ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Similar documents
RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

CRC Press has granted the following specific permissions for the electronic version of this book:

Aspect of Prime Numbers in Public Key Cryptosystem

Cryptography IV: Asymmetric Ciphers

CPSC 467: Cryptography and Computer Security

Ma/CS 6a Class 4: Primality Testing

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

Applied Cryptography and Computer Security CSE 664 Spring 2018

CPSC 467b: Cryptography and Computer Security

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2017

The RSA cryptosystem and primality tests

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Primality Testing- Is Randomization worth Practicing?

Efficient encryption and decryption. ECE646 Lecture 10. RSA Implementation: Efficient Encryption & Decryption. Required Reading

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

ECE 646 Lecture 9. RSA: Genesis, operation & security

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

ECEN 5022 Cryptography

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Analyzing and Optimizing the Combined Primality test with GCD Operation on Smart Mobile Devices

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

MATH 145 Algebra, Solutions to Assignment 4

CPSC 467b: Cryptography and Computer Security

Public Key Encryption

Entry Number:2007 mcs Lecture Date: 18/2/08. Scribe: Nimrita Koul. Professor: Prof. Kavitha.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CSE 521: Design and Analysis of Algorithms I

Topics in Cryptography. Lecture 5: Basic Number Theory

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Introduction to Cryptography. Lecture 6

Ma/CS 6a Class 4: Primality Testing

Lecture 1: Introduction to Public key cryptography

Introduction to Public-Key Cryptosystems:

CPSC 467b: Cryptography and Computer Security

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Number Theory and Algebra: A Brief Introduction

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Basic elements of number theory

Basic elements of number theory

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

basics of security/cryptography

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

A Few Primality Testing Algorithms

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CIS511 Introduction to the Theory of Computation Public Key Cryptography and RSA. Jean Gallier

RSA Implementation. Oregon State University

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

3 The fundamentals: Algorithms, the integers, and matrices

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Public Key Cryptography

Mathematical Foundations of Public-Key Cryptography

Cryptography: Joining the RSA Cryptosystem

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Some Facts from Number Theory

ALG 4.0 Number Theory Algorithms:

Attempt QUESTIONS 1 and 2, and THREE other questions. penalised if you attempt additional questions.

CPSC 467: Cryptography and Computer Security

Number Theory & Modern Cryptography

CS483 Design and Analysis of Algorithms

1. Algebra 1.7. Prime numbers

CIS 551 / TCOM 401 Computer and Network Security

Lecture 11 - Basic Number Theory.

Katz, Lindell Introduction to Modern Cryptrography

4 Number Theory and Cryptography

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

THE MILLER RABIN TEST

ICS141: Discrete Mathematics for Computer Science I

Ma/CS 6a Class 3: The RSA Algorithm

Senior Math Circles Cryptography and Number Theory Week 2

The running time of Euclid s algorithm

Factorization & Primality Testing

Public Key Cryptography

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Chapter 8. Introduction to Number Theory

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

Advanced Algorithms and Complexity Course Project Report

A Guide to Arithmetic

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Lecture Notes, Week 6

Pseudo-random Number Generation. Qiuliang Tang

Number Theory. Raj Jain. Washington University in St. Louis

Transcription:

ECE646 Lecture equired eading W. Stallings, "Cryptography and Network-Security, Chapter 8. Testing for Primality SA Key Generation A.Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography Chapter 4 Public-Key Parameters 4. Introduction 4.2 Probabilistic primality tests (you can skip 4.2.2 Solvay-Strassen test) 4.4 Prime number generation (you can skip 4.4. and 4.4.4) prime number generation Generation of the SA keys e P, Q Typically e = 2 6 + gcd(e, P-) = gcd(e, Q-) = gcd(e-, P-) = 2 gcd(e-, Q-) = 2 SA as a trap-door one-way function PUBLIC KEY M C = f(m) = M e mod N C M = f - (C) = C d mod N Extended Euclid s algorithm PIVATE KEY N = P Q d = e - mod (P-) (Q-) N = P Q P, Q - large prime numbers e d mod ((P-)(Q-)) Concealment of messages in the SA cryptosystem Blakley, Borosh, 979 At least 9 messages not concealed by SA! andom vs. Incremental Search andom search Number of messages not concealed by SA: σ = ( + gcd(e-, P-)) ( + gcd(e-, Q-)) A. e= σ = 9 B. gcd(e-, P-) = 2 and gcd(e-, Q-) = 2 σ = 9 Incremental search numbers tested for primality C. gcd(e-, P-) = P- and gcd(e-, Q-) = Q- σ = P Q=N It is possible that all messages remain unconcealed by SA! starting point chosen at random

Is there a sufficent amount of prime numbers to choose from? π(x) - the amount of prime numbers smaller than x x Is there a sufficent amount of prime numbers of the given bit length to choose from? π k - the amount of prime numbers of the size of k-bits 2 k- 2 k π(x) prime numbers π k prime numbers π(x) = x ln(x) x 5 π(x) 4. 97 2.9 47 π k = π(2 k ) - π(2 k- ).5 π(2 k ) π(2 k- ) k 84 52 24 π k 7 2 4 5 2.5 5 Average distance between of the given bit length () Average distance between of the given bit length (2) 2 k- 2 k Average distance (k) Average distance between two consecutive 2 k - 2 k- π k 2 k- π(2 k- ) ln 2 k- Number of bits k 256 84 52 24 Average distance between 77 265 54 79 Average amount of odd numbers to test 88 2 77 55.69 (k-) Euler s Theorem Leonard Euler, 77-78 Fermat s Theorem Pierre de Fermat, 6?-665 a: gcd(a, N) = a ϕ(n) (mod N) N prime a: gcd(a, N) = a N- (mod N) 2

Fermat primality test Fermat primality test n composite Liars to Witnesses to {..n-} a iff a n- mod n n composite Carmichael number Carmichael Numbers Liars to = {a: a n, gcd(a, n)>} = ϕ(n) = n ϕ(n) {..n-} Witnesses to Carmichael Numbers A composite integer is a Carmichael number iff k n= p p 2 p p k p i are distinct, p i p j for i j p i (p i -) (n-) Smallest Carmichael number n = 56 = 7 Among all numbers smaller or equal to 5 There are about prime numbers 5 Carmichael numbers Good probabilistic primality test n composite Liars to Witnesses to n composite {..n-} n composite Strong liars to Strong witnesses to {..n-} If a test returns n composite else test returns n probably prime or n pseudoprime to the base a n composite ϕ(n)/4 < (n-)/4

n composite, n- Strong liars to Strong witnesses to For certain composite numbers, such as n = 5 7... (2k+) there are only two strong liars: and n- {..n-} Mathematical Basis If n is prime then has only two square roots modulo n i.e., there are only two numbers, y and y 2, such that y 2 mod n = and y 22 mod n = y = and y 2=n- - mod n If n is composite then has at least four square roots modulo n i.e., there exist numbers, y, y 2, y, y 4, such that y 2 mod n =, y 2 2 mod n =, y 2 mod n =, y 4 2 mod n =, y =, y 2=n- - mod n, y ± mod n, y 4 ± mod n Algorithm () Algorithm (2) Find s and r, such that For example: n - = 2 s r, n = 49 n - = 48 = 2 4 s=4, r= where r is odd Compute a n- mod n = ( ((a r mod n) 2 mod n) 2 mod n ) 2 mod n = s squarings square mod n n = 6 n- = 6 = 2 2 5 s=2, r=5 2 s- s a r (a r ) 2 (a r ) 2 (a r ) 2... (a r ) 2 (a r ) 2 square root mod n mod n Algorithm () square mod n 2 s- s a r (a r ) 2 (a r ) 2 (a r ) 2... (a r ) 2 (a r ) 2 mod n X ± mod n square root mod n X X - X X - X X X X X X result of test probably prime or composite? 4

-log 2 of the bound on the error probability of declaring a k-bit composite number a prime after t iterations of the Minimal number of the s t, necessary to obtain the probability of error < 2 - for a k-bit number n k = number of bits 5 2 25 4 5 6 t - number of iterations of the 2 4 5 6 7 8 9 5 4 2 25 29 6 9 4 44 8 2 28 4 9 4 47 5 54 57 25 4 4 47 52 57 6 65 69 4 29 9 47 54 6 65 7 75 79 9 44 5 6 67 7 78 8 88 7 46 55 6 72 8 87 9 99 5 56 6 7 78 85 92 99 6 9 75 82 88 95 2 8 5 2 27 k t k t k t 6 4 22-28 2 5-6 2 6-6 29-25 22 6-92 64-66 2 26-222 2 9-4 67-69 22-2 2 4-479 9 7-7 22-24 9 48-542 8 74-77 29 242-252 8 54-626 7 78-8 28 25-264 7 627-746 6 82-85 27 265-278 6 747-926 5 86-9 26 279-294 5 927-4 22 9-95 25 295-4 2-85 96-2 24 4-4 over 85 2 Minimal number of the s, t, for relatively small numbers n andom vs. Incremental Search andom search Incremental search numbers tested for primality starting point chosen at random Using division by small Merten s Theorem numbers tested The proportion of candidate odd integers NOT ruled out by the trial division by all B α(b) = (-/) (-/5) (-/7) (-/B) D D D D D D D D D D D D D D D D D 2 2 D Division by small 2 with base 2 with the random base a For B=256, α(b).2 α(b).2 / ln B 8% of tested numbers discarded by the trial division 5

Incremental search for a prime Division by small Practical implementation (2) Efficient implementation of division by small Set of small 5 7 n = 9 n mod = n mod 5 = n mod 7 = n mod = n = 9 n = 95 n = 97 n = 99 n = +2 mod = +2 mod 5= +2 mod 7= 2 +2 mod = 2 +2 mod 5= 2+2 mod 7= 4 2+2 mod = +2 mod 5= 2 4+2 mod 7= 6 +2 mod = 2+2 mod 5= 4 6+2 mod 7= +2 mod = 2 4+2 mod 5= +2 mod 7= +2 mod = 5 5+2 mod = 7 7+2 mod = 9 9+2 mod = +2 mod = 2 9 9 95 97 99 5 7 9 5 7 9 2 5 7 7 5 5 7 S[k] 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback