Introduction to Cryptology. Lecture 19

Similar documents
Introduction to Cryptology. Lecture 20

SEVENTH EDITION and EXPANDED SEVENTH EDITION

Lecture 3.1: Public Key Cryptography I

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Finite Fields. Mike Reiter

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Applied Cryptography and Computer Security CSE 664 Spring 2018

Lecture Notes. Advanced Discrete Structures COT S

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Number theory (Chapter 4)

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Cryptography. Lecture 6

For your quiz in recitation this week, refer to these exercise generators:

Number Theory Math 420 Silverman Exam #1 February 27, 2018

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Number Theory. Modular Arithmetic

Chapter 4 Finite Fields

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Public Key Cryptography

CSE 20 DISCRETE MATH. Winter

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Mathematical Foundations of Cryptography

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

CSC 5930/9010 Modern Cryptography: Number Theory

Modular Arithmetic Instructor: Marizza Bailey Name:

LECTURE NOTES IN CRYPTOGRAPHY

Congruence of Integers

Lecture 14: Hardness Assumptions

Ma/CS 6a Class 2: Congruences

Lecture 10: HMAC and Number Theory

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Chapter 4 Mathematics of Cryptography

Mathematics for Cryptography

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Introduction to Information Security

3 The fundamentals: Algorithms, the integers, and matrices

cse 311: foundations of computing Fall 2015 Lecture 11: Modular arithmetic and applications

Numbers. Çetin Kaya Koç Winter / 18

Discrete Mathematics with Applications MATH236

Basic Algorithms in Number Theory

Part V. Chapter 19. Congruence of integers

CPSC 467b: Cryptography and Computer Security

Basic elements of number theory

Basic elements of number theory

Ma/CS 6a Class 2: Congruences

Groups in Cryptography. Çetin Kaya Koç Winter / 13

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Modular Arithmetic (Read Sections 4.1 thro 4.4)

a the relation arb is defined if and only if = 2 k, k

Elementary Number Theory. Franz Luef

Intro to Rings, Fields, Polynomials: Hardware Modeling by Modulo Arithmetic

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Algorithms CMSC Homework set #1 due January 14, 2015

CHAPTER 3. Congruences. Congruence: definitions and properties

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

Math 109 HW 9 Solutions

Number Theory Proof Portfolio

4 Number Theory and Cryptography

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Lecture 7.4: Divisibility and factorization

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

CS483 Design and Analysis of Algorithms

Lecture 11: Number Theoretic Assumptions

Algorithms (II) Yu Yu. Shanghai Jiaotong University

COMP4109 : Applied Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Number Theory and Group Theoryfor Public-Key Cryptography

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Continuing discussion of CRC s, especially looking at two-bit errors

CPSC 467: Cryptography and Computer Security

MATH 361: NUMBER THEORY FOURTH LECTURE

Inverses. Today: finding inverses quickly. Euclid s Algorithm. Runtime. Euclid s Extended Algorithm.

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

1 Overview and revision

Integers and Division

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

CIS 551 / TCOM 401 Computer and Network Security

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

4 PRIMITIVE ROOTS Order and Primitive Roots The Index Existence of primitive roots for prime modulus...

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

8 Elliptic Curve Cryptography

Arithmetic Algorithms, Part 1

Elementary Properties of the Integers

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Wilson s Theorem and Fermat s Little Theorem

Practice Number Theory Problems

Mathematics of Cryptography

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

3.2 Solving linear congruences. v3

CSC 474 Information Systems Security

Elliptic Curves, Factorization, and Cryptography

Transcription:

Introduction to Cryptology Lecture 19

Announcements HW6 due today HW7 due Thursday 4/20 Remember to sign up for Extra Credit

Agenda Last time More details on AES/DES (K/L 6.2) Practical Constructions of CRHF (K/L 6.3) This time Number Theory Background (K/L Chapter 8)

Modular Arithmetic Definition of modulo: We say that two integers a, b are congruent modulo p denoted by a b mod p If (i.e. p divides (a b)). p (a b)

Modular Arithmetic Examples: All of the following are true 2 15 mod 13 28 15 mod 13 41 15 mod 13 11 15 mod 13

Modular Arithmetic Operation: addition mod p Regular addition, take modulo p. Example: 8 + 10 mod 13 18 mod 13 5 mod 13.

Properties of Addition mod p Consider the set Z p of integers 0,1,, p 1 and the operation addition mod p. Closure: Adding two numbers in Z p and taking mod p yields a number in Z p. Identitiy: For every a Z p, 0 + a mod p a mod p. Inverse: For every a Z p, there exists a b Z p such that a + b 0 mod p. b is simply the negation of a (b = a). Note that using the property of inverse, we can do subtraction. We define c d mod p to be equivalent to c + d mod p. Associativity: For every a, b, c Z p : a + b + c = a + b + c mod p. Z p is a group with respect to addition!

Definition of a Group A group is a set G along with a binary operation for which the following conditions hold: Closure: For all g, h G, g h G. Identity: There exists an identity e G such that for all g G, e g = g = g e. Inverse: For all g G there exists an element h G such that g h = e = h g. Such an h is called an inverse of g. Associativity: For all g 1, g 2, g 3 G, g 1 g 2 g 3 = g 1 g 2 g 3. When G has a finite number of elements, we say G is finite and let G denote the order of the group.

Abelian Group A group G with operation is abelian if the following holds: Commutativity: For all g, h G, g h = h g. We will always deal with finite, abelian groups.

Other groups over the integers We will be interested mainly in multiplicative groups over the integers, since there are computational problems believed to be hard over such groups. Such hard problems are the basis of numbertheoretic cryptography. Group operation is multiplication mod p, instead of addition mod p.

Multiplication mod p Example: 3 8 mod 13 24 mod 13 11 mod 13.

Multiplicative Groups Is Z p a group with respect to multiplication mod p? Closure YES Identity YES (1 instead of 0) Associativity YES Inverse NO 0 has no inverse since there is no integer a such that 0 a 1 mod p.

Multiplicative Group For p prime, define Z p multiplication mod p. = {1,, p 1} with operation We will see that Z p is indeed a multiplicative group! To prove that Z p is a multiplicative group, it is sufficient to prove that every element has a multiplicative inverse (since we have already argued that all other properties of a group are satisfied). This is highly non-trivial, we will see how to prove it using the Euclidean Algorithm.

Inefficient method of finding inverses mod p Example: Multiplicative inverse of 9 mod 11. 9 1 9 mod 11 9 2 18 7 mod 11 9 3 27 5 mod 11 9 4 36 3 mod 11 9 5 45 1 mod 11 What is the time complexity? Brute force search. In the worst case must try all 10 numbers in Z 11 the inverse. to find This is exponential time! Why? Inputs to the algorithm are (9,11). The length of the input is the length of the binary representation of (9,11). This means that input size is approx. log 2 11 while the runtime is approx. 2 log 2 11 = 11. The runtime is exponential in the input length. Fortunately, there is an efficient algorithm for computing inverses.

Euclidean Algorithm Theorem: Let a, p be positive integers. Then there exist integers X, Y such that Xa + Yb = gcd (a, p). Given a, p, the Euclidean algorithm can be used to compute gcd (a, p) in polynomial time. The extended Euclidean algorithm can be used to compute X, Y in polynomial time. ***We will see the extended Euclidean algorithm next class***

Proving Z p is a multiplicative group In the following we prove that every element in Z p has a multiplicative inverse when p is prime. This is sufficient to prove that Z p is a multiplicative group. Proof. Let a Z. Then gcd a, p = 1, since p is prime. p By the Euclidean Algorithm, we can find integers X, Y such that ax + py = gcd a, p = 1. Rearranging terms, we get that py = (ax 1) and so p (ax 1). By definition of modulo, this implies that ax 1 mod p. By definition of inverse, this implies that X is the multiplicative inverse of a. Note: By above, the extended Euclidean algorithm gives us a way to compute the multiplicative inverse in polynomial time.

Extended Euclidean Algorithm Example #1 Find: X, Y such that 9X + 23Y = gcd (9,23) = 1. 23 = 2 9 + 5 9 = 1 5 + 4 5 = 1 4 + 1 4 = 4 1 + 0 1 = 5 1 4 1 = 5 1 9 1 5 1 = 23 2 9 9 23 2 9 1 = 2 23 5 9 5 = 18 mod 23 is the multiplicative inverse of 9 mod 23.

Extended Euclidean Algorithm Example #2 Find: X, Y such that 5X + 33Y = gcd (5,33) = 1. 33 = 6 5 + 3 5 = 1 3 + 2 3 = 1 2 + 1 2 = 2 1 + 0 1 = 3 1 2 1 = 3 5 3 1 = 33 6 5 5 33 6 5 1 = 2 33 13 5 13 = 20 mod 33 is the multiplicative inverse of 5 mod 33.

Time Complexity of Euclidean Algorithm When finding gcd (a, b), the b value gets halved every two rounds. Why? Time complexity: 2log (b). This is polynomial in the length of the input. Why?

Getting Back to Z p Group Z p = {1,, p 1} operation: multiplication modulo p. Order of a finite group is the number of elements in the group. Order of Z p is p 1.

Fermat s Little Theorem Theorem: For prime p, integer a: a p a mod p.

Useful Fact Fact: For prime p and integers a, b, If p a b and p a, then p b.

Corollary of Fermat s Little Theorem Corollary: For prime p and a such that a, p = 1: a p 1 1 mod p Proof: By Fermat s Little Theorem we have that a p a mod p. By definition of modulo, this means that p (a p a). Rearranging, this implies that p a (a p 1). Now, since gcd a, p = 1, we have that p a. Applying useful fact with a = a and b = a p 1, we have that p a p 1. Finally, by definition of modulo, we have that a p 1 1 mod p. Note: For prime p, p 1 is the order of the group Z p.

Generalized Theorem Theorem: Let G be a finite group with m = G, the order of the group. Then for any element g G, g m = 1. Corollary of Fermat s Little Theorem is a special case of the above when G is the multiplicative group Z p and p is prime.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback