1 r t-1 = gcd(a, b) r t =0 r i+1 = r i-1 - q i r i

27 Properties of the greatest common divisor gcd (a, b) = gcd (a-kb, b) = gcd(b, a-kb) for any k Z gcd (r i-1, r i ) = gcd(r i, r i-1 - q i r i ) = gcd(r i, r i+1 ) for any q i Z

28 Euclid s Algorithm Example: gcd(36, 126) i q i q -1 = 3 q 0 = 2 q 1 r i r -2 = max(a, b) =126 r -1 = min(a, b) =36 r 0 = 18 = gcd(36, 126) r 1 = 0 r i+1 = r i-1 mod r i q i = r i-1 r i r i+1 = r i-1 - q i r i

29 Multiplicative inverse modulo n The multiplicative inverse of a modulo n is an integer [!!!] x such that a x 1 (mod n) The multiplicative inverse of a modulo n is denoted by a -1 mod n (in some books a or a * ). According to this notation: a a -1 1 (mod n)

30 Extended Euclid s Algorithm (1) r i = x i a + y i n i q i r i x i y i q i = r i q -1 = n/a q 0 q 1 r -2 = n r -1 = a r 0 r 1 x -2 =0 x -1 =1 x 0 x 1 y -2 =1 y -1 =0 y 0 y 1 r i r i+1 = r i-1 - q i r i x i+1 = x i-1 - q i x i y i+1 = y i-1 - q i y i t-1 t q t-1 r t-1 r t =0 x t-1 x t y t-1 y t r t-1 = x t-1 a + y t-1 n

31 Extended Euclid s Algorithm (2) r t-1 = x t-1 a + y t-1 n r t-1 = x t-1 a + y t-1 n x t-1 a (mod n) If r t-1 = gcd (a, n) = 1 then x t-1 a 1 (mod n) and as a result x t-1 = a -1 mod n

32 Extended Euclid s Algorithm for computing z = a -1 mod n i q i r i x i q i = r i q -1 = n/a q 0 q 1 r -2 = n r -1 = a r 0 r 1 x -2 =0 x -1 =1 x 0 x 1 r i r i+1 = r i-1 - q i r i x i+1 = x i-1 - q i x i t-1 t q t-1 r t-1 = 1 r t =0 x t-1 = a -1 mod n x t = ±n Note: If r t-1 1 the inverse does not exist

33 Extended Euclid s Algorithm Example z = 20-1 mod 117 i q i r i x i q i = r i q -1 = 5 q 0 = 1 q 1 = 5 q 2 = 1 q 3 = 2 r -2 = 117 r -1 = 20 r 0 = 17 r 1 = 3 r 2 = 2 r 3 = 1 r 4 = 0 x -2 = 0 x -1 = 1 r i+1 = r i-1 - q i r i x 0 =-5 x i+1 = x i-1 - q i x i x 1 = 6 x 2 = -35 x 3 = 41 = 20-1 mod 117 x 4 = -117 r i Check: mod 117 = 1

34 Motivation Breaking ciphers

35 Key: Historical ciphers Affine Cipher Key = (k 1, k 2 ) k 1, k 2 [0, 25], gcd (k 1, 26)=1 Encryption transformation: c i = f(m i ) = k 1 m i + k 2 mod 26 Decryption transformation: m i = f -1 (c i ) = k -1 1 (c i - k 2 ) mod 26

36 Coding characters into numbers A 0 B 1 C 2 D 3 E 4 F 5 G 6 H 7 I 8 J 9 K 10 L 11 M 12 N 13 O 14 P 15 Q 16 R 17 S 18 T 19 U 20 V 21 W 22 X 23 Y 24 Z 25

37 Key: Historical ciphers Affine Cipher Example (1) Key = (k 1, k 2 ) = (3, 11) 3, 11 [0, 25], gcd (3, 26)=1 Encryption transformation: c i = f(m i ) = 3 m i + 11 mod 26 Decryption transformation: k -1 1 = 3-1 mod 26 = 9 because 3 9 mod 26 = 1 m i = f -1 (c i ) = 9 (c i - 11) mod 26

38 Historical ciphers Affine Cipher Example (2) coding encryption decoding N mod 26 = 24 Y S mod 26 = 13 N A mod 26 = 11 L

39 Historical ciphers Affine Cipher Example (3) coding decryption decoding Y 24 9 (24 11) mod 26 = 13 N N 13 9 (13 11) mod 26 = 18 S L 11 9 (11 11) mod 26 = 0 A

40 Ciphertext: Breaking the affine cipher (1) Step 1: Establish a relative frequency of letters in the ciphertext FMXVE DKAPH FERBN DKRXR SREFM ORUDS DKDVS HVUFE DKAPR KDLYE VLRHH RH A B C D E F G H I J K L M N O P Q R S T U V W X Y Z R - 8 D - 7 E, H, K - 5

41 Most frequent single letters Average frequency in a random string of letters: 1 = = 3.8% 26 Average frequency in a long English text: E 13% T, N, R, I, O, A, S 6%-9% D, H, L 3.5%-4.5% C, F, P, U, M, Y, G, W, V 1.5%-3% B, X, K, Q, J, Z < 1%

42 Breaking the affine cipher (2) Step 2: Assuming the relative frequency of letters in the corresponding message, derive the corresponding equations Assumption: Most frequent letters in the message: E and T Corresponding equations: E R T D f(e) = R f(t) = D f(4) = 17 f(19) = 3

43 Breaking the affine cipher (3) Step 3: Solving a set of equations for unknowns k 1 and k 2 f(4) = 17 f(19) = 3 4 k 1 + k 2 17 (mod 26) 19 k 1 + k 2 3 (mod 26) 15 k 1-14 (mod 26) 15 k 1 12 (mod 26)

44 Solving equations of the form a x b mod n (linear congruences) The equation a x b mod n has 1. one solution iff gcd(a, n) = 1 x = a -1 b (mod n) 2. no solutions iff d = gcd(a, n) 1, and d b 3. d solutions iff d = gcd(a, n) 1, and d b The solutions are x 0, x 0 + n/d, x n/d, x n/d,, x 0 + (d-1) n/d, where x 0 = (a/d) -1 (b/d) (mod n/d)

45 Solving equations of the form a x b mod n (linear congruences) Case 1: Case 2: 0 x n 0 n Case 3: n/d n/d x 0 0 n/d n