Chinese Remainder Theorem

Similar documents
Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Numbers. Çetin Kaya Koç Winter / 18

The security of RSA (part 1) The security of RSA (part 1)

Computer Architecture 10. Residue Number Systems

Digital Signature Algorithm

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Math From Scratch Lesson 20: The Chinese Remainder Theorem

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Groups in Cryptography. Çetin Kaya Koç Winter / 13

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) =

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

MATH 25 CLASS 12 NOTES, OCT Contents 1. Simultaneous linear congruences 1 2. Simultaneous linear congruences 2

Basic elements of number theory

Basic elements of number theory

Mathematics of Cryptography

Stream Ciphers. Çetin Kaya Koç Winter / 20

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Generalized Splines. Madeline Handschy, Julie Melnick, Stephanie Reinders. Smith College. April 1, 2013

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

RSA Implementation. Oregon State University

Discrete Logarithm Problem

4.4 Solving Congruences using Inverses

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Carmen s Core Concepts (Math 135)

International Journal of Advanced Research in Computer Science and Software Engineering

a the relation arb is defined if and only if = 2 k, k

ARYABHATA REMAINDER THEOREM: RELEVANCE TO PUBLIC-KEY CRYPTO-ALGORITHMS*

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Number Theory Alex X. Liu & Haipeng Dai

Aryabhata Remainder Theorem: Relevance to public-key crypto algorithms

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

KEYWORDS: Multiple Valued Logic (MVL), Residue Number System (RNS), Quinary Logic (Q uin), Quinary Full Adder, QFA, Quinary Half Adder, QHA.

Number Theory. Modular Arithmetic

Exponentiation and Point Multiplication. Çetin Kaya Koç Spring / 70

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

SUFFIX PROPERTY OF INVERSE MOD

Modular Reduction without Pre-Computation for Special Moduli

William Stallings Copyright 2010

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

Simultaneous Linear, and Non-linear Congruences

Notes on Systems of Linear Congruences

ICS141: Discrete Mathematics for Computer Science I

Residue Number Systems Ivor Page 1

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

3 The fundamentals: Algorithms, the integers, and matrices

1 Overview and revision

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Extending The Natural Numbers. Whole Numbers. Integer Number Set. History of Zero

Arithmetic in Integer Rings and Prime Fields

Algorithmic Number Theory and Public-key Cryptography

Number Theory and Group Theoryfor Public-Key Cryptography

Mathematics for Cryptography

9 Modular Exponentiation and Square-Roots

Diophantine equations

Optimization of new Chinese Remainder theorems using special moduli sets

M381 Number Theory 2004 Page 1

Secret Sharing for General Access Structures

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Dixon s Factorization method

Public-Key Cryptosystems CHAPTER 4

Mathematical Foundations of Public-Key Cryptography

Lecture 10: HMAC and Number Theory

Solutions to Problem Set 4 - Fall 2008 Due Tuesday, Oct. 7 at 1:00

4 Number Theory and Cryptography

A Suggestion for a Fast Residue Multiplier for a Family of Moduli of the Form (2 n (2 p ± 1))

Modular Arithmetic (Read Sections 4.1 thro 4.4)

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Number Theory Notes Spring 2011

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

Wilson s Theorem and Fermat s Little Theorem

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Mathematics of Cryptography Part I

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

MATH 145 Algebra, Solutions to Assignment 4

Factorization & Primality Testing

The Chinese Remainder Theorem

CSC 5930/9010 Modern Cryptography: Number Theory

Homework #2 solutions Due: June 15, 2012

Number Theory Proof Portfolio

Public Key Cryptography

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

CHAPTER 3. Congruences. Congruence: definitions and properties

The Chinese Remainder Theorem

The Chinese Remainder Theorem

Matrix operations Linear Algebra with Computer Science Application

. In particular if a b then N(

PMA225 Practice Exam questions and solutions Victor P. Snaith

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Solutions to Problem Set 3 - Fall 2008 Due Tuesday, Sep. 30 at 1:00

Computing with polynomials: Hensel constructions

Lecture 7 Number Theory Euiseong Seo

Transcription:

Chinese Remainder Theorem Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 16

The Chinese Remainder Theorem Some cryptographic algorithms work with two (such as RSA) or more moduli (such as secret-sharing) The Chinese Remainder Theorem (CRT) and underlying algorithm allows to work with multiple moduli The general idea is to compute a large integer X knowing only its remainders modulo a small set of integers (called moduli) The principles of this method was established sometime in the 3rd and 5th century in China A Chinese mathematician Sun Tzu or Sunzi is known to be the author of The Mathematical Classic of Sunzi, which contains the earliest known example of the algorithm Thus, it is named as the Chinese Remainder Theorem. Çetin Kaya Koç http://koclab.org Winter 2017 2 / 16

The Chinese Remainder Theorem Theorem Given k pairwise relatively prime moduli n i for i = 1, 2,..., k, a number x [0, m 1] with m = n 1 n 2 n k is uniquely representable using the remainders r i for i = 1, 2,..., k such that r i = x (mod n i ). Given the remainders r 1, r 2,..., r k, we can compute x using x = k r i c i m i (mod m) i=1 where m i = m/n i and c i = m 1 i (mod n i ) The computation of x using the linear summation formula above is also called the Chinese Remainder Algorithm (CRA) Çetin Kaya Koç http://koclab.org Winter 2017 3 / 16

A CRT Example Chinese Remainder Theorem Let the moduli set be {5, 7, 9} These moduli are pairwise relatively prime: gcd(5, 7) = gcd(5, 9) = gcd(7, 9) = 1 Each modulus does not need to be prime, but they need to be pairwise relatively prime If they are all prime, they will be pairwise relatively prime too We have n 1 = 5, n 2 = 7, n 3 = 9, and thus m = 5 7 9 = 315 All integers in the range [0, 314] are uniquely representable using this moduli set Çetin Kaya Koç http://koclab.org Winter 2017 4 / 16

A CRT Example Chinese Remainder Theorem Let x = 200, then we have r 1 = 200 mod 5 r 2 = 200 mod 7 r 3 = 200 mod 9 r 1 = 0 r 2 = 4 r 3 = 2 The remainder set (0, 4, 2) with respect to the moduli set (5, 7, 9) uniquely represents the integer 200 Given the integer x and the moduli set, the remainders can be computed using r i = x (mod n i ) for i = 1, 2,..., k Given the remainders and the moduli set, the integer x can be computed using the standard Chinese Remainder Algorithm, given above, represented as CRT(0, 4, 2; 5, 7, 9) = 200 Çetin Kaya Koç http://koclab.org Winter 2017 5 / 16

A CRT Example Chinese Remainder Theorem Compute x = CRT(0, 4, 2; 5, 7, 9) m = n 1 n 2 n 3 = 5 7 9 = 315 m 1 = m/n 1 = 315/5 = 7 9 = 63 m 2 = m/n 2 = 315/7 = 5 9 = 45 m 3 = m/n 3 = 315/9 = 5 7 = 35 c 1 = m1 1 = 63 1 = 3 1 = 2 (mod 5) c 2 = m2 1 = 45 1 = 3 1 = 5 (mod 7) c 2 = m3 1 = 35 1 = 8 1 = 8 (mod 9) x = r 1 c 1 m 1 + r 2 c 2 m 2 + r 3 c 3 m 3 (mod m) = 0 2 63 + 4 5 45 + 2 8 35 = 1460 (mod 315) = 200 (mod 315) Therefore, CRT(0, 4, 2; 5, 7, 9) = 200 Çetin Kaya Koç http://koclab.org Winter 2017 6 / 16

Another CRT Example Compute x = CRT(2, 1, 1; 7, 9, 11) m = n 1 n 2 n 3 = 7 9 11 = 693 m 1 = m/n 1 = 693/7 = 9 11 = 99 m 2 = m/n 2 = 693/9 = 7 11 = 77 m 3 = m/n 3 = 693/11 = 7 9 = 63 c 1 = m1 1 = 99 1 = 1 1 = 1 (mod 7) c 2 = m2 1 = 77 1 = 5 1 = 2 (mod 9) c 2 = m3 1 = 63 1 = 8 1 = 7 (mod 11) x = r 1 c 1 m 1 + r 2 c 2 m 2 + r 3 c 3 m 3 (mod N) = 2 1 99 + 1 2 77 + 1 7 63 = 793 (mod 693) = 100 (mod 693) Therefore, CRT(2, 1, 1; 7, 9, 11) = 100 Çetin Kaya Koç http://koclab.org Winter 2017 7 / 16

The Mixed Radix Conversion Algorithm The standard CRA uses the summation x = k r i c i m i (mod m) i=1 The CRA requires multi-precision arithmetic at each step, as each product term in the summation grows beyond m = n 1 n 2 n k There exists another algorithm, called the Mixed Radix Conversion (MRC) Algorithm, which computes x more efficiently The MRC algorithm is particularly useful when each modulus fits into the word size of the computer The MRC avoids multi-precision arithmetic until the last phase Çetin Kaya Koç http://koclab.org Winter 2017 8 / 16

The Step 1 of the MRC Algorithm Step 1: Compute and save the inverses c ij for 1 i < j k c ij = n 1 j (mod n i ) This is accomplished using the extended Euclidean algorithm for the Fermat s method if the modulus is prime In case each modulus fits into the word size of the computer, any of the inverses would also fit into the same size Step 1 can be performed using the single-precision arithmetic Çetin Kaya Koç http://koclab.org Winter 2017 9 / 16

The Step 2 of the MRC Algorithm Step 2: Given the remainders (r 1, r 2,..., r k ) of X with respect to the moduli (n 1, n 2,..., n k ) and its first column as r i1 = r i for i = 1, 2,..., k compute the entries of the lower triangular matrix r 11 r 21 r 22 r 31 r 32 r 33...... r k1 r k2 r k3 r kk The computations in the ith row are performed mod n i Çetin Kaya Koç http://koclab.org Winter 2017 10 / 16

The Step 2 of the MRC Algorithm The 2nd column is computed using the 1st column and the inverses r i2 = (r i1 r 11 ) c i1 modn i for i = 2, 3,..., k The 3rd column is computed using the 2nd column and the inverses r i3 = (r i2 r 22 ) c i2 modn i for i = 3, 4,..., k The 4th column is computed using the 3rd column and the inverses r i4 = (r i3 r 33 ) c i3 modn i for i = 4, 5,..., k Çetin Kaya Koç http://koclab.org Winter 2017 11 / 16

The Step 2 of the MRC Algorithm The jth column is computed using the (j 1)th column and the inverses r ij = (r i,j 1 r j 1,j 1 ) c i,j 1 modn i for i = j, j + 1,..., k All computations in Step 2 are in single-precision arithmetic As an example, for k = 5 we compute r 11 = r 1 modn 1 r 21 = r 2 r 22 = (r 21 r 11 )c 21 modn 2 r 31 = r 3 r 32 = (r 31 r 11 )c 31 r 33 = (r 32 r 22 )c 32 modn 3 r 41 = r 4 r 42 = (r 41 r 11 )c 41 r 43 = (r 42 r 22 )c 42 r 44 = (r 43 r 33 )c 43 modn 4 r 51 = r 5 r 52 = (r 51 r 11 )c 41 r 53 = (r 52 r 22 )c 52 r 54 = (r 53 r 33 )c 53 r 55 = (r 54 r 44 )c 54 modn 5 Çetin Kaya Koç http://koclab.org Winter 2017 12 / 16

The Step 3 of the MRC Algorithm Step 3: The integer x is then computed using the diagonal entries as c = r 11 + r 22 n 1 + r 33 n 1 n 2 + + r kk n 1 n 2 n k 1 This step requires multiprecision arithmetic due to the product terms n 1 n 2 n i for i = 1, 2,..., k 1 in the summation to obtain x Step 3 is the only step in the MRC which requires multiprecision arithmetic The MRC has some other advantages: Two numbers can be compared in size if their MRC coefficients (r 11, r 22,..., r kk ) are known The MRC is essentially a radix representation of the number x, however, more than one radix is used (thus: the term, mixed-radix) Çetin Kaya Koç http://koclab.org Winter 2017 13 / 16

An Example of the MRC Algorithm As example, let us take the remainders (r 1, r 2, r 3 ) = (2, 1, 1) with respect to the moduli (n 1, n 2, n 3 ) = (7, 9, 11) and compute x Step 1: First we compute and save the inverses c 21, c 31, c 32 c 21 = n1 1 (mod n 2 ) 7 1 (mod 9) 4 c 31 = n1 1 (mod n 3 ) 7 1 (mod 11) 8 c 32 = n2 1 (mod n 3 ) 9 1 (mod 11) 5 Çetin Kaya Koç http://koclab.org Winter 2017 14 / 16

An Example of the MRC Algorithm Step 2: The first column of the lower triangular matrix is the given set of remainders (2, 1, 1) from which we compute the rest of the columns: 2 1 (1 2) 4 (mod 9) 5 1 (1 2) 8 (mod 11) 3 (3 5) 5 (mod 11) 1 Çetin Kaya Koç http://koclab.org Winter 2017 15 / 16

An Example of the MRC Algorithm Step 3: To compute x, we perform the summation x = r 11 + r 22 n 1 + r 33 n 1 n 2 = 2 + 5 7 + 1 7 9 = 100 Until the Step 3, all computations are in single-precision, assuming each modulus is a single-precision integer Çetin Kaya Koç http://koclab.org Winter 2017 16 / 16

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback