CSC 5930/9010 Modern Cryptography: Number Theory
|
|
- Stanley Holland
- 5 years ago
- Views:
Transcription
1 CSC 5930/9010 Modern Cryptography: Number Theory Professor Henry Carter Fall 2018
2 Recap Hash functions map arbitrary-length strings to fixedlength outputs Cryptographic hashes should be collision-resistant Implying preimage-resistance In the symmetric-key setting, hash functions are useful for building efficient MACs The birthday bound provides a rule of thumb for the expected concrete security of any hash function
3 Transitioning to a new setting Symmetric encryption is well studied but not optimal for every application The underlying assumptions are (theoretically speaking) very strong Key distribution remains a problem Thus the need to study implementations rigorously Less than the one-time pad, but still challenging This half of the course: building new constructions on new assumptions
4 Number-theoretic constructions Certain mathematical problems have been studied for centuries and can be used to construct the building blocks from symmetric encryption The simplest cryptographic primitive, one-way functions, can be instantiated mathematically Unlike secret-key constructions, ALL public-key encryption is build on number-theoretic hard problems To understand number-theoretic constructions, you must understand number theory! And a little abstract algebra
5 <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="yxqvklbpvn2hlyahiip+piqvww4=">aaacwhicbvfnb9naej24qnrylzyjlxexeqfkzgu4vkropccikbzsgkxjzthedb1r7y4rudrfwq/pfc7wa9ikesiti6309obn19uimtpilv3qjfuphj/pbu/spn32/mxl3t7+wxctvzxuzjh/uvbgoy0pryvhi8yz1yxh8+lqejk//8o+age/ylzhcu0zq0utsci16x1mca+xsfgxkbv7rv4wpwyki9okz9hjqlimraqigartungykya9fnaqrqifgnwn+rco08lep3s5daqt2yoyfmiozxozl8ilvozvdi/bwa2pk5rxkejlnyfxynxjdb6nzbrl5+ozgiv234of1shm6yiqa5iq3m8tyf/lrq2uh8ylbztw2kq7qwvrubwudcop9qzezcmg5xxcfvvfnprewzc6wbf8hxiqmbkororb5lf/14jw5fenegjobgd5xj8h/anpaxo34tw8gxeqw3s4ghm4hseo+a638an+dn4nkhstnttp0lnxviknspb/aeaasrs=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> <latexit sha1_base64="2pzibe+evcjpnnfgsrjiozigne4=">aaacsnicbzdptgixema7iil4d/toprfmmcrkl4seiv70hokgbjak2+2ydd1203zncpiqpo1xvfscvoy348xceipgje1+/wamnfm8mfglbfvdymxkn7dy+e3czu7e/kgxdnhripgytlfgqny9paijnlq11yx0y0lq5dfy742uzvn7ryivffxoj2pirmjiauax0kyafgs3aawg+as9cktctxlxoa4jty/vrgdr8agfvqbfsl235whxwvlagsyinshzub4vcbirrjfdsvuco9bubelnmsptqj9rjez4hiakz5cjich3mt9qck+n4snasho4hnp1b8ceruqni89urkihaju3e//l9ridxlgtyunee47tj4keqs3gzclou0mwzmmdcetqzou4rbjhbyxceomlme9mityupjcmgstl/y5hrhnwjvqhtqpugl5tljuxcxpz4bicgcpwwdlogmvqam2awtn4aa/gzxq3pq0v6zstzvilniowfjnsd85wrl4=</latexit> Prime Numbers a b if there exists an integer c such that ac = b If a b and a c then a (Xb + Yc) Divisors and factors If a divides b, then a is a divisor If a is not 1 or b, a is a factor If b has no factors, it is prime Two ways to uniquely represent an integer A product of primes a = qb + r for 0 apple r<b <latexit sha1_base64="/ge2xi5t5r2wkymaeczsk2evt80=">aaacpnicbvdltgixfo3ga8qx6nkfn4kjiqmzyamltyhuxgiijwqi6zqonhtaoe2yemlsr3gre3/dh3bn3lq0pgiepkutc85t7z1+xjk2rvvujnbwnzatqa309s7u3n4me1dvmlaevojkutv9rclnglymm5zwi0vx6hna8/u3e7/2sjvmujyyyurbie4kfjccjzxamem8hmsy+haokg+bvjb3ocnpabrcgz9vz3juwz0cvok3jzk0r7mddzlnjirxsiuhhgvd8nzitezyguy4haebsayrjn3cpq1lbq6pbo2ml4zh1cqd6rqbfaam6t+jeq61hoa+tyby9psynxh/8xqxcs5biyai2fbbzh8fmqcjyvildjiixpchjzgozncf0smke2plw3hjyenx9ideltbyc4ulr/2uyavzlotajdviwbp8vpgr3cxltkejdilokicuuandotkqiike0dn6qa/om/phfdpfs2jcmc8cogu43z/qxqur</latexit>
6 Greatest Common Divisor The greatest common divisor of two integers a, b is the largest integer c such that c b and c a Efficiently computable with Euclidean algorithm! a and b are relatively prime if gcd(a, b) = 1 A useful result: Let a, b be positive integers. Then there exist integers X, Y such that Xa+ Yb= gcd(a, b). Furthermore, gcd(a, b) is the smallest positive integer that can be expressed in this way. <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit> <latexit sha1_base64="1mvau9ipmh82/ei8o/saxyxk1w8=">aaac3xicbvjnaxsxenvup5kmx0577gwot5bsy9a+tjdcskgu0knk7ctbmwzwhntftniiazmyk2nvpdf+m/6p/pvoxibutgcej3nzrjnpykqtfejtp1f vbd3yepnr85glj99mrt5wt1jdwwzfi0jnwhvpbbu2d0hewmabj7oxdzr+fk/pkml6ylzqqcgbuvekmnbo3fn+haam2iesgiyitv0gdeygtama6nvrymhbycgr0yqpdujamwncsgk9kzgxifqyib+akg/cwk5m9bgwvkzz8rfwtl6yjfirlapgb5eu+4avumrjx5uxlphjnprld8l7e04rzjlh7gfp2unfm2+l1wg3qwygmwmxhedfaop1ywrvkgtto/bctlmg0qbeu1hs1c1p5klge4yygda0w5eela6ov4fvvdzc1jo/h0ersv4offt7pi4wrcwy53+tq5p+4yrwm70ylzcoqkjhli6avhmchfjwykecy6dkdli5dkibzdcgdp8raj2prr8al6znlwrzori91mwzb19k06jy46ry7jl92m/shkxo3xqvxuuyjjngr9suncsj6qkzj9dn6fvxicfw9/hh/xjbg0urzxkxf/osv3ybgcw==</latexit>
7 Useful results If c ab and gcd(a, c) = 1, then c b. Thus, if p is prime and p ab then either p a or p b. <latexit sha1_base64="z7bxgxmjnnmbtrjmcrxj4u61egy=">aaacihicbvfntxsxehw2ted6qshhlioylagurbu5qa+vel3ajuoekeiueb2zwqt/yfyirqm/ktm/pncw7yaqguhc/ptmpxvmotoco58kt63ozcbbd5tb2+33hz5+2unsfr5yurimh0wlbw8y6lbwhuppvcaby5hktob1dvej7l/fo3vcq0s/mziwdkp4wrn1gzp0+hkbmymf0cwgqnkipyw/pd1gx+e7phepfikqsbzz3iflsni94mfiyuaojouslzazqg9oxmjdyrsqbt2ayj50ukk/aqpeg3qfumrvf5pd1uztrlkluxkmqhojndf+pkfwcybwox1botsu3depjgjuvkibz5tmhublyhiowvofvh4a9l/hnernzjilskl96v72avj/vvhli+pxncttevrs+vbrcfaa6oah5xazf7maklm8zaqspjyyh75h7sal618lc4mpdsjsdtax+jtgic59gdrrcdxopwh/hhrptlchbpf9ckaosuqoyak5ixdksbh5jl/ib/inakdjdbr9w0qj1sqzr9yqon0guk7ang==</latexit>
8 <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> <latexit sha1_base64="sfzwuxynwampyhd2ep0lqd0dbws=">aaacuxicbvbntxsxej3daqf8bnrszuqwcaqo2s2fxpaqxnolaqkbpbbfs15vyug1v7a3uptkf/brulb3nvpteqstitqai9l6evpgnvfsugrr4vhpeh5ywv2rrx/c2nza3tmt7+3fwf0zxjtms23uurjccsu7tjjj70rdquglv00flmb92x/cwkhvdzcqea+ggrk5yoq81a+3v+uyeu4um5j6k0jsguydlh1rmz3gu0yijrohv16v4gqvo1a/3ohb8bzwlugwoagluurvbbx7tloq4moxsdz2k7h0vtezj5jk0437yvks2amnenddrqw3vfhc3bqppznhro0/yugc/x9itiw1oyl1yolc0l7uzcj3et3k5v96y6hkynhfnj/kk4lo4ywpzithzmmrb8sm8lsig5ih5nyesy8ppyvfg5id7yxdor1s6munh13yoqi34kbdsjy+bjfozhchrsnnoiajsoaezuarxeehgdzce/yex8hv4g8iyfgsdypfzcdyqndzhyxdroo=</latexit> Useful results If a N,b N, and gcd(a, b) = 1, then ab N.
9 <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> <latexit sha1_base64="zdcfghbkjaibavgfc3xtmihrzy0=">aaacrhicbvdlsgmxfm34qm9bxbq52aqcidpd6eyounelfawttepjpjk2mmeyzirs+gv+jvvd+w/+gztxk6btilb1qobwzr03954o4cxy33/3fhaxlldyq2vrg5tb2zv5wu6duakmteyuv7oryum5k7rmmew0kwikrcrppbq/hpn1r6onu/lw9hmactyvlgyewye184cshhkgc3i4hmpqjba9kqhuxnasqgpxobn0qz0v+if+gdbpgowuuyzqu+dlwh1fukgljrwb0wz8xiydrc0jna7xw6mhcsb3ueubjkosqakh43ugcoiudsrkuyctjnw/hqmsjomlyfukbhtm1huj/3nn1mzn4ydjjlvukslhccrbkhifax2mkbg87wgmmrldgfswxss6ckcmstvk3b3eu8ov9kr5+qjfnvx0wwxq8+sufbi4flmuvi6yeffrpjparyhap6icrlav1rbbt+gzvabx78378d69r0npgpf17kepen8/i0qt5a==</latexit> Modular arithmetic Remainder arithmetic after division by the modulus if a = qn + r then [a mod N] =r Congruence modulo N means remainders are equal Congruence represents an equivalence relation: Reflexive Symmetric Transitive This allows us to add/subtract/ multiply before OR after reduction
10 <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> <latexit sha1_base64="qsd6crctaq6etfscwya/7+ivv0y=">aaacq3icbvdltgixfo3ga3ydlt00gokr0sjcwbinblxiimochhq6brr6mlqde0l4ab/gre79cl/bnxfrygejefektu7ouff23hpggluh0guqwvpewc3m1ty3nre2d/kf3rure0nzk2qhzv1ilbncsabjtrc72daiq8fuw+ff6t/em2o5vtdufloojh3fe5ws56vuvltcqf5flrps00g7iouoija8gaensc11bdfcpw6+impocrhi8iwuwqynbihitinne8muo4jy28iodp0xmy5twsbr7csymnah6bowp4pizjvj6tkteoivcpa08u85ofv/d4yjthykq18pirvyv14q/ue1eterdczcxyljin5/1esedbqm2ccig0adghlcqof+v0ghxbdqfijzk5roa/chib72hqnzmt/qzw0fhf4b1ck5qzsx51ev4tn5lmqc2ach4ahgcazowcvogcag4ae8gifwhlweb8f78pfdmglmpxtgdshnf5ufres=</latexit> Example: large integer modular multiply =?? mod 100 Performing the multiplication first will be computationally costly Performing the reduction first vastly simplifies multiplication How fast can you compute the result with no calculator?
11 <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> <latexit sha1_base64="lslm80pqlnv+rj8fi4ej57ykkki=">aaacr3icbvdlsgmxfm3ur+u71awbybg60dptbn0irw5cvrapamesstntacyzkoxqhv6cx+nw936cx+foxjppr7gtbwkhc+69ufd4iank2/a7lvlzxvvp5jy2t7z3dvfyhf2mephepiefe7ltiuuy5ashqwakhuqcao+rlje6sfzwi5gkcn6vxyfxaztg1kcyasp18qua7ok+0ld2ej86e3gfnroius370dcz18sx7bi9bvwmtkqkiew9v7cy3b7auuc4xgwp1xhsulsxkppiriab3uireoergpcoorwfrlnx9kqjpdzkh/pcmsc1nkp/o2iukduopfmzid1ui14i/ud1iu1fujhlyaqjx7op/ihblwcsd+xtsbbmy0mqlttscveqsys1sxfuehdj6oygnhcmcbhu5o/6xcne5ywgtuyalbjj+n15sxqdhpgdh+ailiadlkav3ii6aaamnsazeagv1pv1yx1ax7psjjx2hia5zkxv0w+ujq==</latexit> What about division? Congruence modulo N does NOT, in general, respect division N = 24, 3 2 = 6 = 15 2 mod 24 <latexit sha1_base64="zucm6slawjwec7jhgajhpguwntg=">aaacs3icbvdltgixfo2gcoildommeuxcedmzpjcmrdeudcbysicqtqdaqx+ttmnccd/h17jvvr/gd7gzliypeafvcpptc8+9vfceeapauo6nk1hbt26k0puzre2d3b1sbr+qzawwqwdjpkohsbngbakyahipr4oghjbsc/p343rtmshnpxgyg4i0oook2qeyguu1s8xca7yb/nkrnsemdqwbvn1f2vqu5ksty9bqcu1s3j11jwfxgtcdetclcjvnpjqhxdenwmcgtg54bmraq6qmxyymms1ykwjhpuqshouccajbw8lzi3hsmrb2plipdjywfzugigs94ifvcmr6erk2jv+rnwltuw4nqyhiqwseftsjgtqsjj2civuegzawagff7a4q95bc2fgnfyyjotbehss60gp73f88ar6gtc5bnmovvp1tz+jhp1+6nzmybofgcjwad1yberghzvabglyav/ag3p0p58v5dn6m0oqz6zkac5fi/glwnk3r</latexit> We can define a meaningful form of division for multiplicative inverses A A 1 =1,a b 1 = a/b A value a is invertible mod n iff gcd(a, n) = 1 Examples mod 8
12 Algorithms Given all of these mathematical operations, which ones can be computed efficiently? Euclidean and Extended Euclidean algorithms (to find gcd, X, Y) Modular add, sub, mult Modular inverse Modular exponentiation
13 Abstract Algebra Many of the number-theoretic constructions can be expressed in algebraic terms Think of the "abstract" part as abstracting math away from numbers We can do math on colors, permutations of a set, etc. A fundamental algebraic structure is the "group"
14 Groups Let G be a set of elements Let be a binary operation on elements of G We call G a group if it meets the following four properties: Closure Identity Inverses Associativity If the group operation is commutative, we say the group is abelian The number of elements in the group is the order
15 <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> Example Groups Integers under addition NOT multiplication Nonzero reals under multiplication Z n
16 <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> <latexit sha1_base64="ncbisa+nuavim9b09/9pfnpnhm8=">aaacpnicbvdltgixfo3ga8qx6nkfjctefzkhjrokupaljvjigjbouubdpx3bjgmzsprr3ore3/ah3bm3lu0aggfv0utknhnv7z1+yjk2rvvmpnbwnzbtma3s9s7u3n4uf1dxmliualryqzo+0cczgjphhkmzveacn0pdh10neumblgzs3jlxcj2adatrm0qmpbq543zaznd348oet3xkazbwj3/im0k3v3cl7rtwkvdmoidmve3mnxs7j2kugdcue61bnhuatkyuyztdjnuonisejsgawhykeoduxnnljvjumj3cl8o+yfcu/dsrk0drcebbz7kixtys8j+tfzn+zsdmiowmcdr7qb9xbcroyse9poaapraaumxsrpgoislu2pawjgmzzg0p4gnpjcogthju7xo2om85qfvqlxu9i2/pc+wreygzdiro0bny0auqowqqohqi6be9owf04rw6786h8zmzppx5zyfakofrgyjer6s=</latexit> More Useful Facts A set H G is a subgroup if it forms a group under the same group operation We define division as multiplication by an inverse We define group exponentiation xe as the application of the group operation to x for an integer e number of times Note that x is a group element and e is an integer
17 Exponentiation by group order Let G be a finite group with m = G, the order of the group. Then for any element g 2 G,g m =1 <latexit sha1_base64="1cy4jrynj7ds1snktr5pbgvzpge=">aaaco3icbvfnb9naef2bqkv5sueevywav+jqrxyucegq4aashnoqassljlpvxvaq+2htrkgrmxt/kr/ar2dtrm3tdk5vz97ovhmtvyjbf8d/g/drxumnm1tpt589f/hyvw/n9anvtwe4zlpoc55ri4irhdvubj5xbqnmbj5lf1/a+tkvnjzrnxklclnjc8vzzqjzqvnvzw90ee0ldwwwnv+xewqifhkuuemojk4r+m1dczget3b5q7ymdscvcnrm0ydou0fhh8coraw5nkdvalcgrowhfddlcm46hedxs22arlnepx7excb9kkxan6zialytbe7nmtvtyyaotzmkrlzauom4e7jcntywk8ouaietdxwvanoms2sj+z4z7/tl2gvrsrd/nfrau5czz7zi7d1am3yonqld/jftukpqh4pddcprau5d6z3muuhmxmidygz3wogv1fdm/ixwoindhtqvjartiaucri91lcnbl9w16j44hq4sj4+h/cppkxo3yc7zi+9jqj6qq/knhjexyerf0avebu/c/fb7ebkorqhhsprzhqxfmp4hmgvmog==</latexit>
18 Implications Let G be a finite group with m = G > 1. Then for any g 2 G and any integer x, wehaveg x [x mod m] = g <latexit sha1_base64="rga3jguou68gl7e+damlsnlcdh0=">aaacsxicbvfnb9qwehxcr0v52sircy3yihpaq2q5wavuwqeohirubys26ei4k8ta2i5sp91vun+cf8c/4yitrqdbmqenec/jew/suulghuevz791+87dre17o/cfphz0eld75miorjocmfupfzjsgxwxolhcvnhsa6qirfa4nx/q+omz1iyrewixnsacfplnnfhrwrpbz69oiygftwwatp9xaaqifhiuuuuotgpqooe2hedae7j4j7yadxafizgsuukunfc5hkcameu4oo7krke4tfighmarvizzhjkeodofltzy4rsdlmkhmhdjkpgnhueo7atugmgnhmrdb7ndbyvofgsesssqasw0cmubtfrbzipc7csnwzqyos1w6qckak3s9ugt4kxrzl2dxeklfffqi5yky5yidcrolrnodc3/cdpg5u+slsu6ssjz5ud5u4fv0f0cmq6r2wrpagwau12blvrtzt29nizj1z3xgaok5yslgg+a+rugiy66htrncdqerq5/gw/3p65d3cbpyauyrylyluytl+satagjv73n3itvz3/jf/d/+oml1pfwb56sjflnfwaie9cg</latexit> Let G be a finite group with m = G > 1. Let e>0 be an integer, and define the function f e : G! G by f e (g) =g e. If gcd(e, m) = 1, then f e is a permutation. Moreover, if d = e 1,thenf d is the inverse of f e. <latexit sha1_base64="sbd3pgt47rl3si6v3o3brefisj8=">aaadqhicbvjnb9qwehxcr0v5auhizcqgazgwvbixebkoggmggvqktq20u60cz5jyje3idlqt0j3za7jcnx/bp+cguhlcsva022ip0vpmvdczl47lghsbhj88/8rva9fx1m9s3lx1+87dza17u0zvmugyqulp/zgalljesew2wp1sixvxgxvx0esmv3em2nalp9l5itnbm8ltzqh1ocmtd96jhwaqqm3juh6zccbgojbyys1cplvvwgm3oqqcxsdpweepviqoghz8djewo0rg0mkgeubwagk6kqsbi6svze1xcnjdhodwpgvtzbpcuq3vcazmmm+l+9lj1zw7qnfvxqpbxpi+dka00sgynoqdagdcuoll1kky7ypdga9kozpubukomzgohtrposu5ytismyg5boxcugknodzc7ixdsd1wgurl0cpls+m8xzsmilucpwufnwyshawd1vrbzgpcbewrgyvlrztdiyoscjszuv2xc3jkigmksrtpwmij5xk1fcbmrewqg5/mxvwt/f9uutn02azmsqwssty1sqscrilmyudcntjbzb2gthm3k7ccasqs82nfsarmtbmfiky5wlymvpf6n4azlrpo1gwwoxpgdn8c9bzflu1cjw/iq9inexlktslbskpghhmfvs/ev++b/93/6f/yf3elvrfk3ccrx//zf279/6w=</latexit> This allows us to do math on the group elements by using corresponding operations on the integer exponents
19 <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> <latexit sha1_base64="3e0dajisnf3tx1qaqc9eubnws9m=">aaackxicbvdlsgmxfe18tdzxq0s3wsk4kjnf0gxrjcsk9ogdowtsta3ny0gyqhn6g25179e4u7f+ijl2ent6iha495fztxrzzqznfcknza3tnujxt7s3f3b4vk4ct41knketorjs3qgbypmklcssp91yuywitjvr5dard56onkzjbzunasjwslihi9g6kqgetumosh9nfdkvv72anwdaj35oqibhs1+bhwcgsckotirjy3q+f9swxdoywumsfcsgxphm8ij2hjvyubomc9mzdo6uaroq7z60ak7+nuixmgyqitezmtsrtuz8r9zl7pa6tjmme0slwxw0tdiycmujoahtlfg+dqqtzzxxrmzyy2jdtkubpmpidqfxkxkny1ffpurxhovoxw1qnbtrnd/x+8tq4yypsqhowrm4ad64ag1wb5qgbqiiwtn4aa/wdb7dd/i1an2a+cwjwal8/ghwckek</latexit> Z n * Recall Z n, the additive group mod n The set of invertible elements mod n form a group under multiplication The Euler phi function specifies the order of the group
20 <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> <latexit sha1_base64="rlxyxpsg5ef2s3aynog53f7ktu4=">aaaconicbvdltgixfo3ga8qx6jjnizfbf2sgmojghojgjsbyimxioqvaq6edtb0tmrdwa9zq3h9x68649qpsadec3qtjytnn3t57/jbrpw373uqtrw9spjnb2e2d3b39xp6gouqkmaljwyrs+ugrrjmpa6ozaywsombnpokprxo9+uikoolf6vfivad1oe1rjlshormcgw5oiz/aszh2a6qhvh/ftzr84xsc7eskdtmeflwfzhwuwbxqnbyvdrscrwhhgjokvnuxq+3fsgqkgzlk3uireoeh6po2grwfrhnx9iojpdzmf/aeni9rogx/dsqougou+mazlkqwtyt8t2thunfhxzshksyczz7qrqxqazniyjdkgjubgycwpgzxiadiiqxncautuehyngexvjdgqvbzpop3drodsxzukmhuyo7bt2ff6tu8xawogcnqag44b1vwa2qgdjb4as/gbbxab9ah9wl9zawpa95zcbbk+v4bdzgsta==</latexit> The phi function (n) = Z n How many elements are relatively prime to a modulo p? How many elements are relatively prime to a modulo pq? The rest falls out from there
21 <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> <latexit sha1_base64="gjjsfoc6tnayhum4kerlowtv2ds=">aaacd3icbvfnbxmxehw2qev5aaphdoziggkhadcxubrvcofufslpi7jpnoudzk147zxtrrst8tf6p3rvfe7c8kyrii0jwxp ywulgxrdetyofbw0e7e4/3nzx99vygffjizorkcbpylbuzpwhjckvdj5ykuwkii1tsebr42ujnl2ss0grglivncpwrmrmcnaem7deafwrouuemmiui5whobsit+byhgcqdecercpicxz6m9y/vvf18chswyel58ajoylx01fsvhehsbtqdk7a3bxeixrquua/ideiwtz1od1u7saz5vzbyxkk14zgq3arg4wsxtnppkksl8gxoaeyhwolspf5hsik3nslgpo0/ysga/bejxslazzf6z7ohvas15p+0cevmnya1ugxlsphbh2avbkehyrmyyyg7ufqaurf+vua5gutop751k9lnj/mf5fx7y170t5f6o4aplr4b1h1w1u/fhn/vd46/belcy6/yg9zlmfvijtk3dsqgjlmrdsn+sl+t38hr4f3qvbugru3ps7zvqfwhgdk98g==</latexit> Recall our group implications Take arbitrary integer N>1 and a 2 Z n.thena (n) =1 modn. These properties will appear frequently in our numbertheoretic cryptographic constructions
22 Cyclic Groups Consider the set of values g 0, g 1, g 2,, g m We know g m = 1, so the set will repeat in a finite group It may repeat before g m This set is a subgroup generated by g The order of an element g is defined as the order of the subgroup that it generates If the order of g = m, we say the entire group is cyclic and g generates the group
23 Hard Problems Armed with this mathematical knowledge, we need to define problems that are "hard" We define these problems in terms of adversarial games (as usual) Going forward, we will typically choose one of these problems to reduce the security of our scheme to
24 Factoring The problem of factoring numbers is a classic example of a "hard problem" Is factoring any number hard? The most difficult numbers to factor are products of large primes
25 Generating Primes To challenge our adversary, we need to be able to efficiently generate large primes The best way to do this is to generate a large number randomly and test for primality We have algorithms that generate and test with only a negligible probability of error That is, returning "prime" when the number is actually composite
26 <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> <latexit sha1_base64="+sqpocmhmasidggynb4udw65jmc=">aaac7nicbvjda9rafj3ej9b40a0++njxk1srkixi+yjubfvfinbtc5tlmuxukqgtmtgzks5h/4zv4qv/xmf/jzpsvnzb70so92vopsdplbixyfjh82/dvnn3a/tecp/bw0c7g93hp0y1mugykah0euonci5xblkvef5rpfuq8cy9en/vzy5rg67kiz3xok1oixnogbuunrv8/kczvzrlaribkuomnapxveswcj6i/kyyrjqgea650kcfgdg+cd/cjdmymrcxvnswjir27wipbikaab857gyoscwel7jja3kjwfcqmiavro/aiemx4lklrkw+xasxniz5znq1na/wacz25qt4a9eueoff++1bgjk7wjebdmodsa+4caivgjjvxlndbyvjfgsqljyjaswkcms7bam2nalcbeljskbsghy4cvdscs207zvfwhoxyxpdciut9nn1izzwxsyr1hv295jrts75v9qksfnrtowybixktnwob0tnswcjzfwjs2luagxob86aofecem7sju1sdf+go+jksnhmuf9ooomi60ldbkejg8jhl6ph8buvinvkkxlg9kledskx+urimibme+1nvmxdv/a/+z/8n8tw31vnpceb4f/6c3wm7iu=</latexit> The Factoring Experiment Factoring is hard relative to GenModulus if for all PPT algorithms A there exists a negligible function such that Pr[Factor A,GenModulus (n) = 1] apple negl
27 RSA The factoring experiment does not directly yield practical cryptosystems A related hard problem was introduced by Rivest, Shamir, and Adleman in 1978 The RSA cryptosystem This hard problem can be used to construct many cryptographic protocols
28 <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> <latexit sha1_base64="er5mdmsbyizwsbg3orbt9k8na2w=">aaac83icbvllbtnafb2br4t5pbbkc0wkvbbuctagskgtlgcdfcbpk8vrgi+v7ahjgxceezgvl2gh2pi3bpgbxmmompa7man7z32eswvbje31/gthtes3bm5s3opu37l7735n68ghuu4zhdelld5oquhbjy4stwkpa420sguepsdv2/jrdlxhsg7tvmzjrqvjc86o9a5p5/ewrpj0+qbqrxxobdxasxuggownzbcsgncowwrpivcaqbawgaz9wyjnbvkz2e4qaktgrxow2azbokbab356axqkfoix3feh3enw9gxjwol51ezjigwxdfuu+wwrdftyt3rb5wzaxcj6vj3hg8qccgaxi5/ca4gnkag8xzapeptzey1o2un2dntlg6sgxoeuwdlguhvsjjlirkjpmadgjonebscn1zyzgysocqzryk5ogwmpja3qtjrl+rfwxhuy5wlyjs0svrczglozm69sz2w3mpdjrfn/sbgz+atjw2xtlep21ih3opwk1riyrpfzmfeami8fz8c8ejrzr/hajanad+ix+qdzf32p8zh86ellh7okdvu7sccf+939n6sjbpjh5dhzitf5sfbjezigi8kcveblwiovoqu/hz/cn2fumfjlpcrrfv76czd/7gq=</latexit> The RSA Experiment The RSA experiment RSA inv A,GenRSA (n): Run GenRSA(n) to obtain (N,e,d), where N is the product of two primes, e is an integer such that gcd(e, (N) = 1, and ed =1 modn. Choose a uniform y 2 Z N A is given N,e,y and outputs x 2 Z N The output of the experiment is 1 if x e = y mod N <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> <latexit sha1_base64="jgrcznfrvsqgrks2aebcmlqu3p4=">aaadyhicfvlbbtnaehutocvc2sijlyo6sckkvvypaieblx0a8rcv0puo02i9ntir2rvw7rqtsflc1/bl/a1jj0avijuszcyemt3nemi8ldb1+z/nwu1bt+/ml9zt3lv/4ohi0vkja6sli3bf6fsbo5bbtkxcfsddike5qz6fkr6gp9v1/eezgiu12nnljsomx0qopecosqplur97ccluly3aixynzfa5yjs/kopsvauzd4ngabu16cehvhqxga5aza87qyixvjv0mmlvookedqs7hqi2bdywcbp06likanfqa+xbtmp6cj6gqwadbtkciwa50vehhogxuhnnktgxpwdyilgcqrzgamawiqeotixjexvpyjansjtyhtfg02suiuqk6gyctecwygszbtuj1habq0eoajmbkyegzo3imky+tk6ejwzshmaxtdckynmgjgoqomtns7pweeessiv/tkodngibezrd8pogm5/mj2ngcrlt8jfttoaq+uvvagmlv9zvdtwm/fmw4s3odv3b+sdsoqifesm39tjv525yceoksos/vljmutjlmr5tqdhzpqyanzram6peqdbrrzsb6uwoimfwllliyfq0vx5xf/91d1y48athjrxzgupmhxoxab0p9yjcja0kl5yucgekcqwrcmofozw+mknpeutjubpraibz+lvrf2iqdf51o24gb+trpswf11c2389mxpceee+9rud7l71n76o34+17orxy2mi9bb1rf2rn7fn2oyw25my9j70rp/39f4fvkga=</latexit> The RSA problem is hard relative to GenRSA if for all PPT algorithms A there exists a negligible function such that Pr[RSA inv A,GenModulus (n) = 1] apple negl
29 Are RSA and Factoring Equivalent? Factoring => RSA Yes RSA => factoring \_( )_/ Recovering d => factoring Yes This does NOT rule out the possibility of other methods for winning the RSA experiment We just haven't found any yet
30 The Discrete Logarithm In a cyclic group, the problem of calculating the logarithm of a value is considered hard Depending on the group Recall: logarithms are simply computing exponents given a base and a value This problem was famously modified into cryptographic assumptions by Whitfield Diffie and Martin Hellman
31 DL experiment The discrete logarithm experiment DLog A,G (n): Run G(1 n ) to obtain (G,q,g), where G is a cyclic group of order q and g is a generator of G Choose a uniform h 2 G A is given G,q,g,h and outputs x 2 Z q The output of the experiment is 1 if g x = h The discrete log problem is hard relative to G if for all PPT algorithms A there exists a negligible function such that Pr[DLog A,G (n) = 1] apple negl(n)
32 CDH experiment The computational Di e-hellman experiment CDH A,G (n): Run G(1 n ) to obtain (G,q,g) Choose uniform h 1 = g x 1,h 2 = g x 2 2 G A is given G,q,g,h 1,h 2 and outputs h 0 2 G The output of the experiment is 1 if g x 1x 2 = h 0 The computational Di e-hellman problem is hard relative to G if for all PPT algorithms A there exists a negligible function such that Pr[CDH A,G (n) = 1] apple negl(n)
33 DDH experiment You define the experiment!
34 What s the relation? DL => CDH => DDH DDH!=> CDH?=> DL Remember that these problems apply to specific groups!
35 Which groups do we use? Z p * is believed to be CDH-secure But NOT DDH! Any group of prime order is believe to be secure Another convenience: every element is a generator * In practice: prime order subgroups of Z p Elliptic Curves
36 <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> <latexit sha1_base64="x+cxi1smticoikaggup3lvc2sxe=">aaacohicbvdlsgmxfm34aq2vvlfijlgeqsgzvdcnuovgzqx7ghzammnahuyxjblpgypf41b3/ok7d+lwlzb9ilb1qslhnhute04qmqqn6747k6tr6xuj5gzqa3tndy+d2a9ogslmylgyqwob0orrqcqggkzqoskib4xug/7twk8+eqwpfa9mgbkfo66ghyqrsvqrfths5ue1hdtp4rm8gdircbtctmhysmfdndspuay8gcicwzvagsfraesccsimzkjruuegxo+rmhqzmko1ik1chpuos+owcssj9uojhxe8suwbdqsyrxg4yf9oxihrpesb7eti9psinib/0+qr6vz5mrvhzija0486eyngwnegse0vwyynlubyubsrxd2kedy2trmxhbynba2xrrsnpz6fn/w7ho3owwxqgvtyoc/i+4tsotglmqmowde4br64bavwb0qgddb4as/gbbw6b86h8+l8tvtxnnnmazgr5/shecwqaa==</latexit> Elliptic Curves y 2 = x 3 + Ax + B mod p All points on the curve (and the "point of infinity") form an abeilan group The group operation of "addition" is defined as drawing a line through the two operands and using the third point of intersection (reflected across the x-axis) as the result It can be shown that there is always a third point on the curve or the point of infinity (identity) Why EC? More efficient representation than Z p *
37 Elliptic Curve Illustration
38 Cryptographic Applications One-way functions and permutations These can be used in theory to build PRGs, PRFs, etc Collision-resistant hash functions Note that these results are more for theoretical feasibility, as they are not efficient in practice Most importantly: public key cryptography
39 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract algebra lets us define groups and how group values behave under some operation Number-theoretic "hard problems" provide the foundational assumptions for modern cryptography Factoring RSA Discrete Logarithm Computational/Decisional Diffie-Hellman
40 Next Time... Katz & Lindell Chapter 10, Remember, you need to read it BEFORE you come to class! Homework problems available on the course webpage 40
Katz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 8 Markus Bläser, Saarland University Weak factoring experiment The weak factoring experiment 1. Choose two n-bit integers x 1, x 2 uniformly.
More informationLecture 14: Hardness Assumptions
CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationComputational Number Theory. Adam O Neill Based on
Computational Number Theory Adam O Neill Based on http://cseweb.ucsd.edu/~mihir/cse207/ Secret Key Exchange - * Is Alice Ka Public Network Ka = KB O KB 0^1 Eve should have a hard time getting information
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationIntegers and Division
Integers and Division Notations Z: set of integers N : set of natural numbers R: set of real numbers Z + : set of positive integers Some elements of number theory are needed in: Data structures, Random
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationGroups An introduction to algebra. Table of contents
Groups An introduction to algebra Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Groups The Group Z N Group theory Group theory is certainly
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationIntroduction to Cryptology. Lecture 20
Introduction to Cryptology Lecture 20 Announcements HW9 due today HW10 posted, due on Thursday 4/30 HW7, HW8 grades are now up on Canvas. Agenda More Number Theory! Our focus today will be on computational
More informationChapter 11 : Private-Key Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 11 : Private-Key Encryption 1 Chapter 11 Public-Key Encryption Apologies: all numbering
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationNUMBER THEORY AND CODES. Álvaro Pelayo WUSTL
NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationJohn Hancock enters the 21th century Digital signature schemes. Table of contents
John Hancock enters the 21th century Digital signature schemes Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents From last time: Good news and bad There
More informationENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials
ENEE 457: Computer Systems Security Lecture 5 Public Key Crypto I: Number Theory Essentials Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationLecture 11: Number Theoretic Assumptions
CS 6903 Modern Cryptography April 24, 2008 Lecture 11: Number Theoretic Assumptions Instructor: Nitesh Saxena Scribe: Robert W.H. Fisher 1 General 1.1 Administrative Homework 3 now posted on course website.
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationLecture 15 & 16: Trapdoor Permutations, RSA, Signatures
CS 7810 Graduate Cryptography October 30, 2017 Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures Lecturer: Daniel Wichs Scribe: Willy Quach & Giorgos Zirdelis 1 Topic Covered. Trapdoor Permutations.
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationMathematics for Cryptography
Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1
More informationIntroduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication
Common Usage of MACs for message authentication Introduction to Cryptography k Alice α m, MAC k (m) Isα= MAC k (m)? Bob k Lecture 5 Benny Pinkas k Alice m, MAC k (m) m,α Got you! α MAC k (m )! Bob k Eve
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationIntroduction to Modern Cryptography Recitation 3. Orit Moskovich Tel Aviv University November 16, 2016
Introduction to Modern Cryptography Recitation 3 Orit Moskovich Tel Aviv University November 16, 2016 The group: Z N Let N 2 be an integer The set Z N = a 1,, N 1 gcd a, N = 1 with respect to multiplication
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationCongruence Classes. Number Theory Essentials. Modular Arithmetic Systems
Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationLecture 11: Key Agreement
Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationMath From Scratch Lesson 20: The Chinese Remainder Theorem
Math From Scratch Lesson 20: The Chinese Remainder Theorem W. Blaine Dowler January 2, 2012 Contents 1 Relatively Prime Numbers 1 2 Congruence Classes 1 3 Algebraic Units 2 4 Chinese Remainder Theorem
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationMathematical Foundations of Cryptography
Mathematical Foundations of Cryptography Cryptography is based on mathematics In this chapter we study finite fields, the basis of the Advanced Encryption Standard (AES) and elliptical curve cryptography
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 15 2018 Review Hash functions Collision resistance Merkle-Damgaard
More information[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives
[Part 2] Asymmetric-Key Encipherment Mathematics of Cryptography Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. Objectives To introduce prime
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationMATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.
MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences. Congruences Let n be a postive integer. The integers a and b are called congruent modulo n if they have the same
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationQuestion 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +
Homework #2 Question 2.1 Show that 1 p n + μ n is non-negligible 1. μ n + 1 p n > 1 p n 2. Since 1 p n is non-negligible so is μ n + 1 p n Question 2.1 Show that 1 p n - μ n is non-negligible 1. μ n O(
More informationIntroduction to Cryptology. Lecture 19
Introduction to Cryptology Lecture 19 Announcements HW6 due today HW7 due Thursday 4/20 Remember to sign up for Extra Credit Agenda Last time More details on AES/DES (K/L 6.2) Practical Constructions of
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationMath 299 Supplement: Modular Arithmetic Nov 8, 2013
Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Numbers modulo n. We have previously seen examples of clock arithmetic, an algebraic system with only finitely many numbers. In this lecture, we make
More informationLecture 8 Public-Key Encryption and Computational Number Theory
Lecture 8 Public-Key Encryption and Computational Number Theory COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Recall Symmetric-Key Crypto In this setting, if
More informationMATH 145 Algebra, Solutions to Assignment 4
MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178
More informationGreat Theoretical Ideas in Computer Science
15-251 Great Theoretical Ideas in Computer Science Lecture 22: Cryptography November 12th, 2015 What is cryptography about? Adversary Eavesdropper I will cut your throat I will cut your throat What is
More informationCongruence of Integers
Congruence of Integers November 14, 2013 Week 11-12 1 Congruence of Integers Definition 1. Let m be a positive integer. For integers a and b, if m divides b a, we say that a is congruent to b modulo m,
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationDiscrete mathematics I - Number theory
Discrete mathematics I - Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationLecture 11: Hash Functions, Merkle-Damgaard, Random Oracle
CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions
More informationand Other Fun Stuff James L. Massey
Lectures in Cryptology 10-14 October 2005 School of Engineering and Science International University Bremen Lecture 3: Public-Key Cryptography and Other Fun Stuff James L. Massey [Prof.-em. ETH Zürich,
More informationCIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography 1 Review of Modular Arithmetic 2 Remainders and Congruency For any integer a and any positive
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationIntroduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key
Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers where what constitutes a number and the type of
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationLecture 10 - MAC s continued, hash & MAC
Lecture 10 - MAC s continued, hash & MAC Boaz Barak March 3, 2010 Reading: Boneh-Shoup chapters 7,8 The field GF(2 n ). A field F is a set with a multiplication ( ) and addition operations that satisfy
More information10 Concrete candidates for public key crypto
10 Concrete candidates for public key crypto In the previous lecture we talked about public key cryptography and saw the Diffie Hellman system and the DSA signature scheme. In this lecture, we will see
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationGroups in Cryptography. Çetin Kaya Koç Winter / 13
http://koclab.org Çetin Kaya Koç Winter 2017 1 / 13 A set S and a binary operation A group G = (S, ) if S and satisfy: Closure: If a, b S then a b S Associativity: For a, b, c S, (a b) c = a (b c) A neutral
More informationIntroduction to Information Security
Introduction to Information Security Lecture 5: Number Theory 007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Number Theory Divisibility
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More information