Numbers. Çetin Kaya Koç Winter / 18

Similar documents
Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Chinese Remainder Theorem

Number Theory and Group Theoryfor Public-Key Cryptography

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Basic elements of number theory

Basic elements of number theory

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Cryptography. Lecture 6

Groups in Cryptography. Çetin Kaya Koç Winter / 13

Applied Cryptography and Computer Security CSE 664 Spring 2018

CPSC 467b: Cryptography and Computer Security

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Number Theory. Modular Arithmetic

The security of RSA (part 1) The security of RSA (part 1)

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

3 The fundamentals: Algorithms, the integers, and matrices

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Number Theory Proof Portfolio

4 Number Theory and Cryptography

RSA Implementation. Oregon State University

CPSC 467: Cryptography and Computer Security

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Ch 4.2 Divisibility Properties

Number Theory A focused introduction

Introduction to Information Security

Number Theory Notes Spring 2011

Discrete Mathematics GCD, LCM, RSA Algorithm

Public Key Cryptography

Number Theory & Modern Cryptography

Arithmetic in Integer Rings and Prime Fields

CSC 474 Information Systems Security

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Applied Cryptography and Computer Security CSE 664 Spring 2017

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Mathematics of Cryptography

SUFFIX PROPERTY OF INVERSE MOD

Mathematics for Cryptography

ECEN 5022 Cryptography

Number theory (Chapter 4)

Exponentiation and Point Multiplication. Çetin Kaya Koç Spring / 70

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

A. Algebra and Number Theory

MTH 346: The Chinese Remainder Theorem

ICS141: Discrete Mathematics for Computer Science I

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Elementary Number Theory Review. Franz Luef

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

CIS 551 / TCOM 401 Computer and Network Security

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

CSc 466/566. Computer Security. 5 : Cryptography Basics

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Basic Algorithms in Number Theory

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Introduction to Public-Key Cryptosystems:

Some Facts from Number Theory

ECE596C: Handout #11

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

Homework #2 solutions Due: June 15, 2012

Public-key Cryptography: Theory and Practice

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Public Key Encryption

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

Elementary Number Theory MARUCO. Summer, 2018

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Number Theory. Zachary Friggstad. Programming Club Meeting

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Lecture 3.1: Public Key Cryptography I

Number Theory Alex X. Liu & Haipeng Dai

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Mathematical Foundations of Cryptography

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Number Theory and Algebra: A Brief Introduction

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Iterated Encryption and Wiener s attack on RSA

LECTURE NOTES IN CRYPTOGRAPHY

Chapter 8. Introduction to Number Theory

Algorithmic Number Theory and Public-key Cryptography

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

CS483 Design and Analysis of Algorithms

Discrete mathematics I - Number theory

Lecture 14: Hardness Assumptions

Lecture 4: Number theory

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Chapter 2 (Part 3): The Fundamentals: Algorithms, the Integers & Matrices. Integers & Algorithms (2.5)

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

Chapter 4 Finite Fields

2WF15 - Discrete Mathematics 2 - Part 1. Algorithmic Number Theory

PREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Chapter 5. Modular arithmetic. 5.1 The modular ring

Transcription:

Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18

Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as Z n = {0,1,...,n 1} Elements of Z n can be thought of as equivalency classes, where, for n 2, every integer in a Z maps into one of the elements r Z n using the division law a = q n+r which is represented as a r (mod n) The symbol Zn represents the set of positive integers that are less than n and relatively prime to n; if a Zn, then gcd(a,n) = 1 When n is prime, the set would be Z n = {1,2,...,n 1} When n is not a prime, the number of elements that are less than n and relatively prime to n is given as φ(n) = Z n Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 2 / 18

GCD and Euclidean Algorithm The greatest common divisor of two integers can be computed using the Euclidean algorithm The Euclidean algorithm uses the property gcd(a,b) = gcd(b,a q b), where q = a/b to reduce the numbers and finally obtains gcd(a,b) = gcd(g,0) = g For example, to compute gcd(56,21) = 7, we perform the iterations gcd(56,21) = gcd(21,56 2 21) since 56/21 = 2 gcd(21,14) = gcd(14,21 1 14) since 21/14 = 1 gcd(14,7) = gcd(7,14 2 7) since 14/7 = 2 gcd(7,0) = 7 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 3 / 18

GCD and Euclidean Algorithm Given the positive integers a and b with a > b, the Euclidean algorithm computes the greatest common divisor g using the code below: while(b!= 0) { q = a/b; r = a-q*b; a = b; b = r } g = a where the division a/b operation is the integer division, q = a/b a b q r new a new b 117 45 2 27 45 27 45 27 1 18 27 18 27 18 1 9 18 9 18 9 2 0 9 0 9 0 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 4 / 18

Extended Euclidean Algorithm Another important property of the GCD is that, if gcd(a,b) = g, then there exists integers s and t such that s a+t b = g We can compute s and t using the extended Euclidean algorithm by working back through the remainders in the Euclidean algorithm, for example, to find gcd(833,301) = 7, we write 833 2 301 = 231 301 1 231 = 70 231 3 70 = 21 70 3 21 = 7 21 3 7 = 0 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 5 / 18

Extended Euclidean Algorithm Since g = 7, we start with the 4th equation and plug in the remainder value from the previous equation to this equation, and then move up 70 3 (231 3 70) = 7 10 70 3 231 = 7 10 (301 1 231) 3 231 = 7 10 301 13 231 = 7 10 301 13 (833 2 301) = 7 13 833+36 301 = 7 Therefore, we find s = 13 and t = 36 such that g = 7 = s a+t b Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 6 / 18

Computation of Multiplicative Inverse The extended Euclidean algorithm allows us to compute the multiplicative inverse of an integer a modulo another integer n, if gcd(a,n) = 1 The EEA obtains the identity g = s a+t b which implies s a+t n = 1 s a = 1 (mod n) a 1 = s (mod n) For example, gcd(23, 25) = 1, and the extended Euclidean algorithm returns s = 12 and t = 11, such that therefore 23 1 = 12 (mod 25) 1 = 12 23 11 25 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 7 / 18

Fermat s Little Theorem Cryptography Theorem: If p is prime and gcd(a,p) = 1, then a p 1 = 1 (mod p) For example, p = 7 and a = 2, we have a p 1 = 2 6 = 64 = 1 (mod 7) FLT can be used to compute the multiplicative inverse if the modulus is a prime number a 1 = a p 2 (mod p) since a 1 a = a p 2 a = a p 1 = 1 mod p The converse of the FLT is not true: If a n 1 = 1 (mod n) and gcd(a,n) = 1, then n may or may not be a prime. Example: gcd(2,341) = 1 and 2 340 = 1 (mod 341), but 341 is not prime: 341 = 11 31 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 8 / 18

Euler s Phi Function Cryptography Euler s Phi (totient) Function φ(n) is defined as the number of numbers in the range [1,n 1] that are relatively prime to n Let n = 7, then φ(7) = 6 since for all a [1,6], we have gcd(a,7) = 1 If p is a prime, φ(p) = p 1 For a positive power of prime, we have φ(p k ) = p k p k 1 If n and m are relatively prime, then φ(n m) = φ(n) φ(m) If all prime factors of n is known, then φ(n) is easily computed: ( φ(n) = n 1 1 ) p p n Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 9 / 18

Euler s Theorem Cryptography Theorem: If gcd(a,n) = 1, then a φ(n) = 1 (mod n) Example: n = 15 and a = 2, we have 2 φ(15) = 2 8 = 256 = 1 mod 15 Euler s theorem can be used to compute the multiplicative inverse for any modulus: a 1 = a φ(n) 1 (mod n) however, this requires the computation of the φ(n) and therefore the factorization of n To compute 23 1 mod 25, we need φ(25) = φ(5 2 ) = 5 2 5 1 = 20, and therefore, 23 1 = 23 20 1 = 23 19 = 12 (mod 25) Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 10 / 18

Modular Arithmetic Operations Given a modulus (prime or composite), how does one compute additions, subtractions, multiplications, and exponentiations? s = a+b (mod n) is computed in two steps: 1) add, 2) reduce If a,b < n to start with, then the reduction step requires a subtraction if s > n, then s = s n s = a b (mod n) is computed similarly: 1) subtract, 2) reduce Negative numbers are brought to the range [0,n 1] since we use the least positive representation, e.g., 5 = 5+11 = 6 (mod 11) Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 11 / 18

Modular Multiplication Cryptography a b (mod n) can be computed in two steps: 1) multiply, 2) reduce The reduction step requires division by n to get the remainder a b = s = q n+r However, we do not need the quotient! The division by n is an expensive operation The modular multiplication operation is highly common in public-key cryptography The Montgomery Multiplication: An new algorithm for performing modular multiplication that does not require division by n Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 12 / 18

Modular Exponentiation Cryptography The computation of a e (mod n): Perform the steps of the exponentiation a e, reducing numbers at each step modulo n Exponentiation algorithms: binary method, quaternary method, m-ary methods, power method, sliding windows, addition chains The binary method uses the binary expansion of the exponent e = (e k 1 e k 2 e 1 e 0 ) 2, and performs squarings and multiplications at each step For example, to compute a 55, we start with the most significant bit of e = 55 = (1 10111), and proceed by scanning the bits a 1 s a 2 m a 3 s a 6 s a 12 m a 13 s a 26 m a 27 s a 54 m a 55 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 13 / 18

The Binary Method of Exponentiation Given the inputs a, n, and e = (e k 1 e k 2 e 1 e 0 ) 2, the binary method computes b = a e (mod n) as follows if e[k-1]=1 then b = a else b = 1 for i = k-2 downto 0 b = b * b mod n if e[i] = 1 then b = b * a mod n return b For e = 55 = (110111), we have k = 6 Since e 5 = 1, we start with b = a e 4 = 1 e 3 = 0 e 2 = 1 e 1 = 1 e 0 = 1 Step 2a b 2 = a 2 b 2 = a 6 b 2 = a 12 b 2 = a 26 b 2 = a 54 Step 2b b a = a 3 b = a 6 b a = a 13 b a = a 27 b a = a 55 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 14 / 18

The Chinese Remainder Theorem Some cryptographic algorithms work with two (such as RSA) or more moduli (such as secret-sharing) the Chinese Remainder Theorem (CRT) and underlying algorithm allows to work with multiple moduli Theorem: Given k pairwise relatively prime moduli {n i i = 1,2,...,k}, a number X [0,N 1] is uniquely representable using the remainders {r i i = 1,2,...,k} such that r i = X (mod n i ) and N = n 1 n 2 n k Given the remainders r 1,r 2,...,r k, we can compute X using X = k r i c i N i (mod N) i=1 where N i = N/n i and c i = N 1 i (mod n i ) Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 15 / 18

A CRT Example Cryptography Let the moduli set be {5,7,9}; note that they are pairwise relatively prime gcd(5,7) = gcd(5,9) = gcd(7,9) = 1 (even though 9 is not prime) We have n 1 = 5, n 2 = 7, n 3 = 9, and thus N = 5 7 9 = 315, therefore, all integers in the range [0, 314] are uniquely representable using these moduli set Let X = 200, then we have r 1 = 200 mod 5 ; r 2 = 200 mod 7 ; r 1 = 200 mod 9 r 1 = 0 r 2 = 4 r 3 = 2 The remainder set (0,4,2) with respect to the moduli set (5,7,9) uniquely represents the integer 200, as CRT(0,4,2;5,7,9) = 200 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 16 / 18

A CRT Example Cryptography Compute Y = CRT(0,4,2;5,7,9) N = n 1 n 2 n 3 = 5 7 9 = 315 N 1 = N/n 1 = 315/5 = 7 9 = 63 N 2 = N/n 2 = 315/7 = 5 9 = 45 N 3 = N/n 3 = 315/9 = 5 7 = 35 c 1 = N1 1 = 63 1 = 3 1 = 2 (mod 5) c 2 = N2 1 = 45 1 = 3 1 = 5 (mod 7) c 2 = N3 1 = 35 1 = 8 1 = 8 (mod 9) Y = r 1 c 1 N 1 +r 2 c 2 N 2 +r 3 c 3 N 3 (mod N) = 0 2 63+4 5 45+2 8 35 = 1460 (mod 315) = 200 (mod 315) Therefore, CRT(0,4,2;5,7,9) = 200 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 17 / 18

Another CRT Example Cryptography Compute Y = CRT(2,1,1;7,9,11) N = n 1 n 2 n 3 = 7 9 11 = 693 N 1 = N/n 1 = 693/7 = 9 11 = 99 N 2 = N/n 2 = 693/9 = 7 11 = 77 N 3 = N/n 3 = 693/11 = 7 9 = 63 c 1 = N1 1 = 99 1 = 1 1 = 1 (mod 7) c 2 = N2 1 = 77 1 = 5 1 = 2 (mod 9) c 2 = N3 1 = 63 1 = 8 1 = 7 (mod 11) Y = r 1 c 1 N 1 +r 2 c 2 N 2 +r 3 c 3 N 3 (mod N) = 2 1 99+1 2 77+1 7 63 = 793 (mod 693) = 100 (mod 693) Therefore, CRT(2,1,1;7,9,11) = 100 Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 18 / 18

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback