Modular Arithmetic. Examples: 17 mod 5 = 2. 5 mod 17 = 5. 8 mod 3 = 1. Some interesting properties of modular arithmetic:

Similar documents
Public Key Cryptography

CSC 474 Information Systems Security

Basic elements of number theory

Basic elements of number theory

3 The fundamentals: Algorithms, the integers, and matrices

4 Number Theory and Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Public-Key Cryptosystems:

Lecture 4: Number theory

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Number Theory Notes Spring 2011

Number Theory A focused introduction

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Elementary Number Theory MARUCO. Summer, 2018

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Integers and Division

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Basic Algorithms in Number Theory

Introduction to Cryptography. Lecture 6

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Public Key Encryption

Number Theory. Modular Arithmetic

Number Theory and Group Theoryfor Public-Key Cryptography

Congruence of Integers

CPSC 467b: Cryptography and Computer Security

Practice Number Theory Problems

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

RSA. Ramki Thurimella

Primes. Rational, Gaussian, Industrial Strength, etc. Robert Campbell 11/29/2010 1

Discrete Mathematics GCD, LCM, RSA Algorithm

A Guide to Arithmetic

CS483 Design and Analysis of Algorithms

4 Powers of an Element; Cyclic Groups

CS March 17, 2009

8 Primes and Modular Arithmetic

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Some Facts from Number Theory

Mathematics of Cryptography

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Homework #2 solutions Due: June 15, 2012

Lecture Notes, Week 6

Elementary Properties of the Integers

Numbers. Çetin Kaya Koç Winter / 18

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

The RSA cryptosystem and primality tests

basics of security/cryptography

Sets. We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth

8.1 Principles of Public-Key Cryptosystems

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture Notes. Advanced Discrete Structures COT S

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Applied Cryptography and Computer Security CSE 664 Spring 2017

A SURVEY OF PRIMALITY TESTS

Number Theory Proof Portfolio

Elementary Number Theory Review. Franz Luef

For your quiz in recitation this week, refer to these exercise generators:

Lecture 11 - Basic Number Theory.

Number Theory & Modern Cryptography

Mathematical Foundations of Public-Key Cryptography

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Winter Camp 2009 Number Theory Tips and Tricks

Introduction to Cryptography

MATH 145 Algebra, Solutions to Assignment 4

Mathematical Foundations of Cryptography

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Lecture 14: Hardness Assumptions

LECTURE NOTES IN CRYPTOGRAPHY

ECEN 5022 Cryptography

Introduction to Number Theory. The study of the integers

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

MATH 361: NUMBER THEORY FOURTH LECTURE

CPSC 467: Cryptography and Computer Security

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

CRYPTOGRAPHY AND NUMBER THEORY

Finite Fields. Mike Reiter

ICS141: Discrete Mathematics for Computer Science I

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

2. THE EUCLIDEAN ALGORITHM More ring essentials

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Chapter 5. Modular arithmetic. 5.1 The modular ring

1. multiplication is commutative and associative;

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Cryptography IV: Asymmetric Ciphers

Transcription:

Modular Arithmetic If a mod n = b, then a = c n + b. When you reduce a number a modulo n you usually want 0 b < n. Division Principle [Bar02, pg. 61]: Let n be a positive integer and let a be any integer. Then there is exactly one pair of integers (c, b), 0 b < n such that a = c n + b Examples: 17 mod 5 = 2. 5 mod 17 = 5. 8 mod 3 = 1. Some interesting properties of modular arithmetic: (a + b) mod n = (a mod n + b mod n) mod n (a b) mod n = (a mod n b mod n) mod n which implies for example that a 1 mod n? = (a mod n) 1 (a (b+c)) mod n = (a mod n (b+c) mod n) mod n = (a mod n (b mod n+c mod n) mod n) mod n 1

Modular Arithmetic Example: Or, it is (1234 103 (1234 32 + 1004 245 )) mod 7 = 2 103 (2 32 + 3 245 )) mod 7 = 2 102 2 (2 32 + 3 245 )) mod 7 = 2 3 34 2 (2 32 + 3 245 )) mod 7 = 8 34 2 (2 32 + 3 245 )) mod 7 = 1 34 2 (2 32 + 3 245 )) mod 7 = 2 (4 + 5) mod 7 = 2 2 mod 7 = 4 67642723770396048080061780551449062846339657826556060236645437316976\ 75295138467674632079193559564693975100853574063429268655061579855616\ 80695208896384623297418220848803884955876363418030350483247250724631\ 48332580139601163758807163959980616799419330958377856305601238263592\ 07260539700679914567732449971041003694134911024550323643899333412749\ 84765464297162616658498629615474403373088517597556976620658033217438\ 80280868182620586591866807914549064740934594906378968122996574072724\ 06107888091704653742699714387717546200022361247224368645062455882516\ 77886076929770205524007172037257055742380864415433040887992580892514\ 08553819866282403969576574178668960149972025379896072951585262587618\ 46453044514479205381938683422173039265005451812870791033921812833308\ 34131979868926531264458479736358778622572499449415763943865945787807\ 55954244411694235864300346590674911568973317438026358845496672381789\ 09903984749431006079030838865685491827363683331151586843871472933347\ 39082872093966419871034772779648311073868559479294419934485808969958\ 7734429853257643035321271289118720 mod 7 = 4 2

Modular Exponentiation Say you want to compute 6 469 mod 7. You could compute 6 6 6 469 times Or, observe that 469 = 111010101 2 = 2 8 + 2 7 + 2 6 + 2 4 + 2 2 + 2 0. That is 6 469 = 6 28 6 27 6 26 6 24 6 22 6 20 So instead compute each term individually with one multiply each. That is, compute 6 2, 6 4, 6 8, 6 16, 6 32, 6 64, 6 128, 6 256 by repeated squaring. 3

GCD The GCD of two numbers a and b is the largest integer that divides both a and b. GCD(a, b) = GCD(b, a mod b) Why doesn t GCD(a, b) = GCD(a, a mod b) work? Because d a & d b d (a mod b). Similarly, d b & d (a mod b) d a. This proves why the known algorithm for GCD works. For the latter algorithm, you can t go in the reverse direction, i.e., d a & d (a mod b) that d b. This is because if d (a mod b) then d (a kb) but it may be that d k instead of b. 4

Inverse The inverse of an element x mod n is the element y such that xy = 1 mod n Consider the set of numbers modulo 9. 0 1 2 3 4 5 6 7 8 0 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 8 2 0 2 4 6 8 1 3 5 7 3 0 3 6 0 3 6 0 3 6 4 0 8 3 7 2 6 1 5 0 5 0 5 1 6 2 7 3 8 4 6 0 6 3 0 6 3 0 6 3 7 0 7 5 3 1 8 6 4 2 8 0 8 7 6 5 4 3 2 1 Not every number has an inverse modulo 9. In fact, only numbers coprime to 9 have inverses! 5

EGCD The Extended Euclidean Algorithm EGCD(f, d) permits one to find d 1 mod f and f 1 mod d [provided that GCD(f, d) = 1] in addition to GCD(f, d). Start with the vectors (1, 0, f) & (0, 1, d) and reduce one vector with another by subtracting a multiple of one from the second until the result has the third component 1. Both vectors maintain the invariant fx 1 + dx 2 = x 3 Eventually, you get an equation of the form fx 1 + dx 2 = 1 This gives x 2 = d 1 mod f and x 1 = f 1 mod d. Show examples of GCD & EGCD using RSA.pm and /bin/perl/egcd. 6

Primes An integer a > 1 whose only divisors are the trivial divisors 1 and a is said to be a prime number [CLRS01]. Example: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,...... If n is a composite integer, then n has a prime factor not exceeding n. What this means is that in order to test a number n for primality, it s sufficient to try dividing it by all primes n. There are infinitely many primes [Ros93, Theorem 1.17]. n! + 1 cannot have a prime divisor n. π(x), the numbers of primes n n/ log n as n. 1. n/ log n as n. 2. Even though the # of primes is, its density gets sparser and sparser as n. 3. Approximately speaking, one would need to sample log n numbers to find a prime close to n. 7

Finding primes Consider finding all primes 25: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 8

Factorization 1. Find a factor of n by successively dividing n by primes 2... n. 2. To find the factors of n, find x 2 y 2 = n [Bre89, Chapter 5]. The non trivial factors of n are then (x y) and (x + y). 9

Fermat s Theorem For prime p and integer b not divisible by p, Proof: Consider the product b p 1 1 (mod p) P = 1b 2b 3b (p 2)b (p 1)b = b p 1 (p 1)! But 1b 2b 3b = (p 1)b because the residue system mod p is a field and b has an inverse. Thus 1b, 2b,... merely enumerate the numbers 1... (p 1) in some order. Canceling out (p 1)! from both sides [because (p 1)! is coprime to p] of the equation we get b p 1 = 1. Consider the prime 17. Then 2 16 = 65536 = 1 mod 17. 4 16 = 4294967296 = 1 mod 17. 15 16 = 6568408355712890625 = 1 mod 17. Let s try the same exercise with the prime 19. 2 18 = 262144 = 1 mod 19. 4 18 = 68719476736 = 1 mod 19. 15 18 = 1477891880035400390625 = 1 mod 19. If x p 1 = 1 mod p, then x x p 2 = 1 mod p. This means that x p 2 is the inverse of x mod p. 10

Euler s theorem It is a generalization of Fermat s theorem. Def: φ(n) is the # of positive integers < n that are relatively prime to n. φ(9) = 1, 2, 3, 4, 5, 6, 7, 8 = 6. Thm: If GCD(x, n) = 1, then x φ(n) = 1 (mod n). If p is prime then φ(p) = (p 1). 11

Knapsack Encryption Given a set of integers a 1, a 2,... a n, find whether a subset of them adds up to a given integer t. For example, for the set A = {4, 7, 33, 1, 12, 78, 11, 291} is there a subset that adds up to 17? To 129? To encrypt text, say NUS IS GREAT, use the ASCII bit sequence of each character to select the set of numbers in the knapsack to add. So N = 0x4E = 01001110 = 7 + 12 + 78 + 11 = 108. U = 0x55 = 01010101 = 7 + 1 + 78 + 291 = 377.......and so on...... Alternatively, the knapsack can have 16 numbers and you can encrypt two characters at a time. Suppose that A = {4, 7, 33, 1, 12, 78, 11, 291, 101, 29, 1101, 561, 487, 9826, 791, 893} Then you encrypt the message as NU SI SG RE AT The difficulty is that solving the general knapsack is as difficult for the recipient as it is for the enemy. 12

Merkle-Hellman Knapsack Encryption Make the problem difficult for the enemy but easy for the recipient! A superincreasing knapsack is one in which the integers in the knapsack form a superincreasing sequence. That is a k > k 1 j=1 a j Give a demo of superincreasing sequence using printsuperincreasingseq(superincreasingseq(7)). An example is the sequence A = {77, 105, 192, 392, 801, 1662, 3286, 6537} Now supposing one were to ask if there s a subset of #s in the knapsack that add up to 2967 there s an easy way to find it! But the problem is that solving a superincreasing knapsack is as easy for the enemy as it is for the recipient! So we try to confound the enemy by transforming a superincreasing knapsack into a random one. 13

Encryption/Decryption with MH Knapsacks Choose an m > a i. Choose a w rel. prime to m. Transform A into B such that b i = w a i mod m. Let s say that m = 13917 for the example above and that w = 269. Then B = {6796, 411, 9897, 8029, 6714, 1734, 7163, 4911} To encode the character N which is 01001110, we might do 411 + 6714 + 1734 + 7163 = 16022. To decode this number, the recipient does 269 1 16022 mod 13917 = 3725 16022 mod 13917 = 5854. Solving the superincreasing knapsack for 5854 gives the set 105 + 801 + 1662 + 3286! Practical Implementation Generate random numbers 0 < r i < 2 200 and choose. a i = 2 200+i 1 + r i 14

Why is the Knapsack considered hard? The general knapsack problem is NP Complete! 15

A little primer on complexity theory f(n) is said to be O(g(n)) if c, n 0 such that f(n) c g(n) n n 0 Example: f(n) = 17n + 10 is O(n) because for n 0 = 10. Demo plot [n=1:100] 17*n+10, 18*n. 17n + 10 18n Example: f(n) = a t n t + a t 1 n t 1 + + a 0 is O(n t ). The class P: problems that can be solved in time bounded by a polynomial function of the problem size. For example, sorting, finding the max of a set of numbers, multiplication, exponentiation. The class NP: problems that can be verified in polynomial time. For example, Hamiltonian cycle, CNF satisfiability. The class NP Complete: Problems in NP to which every other problem in NP can be reduced in polynomial time. If an NP Complete problem yields a polynomial time solution, then P = NP. In some sense then, these are the hardest problems to solve in the class NP. We know that P NP, that P EXP. But is P = NP? 16

References [Bar02] Thomas H. Barr. Invitation to Cryptology. Prentice Hall, 2002. [Bre89] David M. Bressoud. Factorization and Primality Testing. Undergraduate texts in mathematics. Springer-Verlag, 1989. [CLRS01] Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. Introduction to Algorithms. MIT Press, 2 nd, 2001. [Ros93] Kenneth H. Rosen. Elementary Number Theory and its Applications. Addison-Wesley, 3rd edition, 1993. 17

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback