Chapter 8. Introduction to Number Theory

Similar documents
Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Number Theory. Modular Arithmetic

CSC 474 Information Systems Security

Number Theory. Raj Jain. Washington University in St. Louis

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

CPSC 467: Cryptography and Computer Security

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Basic elements of number theory

Basic elements of number theory

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Number Theory and Group Theoryfor Public-Key Cryptography

Ma/CS 6a Class 4: Primality Testing

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

basics of security/cryptography

ECEN 5022 Cryptography

CIS 551 / TCOM 401 Computer and Network Security

Lecture 14: Hardness Assumptions

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

CPSC 467b: Cryptography and Computer Security

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Homework #2 solutions Due: June 15, 2012

Introduction to Public-Key Cryptosystems:

Numbers. Çetin Kaya Koç Winter / 18

A Guide to Arithmetic

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Public Key Encryption

Number Theory A focused introduction

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

CSCE 564, Fall 2001 Notes 6 Page 1 13 Random Numbers The great metaphysical truth in the generation of random numbers is this: If you want a function

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Ma/CS 6a Class 4: Primality Testing

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Applied Cryptography and Computer Security CSE 664 Spring 2018

Cryptography IV: Asymmetric Ciphers

Chapter 3 Basic Number Theory

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Part II. Number Theory. Year

Topics in Cryptography. Lecture 5: Basic Number Theory

Wilson s Theorem and Fermat s Little Theorem

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Elementary Number Theory Review. Franz Luef

Theory of Numbers Problems

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Mathematics of Cryptography

Lecture 3.1: Public Key Cryptography I

A SURVEY OF PRIMALITY TESTS

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Introduction to Number Theory

CPSC 467b: Cryptography and Computer Security

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Number Theory Alex X. Liu & Haipeng Dai

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Mathematics for Cryptography

2 More on Congruences

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Math 261 Spring 2014 Final Exam May 5, 2014

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

Public-key Cryptography: Theory and Practice

Public Key Algorithms

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) =

Exam 2 Solutions. In class questions

A Readable Introduction to Real Mathematics

Mathematical Foundations of Public-Key Cryptography

Public Key Cryptography

CSc 466/566. Computer Security. 5 : Cryptography Basics

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Theory of RSA. Hiroshi Toyoizumi 1. December 8,

Chapter 5. Modular arithmetic. 5.1 The modular ring

LECTURE NOTES IN CRYPTOGRAPHY

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

4 Powers of an Element; Cyclic Groups

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

ECE596C: Handout #11

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Integers and Division

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Summary Slides for MATH 342 June 25, 2018

Notes on Primitive Roots Dan Klain

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Introduction to Cryptography. Lecture 6

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Introduction to Information Security

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Lecture Notes, Week 6

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Transcription:

Chapter 8 Introduction to Number Theory CRYPTOGRAPHY AND NETWORK SECURITY 1

Index 1. Prime Numbers 2. Fermat`s and Euler`s Theorems 3. Testing for Primality 4. Discrete Logarithms 2

Prime Numbers 3

Prime Numbers Prime number is a central concern of number theory Integer p > 1 is a prime number if its only divisors are ±1 and ±p Any Integer a > 1 can be factored in a unique way as a = p 1 a1 p 2 a2 p 1 a1 p t at 91 = 7 13 3600 = 2 4 3 2 5 2 11011 = 7 11 2 13 4

Prime Numbers (cont`d) a = P a p p P where each a p 0 The integer 12 is represented by {a 2 = 2, a 3 = 1} The integer 18 is represented by {a 2 = 1, a 3 = 2} The integer 91 is represented by {a 7 = 1, a 13 = 1} a = P a p p P, b = P b p p P define k = ab, Then k = P k p p P It follows k p = a p + b p for all p P k = 12 18 = 2 2 3 2 3 2 = 216 k 2 = 2 + 1 = 3; k 3 = 1 + 2 = 3 216 = 2 3 3 3 = 8 27 5

Prime Numbers (cont`d) a = P a p p P, b = P b p p P If a b, then a p b p for all p a = 12; b = 36; 12 36 12 = 2 2 3; 36 = 2 2 3 2 a 2 = 2 = b 2 a 3 = 1 b 3 Thus, the inequality a p b p is satisfied for all prime numbers. 6

Prime Numbers (cont`d) It is easy to determine gcd of two positive integers if we express each integer as the product of primes. 300 = 2 2 3 1 5 1 18 = 2 1 3 2 gcd 18,300 = 2 1 3 1 5 0 = 6 If k = gcd a, b, then k p = min a p, b p for all p Determining the prime factors of a large number is not easy task, so preceding relationship doesn`t not directly lead to a practical method of calculating gcd. *gcd: greatest common devisor 7

Fermat and Euler`s Theorems 8

Fermat`s Theorems These two theorems play important roles in public-key cryptography. Fermat`s Theorem If p is a prime and a is a positive integer not divisible by p, then a p 1 1(mod p) a = 7, p = 19 7 2 = 49 = 11 mod 19 7 4 = 121 = 7 mod 19 7 8 = 49 = 11 mod 19 7 16 = 121 = 7 mod 19 a p 1 = 7 18 = 7 16 7 2 = 7 11 = 77 = 1(mod 19) 9

Fermat`s Theorems: Proof set p = 1,2, p 1 set X = a mod p, 2a mod p, p 1 a mod p Suppose ja = ka(mod p), where 1 j < k p 1, and a is relative prime with a, we can eliminate a. Then it resulting j = k(mod p), but it is impossible. Therefore every elements in set X will be different. a 2a p 1 a [(1 2 p 1 ](mod p) a p 1 p 1! = a p 1 = 1 mod p p 1! mod p 10

Fermat`s Theorems (Cont`d) Alternative form: a p = a mod p This form does not requires a and p be relative prime. p = 5, a = 3 a p = 3 5 = 243 = 3 mod5 = a modp p = 5, a = 10 a p = 10 5 = 100000 = 10 mod5 = 0 mod5 = a(modp) 11

Euler`s Totient Function Written φ(n), and defined as the number of positive integers less than n and relatively prime to n. Determine φ(37), 37 is prime, 1~36 are relatively prime to 37, Thus φ 37 = 36 For a prime number p, φ p = p 1 If we have two prime numbers p and q with p!= q, for n = pq. φ n = φ pq = φ p φ q = (p 1) (q 1) φ n = pq 1 q 1 + p 1 = pq p + q + 1 = p 1 q 1 = φ p φ q φ 21 = φ 3 φ 7 = 3 1 7 1 = 2 6 = 12 {1,2,3,5,8,10,11,13,16,17,19,20} 12

Euler`s Theorem Every a and n that are relatively prime: a φ n = 1(mod n) it is true if n is prime, because of Fermat`s theorem exists. φ n = n 1 a n 1 = 1 mod n But this also holds for any integer n. a = 3; n = 10; φ 10 = 4, a φ n = 3 4 = 81 = 1 mod10 a = 2; n = 11; φ 11 = 10, a φ n = 2 10 = 1024 = 1 mod11 13

Euler`s Theorem: Proof R = x 1, x 2,, x φ n each x i is a unique positive integer less than n. now multiply by a, and modulo n; S = { ax 1 mod n, ax 2 mod n,, (ax φ n mod n)} From here, very similar with Fermat`s Theorem`s proof. 14

Testing for Primality 15

Testing for Primality Miller-Rabin Algorithm: First, Any positive odd integer n>=3 can be expressed as n 1 = 2 k q with k > 0, q odd And we need two properties of prime numbers that we will need. 1. if p is prime and a is a positive integer less than p, than a 2 mod p = 1 2. let p be a prime number greater than 2. we can write p 1 = 2 k q with k >, q odd. Let a be any integer in 1 < a < p 1. then one of two condition is true 1. a q is congruent to 1 mod p. that is a q mod p = 1 or a q = 1(mod p) 2. one of numbers a q, a 2q, a 4q,, a 2k 1 q is congruent to -1 mod p. that is j in range (1 j k) such that a 2j 1 q mod p = 1 modp = p 1 or a 2j 1q = 1(mod p) 16

Miller-Rabin Algorithm(con`t) If n is prime, then either the first element in the list of residues, or remainders(a q, a 2q,, a 2k 1q, a 2kq ) mod n equals 1; or some elements is the list equals (n-1); otherwise, n is not a prime. Also, if condition met, it don`t exactly mean that n is prime. n = 2047 = 23 89, than n 1 = 2 1023. and 2 1023 mod 2047 = 1, so condition mets, but is not prime. 17

Miller-Rabin Algorithm(con`t) In the TEST procedure, it takes a candidate integer n as input and returns the result composite if n is not a prime, and the result inconclusive if n may or may not be a prime. TEST(n) 1. Find integers k,q, with k>0, q odd, so that (n 1 = 2 k q ); 2. Select a random integer a, 1 < a < n 1; 3. If a q mod n = 1 then return ( inconclusive ); 4. For j=0 to k-1 do 5. If a 2j q mod n = n 1 then return ( inconclusive ); 6. return ( composite ); 18

Discrete Logarithms 19

The Powers of an Integer, Modulo n a m = 1 mod n If a and n are relatively prime, then there is at least one integer m that satisfies this equation. Namely, M = φ(n). The least positive exponent m for this equation holds is referred to in several ways: The order of a(mod n) The exponent to which a belongs(mod n) The length of the period generated by a 20

21

The Powers of an Integer, Modulo n 1. All sequences end in 1. 2. The length of a sequence divides φ 19 = 18. That is, an integral number of sequences occur in each row of table. 3. Some of the sequences are of length 19. In this case, it is said that base integer a generates(via powers) the set of nonzero integers modulo 19. Each such integer is called a primitive root of the modulus 19. If a number is of this φ n order it is referred as primitive root. If a is a primitive root of n, a, a 2,, a φ n are distinct (mod n) and are all relatively prime to n. Not all integers have primitive roots. The only integers of the form 2,4, p a, 2p a where p is any odd prime and a is a positive integer. 22

Logarithms for Modula Arithmetic Review the ordinary logarithm`s properties y = x log x(y) log x (1) = 0 log x x = 1 log x yz = log x y + log x (z) log x y r = r log x (y) Consider primitive root a for some prime number p. We know that the powers of a from 1 through (p-1) produce each integer from 1 through (p-1) exactly once. And any integer b satisfies b = r mod p for some r, where 0 r (p 1) b = a i mod p where 0 i (p 1) 23

Logarithms for Modula Arithmetic(cont`d) This exponent i is referred to as the discrete logarithm of the number b for the base a(mod p). We denote this as dlog a,p b. dlog a,p 1 = 0 because a 0 mod p = 1 mod p = 1 dlog a,p a = 1 because a 1 mod p = a 24

25

Logarithms for Modula Arithmetic(cont`d) Now consider x = a dlog a,p x mod p y = a dlog a,p y mod p xy = a dlog a,p xy mod p xy mod p = [ x mod p y mod p mod p a dlog a,p xy mod p = a dlog a,p x mod p a dlog a,p y mod p mod p =(a dlog a,p x +dlog a,p y )mod p 26

Logarithms for Modula Arithmetic(cont`d) But if consider Euler`s theorem, that every a and n that are relatively prime. a φ(n) = 1(mod n) Any positive integer z can be expressed in the form z = q + kφ n, with 0 q < φ(n). Therefore, by Euler`s theorem, a z = a q mod n if z = q mod φ(n) Apply this to the foregoing equality we have, dlog a,p xy And generalizing, dlog a,p y r = [dlog a,p x +dlog a,p y ](mod φ(p)) = [r dlog a,p y ](mod φ(p)) 27

28

Calculation of Discrete Logarithm Consider the equation y = g x mod p If g,x,p is given, it is straightforward to calculate y. At worst, we must perform x repeated multiplications, and algorithms exit for achieving grater efficiency. However, given y,g, and p it is in general, very difficult to calculate x. 29

Thank you for listening 30

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback