Number Theory. Raj Jain. Washington University in St. Louis

Similar documents
Chapter 8. Introduction to Number Theory

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Other Public-Key Cryptosystems

Public Key Algorithms

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Basic Concepts in Number Theory and Finite Fields

Other Public-Key Cryptosystems

Number Theory & Modern Cryptography

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Applied Cryptography and Computer Security CSE 664 Spring 2018

CSC 474 Information Systems Security

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Mathematics of Cryptography

CIS 551 / TCOM 401 Computer and Network Security

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

Number Theory. Modular Arithmetic

9 Modular Exponentiation and Square-Roots

Introduction to Information Security

Topics in Cryptography. Lecture 5: Basic Number Theory

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Ma/CS 6a Class 4: Primality Testing

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

basics of security/cryptography

Numbers. Çetin Kaya Koç Winter / 18

Introduction to Cryptography. Lecture 6

CPSC 467b: Cryptography and Computer Security

Number Theory and Group Theoryfor Public-Key Cryptography

Lecture 3.1: Public Key Cryptography I

ECEN 5022 Cryptography

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Ma/CS 6a Class 4: Primality Testing

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

CPSC 467: Cryptography and Computer Security

Public Key Encryption

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Two Factor Full Factorial Design with Replications

Cryptography IV: Asymmetric Ciphers

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Aspect of Prime Numbers in Public Key Cryptosystem

Number Theory Homework.

Part II. Number Theory. Year

Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

ALG 4.0 Number Theory Algorithms:

Wilson s Theorem and Fermat s Little Theorem

Number Theory Alex X. Liu & Haipeng Dai

Elementary Number Theory

1 Overview and revision

ENHANCING THE PERFORMANCE OF FACTORING ALGORITHMS

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

Attempt QUESTIONS 1 and 2, and THREE other questions. penalised if you attempt additional questions.

CSE 521: Design and Analysis of Algorithms I

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

Applied Cryptography and Computer Security CSE 664 Spring 2017

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Theory of Numbers Problems

William Stallings Copyright 2010

Pseudo-random Number Generation. Qiuliang Tang

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

CSc 466/566. Computer Security. 5 : Cryptography Basics

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

ECE596C: Handout #11

Introduction to Cryptology. Lecture 19

Cryptography: Joining the RSA Cryptosystem

Asymmetric Encryption

Public Key Cryptography

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Ma/CS 6a Class 3: The RSA Algorithm

A Guide to Arithmetic

Number Theory and Algebra: A Brief Introduction

Lecture 7 Number Theory Euiseong Seo

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Lecture 7: Number Theory Steven Skiena. skiena

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Katz, Lindell Introduction to Modern Cryptrography

Lecture 14: Hardness Assumptions

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Basic elements of number theory

Basic elements of number theory

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Introduction to Number Theory

Lecture Notes, Week 6

Lecture 6: Cryptanalysis of public-key algorithms.,

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Mathematical Foundations of Public-Key Cryptography

Lecture 11 - Basic Number Theory.

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Transcription:

Number Theory Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/ 8-1

Overview 1. Prime numbers 2. Fermat s and Euler s Theorems 3. Testing for primality 4. The Chinese Remainder Theorm 5. Discrete Logarithms These slides are partly based on Lawrie Brown Lawrie Brown s slides supplied with William Stallings s book Cryptography and Network Security: Principles and Practice, 5 th Ed, 2011. 8-2

Fermat's Little Theorem Given a prime number p: a p-1 = 1 (mod p) For all integers a p Or a p = a (mod p) Example: 1 4 mod 5=1 2 4 mod 5=1 3 4 mod 5=1 4 4 mod 5=1 8-3

Euler Totient Function ø(n) When doing arithmetic modulo n complete set of residues is: 0..n-1 Reduced set of residues is those residues which are relatively prime to n, e.g., for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} Number of elements in reduced set of residues is called the Euler Totient Function ø(n) In general need prime factorization, but for p (p prime) ø(p)=p-1 for p.q (p,q prime) ø(p.q)=(p-1)x(q-1) Examples: ø(37) = 36 ø(21) = (3 1)x(7 1) = 2x6 = 12 8-4

Euler's Theorem A generalisation of Fermat's Theorem a ø(n) = 1 (mod n) for any a, n where gcd(a,n)=1 Example: a=3; n=10; ø(10)=4; hence 3 4 = 81 = 1 mod 10 a=2; n=11; ø(11)=10; hence 2 10 = 1024 = 1 mod 11 Also have: a ø(n)+1 = a (mod n) 8-5

Miller Rabin Algorithm for Primality A test for large primes based on Fermat s Theorem TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n 1)=2 k q 2. Select a random integer a, 1<a<n 1 3. if a q mod n = 1 then return ( inconclusive"); 4. for j = 0 to k 1 do 5. if (a 2j q mod n = n-1) then return( inconclusive") 6. return ( composite") If inconclusive after t tests with different a s: Probability (n is Prime after t tests) = 1-4 -t E.g., for t=10 this probability is > 0.99999 8-6 a q mod n = 1? a q mod n = n-1? (a q ) 2 mod n = n-1? (a q ) 4 mod n = n-1? (a q ) 2k 1 mod n = n-1? Composite Y Y Y Y Y Inconclusive

Miller Rabin Algorithm Example Test 29 for primality 29-1 = 28 = 2 2 7 = 2 k q k=2, q=7 Let a = 10 10 7 mod 29 = 17 17 2 mod 29 = 28 Inconclusive Test 221 for primality 221-1=220=2 2 55 Let a=5 5 55 mod 221 =112 112 2 mod 221 =168 Composite 8-7

Prime Distribution Prime numbers: 1 2 3 5 7 11 13 17 19 23 29 31 Prime number theorem states that primes occur roughly every (ln n) integers But can immediately ignore even numbers So in practice need only test 0.5 ln(n) numbers of size n to locate a prime Note this is only the average Sometimes primes are close together Other times are quite far apart 8-8

Chinese Remainder Theorem If working modulo a product of numbers E.g., mod M = m 1 m 2..m k Chinese Remainder theorem lets us work in each moduli m i separately Since computational cost is proportional to size, this is faster kx Ã! A mod M = (A mod m i ) M 1 M mod m i m i m i i=1 35-1 =x mod 3 Example: 452 mod 105 35x=1 mod 3 x=2 = (452 mod 3)(105/3){(105/3) -1 mod 3} +(452 mod 5)(105/5){(105/5) -1 21x=1 mod 5 x=1 mod 5} +(452 mod 7)(105/7){(105/7) -1 mod 7} 15x=1 mod 7 x=1 = 2 35 (35-1 mod 3) +2x21 (21-1 mod 5) +4 15 (15-1 mod 7) = 2 35 2 +2 21 1 +4 15 1 = (140+42+60) mod 105 = 242 mod 105 = 32 8-9

Chinese Remainder Theorem Alternately, the solution to the following equations: x = a 1 mod m 1 x = a 2 mod m 2 x = a k mod m k where m 1, m 2,..., m k are relatively prime is found as follows: M = m 1 m 2... M k then x = kx i=1 a i M m i à M m i 1 mod m i! 8-10

Chinese Remainder Theorem Example For a parade, marchers are arranged in columns of seven, but one person is left out. In columns of eight, two people are left out. With columns of nine, three people are left out. How many marchers are there? x = 1 mod 7 x = 2 mod 8 x = 3 mod 9 N = ³ 7 8 9=504 x = 1 504 7 504 1 7 +2 504 7 8 504 1 8 8 +3 504 9 504 1 9 mod 7 8 9 9 = (1 72 (72 1 mod 7) + 2 63 (63 1 mod 8) +3 56 (56 1 mod 9)) mod 504 = (1 72 4+2 63 7+3 56 5) mod 504 = (288 + 882 + 840) mod 504 = 2010 mod 504 = 498 Ref: http://demonstrations.wolfram.com/chineseremaindertheorem/ 8-11

Primitive Roots From Euler s theorem have a ø(n) mod n=1 Consider a m = 1 (mod n), GCD(a,n)=1 For some a s, m can smaller than ø(n) If the smallest m is ø(n) then a is called a primitive root If n is prime, then successive powers of a "generate" the group mod n These are useful but relatively hard to find 8-12

Powers mod 19 2, 3, 10, 13, 14, 15 are primitive roots of 19 8-13

Discrete Logarithms The inverse problem to exponentiation is to find the discrete logarithm of a number modulo p That is to find i such that b = a i (mod p) This is written as i = dlog a b (mod p) If a is a primitive root then it always exists, otherwise it may not, e.g., x = log 3 4 mod 13 has no answer x = log 2 3 mod 13 = 4 by trying successive powers While exponentiation is relatively easy, finding discrete logarithms is generally a hard problem 8-14

Discrete Logarithms mod 19 8-15

Summary 1. Fermat s little theorem: a p-1 =1 mod p 2. Euler s Totient Function ø(p) = # of a<p relative prime to p 3. Euler s Theorem: a ø(p) =1 mod p 4. Primality Testing: n-1=2 k q, a q =1, a 2q =n-1,,(a ) 2k 1 =n-1 5. Chinese Remainder Theorem: x=a i mod m i, i=1,,k, then you can calculate x by computing inverse of M i mod m i 6. Primitive Roots: Minimum m such that a m =1 mod p is m=p-1 7. Discrete Logarithms: a i =b mod p i=dlog b,p (a) 8-16

Homework 8 a. Use Fermat s theorem to find a number x between 0 and 22, such that x 111 is congruent to 8 modulo 23. Do not use bruteforce searching. b. Use Miller Rabin test to test 19 for primality c. X = 2 mod 3 = 3 mod 5 = 5 mod 7, what is x? d. Find all primitive roots of 11 e. Find discrete log of 17 base 2 mod 29 8-17

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback