Number Theory A focused introduction

Similar documents
Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

Public Key Cryptography

Numbers. Çetin Kaya Koç Winter / 18

CIS 551 / TCOM 401 Computer and Network Security

Ma/CS 6a Class 4: Primality Testing

Basic elements of number theory

Basic elements of number theory

basics of security/cryptography

Number Theory and Group Theoryfor Public-Key Cryptography

The security of RSA (part 1) The security of RSA (part 1)

Some Facts from Number Theory

CPSC 467: Cryptography and Computer Security

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Introduction to Public-Key Cryptosystems:

Ma/CS 6a Class 4: Primality Testing

Encryption: The RSA Public Key Cipher

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

THE RSA ENCRYPTION SCHEME

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CPSC 467: Cryptography and Computer Security

CSc 466/566. Computer Security. 5 : Cryptography Basics

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Number Theory Notes Spring 2011

Applied Cryptography and Computer Security CSE 664 Spring 2018

A Guide to Arithmetic

A Readable Introduction to Real Mathematics

Lecture Notes, Week 6

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Iterated Encryption and Wiener s attack on RSA

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Beautiful Mathematics

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

COMP424 Computer Security

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Public Key Algorithms

ICS141: Discrete Mathematics for Computer Science I

10 Modular Arithmetic and Cryptography

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Discrete Mathematics GCD, LCM, RSA Algorithm

Number Theory. Modular Arithmetic

MATH 145 Algebra, Solutions to Assignment 4

download instant at

Chapter 8. Introduction to Number Theory

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Topics in Cryptography. Lecture 5: Basic Number Theory

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

10 Public Key Cryptography : RSA

CRYPTOGRAPHY AND NUMBER THEORY

RSA. Ramki Thurimella

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Number Theory and Algebra: A Brief Introduction

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

EULER S THEOREM KEITH CONRAD

Discrete mathematics I - Number theory

ECE596C: Handout #11

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Elementary Number Theory Review. Franz Luef

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Lecture 14: Hardness Assumptions

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Simple Math: Cryptography

For your quiz in recitation this week, refer to these exercise generators:

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

2 More on Congruences

A SURVEY OF PRIMALITY TESTS

Math.3336: Discrete Mathematics. Mathematical Induction

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Euler s, Fermat s and Wilson s Theorems

Senior Math Circles Cryptography and Number Theory Week 2

MODULAR ARITHMETIC KEITH CONRAD

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Clock Arithmetic and Euclid s Algorithm

Theory of RSA. Hiroshi Toyoizumi 1. December 8,

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Ma/CS 6a Class 2: Congruences

Introduction to Cybersecurity Cryptography (Part 5)

4 Number Theory and Cryptography

Number theory (Chapter 4)

Mathematics of Cryptography

Integers and Division

3 The fundamentals: Algorithms, the integers, and matrices

CPSC 467b: Cryptography and Computer Security

19. Coding for Secrecy

Homework #2 solutions Due: June 15, 2012

An Introduction to Cryptography

MATHEMATICS EXTENDED ESSAY

Transcription:

Number Theory A focused introduction This is an explanation of RSA public key cryptography. We will start from first principles, but only the results that are needed to understand RSA are given. We begin with some definitions and notation. Definitions Let a, b, d be integers. If there is an integer n such that a = nd then we say d is a divisor of a (or d divides a) and we write d a. If d a and d b then d is a common divisor of a and b. If d is a common divisor of a and b such that if r is any other common divisor of a and b then r d then we call d the greatest common divisor of a and b and write (a, b) = d. If (a, b) = 1, we say a and b are relatively prime. Given integers a and b then any integer c which can be written in the form c = ma + nb for some integers m and n is called a linear combination of a and b. Note that any common divisor of a and b will also divide all linear combinations of a and b. To compute the greatest common divisor of two integers we use the Euclidean algorithm. The Euclidean Algorithm We are given a and b. We can divide a by b to get a = n 1 b + r 1 for some integers n 1 and r 1 with 0 r b 1. We can then divide b by r 1 to get b = n 2 r 1 + r 2 for some integers n 2 and r 2 with 0 r 2 r 1 1. We repeat this process of dividing the previous divisor by the remainder until the remainder is 0. This gives us a chain of equations like a = n 1 b + r 1 b = n 2 r 1 + r 2 r 1 = n 3 r 2 + r 3... r k 2 = n k r k 1 + r k r k 1 = n k+1 r k Then the last non-zero remainder, r k, is the greatest common divisor of a and b. 1

Example: We wish to find the greatest common divisor of 34 and 20. We compute 34 = 1 20 + 14 20 = 1 14 + 6 14 = 2 6 + 4 6 = 1 4 + 2 4 = 2 2 So the (34, 20) = 2. Proof To see why the Euclidean algorithm produces a common divisor, trace back up the chain of equations. Since r k 1 = n k+1 r k, we know r k divides r k 1. Since r k 2 = n k r k 1 + r k and r k divides both r k 1 and itself, we find that r k divides r k 2. Continuing up the chain we eventually find that r k divides both a and b so r k is a common divisor of a and b. To show that r k is the greatest common divisor, we need to show that any other common divisor of a and b divides r k. For this we also work our way up the chain of equations. Rewrite r k 2 = n k r k 1 +r k as r k = r k 2 n k r k 1. So r k is a linear combination of r k 2 and r k 1. We rewrite the next equation up the chain, r k 3 = n k 1 r k 2 + r k 1 as r k 1 = r k 3 n k 1 r k 2 so r k 1 is a linear combination of r k 2 and r k 3. We substitute this into our linear combination for r k to get r k = r k 2 n k (r k 3 n k 1 r k 2 ) = (n k 1 n k + 1)r k 2 n k r k 3 so r k is also a linear combination of r k 2 and r k 3. Working our way up the chain we eventually can write r k as a linear combination of a and b. But any common divisor of a and b must then also divide r k, so r k is the greatest common divisor of a and b. It is important to note that this proof shows that the greatest common divisor of two numbers can be written as a linear combination of the numbers. We will use this fact later. Our next topic is modular arithmetic. Definition a b (mod k) means k a b. Note that for each a there is exactly one b satisfying 0 b k 1 such that a b (mod k). Also note that a b (mod k) if and only if there is an integer n with a = nk + b. Lemmas If a b (mod k) and c d (mod k) then a + c b + d (mod k) and ac bd (mod k). 2

Proof Since a b and c d, we can find integers n and m such that a = nk + b and c = mk + d. Then a + c = (nk + b) + (mk + d) = b + d + (n + m)k and ac = (nk + b)(mk + d) = bd + (nm + nd + mb)k So addition and multiplication work the same in modular arithmetic as in ordinary arithmetic. So does subtraction, though we won t need this. Division is more troubling. Modular arithmetic is for integers so we can t deal with fractions. This means we have to be careful when carrying out algebraic manipulations for modular arithmetic that we are permitted to cancel out common terms. The basic theorem is the following. Theorem Suppose (a, d) = 1. Then ab ac (mod d) implies that b c (mod d). Proof Since (a, d) = 1, we can write 1 as a linear combination of a and d, 1 = ma + nd. Then 1 ma = nd so d 1 ma and ma 1 (mod d). Now we write ab ac (mod d) mab mac (mod d) b c (mod d) which is what we wanted to prove. Note that 2 1 2 3 (mod 4) but that 1 3 (mod 4). This is not a counterexample to the above theorem because (2, 4) = 2 1. Our next stop is the Euler φ-function (also called the totient function). Definition φ(n) is the number of integers from 1 to n 1 which are relatively prime to n. Examples If p is prime then φ(p) = p 1, since all the numbers from 1 to p 1 are relatively prime to p. If p and q are prime then φ(pq) = (p 1)(q 1). To see this note that the only numbers from 1 to pq 1 that are not relatively prime to pq are p, 2p,..., (q 1)p and q, 2q,..., (p 1)q. So there are (p 1) + (q 1) numbers that are not relatively prime to pq and that leaves (pq 1) [(p 1) (q 1)] = pq p q + 1 = (p 1)(q 1) numbers which are relatively prime to pq. 3

Theorem (Euler) Suppose (a, n) = 1. Then a φ(n) 1 (mod n). Proof List the numbers from 1 to n 1 which are relatively prime to n and call them a 1, a 2,..., a φ(n). Then aa j aa i (mod n) if i j, by our cancellation rule above. Furthermore, since (a, n) = 1 and (a i, n) = 1, (aa i, n) = 1 for all i and so aa 1, aa 2,..., aa φ(n) are φ(n) distinct numbers mod n which are relatively prime to n. So the list aa 1, aa 2,..., aa φ(n) must be the same as the list a 1, a 2,..., a φ(n), just in a different order. Accordingly if we multiply all the elements in each list we must get the same result. But then aa 1 aa 2 aa φ(n) a 1 a 2 a φ(n) (mod n) a φ(n) (a 1 a 2 a φ(n) ) a 1 a 2 a φ(n) (mod n) a φ(n) 1 (mod n) Corollary (Fermat) If p is prime and 1 a p 1 then a p 1 1 (mod p). This result is useful in primality testing. Note that a n 1 (mod n) doesn t guarantee that n is prime, but a n 1 (mod n) does guarantee that n is composite (not prime). Corollary (RSA) If p and q are prime and d e 1 (mod (p 1)(q 1)) and (a, p) = (a, q) = 1, then (a e ) d a (mod pq). (Note: the hypothesis (a, p) = (a, q) = 1 can be dropped at the cost of making the proof a fair bit longer.) Proof Since (a, p) = (a, q) = 1, (a, pq) = 1 and so a φ(pq) = a (p 1)(q 1) 1 Now de 1 (mod pq). (mod (p 1)(q 1)) so de = k(p q)(q 1) + 1 for some k. Then using the laws of exponents from College Algebra we get (a e ) d = a ed = a k(p 1)(q 1)+1 ( = a (p 1)(q 1)) k a 1 1 k a 1 a (mod pq) (mod pq) 4

This is the key to RSA public key encryption. Pick two large primes p and q. Compute n = pq and also (p 1)(q 1). Now pick a d relatively prime to (p 1)(q 1). Then the discussion following the Euclidean algorithm explains how to find an e with d e 1 (mod (p 1)(q 1)). Now publish n and e, but not p, q, (p 1)(q 1) or d. Then anyone wishing to send a number to you (and all computer messages are just a bunch of numbers) can send you a e mod n. When you receive this message you then raise it to the d th power mod n to recover the original message a. But for anyone to crack the code they need to be able to find d, which requires they factor n to find p and q. Since finding primes is much easier than factoring, you can find primes large enough that it takes so long for someone to factor n that your code is practically unbreakable. Of course, if someone knew how to factor numbers quickly, all this would fall apart. Lots of people have tried to come up with fast factoring routines, but no one has found any fast enough to make breaking RSA practical (at least in the published literature). On the other hand, there is no proof that such an algorithm doesn t exist. 5

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback