CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Similar documents
Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

CSC 474 Information Systems Security

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Number Theory. Modular Arithmetic

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Topics in Cryptography. Lecture 5: Basic Number Theory

Chapter 8. Introduction to Number Theory

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

CPSC 467b: Cryptography and Computer Security

Number Theory. Raj Jain. Washington University in St. Louis

CPSC 467b: Cryptography and Computer Security

Introduction to Information Security

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Numbers. Çetin Kaya Koç Winter / 18

Introduction to Cryptography. Lecture 6

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

CPSC 467: Cryptography and Computer Security

Number Theory & Modern Cryptography

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Number Theory and Group Theoryfor Public-Key Cryptography

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Applied Cryptography and Computer Security CSE 664 Spring 2018

Lecture 3.1: Public Key Cryptography I

Number Theory. Zachary Friggstad. Programming Club Meeting

Basic elements of number theory

Basic elements of number theory

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Public Key Encryption

CIS 551 / TCOM 401 Computer and Network Security

Introduction to Cryptology. Lecture 19

Introduction to Public-Key Cryptosystems:

Mathematics of Cryptography

Chapter 4 Finite Fields

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Integers and Division

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

CHAPTER 3. Congruences. Congruence: definitions and properties

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Finite Fields. Mike Reiter

4 Number Theory and Cryptography

CMPUT 403: Number Theory

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

9 Modular Exponentiation and Square-Roots

CPSC 467: Cryptography and Computer Security

CS March 17, 2009

3 The fundamentals: Algorithms, the integers, and matrices

Mathematics of Cryptography

3.2 Solving linear congruences. v3

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

Senior Math Circles Cryptography and Number Theory Week 2

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Discrete Mathematics GCD, LCM, RSA Algorithm

Ma/CS 6a Class 4: Primality Testing

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Congruence of Integers

ECE596C: Handout #11

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Homework #2 solutions Due: June 15, 2012

Lecture 6: Introducing Complexity

Practice Number Theory Problems

Part V. Chapter 19. Congruence of integers

Wilson s Theorem and Fermat s Little Theorem

Ma/CS 6a Class 3: The RSA Algorithm

Mathematical Foundations of Public-Key Cryptography

8 Primes and Modular Arithmetic

Number Theory and Algebra: A Brief Introduction

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

EULER S THEOREM KEITH CONRAD

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

ICS141: Discrete Mathematics for Computer Science I

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

A SURVEY OF PRIMALITY TESTS

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

MATH 361: NUMBER THEORY FOURTH LECTURE

Lecture Notes, Week 6

Algebra for error control codes

Encryption: The RSA Public Key Cipher

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Solutions to Section 2.1 Homework Problems S. F. Ellermeyer

A. Algebra and Number Theory

Number Theory A focused introduction

Elementary Number Theory Review. Franz Luef

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

a the relation arb is defined if and only if = 2 k, k

For your quiz in recitation this week, refer to these exercise generators:

Elementary Properties of the Integers

Sets. We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Transcription:

CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography 1

Review of Modular Arithmetic 2

Remainders and Congruency For any integer a and any positive integer n, there are two unique integers q and r, such that 0 r < n and a = qn + r r is the remainder of a divided by n, written r = a mod n Example: 12 = 2*5 + 2 2 = 12 mod 5 a and b are congruent modulo n, written a b mod n, if a mod n = b mod n Example: 7 mod 5 = 12 mod 5 7 12 mod 5 3

Remainders (Cont d) For any positive integer n, the integers can be divided into n equivalence classes according to their remainders modulo n denote the set as Z n i.e., the (mod n) operator maps all integers into the set of integers Z n ={0, 1, 2,, (n-1)} 4

Modular Arithmetic Modular addition [(a mod n) + (b mod n)] mod n = (a+b) mod n Example: [16 mod 12 + 8 mod 12] mod 12 = (16 + 8) mod 12 = 0 Modular subtraction [(a mod n) (b mod n)] mod n = (a b) mod n Example: [22 mod 12-8 mod 12] mod 12 = (22-8) mod 12 = 2 Modular multiplication [(a mod n) (b mod n)] mod n = (a b) mod n Example: [22 mod 12 8 mod 12] mod 12 = (22 8) mod 12 = 8 5

Properties of Modular Arithmetic Commutative laws (w + x) mod n = (x + w) mod n (w x) mod n = (x w) mod n Associative laws [(w + x) + y] mod n = [w + (x + y)] mod n [(w x) y] mod n = [w (x y)] mod n Distributive law [w (x + y)] mod n = [(w x)+(w y)] mod n 6

Properties (Cont d) Idempotent elements (0 + m) mod n = m mod n (1 m) mod n = m mod n Additive inverse ( w) for each m Z n, there exists z such that (m + z) mod n = 0 Example: 3 are 4 are additive inverses mod 7, since (3 + 4) mod 7 = 0 Multiplicative inverse for each positive m Z n, is there a z s.t. (m * z) mod n = 1 7

Multiplicative Inverses Don t always exist! Ex.: there is no z such that 6 z = 1 mod 8 (m =6 and n=8) z 0 1 2 3 4 5 6 7 6 z 0 6 12 18 24 30 36 42 6 z mod 8 0 6 4 2 0 6 4 2 An positive integer m Z n has a multiplicative inverse m -1 mod n iff gcd(m, n) = 1, i.e., m and n are relatively prime If n is a prime number, then all positive elements in Z n have multiplicative inverses 8

Inverses (Cont d) z 0 1 2 3 4 5 6 7 5 z 0 5 10 15 20 25 30 35 5 z mod 8 0 5 2 7 4 1 6 3 9

Finding the Multiplicative Inverse Given m and n, how do you find m -1 mod n? Extended Euclid s Algorithm exteuclid(m,n): m -1 mod n = v n-1 if gcd(m,n) 1 there is no multiplicative inverse m -1 mod n 10

Example x q x r x u x v x 0-35 1 0 1-12 0 1 2 2 11 1-2 3 1 1-1 3 4 11 0 12-35 gcd(35,12) = 1 = -1*35 + 3*12 12-1 mod 35 = 3 (i.e., 12*3 mod 35 = 1) 11

Modular Division If the inverse of b mod n exists, then (a mod n) / (b mod n) = (a * (b -1 mod n))mod n Example: (13 mod 11) / (4 mod 11) = (13*(4-1 mod 11)) mod 11 = (13 * 3) mod 11 = 6 Example: (8 mod 10) / (4 mod 10) not defined since 4 does not have a multiplicative inverse mod 10 12

Modular Exponentiation (Power) 13

Modular Powers Example: show the powers of 3 mod 7 i 3 i 3 i mod 7 0 1 2 3 4 5 6 7 8 1 3 9 27 81 243 729 2187 6561 1 3 2 6 4 5 1 3 2 And the powers of 2 mod 7 Example: powers of 2 mod 7 i 0 1 2 3 4 5 6 7 8 9 2 i 2 i mod 7 1 2 4 8 16 32 64 128 256 512 1 2 4 1 2 4 1 2 4 1 14

Fermat s Little Theorem If p is prime and a is a positive integer not divisible by p, then a p-1 1 (mod p) Example: 11 is prime, 3 not divisible by 11, so 3 11-1 = 59049 1 (mod 11) Example: 37 is prime, 51 not divisible by 37, so 51 37-1 1 (mod 37) 15

Proof of Fermat s Theorem Observation: {a mod p, 2a mod p,, (p-1)a mod p} = {1, 2,, (p-1)}. [(a mod p) (2a mod p) ((p-1)a mod p)] = a 2a.. (p-1)a mod p (p-1)! = (p-1)! a p-1 mod p Thus, a p-1 1 mod p. 16

The Totient Function (n) = Z n* = the number of integers less than n and relatively prime to n a) if n is prime, then (n) = n-1 Example: (7) = 6 b) if n = p, where p is prime and > 0, then (n) = (p-1)*p -1 Example: (25) = (5 2 ) = 4*5 1 = 20 c) if n=p q, and p, q are relatively prime, then (n) = (p)* (q) Example: (15) = (5*3) = (5) * (3) = 4 * 2 = 8 17

Euler s Theorem For every a and n that are relatively prime, a ø(n) 1 mod n Example: For a = 3, n = 10, which relatively prime: (10) = (2*5) = (2) * (5) = 1*4 = 4 3 (10) = 3 4 = 81 1 mod 10 Example: For a = 2, n = 11, which are relatively prime: (11) = 11-1 = 10 2 (11) = 2 10 = 1024 1 mod 11 18

More Euler Variant: for all n, a k (n)+1 a mod n for all a in Z n *, and all nonnegative k Example: for n = 20, a = 7, (n) = 8, and k = 3: 7 3*8+1 7 mod 20 Generalized Euler s Theorem: for n = pq (p and q distinct primes), a k (n)+1 a mod n for all a in Z n, and all non-negative k Example: for n = 15, a = 6, (n) = 8, and k = 3: 6 3*8+1 6 mod 15 19

Modular Exponentiation x y mod n = x y mod (n) mod n Example: x = 5, y = 7, n = 6, (6) = 2 5 7 mod 6 = 5 7 mod 2 mod 6 = 5 mod 6 by this, if y 1 mod (n), then x y mod n = x mod n Example: x = 2, y = 101, n = 33, (33) = 20, 101 mod 20 = 1 2 101 mod 33 = 2 mod 33 20

The Powers of An Integer, Modulo n Consider the expression a m 1 mod n If a and n are relatively prime, then there is at least one integer m that satisfies the above equation Ex: for a = 3 and n = 7, what is m? i 3 i mod 7 1 2 3 4 5 6 7 8 9 3 2 6 4 5 1 3 2 6 21

The Power (Cont d) The smallest positive exponent m for which the above equation holds is referred to as the order of a (mod n), or the length of the period generated by a 22

order Understanding Order of a (mod n) Powers of some integers a modulo 19 a a 2 a 3 a 4 a 5 a 6 a 7 a 8 a 9 a 10 a 11 a 12 a 13 a 14 a 15 a 16 a 17 a 18 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1 4 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 8 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 1 9 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 1 18 9 3 6 9 2 23

Observations on The Previous Table The length of each period divides 18= (19) i.e., the lengths are 1, 2, 3, 6, 9, 18 Some of the sequences are of length 18 e.g., the base 2 generates (via powers) all members of Z n * The base is called the primitive root The base is also called the generator when n is prime 24

Reminder of Results Totient function: if n is prime, then (n) = n-1 if n = p, where p is prime and > 0, then (n) = (p-1)*p -1 if n=p q, and p, q are relatively prime, then (n) = (p)* (q) Example: (7) = 6 Example: (25) = (5 2 ) = 4*5 1 = 20 Example: (15) = (5*3) = (5) * (3) = 4 * 2 = 8 25

Reminder (Cont d) Fermat: If p is prime and a is positive integer not divisible by p, then a p-1 1 (mod p) Example: 11 is prime, 3 not divisible by 11, so 3 11-1 = 59049 1 (mod 11) Euler: For every a and n that are relatively prime, then a ø( n) 1 mod n Example: For a = 3, n = 10, which relatively prime: (10) = 4, 3 (10) = 3 4 = 81 1 mod 10 Variant: for all a in Z n *, and all non-negative k, a k (n)+1 a mod n Example: for n = 20, a = 7, (n) = 8, and k = 3: 7 3*8+1 7 mod 20 Generalized Euler s Theorem: for n = pq (p and q are distinct primes), all a in Z n, and all non-negative k, a k (n)+1 a mod n x y mod n = x y mod (n) mod n Example: for n = 15, a = 6, (n) = 8, and k = 3: 6 3*8+1 6 mod 15 Example: x = 5, y = 7, n = 6, (6) = 2, 5 7 mod 6 = 5 7 mod 2 mod 6 = 5 mod 6 26

Computing Modular Powers Efficiently The repeated squaring algorithm for computing a b (mod n) Let b i represent the i th bit of b (total of k bits) 27

Computing (Cont d) Algorithm modexp(a,b,n) d = 1; for i = k downto 1 do d = (d * d) % n; /* square */ if (b i == 1) d = (d * a) % n; /* step 2 */ endif enddo return d; at each iteration, not just at end Requires time k = logarithmic in b

Example Compute a b (mod n) = 7 560 mod 561 = 1 mod 561 i 560 10 = 101000110000 9 8 7 6 5 4 3 2 1 2 b i 1 0 0 0 1 1 0 0 0 0 d 1 7 49 157 526 160 241 298 166 67 1 step 2 Q: Can some other result be used to compute this particular example more easily? (Note: 561 = 3*11*17.) 29

Exercise φ(7) = 7-1 = 6 φ(21) = φ(3*7) = φ(3)*φ (7) = 2 * 6 =12 φ(33) = φ(3*11) = φ(3)*φ (11) = 2 * 10 = 20 φ(12) = φ(3*4) = φ(3)*φ (2 2 ) = 2 *( (2-1)*2 2-1 ) = 4 2 100 mod 33 = 2 100 mod (33) mod 33 = 2 100 mod 20 mod 33 = 2 0 mod 33 = 1 30

Discrete Logarithms 31

Square Roots x is a non-trivial square root of 1 mod n if it satisfies the equation x 2 1 mod n, but x is neither 1 nor -1 mod n Ex: 6 is a square root of 1 mod 35 since 6 2 1 mod 35 Theorem: if there exists a non-trivial square root of 1 mod n, then n is not a prime i.e., prime numbers will not have non-trivial square roots 32

Roots (Cont d) If n = 2 0 p 1 1 p 2 2 p k k, where p 1 p k are distinct primes > 2, then the number of square roots (including trivial square roots) are: 2 k if 0 1 Example: for n = 70 = 2 1 * 5 1 * 7 1, 0 = 1, k = 2, and the number of square roots = 2 2 = 4 (1,29,41,69) 2 k+1 if 0 = 2 Example: for n = 60 = 2 2 * 3 1 * 5 1, k = 2, the number of square roots = 2 3 = 8 (1,11,19,29,31,41,49,59) 2 k+2 if 0 > 2 Example: for n = 24 = 2 3 * 3 1, k = 1, the number of square roots = 2 3 = 8 (1,5,7,11,13,17,19,23) 33

Primitive Roots Reminder: the highest possible order of a (mod n) is (n) If the order of a (mod n) is (n), then a is referred to as a primitive root of n for a prime number p, if a is a primitive root of p, then a, a 2,, a p-1 mod p are all distinct numbers No simple general formula to compute primitive roots modulo n trying out all candidates 34

Discrete Logarithms For a primitive root a of a number p, where a i b mod p, for some 0 i p-1 the exponent i is referred to as the index of b for the base a (mod p), denoted as ind a,p (b) i is also referred to as the discrete logarithm of b to the base a, mod p 35

Logarithms (Cont d) Example: 2 is a primitive root of 19. The powers of 2 mod 19 = b 1 2 3 4 5 6 7 8 9 ind 2,19 (b) = log(b) base 2 mod 19 0 1 13 2 16 14 6 3 8 10 11 12 13 14 15 16 17 18 17 12 15 5 7 11 4 10 9 Given a, i, and p, computing b = a i mod p is straightforward 36

Computing Discrete Logarithms However, given a, b, and p, computing i = ind a,p (b) is difficult Used as the basis of some public key cryptosystems 37

Computing (Cont d) Some properties of discrete logarithms ind a,p (1) = 0 because a 0 mod p = 1 ind a,p (a) = 1 because a 1 mod p = a (p), not p! ind a,p (yz) = (ind a,p (y) + ind a,p (z)) mod (p) Example: ind 2,19 (5*3) = (ind 2,19 (5) + ind 2,19 (3)) mod 18 = 11 ind a,p (y r ) = (r ind a,p (y)) mod (p) Example: ind 2,19 (3 3 ) = (3*ind 2,19 (3)) mod 18 = 38

More on Discrete Logarithms x a ind a,p(x) mod p, Ex: 3 = 2 13 mod 19 1) a ind a,p(xy) mod p (a ind a,p(x) mod p)(a ind a,p(y) mod p) 2) a ind a,p(xy) mod p (a ind a,p(x)+inda,p(y) ) mod p 3) by Euler s theorem: a z a q mod p iff z q mod (p) Ex: 2 11 mod 19 = 2 29 mod 19 11 29 mod 18 39

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback