CSC 5930/9010 Modern Cryptography: Number Theory

Size: px

Start display at page:

Download "CSC 5930/9010 Modern Cryptography: Number Theory"

Stanley Holland
5 years ago
Views:

1 CSC 5930/9010 Modern Cryptography: Number Theory Professor Henry Carter Fall 2018

2 Recap Hash functions map arbitrary-length strings to fixedlength outputs Cryptographic hashes should be collision-resistant Implying preimage-resistance In the symmetric-key setting, hash functions are useful for building efficient MACs The birthday bound provides a rule of thumb for the expected concrete security of any hash function

Transitioning to a new setting Symmetric encryption is well studied but not optimal for every application The underlying assumptions are (theoretically speaking) very strong Key

3 Transitioning to a new setting Symmetric encryption is well studied but not optimal for every application The underlying assumptions are (theoretically speaking) very strong Key distribution remains a problem Thus the need to study implementations rigorously Less than the one-time pad, but still challenging This half of the course: building new constructions on new assumptions

4 Number-theoretic constructions Certain mathematical problems have been studied for centuries and can be used to construct the building blocks from symmetric encryption The simplest cryptographic primitive, one-way functions, can be instantiated mathematically Unlike secret-key constructions, ALL public-key encryption is build on number-theoretic hard problems To understand number-theoretic constructions, you must understand number theory! And a little abstract algebra

5 <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> Prime Numbers a b if there exists an integer c such that ac = b If a b and a c then a (Xb + Yc) Divisors and factors If a divides b, then a is a divisor If a is not 1 or b, a is a factor If b has no factors, it is prime Two ways to uniquely represent an integer A product of primes a = qb + r for 0 apple r<b <latexit sha1_base64="/ge2xi5t5r2wkymaeczsk2evt80=">aaacpnicbvdltgixfo3ga8qx6nkfn4kjiqmzyamltyhuxgiijwqi6zqonhtaoe2yemlsr3gre3/dh3bn3lq0pgiepkutc85t7z1+xjk2rvvujnbwnzatqa309s7u3n4me1dvmlaevojkutv9rclnglymm5zwi0vx6hna8/u3e7/2sjvmujyyyurbie4kfjccjzxamem8hmsy+haokg+bvjb3ocnpabrcgz9vz3juwz0cvok3jzk0r7mddzlnjirxsiuhhgvd8nzitezyguy4haebsayrjn3cpq1lbq6pbo2ml4zh1cqd6rqbfaam6t+jeq61hoa+tyby9psynxh/8xqxcs5biyai2fbbzh8fmqcjyvildjiixpchjzgozncf0smke2plw3hjyenx9ideltbyc4ulr/2uyavzlotajdviwbp8vpgr3cxltkejdilokicuuandotkqiike0dn6qa/om/phfdpfs2jcmc8cogu43z/qxqur</latexit>

Greatest Common Divisor The greatest common divisor of two integers a, b is the largest integer c such that c b and c a Efficiently computable with Euclidean algorithm!

6 Greatest Common Divisor The greatest common divisor of two integers a, b is the largest integer c such that c b and c a Efficiently computable with Euclidean algorithm! a and b are relatively prime if gcd(a, b) = 1 A useful result: Let a, b be positive integers. Then there exist integers X, Y such that Xa+ Yb= gcd(a, b). Furthermore, gcd(a, b) is the smallest positive integer that can be expressed in this way. <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit>

7 Useful results If c ab and gcd(a, c) = 1, then c b. Thus, if p is prime and p ab then either p a or p b. <latexit sha1_base64="z7bxgxmjnnmbtrjmcrxj4u61egy=">aaacihicbvfntxsxehw2ted6qshhlioylagurbu5qa+vel3ajuoekeiueb2zwqt/yfyirqm/ktm/pncw7yaqguhc/ptmpxvmotoco58kt63ozcbbd5tb2+33hz5+2unsfr5yurimh0wlbw8y6lbwhuppvcaby5hktob1dvej7l/fo3vcq0s/mziwdkp4wrn1gzp0+hkbmymf0cwgqnkipyw/pd1gx+e7phepfikqsbzz3iflsni94mfiyuaojouslzazqg9oxmjdyrsqbt2ayj50ukk/aqpeg3qfumrvf5pd1uztrlkluxkmqhojndf+pkfwcybwox1botsu3depjgjuvkibz5tmhublyhiowvofvh4a9l/hnernzjilskl96v72avj/vvhli+pxncttevrs+vbrcfaa6oah5xazf7maklm8zaqspjyyh75h7sal618lc4mpdsjsdtax+jtgic59gdrrcdxopwh/hhrptlchbpf9ckaosuqoyak5ixdksbh5jl/ib/inakdjdbr9w0qj1sqzr9yqon0guk7ang==</latexit>

8 <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> Useful results If a N,b N, and gcd(a, b) = 1, then ab N.

9 <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> Modular arithmetic Remainder arithmetic after division by the modulus if a = qn + r then [a mod N] =r Congruence modulo N means remainders are equal Congruence represents an equivalence relation: Reflexive Symmetric Transitive This allows us to add/subtract/ multiply before OR after reduction

10 <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> Example: large integer modular multiply =?? mod 100 Performing the multiplication first will be computationally costly Performing the reduction first vastly simplifies multiplication How fast can you compute the result with no calculator?

11 <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> What about division? Congruence modulo N does NOT, in general, respect division N = 24, 3 2 = 6 = 15 2 mod 24 <latexit sha1_base64="zucm6slawjwec7jhgajhpguwntg=">aaacs3icbvdltgixfo2gcoildommeuxcedmzpjcmrdeudcbysicqtqdaqx+ttmnccd/h17jvvr/gd7gzliypeafvcpptc8+9vfceeapauo6nk1hbt26k0puzre2d3b1sbr+qzawwqwdjpkohsbngbakyahipr4oghjbsc/p343rtmshnpxgyg4i0oook2qeyguu1s8xca7yb/nkrnsemdqwbvn1f2vqu5ksty9bqcu1s3j11jwfxgtcdetclcjvnpjqhxdenwmcgtg54bmraq6qmxyymms1ykwjhpuqshouccajbw8lzi3hsmrb2plipdjywfzugigs94ifvcmr6erk2jv+rnwltuw4nqyhiqwseftsjgtqsjj2civuegzawagff7a4q95bc2fgnfyyjotbehss60gp73f88ar6gtc5bnmovvp1tz+jhp1+6nzmybofgcjwad1yberghzvabglyav/ag3p0p58v5dn6m0oqz6zkac5fi/glwnk3r</latexit> We can define a meaningful form of division for multiplicative inverses A A 1 =1,a b 1 = a/b A value a is invertible mod n iff gcd(a, n) = 1 Examples mod 8

12 Algorithms Given all of these mathematical operations, which ones can be computed efficiently? Euclidean and Extended Euclidean algorithms (to find gcd, X, Y) Modular add, sub, mult Modular inverse Modular exponentiation

13 Abstract Algebra Many of the number-theoretic constructions can be expressed in algebraic terms Think of the "abstract" part as abstracting math away from numbers We can do math on colors, permutations of a set, etc. A fundamental algebraic structure is the "group"

14 Groups Let G be a set of elements Let be a binary operation on elements of G We call G a group if it meets the following four properties: Closure Identity Inverses Associativity If the group operation is commutative, we say the group is abelian The number of elements in the group is the order

15 <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> Example Groups Integers under addition NOT multiplication Nonzero reals under multiplication Z n

16 <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> More Useful Facts A set H G is a subgroup if it forms a group under the same group operation We define division as multiplication by an inverse We define group exponentiation xe as the application of the group operation to x for an integer e number of times Note that x is a group element and e is an integer

17 Exponentiation by group order Let G be a finite group with m = G, the order of the group. Then for any element g 2 G,g m =1 <latexit sha1_base64="1cy4jrynj7ds1snktr5pbgvzpge=">aaaco3icbvfnb9naef2bqkv5sueevywav+jqrxyucegq4aashnoqassljlpvxvaq+2htrkgrmxt/kr/ar2dtrm3tdk5vz97ovhmtvyjbf8d/g/drxumnm1tpt589f/hyvw/n9anvtwe4zlpoc55ri4irhdvubj5xbqnmbj5lf1/a+tkvnjzrnxklclnjc8vzzqjzqvnvzw90ee0ldwwwnv+xewqifhkuuemojk4r+m1dczget3b5q7ymdscvcnrm0ydou0fhh8coraw5nkdvalcgrowhfddlcm46hedxs22arlnepx7excb9kkxan6zialytbe7nmtvtyyaotzmkrlzauom4e7jcntywk8ouaietdxwvanoms2sj+z4z7/tl2gvrsrd/nfrau5czz7zi7d1am3yonqld/jftukpqh4pddcprau5d6z3muuhmxmidygz3wogv1fdm/ixwoindhtqvjartiaucri91lcnbl9w16j44hq4sj4+h/cppkxo3yc7zi+9jqj6qq/knhjexyerf0avebu/c/fb7ebkorqhhsprzhqxfmp4hmgvmog==</latexit>

18 Implications Let G be a finite group with m = G > 1. Then for any g 2 G and any integer x, wehaveg x [x mod m] = g <latexit sha1_base64="rga3jguou68gl7e+damlsnlcdh0=">aaacsxicbvfnb9qwehxcr0v52sircy3yihpaq2q5wavuwqeohirubys26ei4k8ta2i5sp91vun+cf8c/4yitrqdbmqenec/jew/suulghuevz791+87dre17o/cfphz0eld75miorjocmfupfzjsgxwxolhcvnhsa6qirfa4nx/q+omz1iyrewixnsacfplnnfhrwrpbz69oiygftwwatp9xaaqifhiuuuuotgpqooe2hedae7j4j7yadxafizgsuukunfc5hkcameu4oo7krke4tfighmarvizzhjkeodofltzy4rsdlmkhmhdjkpgnhueo7atugmgnhmrdb7ndbyvofgsesssqasw0cmubtfrbzipc7csnwzqyos1w6qckak3s9ugt4kxrzl2dxeklfffqi5yky5yidcrolrnodc3/cdpg5u+slsu6ssjz5ud5u4fv0f0cmq6r2wrpagwau12blvrtzt29nizj1z3xgaok5yslgg+a+rugiy66htrncdqerq5/gw/3p65d3cbpyauyrylyluytl+satagjv73n3itvz3/jf/d/+oml1pfwb56sjflnfwaie9cg</latexit> Let G be a finite group with m = G > 1. Let e>0 be an integer, and define the function f e : G! G by f e (g) =g e. If gcd(e, m) = 1, then f e is a permutation. Moreover, if d = e 1,thenf d is the inverse of f e. <latexit sha1_base64="sbd3pgt47rl3si6v3o3brefisj8=">aaadqhicbvjnb9qwehxcr0v5auhizcqgazgwvbixebkoggmggvqktq20u60cz5jyje3idlqt0j3za7jcnx/bp+cguhlcsva022ip0vpmvdczl47lghsbhj88/8rva9fx1m9s3lx1+87dza17u0zvmugyqulp/zgalljesew2wp1sixvxgxvx0esmv3em2nalp9l5itnbm8ltzqh1ocmtd96jhwaqqm3juh6zccbgojbyys1cplvvwgm3oqqcxsdpweepviqoghz8djewo0rg0mkgeubwagk6kqsbi6svze1xcnjdhodwpgvtzbpcuq3vcazmmm+l+9lj1zw7qnfvxqpbxpi+dka00sgynoqdagdcuoll1kky7ypdga9kozpubukomzgohtrposu5ytismyg5boxcugknodzc7ixdsd1wgurl0cpls+m8xzsmilucpwufnwyshawd1vrbzgpcbewrgyvlrztdiyoscjszuv2xc3jkigmksrtpwmij5xk1fcbmrewqg5/mxvwt/f9uutn02azmsqwssty1sqscrilmyudcntjbzb2gthm3k7ccasqs82nfsarmtbmfiky5wlymvpf6n4azlrpo1gwwoxpgdn8c9bzflu1cjw/iq9inexlktslbskpghhmfvs/ev++b/93/6f/yf3elvrfk3ccrx//zf279/6w=</latexit> This allows us to do math on the group elements by using corresponding operations on the integer exponents

19 <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> Z n * Recall Z n, the additive group mod n The set of invertible elements mod n form a group under multiplication The Euler phi function specifies the order of the group

20 <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> The phi function (n) = Z n How many elements are relatively prime to a modulo p? How many elements are relatively prime to a modulo pq? The rest falls out from there

21 <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> Recall our group implications Take arbitrary integer N>1 and a 2 Z n.thena (n) =1 modn. These properties will appear frequently in our numbertheoretic cryptographic constructions

Cyclic Groups Consider the set of values g 0, g 1, g 2,, g m We know g m = 1, so the set will repeat in a finite group It may repeat before g m This set is a subgroup

22 Cyclic Groups Consider the set of values g 0, g 1, g 2,, g m We know g m = 1, so the set will repeat in a finite group It may repeat before g m This set is a subgroup generated by g The order of an element g is defined as the order of the subgroup that it generates If the order of g = m, we say the entire group is cyclic and g generates the group

23 Hard Problems Armed with this mathematical knowledge, we need to define problems that are "hard" We define these problems in terms of adversarial games (as usual) Going forward, we will typically choose one of these problems to reduce the security of our scheme to

24 Factoring The problem of factoring numbers is a classic example of a "hard problem" Is factoring any number hard? The most difficult numbers to factor are products of large primes

25 Generating Primes To challenge our adversary, we need to be able to efficiently generate large primes The best way to do this is to generate a large number randomly and test for primality We have algorithms that generate and test with only a negligible probability of error That is, returning "prime" when the number is actually composite

26 <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> The Factoring Experiment Factoring is hard relative to GenModulus if for all PPT algorithms A there exists a negligible function such that Pr[Factor A,GenModulus (n) = 1] apple negl

27 RSA The factoring experiment does not directly yield practical cryptosystems A related hard problem was introduced by Rivest, Shamir, and Adleman in 1978 The RSA cryptosystem This hard problem can be used to construct many cryptographic protocols

28 <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> The RSA Experiment The RSA experiment RSA inv A,GenRSA (n): Run GenRSA(n) to obtain (N,e,d), where N is the product of two primes, e is an integer such that gcd(e, (N) = 1, and ed =1 modn. Choose a uniform y 2 Z N A is given N,e,y and outputs x 2 Z N The output of the experiment is 1 if x e = y mod N <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> The RSA problem is hard relative to GenRSA if for all PPT algorithms A there exists a negligible function such that Pr[RSA inv A,GenModulus (n) = 1] apple negl

29 Are RSA and Factoring Equivalent? Factoring => RSA Yes RSA => factoring \_( )_/ Recovering d => factoring Yes This does NOT rule out the possibility of other methods for winning the RSA experiment We just haven't found any yet

The Discrete Logarithm In a cyclic group, the problem of calculating the logarithm of a value is considered hard Depending on the group Recall: logarithms

30 The Discrete Logarithm In a cyclic group, the problem of calculating the logarithm of a value is considered hard Depending on the group Recall: logarithms are simply computing exponents given a base and a value This problem was famously modified into cryptographic assumptions by Whitfield Diffie and Martin Hellman

31 DL experiment The discrete logarithm experiment DLog A,G (n): Run G(1 n ) to obtain (G,q,g), where G is a cyclic group of order q and g is a generator of G Choose a uniform h 2 G A is given G,q,g,h and outputs x 2 Z q The output of the experiment is 1 if g x = h The discrete log problem is hard relative to G if for all PPT algorithms A there exists a negligible function such that Pr[DLog A,G (n) = 1] apple negl(n)

32 CDH experiment The computational Di e-hellman experiment CDH A,G (n): Run G(1 n ) to obtain (G,q,g) Choose uniform h 1 = g x 1,h 2 = g x 2 2 G A is given G,q,g,h 1,h 2 and outputs h 0 2 G The output of the experiment is 1 if g x 1x 2 = h 0 The computational Di e-hellman problem is hard relative to G if for all PPT algorithms A there exists a negligible function such that Pr[CDH A,G (n) = 1] apple negl(n)

33 DDH experiment You define the experiment!

34 What s the relation? DL => CDH => DDH DDH!=> CDH?=> DL Remember that these problems apply to specific groups!

35 Which groups do we use? Z p * is believed to be CDH-secure But NOT DDH! Any group of prime order is believe to be secure Another convenience: every element is a generator * In practice: prime order subgroups of Z p Elliptic Curves

36 <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> Elliptic Curves y 2 = x 3 + Ax + B mod p All points on the curve (and the "point of infinity") form an abeilan group The group operation of "addition" is defined as drawing a line through the two operands and using the third point of intersection (reflected across the x-axis) as the result It can be shown that there is always a third point on the curve or the point of infinity (identity) Why EC? More efficient representation than Z p *

37 Elliptic Curve Illustration

38 Cryptographic Applications One-way functions and permutations These can be used in theory to build PRGs, PRFs, etc Collision-resistant hash functions Note that these results are more for theoretical feasibility, as they are not efficient in practice Most importantly: public key cryptography

39 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract algebra lets us define groups and how group values behave under some operation Number-theoretic "hard problems" provide the foundational assumptions for modern cryptography Factoring RSA Discrete Logarithm Computational/Decisional Diffie-Hellman

Next Time... Katz & Lindell Chapter 10, 11.

40 Next Time... Katz & Lindell Chapter 10, Remember, you need to read it BEFORE you come to class! Homework problems available on the course webpage 40

Katz, Lindell Introduction to Modern Cryptrography

Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 8 Markus Bläser, Saarland University Weak factoring experiment The weak factoring experiment 1. Choose two n-bit integers x 1, x 2 uniformly.