Groups in Cryptography. Çetin Kaya Koç Winter / 13

Similar documents
Numbers. Çetin Kaya Koç Winter / 18

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Discrete Mathematics with Applications MATH236

Stream Ciphers. Çetin Kaya Koç Winter / 20

Kevin James. MTHSC 412 Section 3.4 Cyclic Groups

Chapter 5. Modular arithmetic. 5.1 The modular ring

Foundations of Cryptography

Mathematics for Cryptography

Digital Signature Algorithm

Congruences and Residue Class Rings

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

4 Powers of an Element; Cyclic Groups

Chinese Remainder Theorem

Topics in Cryptography. Lecture 5: Basic Number Theory

CS 6260 Some number theory

1 Structure of Finite Fields

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Lecture 20 FUNDAMENTAL Theorem of Finitely Generated Abelian Groups (FTFGAG)

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

LECTURE NOTES IN CRYPTOGRAPHY

SEVENTH EDITION and EXPANDED SEVENTH EDITION

Number Theory and Group Theoryfor Public-Key Cryptography

Introduction to Cryptography. Lecture 6

Groups An introduction to algebra. Table of contents

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

ECEN 5022 Cryptography

Finite Fields. Mike Reiter

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

Math 3121, A Summary of Sections 0,1,2,4,5,6,7,8,9

Public-key Cryptography: Theory and Practice

Chapter 4 Mathematics of Cryptography

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

CSC 5930/9010 Modern Cryptography: Number Theory

Rings and modular arithmetic

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

5 Group theory. 5.1 Binary operations

Converse to Lagrange s Theorem Groups

Introduction to Cryptology. Lecture 19

Discrete Logarithm Problem

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

MATH 420 FINAL EXAM J. Beachy, 5/7/97

Lecture 3.1: Public Key Cryptography I

Mathematical Foundations of Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Section 19 Integral domains

Notes on Primitive Roots Dan Klain

Number Axioms. P. Danziger. A Group is a set S together with a binary operation (*) on S, denoted a b such that for all a, b. a b S.

0 Sets and Induction. Sets

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Basic elements of number theory

Basic elements of number theory

Homework #5 Solutions

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Mathematical Foundations of Public-Key Cryptography

Chapter 5: The Integers

Name: Solutions Final Exam

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Homework Problems, Math 134, Spring 2007 (Robert Boltje)

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

Algebraic Structures Exam File Fall 2013 Exam #1

MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

List of topics for the preliminary exam in algebra

Chapter 4 Finite Fields

K. Ireland, M. Rosen A Classical Introduction to Modern Number Theory, Springer.

The Chinese Remainder Theorem

Computational Number Theory. Adam O Neill Based on

Outline. We will now investigate the structure of this important set.

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

Definition List Modern Algebra, Fall 2011 Anders O.F. Hendrickson

Computer Algebra for Computer Engineers

On the number of semi-primitive roots modulo n

Elementary Number Theory Review. Franz Luef

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

Math 547, Exam 1 Information.

Lecture 7 Cyclic groups and subgroups

Lagrange s Theorem. Philippe B. Laval. Current Semester KSU. Philippe B. Laval (KSU) Lagrange s Theorem Current Semester 1 / 10

Mathematics 222a Quiz 2 CODE 111 November 21, 2002

MATH 433 Applied Algebra Lecture 22: Review for Exam 2.

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Arithmetic in Integer Rings and Prime Fields

MATH HL OPTION - REVISION SETS, RELATIONS AND GROUPS Compiled by: Christos Nikolaidis

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Math 2070BC Term 2 Weeks 1 13 Lecture Notes

Modular Arithmetic and Elementary Algebra

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

(i) Write down the elements of a subgroup of order 2. [1]

3 The fundamentals: Algorithms, the integers, and matrices

Introduction to Number Theory 1. c Eli Biham - December 13, Introduction to Number Theory 1

Lecture 14: Hardness Assumptions

Transcription:

http://koclab.org Çetin Kaya Koç Winter 2017 1 / 13

A set S and a binary operation A group G = (S, ) if S and satisfy: Closure: If a, b S then a b S Associativity: For a, b, c S, (a b) c = a (b c) A neutral element: e S such that a e = e a = a Every element a S has an inverse inv(a) S: a inv(a) = inv(a) a = e Commutativity: If a b = b a, then the group G is called an a commutative group or an Abelian group In cryptography we deal with Abelian groups http://koclab.org Çetin Kaya Koç Winter 2017 2 / 13

Multiplicative Groups The operation is a multiplication The neutral element is generally called the unit element e = 1 Multiplication of an element k times by itself is denoted as a k = k copies {}}{ a a a The inverse of an element a is denoted as a 1 Example: (Z n, mod n) The operation is multiplication mod n If n is prime, Z n = {1, 2,..., n 1} If n is not a prime, Z n consists of elements a with gcd(a, n) = 1 In other words, Z n is the set of invertible elements mod n http://koclab.org Çetin Kaya Koç Winter 2017 3 / 13

Multiplicative Group Examples Consider the multiplication tables for mod 5 and mod 6 * mod 5 1 2 3 4 1 1 2 3 4 2 2 4 1 3 3 3 1 4 2 4 4 3 2 1 * mod 6 1 2 3 4 5 1 1 2 3 4 5 2 2 4 0 2 4 3 3 0 3 0 3 4 4 2 0 4 2 5 5 4 3 2 1 mod 5 multiplication on the set Z 5 = {1, 2, 3, 4} forms the group Z 5 mod 6 multiplication on the set Z 6 = {1, 2, 3, 4, 5} does not form a group since 2, 3 and 4 are not invertible However, mod 6 multiplication on the set of invertible elements forms a group: (Z6, mod 6) = ({1, 5}, mod 6) http://koclab.org Çetin Kaya Koç Winter 2017 4 / 13

Additive Groups The operation is an addition The neutral element is generally called the zero element e = 0 Addition of an element a k times by itself, denoted as [k] a = k copies {}}{ a + + a The inverse of an element a is denoted as a Example: (Z n, + mod n) is a group; the set is Z n = {0, 1, 2,..., n 1} and the operation is addition mod n http://koclab.org Çetin Kaya Koç Winter 2017 5 / 13

Additive Group Examples Consider the addition tables mod 4 and mod 5 + mod 4 0 1 2 3 0 0 1 2 3 1 1 2 3 0 2 2 3 0 1 3 3 0 1 2 + mod 5 0 1 2 3 4 0 0 1 2 3 4 1 1 2 3 4 0 2 2 3 4 0 1 3 3 4 0 1 2 4 4 0 1 2 3 mod 4 addition on Z 4 = {0, 1, 2, 3} forms the group (Z 4, + mod 4) mod 5 addition on Z 5 = {0, 1, 2, 3, 4} forms the group (Z 5, + mod 5) http://koclab.org Çetin Kaya Koç Winter 2017 6 / 13

Order of a Group The order of a group is the number of elements in the set The order of (Z11, mod 11) is 10, since the set Z 11 elements: {1, 2,..., 10} has 10 The order of group (Z p, mod p) is equal to p 1 Note that, since p is prime, the group order p 1 is not prime The order of (Z 11, + mod 11) is 11, since the set Z 11 has 11 elements: {0, 1, 2,..., 10} The order of (Z n, + mod n) is n, since the set Z n has n elements: {0, 1, 2,..., n 1}; here n could be prime or composite http://koclab.org Çetin Kaya Koç Winter 2017 7 / 13

Order of an Element The order of an element a in a multiplicative group is the smallest integer k such that a k = 1, where 1 is the unit element of the group order(3) = 5 in (Z11, mod 11) since { 3 i mod 11 1 i 10} = {3, 9, 5, 4, 1} order(2) = 10 in (Z11, mod 11) since { 2 i mod 11 1 i 10} = {2, 4, 8, 5, 10, 9, 7, 3, 6, 1} Note that order(1) = 1 http://koclab.org Çetin Kaya Koç Winter 2017 8 / 13

Order of an Element The order of an element a in an additive group is the smallest integer k such that [k] a = 0, where 0 is the zero element order(3) in (Z 11, + mod 11) is computed by finding the smallest k such that [k] 3 = 0 This is obtained by successively computing 3 = 3, 3 + 3 = 6, 3 + 3 + 3 = 9, 3 + 3 + 3 + 3 = 1, until we obtain the zero element We find order(3) = 11 in (Z 11, + mod 11) { [i] 3 mod 11 1 i 11} = {3, 6, 9, 1, 4, 7, 10, 2, 5, 8, 0} Note that order(0) = 1 http://koclab.org Çetin Kaya Koç Winter 2017 9 / 13

Lagrange s Theorem Theorem The order of an element divides the order of the group. The order of the group (Z11, mod 11) is equal to 10, while order(3) = 5 in (Z11, mod 11), and 5 divides 10 order(2) = 10 in (Z11, mod 11), and 10 divides 10 Similarly, order(1) = 1 in (Z11, mod 11), and 1 divides 10 Since the divisors of 10 are 1, 2, 5, and 10, the element orders can only be 1, 2, 5, or 10 http://koclab.org Çetin Kaya Koç Winter 2017 10 / 13

Lagrange Theorem On the other hand, order(3) = 11 in (Z 11, + mod 11), and 11 11 Similarly, order(2) = 11 in (Z 11, + mod 11) We also found order(0)=1 The order of the group (Z 11, + mod 11) is 11 Since 11 is a prime number, the order of any element in this group can be either 1 or 11 0 is the only element in (Z 11, + mod 11) whose order is 1 All other elements have the same order 11 which is the group order http://koclab.org Çetin Kaya Koç Winter 2017 11 / 13

Primitive Elements An element whose order is equal to the group order is called primitive The order of the group (Z11, mod 11) is 10 and order(2) = 10, therefore, 2 is a primitive element of the group order(2) = 11 and order(3) = 11 in (Z 11, + mod 11), which is the order of the group, therefore 2 and 3 are both primitive elements in fact all elements of (Z 11, + mod 11) are primitive except 0 Theorem The number of primitive elements in (Z p, mod p) is φ(p 1). There are φ(10) = 4 primitive elements in (Z11, mod 11), The primitive elements are: 2, 6, 7, 8 All of these elements are of order 10 http://koclab.org Çetin Kaya Koç Winter 2017 12 / 13

Cyclic Groups and Generators We call a group cyclic if all elements of the group can be generated by repeated application of the group operation on a single element This element is called a generator Any primitive element is a generator For example, 2 is a generator of (Z11, mod 11) since {2 i 1 i 10} = {2, 4, 8, 5, 10, 9, 7, 3, 6, 1} = Z 11 Also, 2 is a generator of (Z 11, + mod 11) since { [i] 2 mod 11 1 i 11} = {2, 4, 6, 8, 10, 1, 3, 5, 7, 9, 0} = Z 11 http://koclab.org Çetin Kaya Koç Winter 2017 13 / 13

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback