COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Similar documents
1 Rabin Squaring Function and the Factoring Assumption

Numbers. Çetin Kaya Koç Winter / 18

CPSC 467b: Cryptography and Computer Security

Topics in Cryptography. Lecture 5: Basic Number Theory

CPSC 467: Cryptography and Computer Security

Applied Cryptography and Computer Security CSE 664 Spring 2018

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

ECEN 5022 Cryptography

Lecture 11 - Basic Number Theory.

CS 290G (Fall 2014) Introduction to Cryptography Oct 21st, Lecture 5: RSA OWFs

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Basic Algorithms in Number Theory

Number Theory and Group Theoryfor Public-Key Cryptography

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Introduction to Cryptology. Lecture 19

CIS 551 / TCOM 401 Computer and Network Security

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Introduction to Cryptography. Lecture 6

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Ma/CS 6a Class 4: Primality Testing

Basic elements of number theory

Basic elements of number theory

Some Facts from Number Theory

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CS483 Design and Analysis of Algorithms

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Basic Algorithms in Number Theory

Number Theory. Modular Arithmetic

Lecture 14: Hardness Assumptions

Number Theory A focused introduction

CSC 474 Information Systems Security

Computational Hardness

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Introduction to Public-Key Cryptosystems:

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Introduction to Cryptology. Lecture 20

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Chapter 4 Finite Fields

Mathematical Foundations of Cryptography

Discrete Mathematics with Applications MATH236

CPSC 467b: Cryptography and Computer Security

COMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.

Lecture Notes. Advanced Discrete Structures COT S

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Algebra for error control codes

Lecture 11: Number Theoretic Assumptions

Ma/CS 6a Class 4: Primality Testing

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Public Key Encryption

Finite Fields. Mike Reiter

Chapter 5. Modular arithmetic. 5.1 The modular ring

Applied Cryptography and Computer Security CSE 664 Spring 2017

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

LECTURE NOTES IN CRYPTOGRAPHY

CPSC 467b: Cryptography and Computer Security

Modular Arithmetic. Examples: 17 mod 5 = 2. 5 mod 17 = 5. 8 mod 3 = 1. Some interesting properties of modular arithmetic:

Basic Algorithms in Number Theory

Primes. Rational, Gaussian, Industrial Strength, etc. Robert Campbell 11/29/2010 1

Theoretical Cryptography, Lecture 13

Introduction to Information Security

Theoretical Cryptography, Lectures 18-20

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Chapter 8. Introduction to Number Theory

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

A. Algebra and Number Theory

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Algorithms (II) Yu Yu. Shanghai Jiaotong University

basics of security/cryptography

CPSC 467b: Cryptography and Computer Security

ECE596C: Handout #11

CSc 466/566. Computer Security. 5 : Cryptography Basics

Discrete Math, Fourteenth Problem Set (July 18)

Number theory (Chapter 4)

Lecture 4: One Way Functions - II

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Arithmetic Algorithms, Part 1

CSE 521: Design and Analysis of Algorithms I

Mathematics of Cryptography

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Public-key Cryptography: Theory and Practice

Lecture 3.1: Public Key Cryptography I

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Mathematical Foundations of Public-Key Cryptography

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Cryptography IV: Asymmetric Ciphers

Transcription:

COMS W4995 Introduction to Cryptography September 29, 2005 Lecture 8: Number Theory Lecturer: Tal Malkin Scribes: Elli Androulaki, Mohit Vazirani Summary This lecture focuses on some basic Number Theory. After proving basic theorems related to prime numbers, this chapter is referred to the extended Euclid s algorithm, Modular Arithmetic, and the groups Z n, Z n and their properties. Recall from the previous lecture... In the last lecture we defined (weak) one-way functions (OWFs) - functions easy to compute and difficult to invert - and collections of One-Way Functions. We also introduced the Factoring Assumption and showed a OWF based on it. 1 Prime-Number Basic Theorems In the last lecture we have mentioned the following theorem: Theorem 1 If the factoring assumption holds, then F = {f i : D i {0, 1} } i I where I = {n N : n is even} and D i = {p, q : p = q = i/2 and p, q are primes} and f i (p, q) = p q is a collection of OWF. In the previous lecture we proved that three of the four conditions that are required to show that F is a collection of OWFs are satisfied. Now we have to prove that condition (2) is also satisfied. Namely, we have to prove that it is feasible in polynomial time to sample random pairs of i 2-bit primes. This is easily proven using the following claim. Claim 2 Choosing a k-bit random integer that is a prime can be done in polynomial time in k. 1

Proof: In order to prove the above claim, we state the following facts and corollary and later come up with an algorithm that chooses a k-bit prime integer at random in polynomial time in k. Fact 3 Primality testing can be done in polynomial time. Fact 4 (Prime Number Theorem, Hadamard, de la Vallée-P. 1896) π(x) = O( x x i.e. the number π(x) of primes p x is roughly logx as x Corollary 5 Since the biggest k-bit number is (2 k 1) there are about Algorithm 1 A PPT algorithm to find a random k-bit prime. 1. Choose random k-bit number P {2 k 1,..., 2 k 1} 2. Run a primality test on P. 3. If P is prime then output P, else goto 1. 2 k kln2 k-bit primes. What we need to prove is that the above algorithm is PPT. Because of Corollary 4, the test in step 2 succeeds with probability Ω( 1 k ). Therefore, the expected number of iterations in the algorithm is O(k), namely its expected running time is polynomial. 1 logx ) 2 Review of Number Theory Fact 6 (Extended Euclid s Algorithm) For every two integers x, y two integers a, b such that ax+by = gcd(x, y). Moreover, there is a polynomial time algorithm that computes a, b. This algorithm is called the Extended Euclid s Algorithm (EEA). Following is an example of the application of the EEA. Example 1 gcd(72, 15) 72 = 4 15 + 12 15 = 1 12 + 3 12 = 4 3 + 0 3 = 15 12 = 15 (72 4 15) = 5 15 + ( 1) 72 gcd = 3 a = 1, b = 5 1 In order to get an algorithm that always runs in polynomial time, we can fix a polynomial bound on the number of iterations, after which the algorithm will halt and output fail. The polynomial can be set large enough so that this happens with negligible probability. 2

Modular Arithmetic x y (mod n) if n (x y) Example 2 17 5 (mod 12) 3 27 (mod 15) Definition 1 x mod n Unique x {0, 1, 2, 3,..., n 1} s.t. x x (mod n) 2.1 Operations (addition, subtraction, multiplication) x y (mod n) a (x + a y + a (mod n)) x y (mod n) a (x a y a (mod n)) x y (mod n) = a (a x a y (mod n)) Note: The following example demonstrates that we cannot divide in general. Example 3 3 1 3 3 mod 6 1 3 mod 6 2.2 Basic Definitions Definition 2 Z n = {0, 1, 2,..., n 1} Example 4 Z 6 = {0, 1, 2, 3, 4, 5} Z 15 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14} Definition 3 Z n = {x Z n gcd(x, n) = 1} 3

Example 5 Z 6 = {1, 5} = {1, 2, 4, 7, 8, 11, 13, 14} Z 15 Fact 7 Z n is the set of all elements in Z n that have a multiplicative inverse. Namely, Z n = {x Z n a : x a = 1 (mod n)} Example 6 1 1 = 1 mod 6 5 5 = 1 mod 6 Thus, 1, 5 Z n Because of Fact 6, if a Z n, then we can divide by a, namely multiply both sides by a 1 mod n. Definition 4 A group is a set G with a binary operation such that G is closed under the operation : a, b G = a b G. associativity: a (b c) = (a b) c identity: I G : a I = I a = a a G inverse: a G a 1 G : a a 1 = I All of the groups we consider will also be commutative, namely a,b G a b = b a. Example 7 The integers are a group under addition ( + ). The rationals are a group under multiplication ( * ). Fact 8 Z n is a group under + (mod n). The identity element of this group for this operation is element 0. Z n is a group under * (mod n). The identity element of this group for this operation is element 1. Fact 9 For any finite group G, and any x G, if we apply operation in x G times, then we get the Identity element of. x x x x... x = I (Identity element) G times 4

Example 8 (Z 15, +(mod n)) ( Z 15 = 15) 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 + 5 0 (mod 15) In general, 15 X 0 mod 15 X (Z 15, (mod n)) ( Z 15 = 8) 4 * 4 * 4 * 4 * 4 * 4 * 4 * 4 1 (mod 15) In general, X 8 1 mod 15 X Note: From this we can simplify many tedious exponential calculations, as we know for example that Z 15 = 8, we can immediately calculate 1212318 = 1 mod 15. Definition 5 Euler s Totient Function Φ(n) = Z n Fact 10 if p is prime, then Φ(p) = p 1 Fact 11 if n = p α i i for distinct primes p i : Φ(n) = p α i 1 i (p i 1) Example 9 15 = 5 * 3 Φ(15) = Φ(5) Φ(3) = (5 1) (3 1) = 4 2 = 8 Fact 9 implies the following theorem. Theorem 12 x Z n, x Φ(n) 1 (mod n) Special case for primes (Fermat s little theorem): If p is prime then x Z n, x p 1 1 mod p 5

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback