Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Similar documents
Chinese Remainder Theorem

Numbers. Çetin Kaya Koç Winter / 18

Computer Architecture 10. Residue Number Systems

The security of RSA (part 1) The security of RSA (part 1)

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) =

Math From Scratch Lesson 20: The Chinese Remainder Theorem

MATH 25 CLASS 12 NOTES, OCT Contents 1. Simultaneous linear congruences 1 2. Simultaneous linear congruences 2

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Fields in Cryptography. Çetin Kaya Koç Winter / 30

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Mathematics of Cryptography

Basic elements of number theory

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Basic elements of number theory

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

a the relation arb is defined if and only if = 2 k, k

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

4.4 Solving Congruences using Inverses

Groups in Cryptography. Çetin Kaya Koç Winter / 13

International Journal of Advanced Research in Computer Science and Software Engineering

Exponentiation and Point Multiplication. Çetin Kaya Koç Spring / 70

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Generalized Splines. Madeline Handschy, Julie Melnick, Stephanie Reinders. Smith College. April 1, 2013

3 The fundamentals: Algorithms, the integers, and matrices

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Arithmetic in Integer Rings and Prime Fields

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

ARYABHATA REMAINDER THEOREM: RELEVANCE TO PUBLIC-KEY CRYPTO-ALGORITHMS*

Carmen s Core Concepts (Math 135)

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

RSA Implementation. Oregon State University

Simultaneous Linear, and Non-linear Congruences

Number Theory. Modular Arithmetic

KEYWORDS: Multiple Valued Logic (MVL), Residue Number System (RNS), Quinary Logic (Q uin), Quinary Full Adder, QFA, Quinary Half Adder, QHA.

Stream Ciphers. Çetin Kaya Koç Winter / 20

Number Theory Alex X. Liu & Haipeng Dai

4 Number Theory and Cryptography

Aryabhata Remainder Theorem: Relevance to public-key crypto algorithms

ICS141: Discrete Mathematics for Computer Science I

1 Overview and revision

Digital Signature Algorithm

Discrete Logarithm Problem

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

SUFFIX PROPERTY OF INVERSE MOD

Modular Reduction without Pre-Computation for Special Moduli

Residue Number Systems Ivor Page 1

For your quiz in recitation this week, refer to these exercise generators:

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Cryptography. P. Danziger. Transmit...Bob...

Extending The Natural Numbers. Whole Numbers. Integer Number Set. History of Zero

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

William Stallings Copyright 2010

Optimization of new Chinese Remainder theorems using special moduli sets

Notes on Systems of Linear Congruences

Dixon s Factorization method

Lecture 10: HMAC and Number Theory

Number Theory Notes Spring 2011

Mathematical Foundations of Public-Key Cryptography

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Construction of latin squares of prime order

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

THE CUBIC PUBLIC-KEY TRANSFORMATION*

CHAPTER 3. Congruences. Congruence: definitions and properties

Mat Week 8. Week 8. gcd() Mat Bases. Integers & Computers. Linear Combos. Week 8. Induction Proofs. Fall 2013

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

A Suggestion for a Fast Residue Multiplier for a Family of Moduli of the Form (2 n (2 p ± 1))

Number Theory Proof Portfolio

Student Responsibilities Week 8. Mat Section 3.6 Integers and Algorithms. Algorithm to Find gcd()

Math 109 HW 9 Solutions

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Public Key Cryptography

The Chinese Remainder Theorem

Mathematics for Cryptography

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Algorithmic Number Theory and Public-key Cryptography

Number Theory and Group Theoryfor Public-Key Cryptography

Elliptic curves: Theory and Applications. Day 3: Counting points.

9 Modular Exponentiation and Square-Roots

Lecture 7 Number Theory Euiseong Seo

M381 Number Theory 2004 Page 1

Number Theory and Cryptography

Diophantine equations

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Secret Sharing for General Access Structures

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Introduction to Public-Key Cryptosystems:

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Applied Cryptography and Computer Security CSE 664 Spring 2017

Public-Key Cryptosystems CHAPTER 4

Solutions to Problem Set 4 - Fall 2008 Due Tuesday, Oct. 7 at 1:00

Modular Arithmetic (Read Sections 4.1 thro 4.4)

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

Number theory (Chapter 4)

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Transcription:

Chinese Remainder Algorithms http://koclab.org Çetin Kaya Koç Spring 2018 1 / 22

The Chinese Remainder Theorem Some cryptographic algorithms work with two (such as RSA) or more moduli (such as secret-sharing) The Chinese Remainder Theorem (CRT) and underlying algorithm allows to work with multiple moduli The general idea is to compute a large integer X knowing only its remainders modulo a small set of integers (called moduli) The principles of this method was established sometime in the 3rd and 5th century in China A Chinese mathematician Sun Tzu or Sunzi is known to be the author of The Mathematical Classic of Sunzi, which contains the earliest known example of the algorithm Thus, it is named as the Chinese Remainder Theorem. http://koclab.org Çetin Kaya Koç Spring 2018 2 / 22

The Chinese Remainder Theorem Theorem Given k pairwise relatively prime moduli n i for i = 1, 2,..., k, a number x [0, m 1] with m = n 1 n 2 n k is uniquely representable using the remainders r i for i = 1, 2,..., k such that r i = x (mod n i ). Given the remainders r 1, r 2,..., r k, we can compute x using x = k r i c i m i (mod m) i=1 where m i = m/n i and c i = m 1 i (mod n i ) The computation of x using the linear summation formula above is also called the Chinese Remainder Algorithm (CRA) http://koclab.org Çetin Kaya Koç Spring 2018 3 / 22

A CRT Example Chinese Remainder Algorithms Let the moduli set be {5, 7, 9} These moduli are pairwise relatively prime: gcd(5, 7) = gcd(5, 9) = gcd(7, 9) = 1 Each modulus does not need to be prime, but they need to be pairwise relatively prime If they are all prime, they will be pairwise relatively prime too We have n 1 = 5, n 2 = 7, n 3 = 9, and thus m = 5 7 9 = 315 All integers in the range [0, 314] are uniquely representable using this moduli set http://koclab.org Çetin Kaya Koç Spring 2018 4 / 22

A CRT Example Chinese Remainder Algorithms Let x = 200, then we have r 1 = 200 mod 5 r 2 = 200 mod 7 r 3 = 200 mod 9 r 1 = 0 r 2 = 4 r 3 = 2 The remainder set (0, 4, 2) with respect to the moduli set (5, 7, 9) uniquely represents the integer 200 Given the integer x and the moduli set, the remainders can be computed using r i = x (mod n i ) for i = 1, 2,..., k http://koclab.org Çetin Kaya Koç Spring 2018 5 / 22

Chinese Remainder Algorithms Given the remainders and the moduli set, the integer x can be computed using the Chinese Remainder Algorithms (CRAs) There are two algorithms for computing x: The Single Radix Conversion (SRC) and the Mixed Radix Conversion (MRC) algorithms Either one of them computes x Given the remainders (0, 4, 2) with respect to the moduli (5, 7, 9), the computation integer x is represented as CRA(0, 4, 2; 5, 7, 9) = 200 http://koclab.org Çetin Kaya Koç Spring 2018 6 / 22

The SRCExample Chinese Remainder Algorithms The SRC Algorithm computes x = SRC(0, 4, 2; 5, 7, 9) m = n 1 n 2 n 3 = 5 7 9 = 315 m 1 = m/n 1 = 315/5 = 7 9 = 63 m 2 = m/n 2 = 315/7 = 5 9 = 45 m 3 = m/n 3 = 315/9 = 5 7 = 35 c 1 = m1 1 = 63 1 = 3 1 = 2 (mod 5) c 2 = m2 1 = 45 1 = 3 1 = 5 (mod 7) c 2 = m3 1 = 35 1 = 8 1 = 8 (mod 9) x = r 1 c 1 m 1 + r 2 c 2 m 2 + r 3 c 3 m 3 (mod m) = 0 2 63 + 4 5 45 + 2 8 35 = 1460 (mod 315) = 200 (mod 315) Therefore, SRC(0, 4, 2; 5, 7, 9) = 200 http://koclab.org Çetin Kaya Koç Spring 2018 7 / 22

Another SRC Example The SRC Algorithm computes x = SRC(2, 1, 1; 7, 9, 11) m = n 1 n 2 n 3 = 7 9 11 = 693 m 1 = m/n 1 = 693/7 = 9 11 = 99 m 2 = m/n 2 = 693/9 = 7 11 = 77 m 3 = m/n 3 = 693/11 = 7 9 = 63 c 1 = m1 1 = 99 1 = 1 1 = 1 (mod 7) c 2 = m2 1 = 77 1 = 5 1 = 2 (mod 9) c 2 = m3 1 = 63 1 = 8 1 = 7 (mod 11) x = r 1 c 1 m 1 + r 2 c 2 m 2 + r 3 c 3 m 3 (mod N) = 2 1 99 + 1 2 77 + 1 7 63 = 793 (mod 693) = 100 (mod 693) Therefore, SRC(2, 1, 1; 7, 9, 11) = 100 http://koclab.org Çetin Kaya Koç Spring 2018 8 / 22

The Mixed Radix Conversion Algorithm The SRC algorithm uses the summation x = k r i c i m i (mod m) i=1 The SRC algorithm requires multi-precision arithmetic at each step, as each product term in the summation grows beyond any of the moduli n i The Mixed Radix Conversion Algorithm computes x more efficiently The MRC algorithm is particularly useful when each modulus fits into the word size of the computer The MRC avoids multi-precision arithmetic until the last phase http://koclab.org Çetin Kaya Koç Spring 2018 9 / 22

The Step 1 of the MRC Algorithm Step 1: Compute and save the inverses c ij for 1 j < i k c ij = n 1 j (mod n i ) This is accomplished using the extended Euclidean algorithm for the Fermat s method if the modulus is prime In case each modulus fits into the word size of the computer, any of the inverses would also fit into the same size Step 1 can be performed using the single-precision arithmetic http://koclab.org Çetin Kaya Koç Spring 2018 10 / 22

The Step 2 of the MRC Algorithm Step 2: Given the remainders (r 1, r 2,..., r k ) of X with respect to the moduli (n 1, n 2,..., n k ) and its first column as r i1 = r i for i = 1, 2,..., k compute the entries of the lower triangular matrix r 11 r 21 r 22 r 31 r 32 r 33...... r k1 r k2 r k3 r kk The computations in the ith row are performed mod n i http://koclab.org Çetin Kaya Koç Spring 2018 11 / 22

The Step 2 of the MRC Algorithm The 2nd column is computed using the 1st column The inverses are r 22 = (r 21 r 11 ) c 21 (mod n 2 ) r 32 = (r 31 r 11 ) c 31 (mod n 3 ) r 42 = (r 41 r 11 ) c 41 (mod n 4 ). r k2 = (r k1 r 11 ) c k1 (mod n k ) c 21 = n1 1 (mod n 2 ) c 31 = n1 1 (mod n 3 ) c 41 = n1 1 (mod n 4 ). c k1 = n 1 1 (mod n k ) http://koclab.org Çetin Kaya Koç Spring 2018 12 / 22

The Step 2 of the MRC Algorithm The 3rd column is computed using the 2nd column The inverses are r 33 = (r 32 r 22 ) c 32 (mod n 3 ) r 43 = (r 42 r 22 ) c 42 (mod n 4 ). r k3 = (r k2 r 22 ) c k2 (mod n k ) c 32 = n2 1 (mod n 3 ) c 42 = n2 1 (mod n 4 ). c k2 = n 1 2 (mod n k ) http://koclab.org Çetin Kaya Koç Spring 2018 13 / 22

The Step 2 of the MRC Algorithm The jth column is computed using the (j 1)th column r ij = (r i,j 1 r j 1,j 1 ) c i,j 1 (mod n i ) for i = j, j + 1,..., k The inverses are c i,j 1 = n 1 j 1 (mod n i) All computations in Step 2 are in single-precision arithmetic http://koclab.org Çetin Kaya Koç Spring 2018 14 / 22

An Example of MRC Algorithm for k = 5 r 11 = r 1 modn 1 r 21 = r 2 r 22 = (r 21 r 11 )c 21 modn 2 r 31 = r 3 r 32 = (r 31 r 11 )c 31 r 33 = (r 32 r 22 )c 32 modn 3 r 41 = r 4 r 42 = (r 41 r 11 )c 41 r 43 = (r 42 r 22 )c 42 r 44 = (r 43 r 33 )c 43 modn 4 r 51 = r 5 r 52 = (r 51 r 11 )c 41 r 53 = (r 52 r 22 )c 52 r 54 = (r 53 r 33 )c 53 r 55 = (r 54 r 44 )c 54 modn 5 http://koclab.org Çetin Kaya Koç Spring 2018 15 / 22

The Step 3 of the MRC Algorithm Step 3: The integer x is then computed using the diagonal entries as c = r 11 + r 22 n 1 + r 33 n 1 n 2 + + r kk n 1 n 2 n k 1 This step requires multi-precision arithmetic due to the product terms n 1 n 2 n i for i = 1, 2,..., k 1 in the summation to obtain x Step 3 is the only step the MRC requires multi-precision arithmetic The MRC has some other advantages: Two numbers can be compared in size if their MRC coefficients (r 11, r 22,..., r kk ) are known The MRC is essentially a weighted radix representation of x, however, more than one radix is used (thus, the term: mixed-radix) http://koclab.org Çetin Kaya Koç Spring 2018 16 / 22

An Example of the MRC Algorithm As example, let us take the remainders (r 1, r 2, r 3 ) = (2, 1, 1) with respect to the moduli (n 1, n 2, n 3 ) = (7, 9, 11) and compute x Step 1: First we compute and save the inverses c 21, c 31, c 32 c 21 = n1 1 (mod n 2 ) 7 1 (mod 9) 4 c 31 = n1 1 (mod n 3 ) 7 1 (mod 11) 8 c 32 = n2 1 (mod n 3 ) 9 1 (mod 11) 5 http://koclab.org Çetin Kaya Koç Spring 2018 17 / 22

An Example of the MRC Algorithm Step 2: The first column of the lower triangular matrix is the given set of remainders (2, 1, 1) from which we compute the rest of the columns: 2 1 (1 2) 4 (mod 9) 5 1 (1 2) 8 (mod 11) 3 (3 5) 5 (mod 11) 1 http://koclab.org Çetin Kaya Koç Spring 2018 18 / 22

An Example of the MRC Algorithm Step 3: To compute x, we perform the summation x = r 11 + r 22 n 1 + r 33 n 1 n 2 = 2 + 5 7 + 1 7 9 = 100 Until the Step 3, all computations are in single-precision, assuming each modulus is a single-precision integer http://koclab.org Çetin Kaya Koç Spring 2018 19 / 22

Comparing Integers in Mixed-Radix Representation Consider the integer x = 100 which has the remainders (2, 1, 1) with respect to the moduli (7, 9, 11) Now consider the integer y = 96 which has the remainders (5, 6, 8) with respect to the same moduli (7, 9, 11) We can tell of two integers are equal by comparing their remainders However, we cannot tell which one is larger, if they are not equal Even though y < x, it is not clear if this can be decided by comparing x = (2, 1, 1) and y = (5, 6, 8) 100 = (2, 1, 1)? (5, 6, 8) = 96 http://koclab.org Çetin Kaya Koç Spring 2018 20 / 22

Comparing Integers in Mixed-Radix Representation The mixed-radix representation of x was (2, 5, 1) We now compute the mixed-radix coefficients of y as 5 6 (6 5) 4 (mod 9) 4 8 (8 5) 8 (mod 11) 2 (2 4) 5 (mod 11) 1 This gives the mixed-radix representation of y as (5, 4, 1) http://koclab.org Çetin Kaya Koç Spring 2018 21 / 22

Comparing Integers in Mixed-Radix Representation These representations imply 2 + 5 7 + 1 7 9 = 100 5 + 4 7 + 1 7 9 = 96 We compare the mixed-radix coefficients from the right (which has the more weight) to the left (which has the least weight) and decided which number is larger Therefore, since the rightmost digits are equal (1 = 1) but, the next digits are not (5 > 4), we decide (2, 5, 1) > (5, 4, 1) http://koclab.org Çetin Kaya Koç Spring 2018 22 / 22

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback