Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Similar documents
Discrete Mathematics GCD, LCM, RSA Algorithm

CIS 551 / TCOM 401 Computer and Network Security

Introduction to Cryptography. Lecture 6

basics of security/cryptography

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Topics in Cryptography. Lecture 5: Basic Number Theory

Public Key Cryptography

Public Key Algorithms

Number Theory & Modern Cryptography

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Chapter 8 Public-key Cryptography and Digital Signatures

ICS141: Discrete Mathematics for Computer Science I

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

The RSA cryptosystem and primality tests

Public Key Encryption

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Cryptography. pieces from work by Gordon Royle

Lecture 1: Introduction to Public key cryptography

CS March 17, 2009

Numbers. Çetin Kaya Koç Winter / 18

Encryption: The RSA Public Key Cipher

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

CPSC 467b: Cryptography and Computer Security

CS483 Design and Analysis of Algorithms

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

ECE596C: Handout #11

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Basic elements of number theory

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Basic elements of number theory

Lecture Notes, Week 6

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

RSA. Ramki Thurimella

ALG 4.0 Number Theory Algorithms:

Ma/CS 6a Class 3: The RSA Algorithm

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Cryptography. P. Danziger. Transmit...Bob...

Number Theory and Group Theoryfor Public-Key Cryptography

10 Public Key Cryptography : RSA

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

10 Modular Arithmetic and Cryptography

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CPSC 467b: Cryptography and Computer Security

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Applied Cryptography and Computer Security CSE 664 Spring 2017

Algorithmic Number Theory and Public-key Cryptography

Introduction to Public-Key Cryptosystems:

CRYPTOGRAPHY AND NUMBER THEORY

Elementary Number Theory MARUCO. Summer, 2018

Introduction to Modern Cryptography. Benny Chor

Lecture 10: HMAC and Number Theory

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Introduction to Cybersecurity Cryptography (Part 5)

CPSC 467b: Cryptography and Computer Security

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

Security II: Cryptography exercises

CPSC 467: Cryptography and Computer Security

Congruence of Integers

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Mathematical Foundations of Public-Key Cryptography

Elementary Number Theory Review. Franz Luef

dit-upm RSA Cybersecurity Cryptography

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Number Theory. Modular Arithmetic

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

Discrete mathematics I - Number theory

Ma/CS 6a Class 4: Primality Testing

THE RSA ENCRYPTION SCHEME

Senior Math Circles Cryptography and Number Theory Week 2

Mathematics of Cryptography

Introduction to Number Theory

Theory of Computation Chapter 12: Cryptography

Cryptography IV: Asymmetric Ciphers

Asymmetric Encryption

Mathematics of Cryptography

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Number-theoretic algorithms 1

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

Simple Math: Cryptography

Ma/CS 6a Class 2: Congruences

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

8.1 Principles of Public-Key Cryptosystems

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Number theory (Chapter 4)

Introduction to Number Theory

Mathematics of Public Key Cryptography

My brief introduction to cryptography

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Transcription:

Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī 3x=3 Cost? O(n 2 ) Operations determining parity (even or odd) addition duplation (doubling a number, left shift) mediation (halving a number, rounding down, right shift) al-khwārizmī Division Cost? O(n 2 ) Can we do better? Cost?

odular arithmetic A system for dealing with restricted ranges of integers odular arithmetic Addition x+y mod N, assuming x, y <N O(n), n - number of bits N has (size of input) (x+y mod N = x+y or x+y-n) ultiplication x*y mod N? Ron Rivest, Adi Shamir, Leonard Adleman (977) Algorithm for public-key cryptography, based on the presumed difficulty of the factoring problem. 2002 A.. Turing Award is one of the most used cryptographic protocols on the net. Your browser uses it to establish a secure session with a site. Needed for implementing : FLT (Fermat s Little Theorem) Fast Exponentiation Extended Euclidean Algorithm odular inverses CRT (Chinese Remainder Theorem) Turing Lecture on Early Days, Ronald L. Rivest Turing Lecture on Early Days, Ronald L. Rivest Turing Lecture on Early Days, Ronald L. Rivest In April 202, the factorization of 3 is achieved. 2

public-key cryptosystem In a public-key cryptosystem, everyone has a public key and a secret key. Suppose Alice and Bob are two participants. Alice P A, S A Bob P B, S B The keys specify - functions from message to itself: = S A (P A ()) = P A (S A ()) Encryption: encrypt Communication decrypt P A channel S A Digital signatures: S A Alice Communication channel S A () P A Bob =? Accept Bob P A () Alice algorithm Select at random 2 large prime numbers p & q; (p & q might be, say, 00 decimal digits each.) Compute n: n = pq; Select an odd integer e that is relatively prime to φ(n) = (p-)(q-); Compute d as the multiplicative inverse of e, modulo φ(n); (de mod φ(n)) Publish P = (e, n) as the public key; Keep secret S = (d, n) as the secret key. If Z n ={0,,,n-}, P() = e mod n S(C) = C d mod n, C=P(). example Pick p = 7, q=7. n=pq=3337. φ(n) = (p-)(q-)=6*70=3220, choose e=79 (at random). d =79 - mod 3220 = 09. P A =(79, 3337). S A =(09, 3337). essage: = 6882326879666683 = 688 232 687 966 668 3 = 688 688 79 mod 3337 = 570 =C 2 = 232 232 79 mod 3337 = 2756 =C2 C = 570 2756 209 2276 223 58 C = 570 570 09 mod 3337 = 688 = C2 = 58 58 09 mod 3337 = 3 =2 Another example n = 559, e = 3. m e mod n Smiley Transmits: Last name Smiley L A S T N A E S I L E Y 20 920 00 03 0500 93 092 0525 20 3 mod 559, 920 3 mod 559, 07 06 78 250 3906 256 5 262 Bob receives the encrypted blocks c = m e mod n. He have a private decryption exponent d which when applied to c recovers the original blocks m : (m e mod n ) d mod n = m For n = 559, e = 3 the decryptor d = 3397. 3

The Department offers aster of Science and Bachelor of Science degrees in Computer Science. The University of Akron attracts many non-traditional students who may be unable to attend classes during the day. Our department offers classes at times that accommodate these students as well as traditional full-time students. The Department offers aster of Science and Bachelor of Science degrees in Computer Science. The University of Akron attracts many non-traditional students who may be unable to attend classes during the day. Our department offers classes at times that accommodate these students as well as traditional n = 559, d = 3397 07 06 78 250 3906 256 5 262 07 3397 mod 559, 06 3397 mod 559, 20 920 00 03 0500 93 092 0525 L A S T N A E S I L E Y full-time students. d %n S A Alice SHA256 A hash func Signed document Digital Signatures SHA256 A hash func Communication channel S A () -integer of 256 bits d %n verify P A =? Bob Accept d %n -signature? == ( d %n) e %n Technical difficulties: How do we know the algorithm works correctly? How to pick large prime numbers? Compute pq How to choose e Compute d How to compute e, C d Can any one break the code? If I want to encrypt credit card numbers, how big my p and q should be? If I want to encrypt words of four random characters from ASCII set, how big my p and q should be? How to pick large prime numbers? Primality testing Hard, but much easier than factoring. Fermat s Little Theorem(~60): If p is prime, then a, s.t. a<p, a p- (mod p). p p? The numbers make us fail are called Fermat pseudoprime -extremely rare (ex. 2 30 =mod3; Carmichael number 56, 2 560 =mod56)

Lagrange s Prime Number Theorem Theorem: The number of prime numbers between and x is about x/lnx. Not only are primes easy to detect, but they are also relatively abundant. Carmichael number A number c is a Carmichael number if it is not a prime, and still for all prime divisors d of c it so happens that d-divides c-. The smallest Carmichael number is 56 = 3 7. If c is a Carmichael number and a is relatively prime to c, then a c- mod c. Primality testing Primality testing Fermat's Last Theorem Fermat's Last Theorem states that x n + y n = z n has no non-zero integer solutions for x, y and z when n > 2. Technical difficulties: How do we know the algorithm works correctly? How to pick large prime numbers? Compute pq How to choose e Compute d How to compute e, C d? Can any one break the code? 5

odular exponentiation How to compute e, C d? In order to implement, exponentiation relative some modulo needs to be done a lot. So this operation better be doable, and fast. Q: How is it even possible to compute 2853 3397 mod 559? After all, 2853 3397 has approximately 3397 digits! odular exponentiation A: By taking the mod after each multiplication. For example: 23 3 mod 30-7 3 (mod 30) (-7) 2 (-7) (mod 30) 9 (-7) (mod 30) 9 (-7) (mod 30) -33 (mod 30) 7 (mod 30) odular exponentiation Therefore, 23 3 mod 30 = 7. Q: What if had to figure out 23 6 mod 30. Same way tedious: need to multiply 5 times. Is there a better way? odular exponentiation A: Better way. Notice that 6 = 2 2 2 2 so that 23 6 = 23 2 2 2 2 = (((23 2 ) 2 ) 2 ) 2 Therefore: 23 6 mod 30 (((-7 2 ) 2 ) 2 ) 2 (mod 30) (((9) 2 ) 2 ) 2 (mod 30) (((-) 2 ) 2 ) 2 (mod 30) ((2) 2 ) 2 (mod 30) (() 2 ) 2 (mod 30) () 2 (mod 30) (mod 30) Which implies that 23 6 mod 30 =. Q: How about 23 25 mod 30? odular exponentiation A: The previous method of repeated squaring works for any exponent that s a power of 2. 25 isn t. However, we can break 25 down as a sum of such powers: 25 = 6 + 8 +. Apply repeated squaring to each part, and multiply the results together. Previous calculation: 23 8 mod 30 = 23 6 mod 30 = Thus: 23 25 mod 30 23 6+8+ (mod 30) 6

odular exponentiation odular exponentiation How do we compute x y mod m, m>0? repeated squaring algorithm: x 25 mod N Cost? polynomial time (n=logn) mod-exp(x, y, m) if y = 0 then return() else z = mod-exp(x, y div 2, m) if y mod 2 = 0 then return(z * z mod m) else return(x * z * z mod m) odular Inverse Compute d? GCD Greatest common divisor Example: Euclid Algorithm If a,b Z +, apply division (mod) repeatedly as follows: a = q b + r, where 0 < r < b b=q 2 r +r 2, where 0<r 2 <r r = q 3 r 2 +r 3, where 0<r 3 <r 2 r k-2 = q k r k- +r k, where 0<r k- <r k r k- = q k+ r k Then,r k = GCD(a,b). Proof: () r k a, r k b (2) if d a, d b, then d r k. 7

Recursion Theorem a,b N, b 0, gcd(a,b) = gcd(b, a mod b). Proof : Let d = gcd(a,b). d a, d b. d a-qb = a mod b d b, d a mod b d gcd(b, a mod b). Computing GCD Euclid gcd(x,y) { if y = 0 then return(x) else return(gcd(y,x mod y)) } Let d = gcd(b, a mod b). d b, d a mod b. d a-qb, d b d a d gcd(a,b). gcd(a,b) = gcd(b, a mod b). Euclid Algorithm Extended Euclidean Algorithm Example: Computing gcd(25, 87) 25 = *87 + 38 87 = 2*38 + 38 = 3* + 5 = 2*5 + 5 = 5* gcd(25,87)= gcd(25,87) = 2*5 = 2*(38 3*) = 2*38 + 7* = 2*38 + 7*(87 2 38) = 7*87 6 38 = 7 87 6 (25 87) = 6 25 + 23 87 = = 25*( 6) + 87*23 = as + bt obtain gcd(a,b) and x,y, s.t. gcd(a,b) = ax+by. Extended-Euclid (a,b) if (b==0) return (a,,0); (d,x,y )=Extended-Euclid(b, a mod b); (d,x,y)=(d, y, x - a/b y ); return (d,x,y); Ex: a b q x y d 2 260 2-9 260 52-7 2 52 08 08 2 5-2 -7 5 20 2-2 20 5 0 demo 0 0 Cost? Theorem: The algorithm above correctly computes the gcd of x and y in time O(n), where n is the total number of bits in the input (x; y) ultiplicative Inverse ultiplicative inverse x of a, modulo n: ax = mod n. ax = kn+ If gcd(a,n)=, ax-kn = gcd(a,n). ax+ny = gcd(a,n). Therefore, x can be found using extended Euclidean algorithm. Is the multiplicative inverse unique? 8

Theorem: ultiplicative Inverse n>, if gcd(a,n)=, then ax= (mod n) has a unique positive solution, modulo n. Example: a = 79; n = 3220. x = 09. ax = 8050 = 25*3220+. x = -220. ax = -73879 = -5*3220+. Technical difficulties: How do we know the algorithm works correctly? How to pick large prime numbers? Compute pq How to choose e Compute d How to compute e, C d? Can any one break the code? How do we know works correctly? http://en.wikipedia.org/wiki/_factoring_c hallenge#the_prizes_and_records Chinese Remainder Theorem (~700 old) Project rsa35 package demo. Ch2 9

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback