ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Similar documents
Public Key Encryption

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Topics in Cryptography. Lecture 5: Basic Number Theory

CSC 5930/9010 Modern Cryptography: Number Theory

Mathematical Foundations of Cryptography

basics of security/cryptography

Numbers. Çetin Kaya Koç Winter / 18

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Lecture 3.1: Public Key Cryptography I

Introduction to Cryptography. Lecture 6

Number Theory and Group Theoryfor Public-Key Cryptography

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Chapter 4 Finite Fields

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

8 Primes and Modular Arithmetic

Mathematical Foundations of Public-Key Cryptography

ICS141: Discrete Mathematics for Computer Science I

CSE20: Discrete Mathematics

4 Powers of an Element; Cyclic Groups

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Discrete Mathematics GCD, LCM, RSA Algorithm

Basic elements of number theory

Basic elements of number theory

Integers and Division

Applied Cryptography and Computer Security CSE 664 Spring 2017

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Finite Fields. Mike Reiter

Number Theory. Modular Arithmetic

Lecture 10: HMAC and Number Theory

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Public Key Cryptography

Computational Number Theory. Adam O Neill Based on

CSc 466/566. Computer Security. 5 : Cryptography Basics

Discrete Structures Lecture Primes and Greatest Common Divisor

CS 6260 Some number theory

Introduction to Information Security

MTH 346: The Chinese Remainder Theorem

Modular Arithmetic and Elementary Algebra

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

a the relation arb is defined if and only if = 2 k, k

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

CS March 17, 2009

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

4 Number Theory and Cryptography

CSC 474 Information Systems Security

Chapter 8 Public-key Cryptography and Digital Signatures

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Homework #5 Solutions

Lecture 11 - Basic Number Theory.

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Introduction to Number Theory 1. c Eli Biham - December 13, Introduction to Number Theory 1

Number Theory & Modern Cryptography

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture Notes, Week 6

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

ECEN 5022 Cryptography

3 The fundamentals: Algorithms, the integers, and matrices

Introduction to Cybersecurity Cryptography (Part 5)

ECE596C: Handout #11

Commutative Rings and Fields

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

Introduction to Public-Key Cryptosystems:

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Lecture 14: Hardness Assumptions

CS 290G (Fall 2014) Introduction to Cryptography Oct 21st, Lecture 5: RSA OWFs

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Public Key Cryptography

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Iterated Encryption and Wiener s attack on RSA

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

WORKSHEET ON NUMBERS, MATH 215 FALL. We start our study of numbers with the integers: N = {1, 2, 3,...}

Lecture 7: ElGamal and Discrete Logarithms

Ch 4.2 Divisibility Properties

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

MATH 145 Algebra, Solutions to Assignment 4

Lecture 7 Number Theory Euiseong Seo

Ma/CS 6a Class 4: Primality Testing

CIS 551 / TCOM 401 Computer and Network Security

Mathematics of Cryptography

CPSC 467b: Cryptography and Computer Security

CISC-102 Fall 2017 Week 6

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

NOTES ON SIMPLE NUMBER THEORY

CS250: Discrete Math for Computer Science

Elementary Number Theory MARUCO. Summer, 2018

CSE 311: Foundations of Computing. Lecture 12: Two s Complement, Primes, GCD

CS483 Design and Analysis of Algorithms

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Security II: Cryptography exercises

Transcription:

ENEE 457: Computer Systems Security Lecture 5 Public Key Crypto I: Number Theory Essentials Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park

Prime numbers A number x is prime if its only divisors are x and 1 There approximately n/log n prime numbers less than n

Modulo N arithmetic We denote with x mod N the remainder of division x/n E.g., 18 mod 4 = 2, 16 mod 2 = 0 If x mod N = y mod N we write x = y mod N For example 4 = 16 mod 3 You can add, subtract, multiply E.g., 6 = 18 mod 4 gives (mult. by 4) 24 = 72 mod 4 But you cannot divide!

Beware of division modulo N Can you divide? 6 = 18 mod 4 Try to divide by 2 3 = 9 mod 4 WRONG!! What happened? 2 DOES NOT HAVE AN INVERSE MOD 4

Greatest common divisor (gcd) of a and b Definition: gcd (a,b) is the greatest integer dividing both a and b Property: gcd(a,b) is the smallest positive integer d satisfying d = i*a+j*b for some integers a,b Example: gcd(8,20)=4. 4=(1)*20-2*8 No positive number smaller than 4 can be derived by taking linear combinations of 8 and 20.

Proof Suppose d is the smallest positive integer d satisfying d = i*a + j*b for some i and j. Then we show that d = gcd(a,b) Since d = i*a + j*b, any common divisor of a and b is a divisor of d as well. But a number is always greater or equal than its divisors, so d >= gcd(a,b) It is a = h*d+(a mod d) so a mod d = a hd But d = i*a + j*b So a mod d = a hd = a h(i*a + j*b) = (1-hi)a+(-hj)b But a mod d < d and d is the smallest positive integer such that d = i*a + j*b so it has to be the case that a mod d = 0 which means d divides a. By a similar argument we get that d divides b Thus d is a divisor of both a and b, so this implies d <= gcd(a,b) Therefore d = gcd(a,b)

Computing the gcd Property: gcd (a,b) = gcd(b,a mod b) Why? All common divisors of a,b are common divisors of b and a mod b: a=dx,b=dt,a mod b =d L All common divisors of b,a mod b are common divisors of a and b: b = fx,a mod b=ft,a=f T So a and b and b and a mod b have exactly the same divisors, so gcd should also be the same Example (412,260) (260,152) (152,108) (108,44) (44,20) (20,4) (4,0)

How much time do we need to compute the gcd? O(max(loga,logb))

Inverses mod N An element x has an inverse mod N iff gcd(x,n) = 1 If x has an inverse mod N then there exists y such that x * y = 1 mod N which implies x*y = k*n + 1 which gives x*y k N = 1. Therefore 1 needs to be the gcd of x and N If gcd(x,n) =1 then i*x + j*n = 1 then i*x = 1 mod N

Great Common Divisor Algorithm Algorithm EuclidGCD(a, b) Input integers a and b Output gcd(a, b) if b = 0 return a else return EuclidGCD(b, a mod b) Proof: We need to prove that GCD(a,b)=GCD(b,a mod b) FACTS Every divisor of a and b is a divisor of b and (a mod b): This is because (a mod b) can be written as the sum of a and a multiple of b, i.e., a mod b = a + kb, for some integer k. Similarly, every divisor of b and (a mod b) is a divisor of a and b: This is because a can be written as the sum of (a mod b) and a multiple of b, i.e., a = kb + (a mod b), for some integer k. Therefore the set of all divisors of a and b is the same with the set of all divisors of b and (a mod b). Thus the greatest should also be the same.

Groups in Mathematics A group is a set, G, together with an operation (called the group law of G) that combines any two elements a and b to form another element, denoted a b or ab. To qualify as a group, the set and operation, (G, ), must satisfy four requirements known as the group axioms: Closure: For all a, b in G, the result of the operation, a b, is also in G. Associativity: For all a, b and c in G, (a b) c = a (b c). Identity element: There exists an element e in G, such that for every element a in G, the equation e a = a e holds. Such an element is unique, and thus one speaks of the identity element. Inverse element: For each a in G, there exists an element b in G, commonly denoted a 1 (or a, if the operation is denoted "+"), such that a b = b a = e, where e is the identity element. If commutativity holds, the group is called abelian

Examples of groups The set of integers { -2,-1,0,1,2} is a group under addition but not under multiplication (why?). The set of integers modulo N {0,1,,N-1}is a group under addition (this group is denoted Z_N) Is the set of reals a group under multiplication? The set of integers modulo N that have multiplicative inverses modulo N is a group under multiplication. We denote this group as Z*_N Z*_15 = {1,2,4,7,8,11,13,14} Z*_7 = {1,2,3,4,5,6} (since 7 is a prime)

Order of a group Order of a group is the number of elements in a group. Can be infinite ORDER(Z_N)=ORDER({0,1,,N-1})=N Let (G,+) be a group of order m. Then for every element g of the group g * m = 0 Or if (G,*) is a group of oder m. Then for every element g of the group g^m = 1 Take all element g1,g2, g_m. Fix arbitrary g from the group. Then we claim (g1*g)*(g2*g)*...*(g_m*g) = g1*g2* *g_m This gives g^m=1 g^x = g^{x mod m} g^x=g^{k*m+(x mod m)}=(g^{m})^k*g^{x mod m} = g^{x mod m}

What is the order of Z*_N? Assume N = p * q where p and q are primes > 1 Order of Z*_N is (p 1) (q 1) Denoted phi(n) What if N is itself a prime? Then order of Z*_p is p 1

Can we define a bijection (permutation)? Let G be a group of order m If gcd(e,m)=1 then g^e is a bijection Suppose not. Then x^e = y^e for x \ne y which implies x = y, contradiction So looks like number theory gives us permutations without tables!

Cyclic groups Let G be a group The order of an element x in the group is the smallest positive integer o such that x ^ o = 1 If there exists an element g in the group that whose order is equal to the order of the group then The group is called cyclic All elements of the group can be generated by g as g^0,g^1,,g^{m-1} Example Consider Z_15. Order is 15. It is cyclic because for g = 1 we have g* 15 = 1*15 = 0 For all other i<15 it is 1*i \ne 0 mod 15 If the order is prime, G is cyclic and all the elements (but the identity) can serve as generators Z*_p is also cyclic. Example, Z*_7 is cyclic with 3 but not 2 as a generator

Computational Assumption 1: DLog We will be using some assumptions about problems considered to be hard Discrete logarithm problem Let G be a cyclic group of order q and let g be a generator of G Output an element h = g^x. Keep x secret Then it is very difficult (exponential in the bitlength of q) to figure out x What would be a naïve algorithm for that?

Computational Assumption 2: RSA Given N = pq, where p and q are primes, it is difficult to figure out p and q This is known as factoring assumption We will see an encryption scheme whose security is based on RSA We will see a hash function whose security is based on DLog

Chinese remainder theorem Let N=pq. Let x mod p = a1 x mod q = a2 Then x mod N = a1* q * inverse(q in Zp)+ a2 * p * inverse(p in Zq) mod N Let s prove it This can be used to compute W^x mod N, for big W^x, more efficiently How? Use of theorem Say you want to compute 18^25 mod 35 (35 = 5*7) Compute 18^25 mod 5 = 18^(25 mod 4) mod 5= 18^1 mod 5 = 3 = a1 Compute 18^25 mod 7 = 18^(25 mod 6) mod 7= 18^1 mod 7 = 4 = a2 Note that inverse(5 in Z 7 )=3 and inverse(7 in Z 5 )=3 Therefore the solution we are looking for is 3*7*3+4*5*3 mod 35= 18 Used in the decryption procedure of RSA: Why cannot it be used in the encryption?

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback