Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1
Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on numbers CNT-4403: 2.April.2015 2
Today s Class Basic Number Theory Modern Cryptography: Public Key Cryptosystems CNT-4403: 2.April.2015 3
Divisors A non-zero number b divides a if For some m, a=mb (a,b,m all integers) b divides into a with no remainder Denote this b a b is a divisor of a Example What are the divisors of 24? 1, 2, 3, 4, 6, 8, 12, 24 Other examples 13 182; 5 30; 17 289; 17 0 CNT-4403: 2.April.2015 4
Properties of Divisibility 1. If a 1, then a = ±1 2. If a b and b a, then a = ±b 3. Any b!= 0 divides 0 4. If a b and b c, then a c Example: 11 66 and 66 198 11 198 5. If b g and b h, then b (mg + nh) for arbitrary m and n Example b = 7; g = 14; h = 21; m = 3; n = 2 7 14 and 7 21 7 84 CNT-4403: 2.April.2015 5
Division Algorithm If divide a by n get integer quotient q and integer remainder r such that: a = qn + r where 0 <= r < n; q = floor(a/n) Remainder r often referred to as a residue CNT-4403: 2.April.2015 6
Greatest Common Divisor (GCD) A common problem in number theory GCD (a,b) of a and b The largest integer that divides evenly into both a and b Example: GCD(60,24) = 12 Define gcd(0, 0) = 0 Relative primality No common factors: GCD(a,b) = 1 Example: GCD(8,15) = 1 : 8 & 15 are relatively prime CNT-4403: 2.April.2015 7
Euclidean Algorithm Efficient way to find the GCD(a,b) Theorem: GCD(a,b) = GCD(b, a mod b) Euclidean Algorithm to compute GCD(a,b): Euclid(a,b){ if (b=0) then return a; else return Euclid(b, a mod b); } CNT-4403: 2.April.2015 8
Example: GCD(1970,1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0) = 2 CNT-4403: 2.April.2015 9
Modular Arithmetic Modulo operator a mod n: Remainder when a is divided by n Integer n is called the modulus b is called a residue of a mod n if a = qn + b Smallest positive remainder as residue: 0 <= b <= n-1 Modulo reduction: eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7 Congruence a b a mod n = b mod n When divided by n, a & b have same remainder Example: 100 34 (mod 11) CNT-4403: 2.April.2015 10
Modular Arithmetic Operations Perform arithmetic with residues Use a finite number of values Z n = {0, 1,..., (n 1)} Modular arithmetic Addition & multiplication then Modulo reduce answer Reduction can be done at any point a+b mod n = [a mod n + b mod n] mod n CNT-4403: 2.April.2015 11
Modular Operations (cont d) 1. [(a mod n) + (b mod n)] mod n = (a + b) mod n 2. [(a mod n) (b mod n)] mod n = (a b) mod n 3. [(a mod n) x (b mod n)] mod n = (a x b) mod n Examples: [(11 mod 8) + (15 mod 8)] mod 8 = (3+7) mod 8 = 2 =(11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) (15 mod 8)] mod 8 = (3-7) mod 8 = 4 = (11 15) mod 8 = 4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = (3 x 7) mod 8 = 5 = (11 x 15) mod 8 = 165 mod 8 = 5 CNT-4403: 2.April.2015 12
Modular Arithmetic Properties CNT-4403: 2.April.2015 13
Galois Field: GF(p) Set of integers {0,1,, p-1} With arithmetic operations modulo prime p Form a finite field Have multiplicative inverses Find inverse with Extended Euclidean algorithm Arithmetic is well-behaved can do Addition, subtraction Multiplication, and division With closure: within the field GF(p) CNT-4403: 2.April.2015 14
Today s Class Basic Number Theory Modern Cryptography: Public Key Cryptosystems RSA CNT-4403: 2.April.2015 15
Public Key Cryptosystems (PKC) Most significant advance in the 3000 year history of cryptography! Uses two keys a public and a private key Asymmetric: parties are not equal Public invention Whitfield Diffie & Martin Hellman at Stanford University in 1976 Known earlier in classified community CNT-4403: 2.April.2015 16
Why Public Key? Addresses two key issues: Key distribution how to have secure communications in general without having to trust a KDC with your key Digital signatures how to verify a message comes intact from the claimed sender CNT-4403: 2.April.2015 17
PKC in a Nutshell Encryption Key Decryption Key Plaintext Plaintext Encryption Algorithm Decryption Algorithm CNT-4403: 2.April.2015 18
PKC in Real Life! 1 C= Encrypt(pubKey B, M) Alice Has message M 2 Intercept C Bob pubkey B - public privkey B - private Cannot Infer privkey B from pubkey B! M= Decrypt(privKey B, C) Malory Cannot Obtain M! CNT-4403: 2.April.2015 19
Fermat s Theorem a p-1 = 1 (mod p) p is prime and gcd(a,p)=1 Known as Fermat s Little Theorem Note: a p = a (mod p) CNT-4403: 2.April.2015 20
Euler s Totient: ø(n) Arithmetic modulo n Complete set of residues is: 0..n-1 Euler Totient Function ø(n): Number of residues that are relatively prime to n n prime ø(p)=p-1 n = p x q (p,q prime) ø(p.q)=(p-1)x(q-1) Example: ø(37) = 36 ø(21) = (3 1) x (7 1) = 2 x 6 = 12 CNT-4403: 2.April.2015 21
Euler s Theorem Generalisation of Fermat's Theorem a ø(n) = 1 (mod n) for any a,n where gcd(a,n)=1 Example: a=3; n=10; ø(10)=4; Hence 3 4 = 81 = 1 mod 10 Note: a ø(n)+1 = a (mod n) CNT-4403: 2.April.2015 22
RSA Rivest, Shamir & Adleman - MIT in 1977 Equivalent introduced by Clifford Cocks (UK intelligence agency GCHQ) in 1973 Classified top secret until 1998 Best known & widely used public-key scheme Uses large integers (eg. 1024, 2048 bits) Security due to cost of factoring large numbers CNT-4403: 2.April.2015 23
RSA Key Setup Select two large primes at random: p, q Compute modulus n = p x q ø(n)=(p-1) x (q-1) Select at random the encryption key e where 1<e<ø(n), gcd(e,ø(n))=1 Solve following equation to find decryption key d e x d=1 mod ø(n) and 0 d n Publish public encryption key: pubkey = {e,n} Keep secret private decryption key: privkey = {d,p,q} CNT-4403: 2.April.2015 24
RSA Encryption Given message M Given public encryption key: pubkey = {e,n} Compute ciphertext: C = M e mod n CNT-4403: 2.April.2015 25
RSA Decryption Given cyphertext C Given private decryption key: privkey = {d,p,q} Compute plaintext M = C d mod n CNT-4403: 2.April.2015 26
RSA Key Setup Alice Bob Cannot Infer privkey B from pubkey B! pubkey B = {e,n} privkey B = {d,p,q} n = p x q Cannot get d given e and n Need p and q! CNT-4403: 2.April.2015 27
RSA Encryption and Decryption 1 C= M e mod n Alice Has message M (<n!) 2 Intercept C Bob pubkey B = {e,n} privkey B = {d,p,q} n = p x q M = C d mod n Cannot obtain M from M e mod n! Malory CNT-4403: 2.April.2015 28
RSA Example: Key Setup 1. Select primes: p=17 and q=11 2. Calculate n = pq =17 x 11=187 3. Calculate ø(n)=(p 1)x(q-1)=16x10=160 4. Select e, gcd(e,160)=1 e=7 5. Determine d de=1 mod 160 and d < 160 d=23 since 23 * 7=161= 10 * 160+1 6. Publish public key pubkey = {7,187} 7. Keep secret private key privkey = {23,187} CNT-4403: 2.April.2015 29
RSA Example: Encryption/Decryption Message M = 88 M < n: 88<187 Encryption: C = 88 7 mod 187 = 11 Decryption: M = 11 23 mod 187 = 88 CNT-4403: 2.April.2015 30