CPSC 467: Cryptography and Computer Security


 Bridget Anthony
 3 years ago
 Views:
Transcription
1 CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47
2 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory Quotient, remainder, and mod The mod relation GCD Multiplicative subgroup of Z n Discrete Logarithm CPSC 467, Lecture 9 2/47
3 Fast Exponentiation Algorithms CPSC 467, Lecture 9 3/47
4 Modular exponentiation The basic operation of RSA is modular exponentiation of big numbers, i.e., computing m e mod n for big numbers m, e, and n. The obvious way to compute this would be to compute first t = m e and then compute t mod n. This has two serious drawbacks. CPSC 467, Lecture 9 4/47
5 Computing m e the conventional way is too slow The simple iterative loop to compute m e requires e multiplications, or about operations in all. This computation would run longer than the current age of the universe (which is estimated to be 15 billion years). Assuming one loop iteration could be done in one microsecond (very optimistic seeing as each iteration requires computing a product and remainder of big numbers), only about iterations could be performed per year, and only about iterations in the lifetime of the universe. But , far less than e 1. CPSC 467, Lecture 9 5/47
6 The result of computing m e is too big to write down. The number m e is too big to store! This number, when written in binary, is about bits long, a number far larger than the number of atoms in the universe (which is estimated to be only around ). CPSC 467, Lecture 9 6/47
7 Controlling the size of intermediate results The trick to get around the second problem is to do all arithmetic modulo n, that is, reduce the result modulo n after each arithmetic operation. The product of two length l numbers is only length 2l before reduction mod n, so in this way, one never has to deal with numbers longer than about 2048 bits. Question to think about: Why is it correct to do this? CPSC 467, Lecture 9 7/47
8 Efficient exponentiation The trick to avoiding the first problem is to use a more efficient exponentiation algorithm based on repeated squaring. For the special case of e = 2 k, one computes m e mod n as follows: m 0 = m m 1 = (m 0 m 0 ) mod n m 2 = (m 1 m 1 ) mod n Clearly, m i = m 2i mod n for all i.. m k = (m k 1 m k 1 ) mod n. CPSC 467, Lecture 9 8/47
9 Combining the m i for general e For values of e that are not powers of 2, m e mod n can be obtained as the product modulo n of certain m i s. Express e in binary as e = (b s b s 1... b 2 b 1 b 0 ) 2. Then e = i b i2 i, so m e = m i b i 2 i = m b i 2 i = (m 2i ) b i = m i. i i i : b I =1 Since each b i {0, 1}, we include exactly those m i in the final product for which b i = 1. Hence, m e mod n = m i mod n. i : b I =1 CPSC 467, Lecture 9 9/47
10 Towards greater efficiency It is not necessary to perform this computation in two phases. Rather, the two phases can be combined together, resulting in slicker and simpler algorithms that do not require the explicit storage of the m i s. We give both a recursive and an iterative version. They re both based on the identities 1 { (m 2 m e ) e/2 if e is even; = (m 2 ) e/2 m if e is odd; 1 e/2 is the greatest integer less than or equal to e/2. CPSC 467, Lecture 9 10/47
11 A recursive exponentiation algorithm Here is a recursive version written in C notation, but it should be understood that the C programs only work for numbers smaller than To handle larger numbers requires the use of big number functions. /* computes m^e mod n recursively */ int modexp( int m, int e, int n) { int r; if ( e == 0 ) return 1; /* m^0 = 1 */ r = modexp(m*m % n, e/2, n); /* r = (m^2)^(e/2) mod n */ if ( (e&1) == 1 ) r = r*m % n; /* handle case of odd e */ return r; } CPSC 467, Lecture 9 11/47
12 An iterative exponentiation algorithm This same idea can be expressed iteratively to achieve even greater efficiency. /* computes m^e mod n iteratively */ int modexp( int m, int e, int n) { int r = 1; while ( e > 0 ) { if ( (e&1) == 1 ) r = r*m % n; e /= 2; m = m*m % n; } return r; } CPSC 467, Lecture 9 12/47
13 Correctness The loop invariant is e > 0 (m e 0 0 mod n = rme mod n) (1) where m 0 and e 0 are the initial values of m and e, respectively. Proof of correctness: It is easily checked that (1) holds at the start of each iteration. If the loop exits, then e = 0, so r mod n is the desired result. Termination is ensured since e gets reduced during each iteration. CPSC 467, Lecture 9 13/47
14 A minor optimization Note that the last iteration of the loop computes a new value of m that is never used. A slight efficiency improvement results from restructuring the code to eliminate this unnecessary computation. Following is one way of doing so. /* computes m^e mod n iteratively */ int modexp( int m, int e, int n) { int r = ( (e&1) == 1 )? m % n : 1; e /= 2; while ( e > 0 ) { m = m*m % n; if ( (e&1) == 1 ) r = r*m % n; e /= 2; } return r; } CPSC 467, Lecture 9 14/47
15 Number Theory Needed for RSA CPSC 467, Lecture 9 15/47
16 Number theory overview In this and following sections, we review some number theory that is needed for understanding RSA. I will provide only a highlevel overview. Further details are contained in course handouts and the textbooks. CPSC 467, Lecture 9 16/47
17 Barebones definitions The following definitions apply to the RSA parameters. p, q are distinct large primes of roughly the same length. n = pq. Z n = {0, 1,..., n 1}. φ(n) = (p 1)(q 1). [φ is Euler s totient function.] Z n are the numbers in Z n that are relatively prime to n (that is, not divisible by either p or q, which is most of them). Fact: Z n = φ(n). CPSC 467, Lecture 9 17/47
18 Example: Small RSA p = 11, q = 13. n = p q = 143. Z 143 = {0, 1, 2,..., 141, 142}. φ(143) = (p 1)(q 1) = = 120. Z 143 = Z 143 M 11 M 13, where M 11 = {0, 11, 22, 33, 44, 55, 66, 77, 88, 99, 110, 121, 132}, M 13 = {0, 13, 26, 39, 52, 65, 78, 91, 104, 117, 130}. Z 143 = Z 143 M 11 M 13 + M 11 M 13 = = 120 = φ(143). CPSC 467, Lecture 9 18/47
19 Summary of what is needed Here s a summary of the number theory needed to understand RSA and its associated algorithms. Greatest common divisor, Z n, modn, φ(n), Z n, and how to add, subtract, multiply, and find inverses mod n. Euler s theorem: a φ(n) 1 (mod n) for a Z n. How to generate large prime numbers: density of primes and testing primality. CPSC 467, Lecture 9 19/47
20 Generating the RSA modulus To generate an RSA modulus n, we find primes p and q of the desired lengths and compute n = pq. To find a large prime, repeatedly choose numbers of the desired length and test each for primality. We must show that the density of primes is large enough for this procedure to be feasible. CPSC 467, Lecture 9 20/47
21 Finding the RSA key pair The RSA key pair (e, d) is chosen to satisfy the modular equation ed 1 (mod φ(n)). To find (e, d): 1. Choose random e Z φ(n). Do this by repeatedly choosing e at random from Z φ(n) and using gcd to test membership in Z φ(n). 2. Solve the modular equation ed 1 (mod φ(n)) for d. Using Euler s theorem, we can show m ed m (mod n) for all m Z n. This implies D d (E e (m)) = m. To show that decryption works even in the rare case that m Z n Z n requires some more number theory that we will omit. CPSC 467, Lecture 9 21/47
22 Elementary Number Theory CPSC 467, Lecture 9 22/47
23 Quotient, remainder, and mod Quotient and remainder Theorem (division theorem) Let a, b be integers and assume b > 0. There are unique integers q (the quotient) and r (the remainder) such that a = bq + r and 0 r < b. Write the quotient as a b and the remainder as a mod b. Then a = b (a b) + (a mod b). Equivalently, a mod b = a b (a b). a b = a/b. 2 2 Here, / is ordinary real division and x, the floor of x, is the greatest integer x. In C, / is used for both and / depending on its operand types. CPSC 467, Lecture 9 23/47
24 Quotient, remainder, and mod The mod operator for negative numbers When either a or b is negative, there is no consensus on the definition of a mod b. By our definition, a mod b is always in the range [0... b 1], even when a is negative. Example, ( 5) mod 3 = ( 5) 3 (( 5) 3) = 5 3 ( 2) = 1. CPSC 467, Lecture 9 24/47
25 Quotient, remainder, and mod The mod operator % in C In the C programming language, the mod operator % is defined differently, so (a % b) (a mod b) when a is negative and b is positive. The C standard defines a % b to be the number r satisfying the equation (a/b) b + r = a, so r = a (a/b) b. C also defines a/b to be the result of rounding the real number a/b towards zero, so 5/3 = 1. Hence, 5 % 3 = 5 ( 5/3) 3 = = 2. CPSC 467, Lecture 9 25/47
26 Quotient, remainder, and mod Divides We say that b divides a (exactly) and write b a in case a mod b = 0. Fact If d (a + b), then either d divides both a and b, or d divides neither of them. To see this, suppose d (a + b) and d a. Then by the division theorem, a + b = dq 1 and a = dq 2 for some integers q 1 and q 2. Substituting for a and solving for b, we get b = dq 1 dq 2 = d(q 1 q 2 ). But this implies d b, again by the division theorem. CPSC 467, Lecture 9 26/47
27 The mod relation The mod relation We just saw that mod is a binary operation on integers. Mod is also used to denote a relationship on integers: a b (mod n) iff n (a b). That is, a and b have the same remainder when divided by n. An immediate consequence of this definition is that a b (mod n) iff (a mod n) = (b mod n). Thus, the two notions of mod aren t so different after all! We sometimes write a n b to mean a b (mod n). CPSC 467, Lecture 9 27/47
28 The mod relation Mod is an equivalence relation The twoplace relationship n is an equivalence relation. Its equivalence classes are called residue classes modulo n and are denoted by [b] n = {a a b (mod n)} or simply by [b]. For example, if n = 7, then [10] = {... 11, 4, 3, 10, 17,...}. Fact [a] = [b] iff a b (mod n). CPSC 467, Lecture 9 28/47
29 The mod relation Canonical names If x [b], then x is said to be a representative or name of the equivalence class [b]. Obviously, b is a representative of [b]. Thus, [ 11], [ 4], [3], [10], [17] are all names for the same equivalence class. The canonical or preferred name for the class [b] is the unique integer in [b] {0, 1,..., n 1}. Thus, the canonical name for [10] is 10 mod 7 = 3. CPSC 467, Lecture 9 29/47
30 The mod relation Mod is a congruence relation The relation n is a congruence relation with respect to addition, subtraction, and multiplication of integers. Fact For each arithmetic operation {+,, }, if a a (mod n) and b b (mod n), then a b a b (mod n). The class containing the result of a b depends only on the classes to which a and b belong and not the particular representatives chosen. Hence, we can perform arithmetic on equivalence classes by operating on their names. CPSC 467, Lecture 9 30/47
31 GCD Greatest common divisor Definition The greatest common divisor of two integers a and b, written gcd(a, b), is the largest integer d such that d a and d b. gcd(a, b) is always defined unless a = b = 0 since 1 is a divisor of every integer, and the divisor of a nonzero number cannot be larger (in absolute value) than the number itself. Question: Why isn t gcd(0, 0) well defined? CPSC 467, Lecture 9 31/47
32 GCD Computing the GCD gcd(a, b) is easily computed if a and b are given in factored form. Namely, let p i be the i th prime. Write a = p e i i Then gcd(a, b) = p min(e i,f i ) i. Example: 168 = and 450 = , so gcd(168, 450) = 2 3 = 6. and b = p f i i. However, factoring is believed to be a hard problem, and no polynomialtime factorization algorithm is currently known. (If it were easy, then Eve could use it to break RSA, and RSA would be of no interest as a cryptosystem.) CPSC 467, Lecture 9 32/47
33 GCD Euclidean algorithm Fortunately, gcd(a, b) can be computed efficiently without the need to factor a and b using the famous Euclidean algorithm. Euclid s algorithm is remarkable, not only because it was discovered a very long time ago, but also because it works without knowing the factorization of a and b. CPSC 467, Lecture 9 33/47
34 GCD Euclidean identities The Euclidean algorithm relies on several identities satisfied by the gcd function. In the following, assume a > 0 and a b 0: gcd(a, b) = gcd(b, a) (2) gcd(a, 0) = a (3) gcd(a, b) = gcd(a b, b) (4) Identity 2 is obvious from the definition of gcd. Identity 3 follows from the fact that every positive integer divides 0. Identity 4 follows from the basic fact relating divides and addition on slide 26. CPSC 467, Lecture 9 34/47
35 GCD Computing GCD without factoring The Euclidean identities allow the problem of computing gcd(a, b) to be reduced to the problem of computing gcd(a b, b). The new problem is smaller as long as b > 0. The size of the problem gcd(a, b) is a + b, the sum of the absolute value of the two arguments. CPSC 467, Lecture 9 35/47
36 GCD An easy recursive GCD algorithm int gcd(int a, int b) { if ( a < b ) return gcd(b, a); else if ( b == 0 ) return a; else return gcd(ab, b); } This algorithm is not very efficient, as you will quickly discover if you attempt to use it, say, to compute gcd( , 2). CPSC 467, Lecture 9 36/47
37 GCD Repeated subtraction Repeatedly applying identity (4) to the pair (a, b) until it can t be applied any more produces the sequence of pairs (a, b), (a b, b), (a 2b, b),..., (a qb, b). The sequence stops when a qb < b. How many times you can subtract b from a while remaining nonnegative? Answer: The quotient q = a/b. CPSC 467, Lecture 9 37/47
38 GCD Using division in place of repeated subtractions The amout a qb that is left after q subtractions is just the remainder a mod b. Hence, one can go directly from the pair (a, b) to the pair (a mod b, b). This proves the identity gcd(a, b) = gcd(a mod b, b). (5) CPSC 467, Lecture 9 38/47
39 GCD Full Euclidean algorithm Recall the inefficient GCD algorithm. int gcd(int a, int b) { if ( a < b ) return gcd(b, a); else if ( b == 0 ) return a; else return gcd(ab, b); } The following algorithm is exponentially faster. int gcd(int a, int b) { if ( b == 0 ) return a; else return gcd(b, a%b); } Principal change: Replace gcd(ab,b) with gcd(b, a%b). Besides collapsing repeated subtractions, we have a b for all but the toplevel call on gcd(a, b). This eliminates roughly half of the remaining recursive calls. CPSC 467, Lecture 9 39/47
40 GCD Complexity of GCD The new algorithm requires at most in O(n) stages, where n is the sum of the lengths of a and b when written in binary notation, and each stage involves at most one remainder computation. The following iterative version eliminates the stack overhead: int gcd(int a, int b) { int aa; while (b > 0) { aa = a; a = b; b = aa % b; } return a; } CPSC 467, Lecture 9 40/47
41 Relatively prime numbers, Z n, and φ(n) Relatively prime numbers Two integers a and b are relatively prime if they have no common prime factors. Equivalently, a and b are relatively prime if gcd(a, b) = 1. Let Z n be the set of integers in Z n that are relatively prime to n, so Z n = {a Z n gcd(a, n) = 1}. CPSC 467, Lecture 9 41/47
42 Relatively prime numbers, Z n, and φ(n) Euler s totient function φ(n) φ(n) is the cardinality (number of elements) of Z n, i.e., φ(n) = Z n. Properties of φ(n): 1. If p is prime, then φ(p) = p More generally, if p is prime and k 1, then φ(p k ) = p k p k 1 = (p 1)p k If gcd(m, n) = 1, then φ(mn) = φ(m)φ(n). CPSC 467, Lecture 9 42/47
43 Relatively prime numbers, Z n, and φ(n) Example: φ(26) Can compute φ(n) for all n 1 given the factorization of n. φ(126) = φ(2) φ(3 2 ) φ(7) The 36 elements of Z 126 are: = (2 1) (3 1)(3 2 1 ) (7 1) = = 36. 1, 5, 11, 13, 17, 19, 23, 25, 29, 31, 37, 41, 43, 47, 53, 55, 59, 61, 65, 67, 71, 73, 79, 83, 85, 89, 95, 97, 101, 103, 107, 109, 113, 115, 121, 125. CPSC 467, Lecture 9 43/47
44 Relatively prime numbers, Z n, and φ(n) A formula for φ(n) Here is an explicit formula for φ(n). Theorem Write n in factored form, so n = p e 1 1 pe k k, where p 1,..., p k are distinct primes and e 1,..., e k are positive integers. 3 Then φ(n) = (p 1 1) p e (p k 1) p e k 1 k. For the product of distinct primes p and q, φ(pq) = (p 1)(q 1). 3 By the fundamental theorem of arithmetic, every integer can be written uniquely in this way up to the ordering of the factors. CPSC 467, Lecture 9 44/47
45 Discrete Logarithm CPSC 467, Lecture 9 45/47
46 Logarithms modp Let y = b x over the reals. The ordinary baseb logarithm is the inverse of exponentiation, so x = log b (y) The discrete logarithm is defined similarly, but now arithmetic is performed in Z p for a prime p. In particular, the baseb discrete logarithm of y modulo p is the least nonnegative integer x such that y b x (mod p) (if it exists). We write x = log b (y) mod p. Fact (not needed yet): If b is a primitive root 4 of p, then log b (y) is defined for every y Z p. 4 We will talk about primitive roots later. CPSC 467, Lecture 9 46/47
47 Discrete log problem The discrete log problem is the problem of computing log b (y) mod p, where p is a prime and b is a primitive root of p. No efficient algorithm is known for this problem and it is believed to be intractable. However, the inverse of the function log b () mod p is the function power b (x) = b x mod p, which is easily computable. power b is believed to be a oneway function, that is a function that is easy to compute but hard to invert. CPSC 467, Lecture 9 47/47
CPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm DiffieHellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationNumber Theory and Group Theoryfor PublicKey Cryptography
Number Theory and Group Theory for PublicKey Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor PublicKey Cryptography
More informationLecture notes: Algorithms for integers, polynomials (Thorsten Theobald)
Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures
More informationSome Facts from Number Theory
Computer Science 52 Some Facts from Number Theory Fall Semester, 2014 These notes are adapted from a document that was prepared for a different course several years ago. They may be helpful as a summary
More informationThis is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.
8 Modular Arithmetic We introduce an operator mod. Let d be a positive integer. For c a nonnegative integer, the value c mod d is the remainder when c is divided by d. For example, c mod d = 0 if and only
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationElementary Number Theory Review. Franz Luef
Elementary Number Theory Review Principle of Induction Principle of Induction Suppose we have a sequence of mathematical statements P(1), P(2),... such that (a) P(1) is true. (b) If P(k) is true, then
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationcse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications casting out 3s Theorem: A positive integer n is divisible by 3 if and only if the sum of its decimal digits is divisible
More informationLecture 4: Number theory
Lecture 4: Number theory Rajat Mittal IIT Kanpur In the next few classes we will talk about the basics of number theory. Number theory studies the properties of natural numbers and is considered one of
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationcse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications nbit unsigned integer representation Represent integer x as sum of powers of 2: If x = n 1 i=0 b i 2 i where each b i
More informationNumber Theory and Algebra: A Brief Introduction
Number Theory and Algebra: A Brief Introduction Indian Statistical Institute Kolkata May 15, 2017 Elementary Number Theory: Modular Arithmetic Definition Let n be a positive integer and a and b two integers.
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More information2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.
CHAPTER 2 INTRODUCTION TO NUMBER THEORY ANSWERS TO QUESTIONS 2.1 A nonzero b is a divisor of a if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of a if there is no remainder
More informationA Guide to Arithmetic
A Guide to Arithmetic Robin Chapman August 5, 1994 These notes give a very brief resumé of my number theory course. Proofs and examples are omitted. Any suggestions for improvements will be gratefully
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More informationFinite Fields. Mike Reiter
1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More information8 Primes and Modular Arithmetic
8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes 3, 0, 1, 6 are not primes Prime decomposition
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGrawHill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationMathematics for Cryptography
Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1
More informationMathematical Foundations of PublicKey Cryptography
Mathematical Foundations of PublicKey Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationNumber Theory. Zachary Friggstad. Programming Club Meeting
Number Theory Zachary Friggstad Programming Club Meeting Outline Factoring Sieve Multiplicative Functions Greatest Common Divisors Applications Chinese Remainder Theorem Throughout, problems to try are
More informationCOMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory
COMS W4995 Introduction to Cryptography September 29, 2005 Lecture 8: Number Theory Lecturer: Tal Malkin Scribes: Elli Androulaki, Mohit Vazirani Summary This lecture focuses on some basic Number Theory.
More informationCHAPTER 6. Prime Numbers. Definition and Fundamental Results
CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n
More informationBasic Algorithms in Number Theory
Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi Discrete Logs, Modular Square Roots & Euclidean Algorithm. July 20 th 2010 Basic Algorithms
More informationCSC 474 Information Systems Security
CSC Information Systems Security Topic. Basic Number Theory CSC Dr. Peng Ning Basic Number Theory We are talking about integers! Divisor We say that b divides a if a = mb for some m, denoted b a. b is
More informationOutline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m
Outline GCD and Euclid s Algorithm AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory  Foundation of Public Key Cryptography Modulo Arithmetic Modular Exponentiation Discrete Logarithms
More informationOutline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory  Foundation of Public Key Cryptography Instructor: Dr. Kun Sun Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationChapter 8. Introduction to Number Theory
Chapter 8 Introduction to Number Theory CRYPTOGRAPHY AND NETWORK SECURITY 1 Index 1. Prime Numbers 2. Fermat`s and Euler`s Theorems 3. Testing for Primality 4. Discrete Logarithms 2 Prime Numbers 3 Prime
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationLECTURE NOTES IN CRYPTOGRAPHY
1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic
More informationSenior Math Circles Cryptography and Number Theory Week 2
Senior Math Circles Cryptography and Number Theory Week 2 Dale Brydon Feb. 9, 2014 1 Divisibility and Inverses At the end of last time, we saw that not all numbers have inverses mod n, but some do. We
More informationCSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
Computer Science CSC 474 Network Security Topic 5.1 Basic Number Theory  Foundation of Public Key Cryptography CSC 474 Dr. Peng Ning 1 Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationBasic Algorithms in Number Theory
Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi #2b  Euclidean Algorithm. September 2 nd 2015 SEAMS School 2015 Number Theory and
More informationCIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory  Foundation of Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory  Foundation of Public Key Cryptography 1 Review of Modular Arithmetic 2 Remainders and Congruency For any integer a and any positive
More informationQ 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?
2 Mod math Modular arithmetic is the math you do when you talk about time on a clock. For example, if it s 9 o clock right now, then it ll be 1 o clock in 4 hours. Clearly, 9 + 4 1 in general. But on a
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationChapter 4 Finite Fields
Chapter 4 Finite Fields Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers what constitutes a number
More information2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.
2 Arithmetic This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}. (See [Houston, Chapters 27 & 28]) 2.1 Greatest common divisors Definition 2.16. If a, b are integers, we say
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationECEN 5022 Cryptography
Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,
More informationNumber Theory A focused introduction
Number Theory A focused introduction This is an explanation of RSA public key cryptography. We will start from first principles, but only the results that are needed to understand RSA are given. We begin
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationA Few Primality Testing Algorithms
A Few Primality Testing Algorithms Donald Brower April 2, 2006 0.1 Introduction These notes will cover a few primality testing algorithms. There are many such, some prove that a number is prime, others
More informationChapter 5. Modular arithmetic. 5.1 The modular ring
Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence
More informationCMPUT 403: Number Theory
CMPUT 403: Number Theory Zachary Friggstad February 26, 2016 Outline Factoring Sieve Multiplicative Functions Greatest Common Divisors Applications Chinese Remainder Theorem Factoring Theorem (Fundamental
More informationAn integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.
Chapter 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p. If n > 1
More informationIntroduction to PublicKey Cryptosystems:
Introduction to PublicKey Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationCongruence Classes. Number Theory Essentials. Modular Arithmetic Systems
Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory
More informationAlgorithms (II) Yu Yu. Shanghai Jiaotong University
Algorithms (II) Yu Yu Shanghai Jiaotong University Chapter 1. Algorithms with Numbers Two seemingly similar problems Factoring: Given a number N, express it as a product of its prime factors. Primality:
More informationCOMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635
COMP239: Mathematics for Computer Science II Prof. Chadi Assi assi@ciise.concordia.ca EV7.635 The Euclidean Algorithm The Euclidean Algorithm Finding the GCD of two numbers using prime factorization is
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationA. Algebra and Number Theory
A. Algebra and Number Theory Publickey cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding
More informationCOT 3100 Applications of Discrete Structures Dr. Michael P. Frank
University of Florida Dept. of Computer & Information Science & Engineering COT 3100 Applications of Discrete Structures Dr. Michael P. Frank Slides for a Course Based on the Text Discrete Mathematics
More informationCS483 Design and Analysis of Algorithms
CS483 Design and Analysis of Algorithms Lectures 23 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm  6:00pm or by appointments
More informationMathematics of Cryptography
UNIT  III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationLecture 6: Introducing Complexity
COMP26120: Algorithms and Imperative Programming Lecture 6: Introducing Complexity Ian PrattHartmann Room KB2.38: email: ipratt@cs.man.ac.uk 2015 16 You need this book: Make sure you use the uptodate
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationAddition. Ch1  Algorithms with numbers. Multiplication. alkhwārizmī. alkhwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch  Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication alkhwārizmī
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transportlayer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More information3 The fundamentals: Algorithms, the integers, and matrices
3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers
More informationModular Arithmetic and Elementary Algebra
18.310 lecture notes September 2, 2013 Modular Arithmetic and Elementary Algebra Lecturer: Michel Goemans These notes cover basic notions in algebra which will be needed for discussing several topics of
More informationCSE 311: Foundations of Computing. Lecture 12: Two s Complement, Primes, GCD
CSE 311: Foundations of Computing Lecture 12: Two s Complement, Primes, GCD nbit Unsigned Integer Representation Represent integer as sum of powers of 2: If 2 where each {0,1} then representation is b
More informationChapter 5. Number Theory. 5.1 Base b representations
Chapter 5 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,
More informationDiscrete Mathematics and Probability Theory Summer 2014 James Cook Note 5
CS 70 Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5 Modular Arithmetic In several settings, such as errorcorrecting codes and cryptography, we sometimes wish to work over a
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationLecture 14: Hardness Assumptions
CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real
More informationFast FractionInteger Method for Computing Multiplicative Inverse
Fast FractionInteger Method for Computing Multiplicative Inverse Hani M ALMatari 1 and Sattar J Aboud 2 and Nidal F Shilbayeh 1 1 Middle East University for Graduate Studies, Faculty of IT, JordanAmman
More informationNUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA
NUMBER THEORY Anwitaman DATTA SCSE, NTU Singapore Acknowledgement: The following lecture slides are based on, and uses material from the text book Cryptography and Network Security (various eds) by William
More informationLECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS
LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS 1. The Chinese Remainder Theorem We now seek to analyse the solubility of congruences by reinterpreting their solutions modulo a composite
More informationFall 2017 September 20, Written Homework 02
CS1800 Discrete Structures Profs. Aslam, Gold, & Pavlu Fall 2017 September 20, 2017 Assigned: Wed 20 Sep 2017 Due: Fri 06 Oct 2017 Instructions: Written Homework 02 The assignment has to be uploaded to
More informationThe next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA publickey cryptosystem.
CS 70 Discrete Mathematics for CS Fall 2003 Wagner Lecture 10 The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA publickey cryptosystem.
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a publickey system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More information#26: Number Theory, Part I: Divisibility
#26: Number Theory, Part I: Divisibility and Primality April 25, 2009 This week, we will spend some time studying the basics of number theory, which is essentially the study of the natural numbers (0,
More informationComputational Number Theory. Adam O Neill Based on
Computational Number Theory Adam O Neill Based on http://cseweb.ucsd.edu/~mihir/cse207/ Secret Key Exchange  * Is Alice Ka Public Network Ka = KB O KB 0^1 Eve should have a hard time getting information
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA DiffieHellman ElGamal Summary Outline
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationDiscrete mathematics I  Number theory
Discrete mathematics I  Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education
More informationAlgorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse
Algorithms CMSC27200 Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse Instructor: László Babai Last updated 02142015. Z denotes the set of integers. All variables in
More informationChinese Remainder Theorem
Chinese Remainder Theorem Theorem Let R be a Euclidean domain with m 1, m 2,..., m k R. If gcd(m i, m j ) = 1 for 1 i < j k then m = m 1 m 2 m k = lcm(m 1, m 2,..., m k ) and R/m = R/m 1 R/m 2 R/m k ;
More information