NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Similar documents
Congruence of Integers

Discrete Mathematics GCD, LCM, RSA Algorithm

Public Key Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Simple Math: Cryptography

ICS141: Discrete Mathematics for Computer Science I

CS483 Design and Analysis of Algorithms

The RSA cryptosystem and primality tests

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

THE RSA ENCRYPTION SCHEME

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Chapter 8 Public-key Cryptography and Digital Signatures

For your quiz in recitation this week, refer to these exercise generators:

Integers and Division

dit-upm RSA Cybersecurity Cryptography

The security of RSA (part 1) The security of RSA (part 1)

CS March 17, 2009

Encryption: The RSA Public Key Cipher

10 Modular Arithmetic and Cryptography

Senior Math Circles Cryptography and Number Theory Week 2

Mathematical Foundations of Public-Key Cryptography

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Lecture 14: Hardness Assumptions

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Mathematics of Cryptography

Number Theory Math 420 Silverman Exam #1 February 27, 2018

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

NUMBER THEORY FOR CRYPTOGRAPHY

Basic elements of number theory

Basic elements of number theory

Number Theory & Modern Cryptography

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Elementary Number Theory Review. Franz Luef

Ma/CS 6a Class 3: The RSA Algorithm

Public Key Algorithms

Number Theory. Modular Arithmetic

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

a the relation arb is defined if and only if = 2 k, k

Clock Arithmetic and Euclid s Algorithm

Discrete mathematics I - Number theory

Jong C. Park Computer Science Division, KAIST

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

NET 311D INFORMATION SECURITY

MATHEMATICS EXTENDED ESSAY

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Ch 4.2 Divisibility Properties

MATH 145 Algebra, Solutions to Assignment 4

Chapter 3 Basic Number Theory

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Homework #2 solutions Due: June 15, 2012

CSC 5930/9010 Modern Cryptography: Number Theory

3 The fundamentals: Algorithms, the integers, and matrices

Numbers. Çetin Kaya Koç Winter / 18

CRYPTOGRAPHY AND NUMBER THEORY

OWO Lecture: Modular Arithmetic with Algorithmic Applications

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Math 412: Number Theory Lecture 13 Applications of

M381 Number Theory 2004 Page 1

CRYPTOGRAPHY AND LARGE PRIMES *

basics of security/cryptography

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Beautiful Mathematics

A Guide to Arithmetic

ACCESS: Cryptography

Math 109 HW 9 Solutions

An Introduction to Cryptography

CISC-102 Fall 2017 Week 6

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Algorithmic Number Theory and Public-key Cryptography

Cryptography. pieces from work by Gordon Royle

CIS 551 / TCOM 401 Computer and Network Security

4 Number Theory and Cryptography

Number Theory Notes Spring 2011

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Elementary Number Theory MARUCO. Summer, 2018

CIS511 Introduction to the Theory of Computation Public Key Cryptography and RSA. Jean Gallier

THE RSA CRYPTOSYSTEM

Number Theory and Group Theoryfor Public-Key Cryptography

Ma/CS 6a Class 2: Congruences

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

My brief introduction to cryptography

Great Theoretical Ideas in Computer Science

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

A Few Facts from Number Theory and the RSA Cryptosystem OVERVIEW. RSA Producing Big Primes. Table of Contents. Overview Basic Facts of Number Theory

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

Number Theory A focused introduction

Number theory (Chapter 4)

Applied Cryptography and Computer Security CSE 664 Spring 2017

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Factoring. Number Theory # 2

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

A Readable Introduction to Real Mathematics

Number theory (Chapter 4)

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Transcription:

NUMBER THEORY AND CODES Álvaro Pelayo WUSTL

Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part I: Number theory background Part II: RSA Codes R for Ronald Rivest S for Adi Shamir A for Leonard Adleman 1

PART I: NUMBER THEORY BACKGROUND Integer Numbers......, 3, 2 1, 0, 1, 2, 3, 4, 5,...... Divisibility s is a divisor of t if there is an integer k such that t = k s Examples 1 is a divisor of every number m, since m = m 1 3 and 4 are divisors of 12 since 12 = 3 4 3 is not a divisor of 10 since 10 = k 3 is never true, for k integer 2

Prime Numbers an integer p greater than 1 is prime if the only divisors of p are 1 and p 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,... Not prime 4 because 2 is divisor 6 because 2 and 3 are divisors 8 because 2 and 4 are divisors... 3

Factorization into primes Any positive integer m can be written uniquely as m = p k 1 1 pk 2 2 pk 3 3 pk n n with p 1, p 2, p 3,..., p n primes and 1 < p 1 < p 2 < p 3 <... < p n Examples 8 = 2 3 12 = 2 2 3 28 = 2 2 7 90 = 2 3 2 5 4

Greatest common divisor of a, b, call it gcd(a, b) Look at the list of divisors of a Look at the list of divisors of b gcd(a, b) is the greatest number which is in both lists Example: what is gcd(8, 12)? Divisors of 8: 1, 2, 4, 8 Divisors of 12: 1, 2, 3, 4, 6, 12 Common divisors of 8 and 12: 1, 2, 4 gcd(8, 12) = 4 Very slow method if a, b large, need better method: Euclidean Algorithm 5

Euclidean Algorithm Goal: given a, b, to find gcd(a, b) Step 1: divide large number by small number Step 2: divide small number by remainder Step 3: keep dividing until 0 remainder One can verify: gcd(a, b) = last nonzero remainder Example: take a = 1001, b = 343. 1001 = 2 343 + 315 343 = 1 315 + 28 315 = 11 28 + 7 28 = 4 7 + 0 gcd(1001, 343) = 7 Algorithm Backwards: gcd(a, b) = 7 = 315 11 28 = 315 11(343 1 315) = 12 315 11 343 = 12(1001 2 343) 11 343 = 12 1001 35 343 = 12 a + ( 35) b 6

Congruence between two numbers Examples: a b (mod N) if N is a divisor of b a 16 1 (mod 3) 21 5 (mod 8) Number modulo an integer (slightly informal) [a] N := remainder of dividing a by N 0 [a] N < N (a 0, otherwise add a multiple of N to a) Examples: [10] 2 = 0, [17] 5 = 2, [32] 5 = 2, [ 4] 10 = 6, [ 47] 5 = 3 [17, 213] 10 = 3, [43, 596] 100 = 96 If 0 a < N, [a] N = a, for example: [1] 4 = 1, [2] 4 = 2, [3] 4 = 3 From the definition: [a] N = [b] N if and only if a b (mod N) Also: [a b] N = [a] N [b] N, [a+b] N = [a] N + [b] N 7

PART II: RSA MESSAGE ENCODING From words to numbers A = 01 B = 02... Z = 26 00 for space A message is large number, about 200 digits Example of message in code is x = THIS COURSE IS NICE x = 20080919000314211819050009190014090305 8

Idea of RSA Codes Start with: message x ( 200 digits), Construct: Encoding Function E ([integer] N ) = [another integer] N (N is a large number of our choice, about 10 200 digits) You send: encoded message E([x] N ) Receiver gets: E([x] N ) Receiver decodes it using the inverse of E, call it D D (E ([x] N )) = [x] N 9

Properties E and D must satisfy E easy to calculate (PUBLIC) D hard to calculate (SECRET) Easy: small computer time (< 1 second) Hard: large computer time (quadrillions of years) 10

How does one find Encoding Function E? and Decoding Function D? Using the method invented by Rivest, Shamir and Adleman: RSA method 11

RSA method to find E and D Step 1. Choose large prime numbers p, q ( 100 digits) Example. p = 11, q = 13, Step 2. Let N = p q Example. N = p q = 11 13 = 143 Step 3. Let A = (p 1) (q 1) Example. A = (p 1) (q 1) = (11 1) (13 1) = 120 Step 4. Pick 1 e < A with gcd(e, A) = 1 Example. e = 53 no common divisors with A = 120 Step 5. Define the Encoding Function Example. E ([x] 143 ) = [x e ] 143 E([x] 143 ) = [x 53 ] 143 (From now on, we will write to [x 53 ] 143 = [x 53 ]) 12

Observation: [x e ] = [x... (e times)... x] Step 6. Find the solution 1 d < A to e d 1 (mod A) Euclidean Algorithm backwards for e, A gives d, f: e d + A f = gcd(e, A) = 1, hence e d = 1 A f, and therefore e d 1 (mod A) Example. Need to solve 53 d 1 (mod 120) 120 = 2 53 + 14 53 = 3 14 + 11 14 = 1 11 + 3 11 = 3 3 + 2 3 = 1 2 + 1 2 = 2 1 + 0, hence 1 = 3 2 = 3 (11 3 3) = 4 3 11 = 4(14 11) 11 = 4 14 5 11 = 4 14 5(53 3 14) = 19 14 5 53 = 19(120 2 53) 5 53 = 19 120 43 53, hence 13

( 43) 53 = 1 19 120 ( 43) 53 1 (mod 120) Since [ 43] 120 = [77] 120, d = 77 Step 7. Define the Decoding Function D ([x]) = [x d ] Example. D([x]) = [x 77 ] End of RSA Method Why is D the inverse of E? D (E([x])) = E (D([x])) = [x e d ] Using a theorem (by Fermat) one can check: [x e d ] = [x] 14

Computation of encoded message E([97]) = [97] 53 Step 1. Decompose e = 53 in sum of powers of 2 53 = 32 + 16 + 4 + 1 = 2 5 + 2 4 + 2 2 + 2 0 Step 2. Express E([97]) as a product E([97]) = [97] 53 = [97] 1+4+16+32 = [97] 1 [97] 4 [97] 16 [97] 32 Step 3. Compute [97] to the above powers of 2 [97] 2 = [ 46] 2 = [2116] = [114] = [ 29] [97] 4 = [ 29] 2 = [841] = [126] = [ 17] [97] 8 = [ 17] 2 = [289] = [3] [97] 16 = [3] 2 = [9] [97] 32 = [9] 2 = [81] = [ 62] Step 4. Final computation E([97]) = [97] 53 = [97] 1 [97] 4 [97] 16 [97] 32 = [97] [ 17] [9] [ 62] = [ 46] [ 17] [9] [ 62] = [46 17] [9 62] = [782] [558] = [67][ 14] = [67 14] = [938] = [80] 15

Computation of decoded message D([80]) = [80] 77 Using same method as earlier 77 = 1 + 4 + 8 + 64 The original message! [80] 77 = [80] [80] 4 [80] 8 [80] 64 = [80] [ 62] [ 17] [ 62] = [1360] [3884] = [73] [ 17] = [73] [17] = [1241] = [97] Exercise 1: In constructing a code with p = 17, q = 19 suppose that the encoding exponent is e = 35. What should the decoding exponent d be? Exercise 2: (A) Decode the message 127 using the code in exercise 1. (B) Encode the message found in (A), and check the result is precisely 127. 16

How can one break the code? If can factor N into p q can find d, and function D TELL e, N everyone: they can send encoded messages KEEP d secret: you only can decode them < 1 sec to find E([x]) if e known, or D([x]) if d known quadrillions of years to find D([x]) if d NOT known (based on current known algorithms) 17

ADDITIONAL MATERIAL: Verification that D is inverse of E Need: Fermat s little theorem: if p is prime and [a] p 0, a p 1 1 mod p First, D(E([x])) = D([x e ]) = [(x e ) d ] = [x d e ] We want to check: [x d e ] = [x], equivalently x d e x 0 (modn) Hence we need to check that N = p q is a divisor of x d e x Enough to check that p is divisor of x d e x, i.e. [x d e x] p = 0 We know: d e 1 mod A, so there exists k such that d e = 1 + k A Since A = (p 1) (q 1), k A = (p 1) m, where m = k (q 1) Therefore: x d e x = x 1+k A x = x(x k A ) x = x(x (p 1) m ) x = x(x p 1 ) m x [x d e x] p = [x(x p 1 ) m x] p = [x(1) m x] p = [x(1) x] p = 0 18

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback