Iterated Encryption and Wiener s attack on RSA
|
|
- Bethanie McCarthy
- 5 years ago
- Views:
Transcription
1
2 Iterated Encryption
3 Euler s function Euler s function: φ(n) = {1 x n : gcd(x, n) = 1} Theorem (Euler) If n is a positive integer and m is a positive integer coprime to n then m φ(n) mod n = 1.
4 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key:
5 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key: E 1 = M e mod n
6 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key: E 1 = M e mod n E 2 = E1 e mod n
7 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key: E 1 = M e mod n E 2 = E1 e mod n E 3 = E2 e mod n
8 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key: E 1 = M e mod n E 2 = E1 e mod n E 3 = E2 e mod n E k = Ek 1 e mod n.
9 Iterated Encryption Consider a public RSA key with encryption modulus n and encryption exponent e. Also, consider a message M < n in padded ASCII form. Consider what might happen when M is encrypted iteratively using this key: E 1 = M e mod n E 2 = E1 e mod n E 3 = E2 e mod n E k = Ek 1 e mod n. Using the laws of exponents we have that for each n, E k = M ek mod n.
10 Carmichael function Carmichael s function: λ(n) is defined as the smallest positive integer m such that a m 1 mod n.
11 Carmichael function Carmichael s function: λ(n) is defined as the smallest positive integer m such that a m 1 mod n. Theorem (Carmichael) If n is a positive integer and a is a positive integer coprime to n then a λ(n) mod n = 1.
12 Carmichael function Carmichael s function: λ(n) is defined as the smallest positive integer m such that a m 1 mod n. Theorem (Carmichael) If n is a positive integer and a is a positive integer coprime to n then a λ(n) mod n = 1. Corollary If n is a product of distinct primes then for all a, a λ(n)+1 = a mod n.
13 Carmichael function Carmichael s function: λ(n) is defined as the smallest positive integer m such that a m 1 mod n. Theorem (Carmichael) If n is a positive integer and a is a positive integer coprime to n then a λ(n) mod n = 1. Corollary If n is a product of distinct primes then for all a, a λ(n)+1 = a mod n. Theorem For p > 3 and k 2, λ(p k ) = p k 1 (p 1).
14 Carmichael function Carmichael s function: λ(n) is defined as the smallest positive integer m such that a m 1 mod n. Theorem (Carmichael) If n is a positive integer and a is a positive integer coprime to n then a λ(n) mod n = 1. Corollary If n is a product of distinct primes then for all a, a λ(n)+1 = a mod n. Theorem For p > 3 and k 2, λ(p k ) = p k 1 (p 1). Theorem λ(p1 k1pk pkt t ) = lcm(λ(p k 1 )λ(p k 2 )...λ(p kt )
15 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n).
16 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then
17 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then (M ek mod n) mod n =
18 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then (M ek mod n) mod n = M ek mod n =
19 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then (M ek mod n) mod n = M ek mod n = M λ(n) t+1 mod n =
20 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then (M ek mod n) mod n = M ek mod n = M λ(n) t+1 mod n = (M λ(n) ) t M 1 mod n =
21 Iterated Encryption Note that when n is a product of distinct primes then λ(n) divides φ(n) making λ(n) < φ(n). Assume that e k = 1 mod λ(n) for some k where e is the encryption exponent. Then (M ek mod n) mod n = M ek mod n = M λ(n) t+1 mod n = (M λ(n) ) t M 1 mod n = 1 t M mod n = M
22 Wiener s attack
23 Euclidean Algorithm Recall how the Euclidean Algorithm computes the greatest common divisor, g, of two numbers a and b with a < b. One obtains a list of equations using long division: b = q 1 a + r 1, 0 r 1 < b a = q 2 r 1 + r 2, 0 r 2 < r 1 r 1 = q 3 r 2 + r 3, 0 r 3 < r 2 r 2 = q 4 r 3 + r 4, 0 r 4 < r 3 r n 1 = q n+2 r n+1 + r n+2 and r n+2 = 0 while r n+1 > 0.
24 Euclidean Algorithm Recall how the Euclidean Algorithm computes the greatest common divisor, g, of two numbers a and b with a < b. One obtains a list of equations using long division: b = q 1 a + r 1, 0 r 1 < b a = q 2 r 1 + r 2, 0 r 2 < r 1 r 1 = q 3 r 2 + r 3, 0 r 3 < r 2 r 2 = q 4 r 3 + r 4, 0 r 4 < r 3 r n 1 = q n+2 r n+1 + r n+2 and r n+2 = 0 while r n+1 > 0. The last non-zero remainder, r n+1, is gcd(a, b).
25 Continued Fractions Consider a rational number b/a with gcd(a, b) = 1. Then r n+1 = 1. From the same set of equations we obtain: b/a = q 1 + (r 1 /a) = q 1 + 1/(a/r 1 ) = q 1 + 1/(q 2 + (r 2 /r 1 )) = q 1 + 1/(q 2 + 1/(r 1 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + r 3 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + 1/(q 4 + 1/(q 5 + ( /q n+2 )...)))))
26 Continued Fractions Consider a rational number b/a with gcd(a, b) = 1. Then r n+1 = 1. From the same set of equations we obtain: b/a = q 1 + (r 1 /a) = q 1 + 1/(a/r 1 ) = q 1 + 1/(q 2 + (r 2 /r 1 )) = q 1 + 1/(q 2 + 1/(r 1 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + r 3 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + 1/(q 4 + 1/(q 5 + ( /q n+2 )...))))) The expression is known as continued fraction expansion of b/a and it is denoted by b/a = [q 1, q 2, q 3, q 4,..., q n+2 ].
27 Continued Fractions Consider a rational number b/a with gcd(a, b) = 1. Then r n+1 = 1. From the same set of equations we obtain: b/a = q 1 + (r 1 /a) = q 1 + 1/(a/r 1 ) = q 1 + 1/(q 2 + (r 2 /r 1 )) = q 1 + 1/(q 2 + 1/(r 1 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + r 3 /r 2 )) = q 1 + 1/(q 2 + 1/(q 3 + 1/(q 4 + 1/(q 5 + ( /q n+2 )...))))) The expression is known as continued fraction expansion of b/a and it is denoted by b/a = [q 1, q 2, q 3, q 4,..., q n+2 ].The number C j = [q 1, q 2,..., q j+1 ] is called the j-th convergent of b/a.
28 Continued Fractions Theorem Let a 0, a 1,..., a n R with a 0, a 1,..., a n > 0. Let the sequence p 0, p 1,..., p n and q 0, q 1,..., q n be defined by
29 Continued Fractions Theorem Let a 0, a 1,..., a n R with a 0, a 1,..., a n > 0. Let the sequence p 0, p 1,..., p n and q 0, q 1,..., q n be defined by p 0 = a 0, q 0 = 1 p 1 = a 0 a 1 + 1, q 1 = a 1 p k = a k p k 1 + p k 1, q k = a k q k 1 + q k 2 for k = 1, 2,..., n.
30 Continued Fractions Theorem Let a 0, a 1,..., a n R with a 0, a 1,..., a n > 0. Let the sequence p 0, p 1,..., p n and q 0, q 1,..., q n be defined by p 0 = a 0, q 0 = 1 p 1 = a 0 a 1 + 1, q 1 = a 1 p k = a k p k 1 + p k 1, q k = a k q k 1 + q k 2 for k = 1, 2,..., n. Then the k-th convergent. C k = [a 0, a 1,..., a k ] = p k q k
31 Continued Fractions Theorem (Dirichle,1842) Assume that gcd(a, b) = 1. If r, s are any natural numbers such that gcd(r, s) = 1, and a/b r/s < 1/(2s 2 ) then r/s is one of the convergents of a/b.
32 Continued Fractions Theorem (Dirichle,1842) Assume that gcd(a, b) = 1. If r, s are any natural numbers such that gcd(r, s) = 1, and a/b r/s < 1/(2s 2 ) then r/s is one of the convergents of a/b. Theorem (M. Wiener, 1990) Let n be an RSA modulus, say n = pq where p and q are primes, and let e be the public encryption exponent and dthe private decryption exponent. Let d < n, q < p < 2q and ed = 1 + kφ(n).then k d e n < 1 and d can be calculated 2d 2 quickly.
33 Proof of Wiener s theorem Since q 2 < pq = n, we have
34 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q,
35 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) =
36 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) = p + q 1 <
37 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) = p + q 1 < 3q < 3 n Write ed = 1 + φ(n)k for some integer k 1.
38 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) = p + q 1 < 3q < 3 n Write ed = 1 + φ(n)k for some integer k 1. Since e < φ(n) we have
39 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) = p + q 1 < 3q < 3 n Write ed = 1 + φ(n)k for some integer k 1. Since e < φ(n) we have so k < 1 3 n 1 4. φ(n)k < ed < 1 3 φ(n)n 1 4
40 Proof of Wiener s theorem Since q 2 < pq = n, we have q < n. Therefore, since p < 2q, n φ(n) = pq (p 1)(q 1) = p + q 1 < 3q < 3 n Write ed = 1 + φ(n)k for some integer k 1. Since e < φ(n) we have so k < 1 3 n 1 4. Therefore, φ(n)k < ed < 1 3 φ(n)n 1 4 kn ed = k(n φ(n)) 1 < k(n φ(n)) < 1 3 n 1 4 (3 n) = n 3/4
41 Proof of Wiener s theorem(cont.) Also, since kn φ(n)) 1 > 0, we have
42 Proof of Wiener s theorem(cont.) Also, since kn φ(n)) 1 > 0, we have kn ed > 0. Dividing by dn both sides of the equation and taking the absolute value we get
43 Proof of Wiener s theorem(cont.) Also, since kn φ(n)) 1 > 0, we have kn ed > 0. Dividing by dn both sides of the equation and taking the absolute value we get since 3d < n 1/4 by assumption. 0 < k d e n < 1 dn 1/4 < 1 3d 2, Then by Dirichle s theorem k d is one of the convergent of e n.
AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION
AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION Recall that RSA works as follows. A wants B to communicate with A, but without E understanding the transmitted message. To do so: A broadcasts RSA method,
More informationEuler s ϕ function. Carl Pomerance Dartmouth College
Euler s ϕ function Carl Pomerance Dartmouth College Euler s ϕ function: ϕ(n) is the number of integers m [1, n] with m coprime to n. Or, it is the order of the unit group of the ring Z/nZ. Euler: If a
More informationCOMP4109 : Applied Cryptography
COMP409 : Applied Cryptography Fall 203 M. Jason Hinek Carleton University Applied Cryptography Day 3 public-key encryption schemes some attacks on RSA factoring small private exponent 2 RSA cryptosystem
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationThe security of RSA (part 1) The security of RSA (part 1)
The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 i.e. q = (n φ(n) + 1)
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More information[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives
[Part 2] Asymmetric-Key Encipherment Mathematics of Cryptography Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. Objectives To introduce prime
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationMATH 145 Algebra, Solutions to Assignment 4
MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More informationThe RSA Cipher and its Algorithmic Foundations
Chapter 1 The RSA Cipher and its Algorithmic Foundations The most important that is, most applied and most analyzed asymmetric cipher is RSA, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman.
More informationNumber Theory A focused introduction
Number Theory A focused introduction This is an explanation of RSA public key cryptography. We will start from first principles, but only the results that are needed to understand RSA are given. We begin
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationIntegers and Division
Integers and Division Notations Z: set of integers N : set of natural numbers R: set of real numbers Z + : set of positive integers Some elements of number theory are needed in: Data structures, Random
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More information1 Structure of Finite Fields
T-79.5501 Cryptology Additional material September 27, 2005 1 Structure of Finite Fields This section contains complementary material to Section 5.2.3 of the text-book. It is not entirely self-contained
More informationExercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.
Exercises Exercises 1. Determine whether each of these integers is prime. a) 21 b) 29 c) 71 d) 97 e) 111 f) 143 2. Determine whether each of these integers is prime. a) 19 b) 27 c) 93 d) 101 e) 107 f)
More informationA Readable Introduction to Real Mathematics
Solutions to selected problems in the book A Readable Introduction to Real Mathematics D. Rosenthal, D. Rosenthal, P. Rosenthal Chapter 7: The Euclidean Algorithm and Applications 1. Find the greatest
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationCSE 521: Design and Analysis of Algorithms I
CSE 521: Design and Analysis of Algorithms I Randomized Algorithms: Primality Testing Paul Beame 1 Randomized Algorithms QuickSelect and Quicksort Algorithms random choices make them fast and simple but
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationCOMP424 Computer Security
COMP424 Computer Security Prof. Wiegley jeffw@csun.edu Rivest, Shamir & Adelman (RSA) Implementation 1 Relatively prime Prime: n, is prime if its only two factors are 1 and n. (and n 1). Relatively prime:
More informationSome Facts from Number Theory
Computer Science 52 Some Facts from Number Theory Fall Semester, 2014 These notes are adapted from a document that was prepared for a different course several years ago. They may be helpful as a summary
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationChapter 5. Modular arithmetic. 5.1 The modular ring
Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationIn fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.
Attacks on RSA, some using LLL Recall RSA: N = pq hard to factor. Choose e with gcd(e,φ(n)) = 1, where φ(n) = (p 1)(q 1). Via extended Euclid, find d with ed 1 (mod φ(n)). Discard p and q. Public key is
More informationPMA225 Practice Exam questions and solutions Victor P. Snaith
PMA225 Practice Exam questions and solutions 2005 Victor P. Snaith November 9, 2005 The duration of the PMA225 exam will be 2 HOURS. The rubric for the PMA225 exam will be: Answer any four questions. You
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 11: Introduction to Number Theory Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline What we ve covered so far: symmetric
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationCryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage
Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot
More informationLecture notes: Algorithms for integers, polynomials (Thorsten Theobald)
Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationCongruence of Integers
Congruence of Integers November 14, 2013 Week 11-12 1 Congruence of Integers Definition 1. Let m be a positive integer. For integers a and b, if m divides b a, we say that a is congruent to b modulo m,
More informationAll variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.
Math 152, Problem Set 2 solutions (2018-01-24) All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. 1. Let us look at the following equation: x 5 1
More information4 Powers of an Element; Cyclic Groups
4 Powers of an Element; Cyclic Groups Notation When considering an abstract group (G, ), we will often simplify notation as follows x y will be expressed as xy (x y) z will be expressed as xyz x (y z)
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationKnow the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.
The first exam will be on Monday, June 8, 202. The syllabus will be sections. and.2 in Lax, and the number theory handout found on the class web site, plus the handout on the method of successive squaring
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationRSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14
RSA Algorithm http://koclab.org Çetin Kaya Koç Spring 2018 1 / 14 Well-Known One-Way Functions Discrete Logarithm: Given p, g, and x, computing y in y = g x (mod p) is EASY Given p, g, y, computing x in
More informationECE 646 Lecture 5. Mathematical Background: Modular Arithmetic
ECE 646 Lecture 5 Mathematical Background: Modular Arithmetic Motivation: Public-key ciphers RSA as a trap-door one-way function PUBLIC KEY message ciphertext M C = f(m) = M e mod N C M = f -1 (C) = C
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationQ 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?
2 Mod math Modular arithmetic is the math you do when you talk about time on a clock. For example, if it s 9 o clock right now, then it ll be 1 o clock in 4 hours. Clearly, 9 + 4 1 in general. But on a
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More information8. Given a rational number r, prove that there exist coprime integers p and q, with q 0, so that r = p q. . For all n N, f n = an b n 2
MATH 135: Randomized Exam Practice Problems These are the warm-up exercises and recommended problems taken from all the extra practice sets presented in random order. The challenge problems have not been
More informationNumber Theory and Algebra: A Brief Introduction
Number Theory and Algebra: A Brief Introduction Indian Statistical Institute Kolkata May 15, 2017 Elementary Number Theory: Modular Arithmetic Definition Let n be a positive integer and a and b two integers.
More informationIntroduction. What is RSA. A Guide To RSA by Robert Yates. Topics
A Guide To RSA by Robert Yates. Topics Introduction...01/09 What is RSA...01/09 Mod-Exponentiation...02/09 Euler's Theorem...03/09 RSA Algorithm...08/09 RSA Security...09/09 Introduction Welcome to my
More informationImplementation Tutorial on RSA
Implementation Tutorial on Maciek Adamczyk; m adamczyk@umail.ucsb.edu Marianne Magnussen; mariannemagnussen@umail.ucsb.edu Adamczyk and Magnussen Spring 2018 1 / 13 Overview Implementation Tutorial Introduction
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition
More informationThe number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.
The first exam will be on Friday, September 23, 2011. The syllabus will be sections 0.1 through 0.4 and 0.6 in Nagpaul and Jain, and the corresponding parts of the number theory handout found on the class
More informationNumber theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29
Number theory Myrto Arapinis School of Informatics University of Edinburgh October 9, 2014 1/29 Division Definition If a and b are integers with a 6= 0, then a divides b if there exists an integer c such
More informationHomework #2 solutions Due: June 15, 2012
All of the following exercises are based on the material in the handout on integers found on the class website. 1. Find d = gcd(475, 385) and express it as a linear combination of 475 and 385. That is
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationCS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II
CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA
More informationSolutions to Practice Final 3
s to Practice Final 1. The Fibonacci sequence is the sequence of numbers F (1), F (2),... defined by the following recurrence relations: F (1) = 1, F (2) = 1, F (n) = F (n 1) + F (n 2) for all n > 2. For
More informationCorollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1
4. Primality testing 4.1. Introduction. Factorisation is concerned with the problem of developing efficient algorithms to express a given positive integer n > 1 as a product of powers of distinct primes.
More informationBasic Algorithms in Number Theory
Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi #2-b - Euclidean Algorithm. September 2 nd 2015 SEAMS School 2015 Number Theory and
More informationcse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications n-bit unsigned integer representation Represent integer x as sum of powers of 2: If x = n 1 i=0 b i 2 i where each b i
More informationcse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications casting out 3s Theorem: A positive integer n is divisible by 3 if and only if the sum of its decimal digits is divisible
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationA Few Facts from Number Theory and the RSA Cryptosystem OVERVIEW. RSA Producing Big Primes. Table of Contents. Overview Basic Facts of Number Theory
A Few Facts from Number Theory and the RSA Cryptosystem Larry Susanka Mathematics Department Bellevue College September 25, 2018 Table of Contents Overview Basic Facts of Number Theory The Idea of Public
More informationIntroduction to Number Theory
Introduction to Number Theory CS1800 Discrete Structures; notes by Virgil Pavlu 1 modulo arithmetic All numbers here are integers. The integer division of a at n > 1 means finding the unique quotient q
More informationNOTES ON SIMPLE NUMBER THEORY
NOTES ON SIMPLE NUMBER THEORY DAMIEN PITMAN 1. Definitions & Theorems Definition: We say d divides m iff d is positive integer and m is an integer and there is an integer q such that m = dq. In this case,
More informationRSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality
ECE646 Lecture RSA Key Generation Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality A.Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography
More informationNUMBER THEORY AND CODES. Álvaro Pelayo WUSTL
NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationNotes on Systems of Linear Congruences
MATH 324 Summer 2012 Elementary Number Theory Notes on Systems of Linear Congruences In this note we will discuss systems of linear congruences where the moduli are all different. Definition. Given the
More informationMath From Scratch Lesson 20: The Chinese Remainder Theorem
Math From Scratch Lesson 20: The Chinese Remainder Theorem W. Blaine Dowler January 2, 2012 Contents 1 Relatively Prime Numbers 1 2 Congruence Classes 1 3 Algebraic Units 2 4 Chinese Remainder Theorem
More informationAn integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.
Chapter 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p. If n > 1
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Send anonymous suggestions and complaints from here. Email: adamcandobetter@gmail.com Password: anonymous2 There aren t enough crocodiles in the presentations
More informationHomework Problems, Math 134, Spring 2007 (Robert Boltje)
Homework Problems, Math 134, Spring 2007 (Robert Boltje) 1. Write a computer program that uses the Euclidean Algorithm to compute the greatest common divisor d of two natural numbers a and b and also integers
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationIntroduction to Number Theory
INTRODUCTION Definition: Natural Numbers, Integers Natural numbers: N={0,1,, }. Integers: Z={0,±1,±, }. Definition: Divisor If a Z can be writeen as a=bc where b, c Z, then we say a is divisible by b or,
More informationThe Chinese Remainder Theorem
Chapter 5 The Chinese Remainder Theorem 5.1 Coprime moduli Theorem 5.1. Suppose m, n N, and gcd(m, n) = 1. Given any remainders r mod m and s mod n we can find N such that N r mod m and N s mod n. Moreover,
More informationPart II. Number Theory. Year
Part II Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2017 Paper 3, Section I 1G 70 Explain what is meant by an Euler pseudoprime and a strong pseudoprime. Show that 65 is an Euler
More information