Number Theory for Cryptography

Similar documents
Solutions for the Practice Questions

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Discrete Math Class 4 ( )

Number Theory/Cryptography (part 1 of CSC 282)

Math 255 Spring 2017 Solving x 2 a (mod n)

SOLUTIONS TO PROBLEM SET 5. Section 9.1

ALGEBRA: Chapter I: QUESTION BANK

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Data security (Cryptography) exercise book

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Modular Arithmetic. claserken. July 2016

Math 412: Number Theory Lecture 6: congruence system and

Primitive Roots. Chapter Orders and Primitive Roots

Distribution of Primes

Applications of Fermat s Little Theorem and Congruences

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

NUMBER THEORY AMIN WITNO

SOLUTIONS FOR PROBLEM SET 4

Modular Arithmetic. Kieran Cooney - February 18, 2016

Carmen s Core Concepts (Math 135)

Introduction to Modular Arithmetic

Math 127: Equivalence Relations

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Wilson s Theorem and Fermat s Theorem

CHAPTER 2. Modular Arithmetic

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Numbers (8A) Young Won Lim 5/22/17

Numbers (8A) Young Won Lim 5/24/17

Chapter 4 Cyclotomic Cosets, the Mattson Solomon Polynomial, Idempotents and Cyclic Codes

Numbers (8A) Young Won Lim 6/21/17

ELEMENTS OF NUMBER THEORY & CONGRUENCES. Lagrange, Legendre and Gauss. Mth Mathematicst

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Cryptography, Number Theory, and RSA

1.6 Congruence Modulo m

Implementation / Programming: Random Number Generation

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Foundations of Cryptography

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Assignment 2. Due: Monday Oct. 15, :59pm

MATH 433 Applied Algebra Lecture 12: Sign of a permutation (continued). Abstract groups.

University of British Columbia. Math 312, Midterm, 6th of June 2017

Final exam. Question Points Score. Total: 150

Practice Midterm 2 Solutions

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Algorithmic Number Theory and Cryptography (CS 303)

Solutions for the 2nd Practice Midterm

Fermat s little theorem. RSA.

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

The Chinese Remainder Theorem

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

The Chinese Remainder Theorem

Modular Arithmetic: refresher.

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

Algorithmic Number Theory and Cryptography (CS 303)

Math 3560 HW Set 6. Kara. October 17, 2013

Modular arithmetic Math 2320

Constructions of Coverings of the Integers: Exploring an Erdős Problem

LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI

17. Symmetries. Thus, the example above corresponds to the matrix: We shall now look at how permutations relate to trees.

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

MAT Modular arithmetic and number theory. Modular arithmetic

ON THE EQUATION a x x (mod b) Jam Germain

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

6.2 Modular Arithmetic

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Solutions for the Practice Final

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

MODULAR ARITHMETIC II: CONGRUENCES AND DIVISION

Discrete Square Root. Çetin Kaya Koç Winter / 11

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Number Theory. Konkreetne Matemaatika

Goldbach Conjecture (7 th june 1742)

1 Introduction to Cryptology

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Sheet 1: Introduction to prime numbers.

ON MODULI FOR WHICH THE FIBONACCI SEQUENCE CONTAINS A COMPLETE SYSTEM OF RESIDUES S. A. BURR Belt Telephone Laboratories, Inc., Whippany, New Jersey

12. Let Rm = {0,1,2,..., m 1} be a complete residue system modulo ra. Let a be an integer. When is a Rm = {0,1 a, 2 a,...

1 = 3 2 = 3 ( ) = = = 33( ) 98 = = =

Two congruences involving 4-cores

DUBLIN CITY UNIVERSITY

Permutation Groups. Every permutation can be written as a product of disjoint cycles. This factorization is unique up to the order of the factors.

Power = 36² mod 99 Power = 9 5 a 5 = 0 x = 81 Power = 9² mod 99 Power = 81 6 a 6 = 1 x = 81 x 81 mod 99 x = 27 7 a 7 = 1 x = 27 x 27 mod 99 x = 36

The Chinese Remainder Theorem

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Solution: This is sampling without repetition and order matters. Therefore

SESAME Modular Arithmetic. MurphyKate Montee. March 2018 IN,Z, We think numbers should satisfy certain rules, which we call axioms:

CS70: Lecture 8. Outline.

ON MULTIPLICATIVE SEMIGROUPS OF RESIDUE CLASSES

L29&30 - RSA Cryptography

LUCAS-SIERPIŃSKI AND LUCAS-RIESEL NUMBERS

Transcription:

Number Theory for Cryptography 密碼學與應用 海洋大學資訊工程系 丁培毅

Congruence Modulo Operation: Question: What is 12 mod 9? Answer: 12 mod 9 3 or 12 3 (mod 9) 12 is congruent to 3 modulo 9 Definition: Let a, r, m (where is the set of all integers) and m 0. We write a r (mod m) if m divides a r (i.e. m a-r) m is called the modulus r is called the remainder a = q m + r 0 r < m Example: a=42 and m=9 42 = 4 9 + 6 therefore 42 6 (mod 9) 2

Greatest tcommon Divisor i GCD of a and b is the largest positive integer dividing both a and b gcd(a, b) or (a,b) ex. gcd(6, 4) = 2,,g gcd(5, 7) = 1 Euclidean algorithm ex. gcd(482 482, 1180 1180 = 2 482 + 216 482 =2216 216 + 50 216 = 4 50 + 16 50 = 3 16 + 2 16 = 8 2 + 0 gcd remainder divisor dividend ignore 1180) Why does it work? Let d = gcd(482, 1180) d 482 and d 1180 d 216 because 216 = 1180-2 482 d 216 and d 482 d 50 d 50 and d 216 d 16 d 16 and d 50 d 2 2 16 d = 2 3

Greatest tcommon Divisor i (cont d) Euclidean Algorithm: calculating GCD gcd(1180, 482) 2 482 432 1180 964 2 3 50 216 4 48 200 2 16 16 8 0 ( 輾轉相除法 ) 4

Greatest tcommon Divisor i (cont d) Def: a and b are relatively prime: gcd(a, b) = 1 Theorem: Let a and b be two integers, with at least one of a, b nonzero, and let d = gcd(a,b). Then there exist integers x, y, gcd(x, y) = 1 such that a x + b y = d Constructive proof: Using Extended Euclidean Algorithm to find x and y d = 2 = 50-3 16 = (482-2 216) - 3 (216-4 50) = = 1180 (-29) + 482 71 a x b y 216 = 1180-2 482 50 = 482-2 216 16 = 216-4 50 5

Extended d Euclidean Algorithm Let gcd(a, b) = d Looking for s and t, gcd(s, t) = 1 s.t. a s + b t = d When d = 1t 1, b -1 (mod a) a = q 1 b + r 1 b = q 2 r 1 + r 2 r 1 = q 3 r 2 + r 3 r 2 = q 4 r 3 + d r 3 = q 5 d + 0 Ex. 1180 = 2 482 + 216 1180-2 482 = 216 482 = 2 216 + 50 482-2 (1180-2 482) = 50-2 1180 + 5 482 = 50 216 = 4 50 + 16 (1180-2 482) - 4 (-2 1180 + 5 482) = 16 9 1180-22 482 = 16 50 = 3 16 + 2 (-2 1180 + 5 482) - 3 (9 1180-22 482) = 2-29 1180 + 71 482 = 2 6

Greatest tcommon Divisor i (cont d) The above proves only the existence of integers x and y How about gcd(x, y)? Z d = a x+b y d = gcd(a, b) 1 = a/d x + b/d y If gcd(x, y) = r then 1=a/d(x'r) r) + b/d (y'r) Note: gcd(x, y) = 1 but (x, y) is not unique i.e. 1 = r (a/dx' + b/dy') e.g. d = a x +b y = a (x-kb) + b (y+ka) which means that r 1 i.e. r = 1 gcd(x, y) = 1 7

Greatest tcommon Divisor i (cont d) Lemma: gcd(a,b) = gcd(x,y) = gcd(a,y) = gcd(x,b) = 1 a, b, x, y s.t. 1 = a x + b y pf:( ) following the previous theorem ( ) Given a, b, z, if x, y, gcd(x,y)=1 s.t. z = ax + by then gcd(a, b) z (also gcd(a, y) z, gcd(x, b) z) (let d = gcd(a, b) d a and d b d a x + b y d z) especially, given a, b, xyst1=ax+by x, s.t. x y gcd(a, b) 1 gcd(a, b) = 1 8

Operations under mod n Proposition: Let a,b,c,d,n,,,, be integers with n 0, suppose a b (mod n) and c d (mod n) then a + c b + d (mod n), a - c b - d (mod n), Proposition: a c b d(modn) Let a,b,c,n be integers with n 0 and gcd(a,n) =1. If a b a c (mod n) then b c (mod n) 9

Operations under mod n What is the multiplicative inverse of a (mod n)? i.e. a a -1 1 (mod n) or a a -1 = 1 + k n gcd(a, n) = 1 s and t such that a s + n t = 1 a -1 s (mod n) a x b (mod n), gcd(a, n) = 1, x? x b a -1 b s (mod n) a x b (mod n), gcd(a, n) = d 1, x? if d b (a/d) x (b/d) (mod n/d) gcd(a/d,n/d) = 1 x 0 (b/d) (a/d) -1 (mod n/d) there are d solutions to the equation a x b(modn): x 0, x 0 +(n/d),...,x 0 +(d-1)(n/d) (mod n) This expression also implies gcd(a,n)=1. Are there any solutions? 10

Mti Matrix inversion i under mod n A square matrix is invertible mod n if and only if its determinant and n are relatively prime ex: in real field R -1 a b 1 d -b = c d ad - bc -c a In a finite field Z (mod n)? we need to find the inverse for ad-bc (mod n) in order to calculate the inverse of the matrix -1 a c b d d -b (ad bc) -1 (mod n) -c a 11

Group A group G is a finite or infinite set of elements and a binary operation which together satisfy 1Closure: 1. ab G a,b a b=c G 封閉性 2. Associativity: a,b,c G (a b) c = a (b c) 結合性 3. Identity: a GG 1 a = a 1 = a 單位元素 4. Inverse: a G a a -1 = 1 = a -1 a 反元素 Abelian group 交換群 a,b G a b = b a means g g g g Cyclic group G of order m: a group defined by an element g G such that g, g 2, g 3,. g m are all distinct elements in G (thus cover all elements of G) and g m =1 1, the element g is called a generator of G. Ex: * Z n (or Z/nZ) 12

Group (cont d) The order of a group: the number of elements in a group G, denoted G. If the order of a group is a finite number, the group is said to be a finite group, note g G = 1 (the identity element). The order of an element g of a finite group G is the smallest power m such that g m = 1 (the identity element), denoted by ord G G(g) ex: Z n : additive group modulo n is the set {0, 1,, n-1} binary operation: + (mod n) size of Z i n is n, identity: 0 g+g+ +g 0 (mod n) inverse: -x n-x (mod n) * ex: Z n : multiplicative group modulo n is the set {i:0 i n, gcd(i,n)=1} binary operation: (mod n) size of Z* n is (n), identity: 1 g (n) 1(modn) inverse: x -1 can be found using extended Euclidean Algorithm 13

Ring m Definition: The ring m consists of The set m = {0, 1, 2,, m-1} Two operations + (mod m) and (mod m) for all a, b m such that they satisfy the properties on the next slide Example: m = 9 9 = {0, 1, 2, 3, 4, 5, 6, 7, 8} 6 + 8 = 14 5 (mod 9) 6 8 = 48 3 (mod 9) 14

Properties of fthe ring m Consider the ring m = {0, 1,, m-1} } The additive identity 0 : a + 0 a (mod m) The additive inverse of a: -a a = m a st s.t. a+(-a) ( a) 0(modm) m) Addition is closed i.e if a, b m then a + b m Addition is commutative a+b b+a(mod m) Addition is associative (a + b) + c a + (b + c) (mod m) Multiplicative identity 1 : a 1 a (mod m) The multiplicative inverse of a exists only when gcd(a,m) = 1 and denoted as a -1 st s.t. a -1 a 1(modm) m) might or might not exist Multiplication is closed i.e. if a, b m then a b m Multiplication is commutative a b b a (mod m) Multiplication is associative (a b) c a (b c) (mod m) 15

Some remarks on the ring m A ring is an Abelian group under addition and a semigroup under multiplication. A semigroup is defined for a set and a binary operator in which the multiplication operation is associative. No other restrictions are placed on a semigroup; thus a semigroup need not have an identity element and its elements need not have inverses within the semigroup. 16

Some remarks on the ring m (cont d) Roughly speaking a ring is a mathematical ti structure t in which we can add, subtract, multiply, and even sometimes divide. id (A ring in which h every element has multiplicative li inverse is called a field.) Example: Is the division 4/15 (mod 26) possible? In fact, 4/15 mod 26 4 15-1 (mod 26) Does 15-1 (mod 26) exist? It exists only if gcd(15, 26) = 1. 15-1 7 (mod 26) therefore, 4/15 mod 26 4 7 28 2 mod 26 17

Some remarks on the group * m and m The modulo operation can be applied whenever we want under Z m (a + b) (mod m) [(a (mod m)) + ((b mod m)) ] (mod m) under Z * m (a b) (mod m) [(a (mod m)) ((b mod m)) ] (mod m) a b (mod m) (a (mod m)) b (mod m) Question? a b? (mod m) a (b mod m) (mod m) 18

Exponentiation in m Example: 3 8 (mod 7)? 3 8 (mod 7) 6561 (mod 7) 2 since 6561 937 7 + 2 or 3 8 (mod 7) 3 4 3 4 (mod 7) 3 2 3 2 3 2 3 2 (mod 7) (3 2 (mod 7)) (3 2 (mod 7)) (3 2 (mod 7)) (3 2 (mod 7)) 2 2 2 2 (mod 7) 16 (mod 7) 2 The cyclic group m* and the modulo arithmetic is of central limportance to modern public-key cryptography. In practice, the order of the integers involved in PKC are in the range of [2 160, 2 1024 ]. Perhaps even en larger. 19

Exponentiation in m (cont d) How do we do the exponentiation efficiently? 3 1234 (mod 789) many ways to do this a. do 1234 times multiplication li and then calculate l remainder b. repeat 1234 times (multiplication by 3 and calculate remainder) c. repeated log 1234 times (square, multiply and calculate remainder) ex. first tabulate 3 2 9 (mod 789) 3 32 459 2 18 3 512 732 2 93 3 4 9 2 81 3 64 18 2 324 3 1024 93 2 759 3 8 81 2 249 3 128 324 2 39 3 16 249 2 459 3 256 39 2 732 1234 = 1024 + 128 + 64 + 16 + 2 (10011010010) 2 3 1234 3 (1024+128+64+16+2) (((759 39) 324) 459) 9 105 (mod 789) 20

Exponentiation in m (cont d) calculate x y (mod m) where y = b 0 2 2 + b 1 2 + b 2 Method 1: b 2 b 2 b 4 b x b 2 ( x 2 ) x 1 x 2 x 1 x 0 ( ) ( ) ( ) square Method 2: b b b square 2b b x b 0 ( ) ( x ) square x 0 ) 2 x 1 0 1 2 2 square square and multiply log y times x b 21

Exponentiation in m (cont d) Mthd1 Method 1: 1234 = 1024 + 128 + 64 + 16 + 2 (10011010010) 2 3 1234 3 0+2(1+2(0+2(0+2(1+2(0+2(1+2(1+2(0+2(0+2(1)))))))))) 9 9 2(0+2(0+2(1+2(0+2(1+2(1+2(0+2(0+2(1))))))))) 9 81 2(0+2(1+2(0+2(1+2(1+2(0+2(0+2(1)))))))) 9 249 2(1+2(0+2(1+2(1+2(0+2(0+2(1))))))) 9 459 459 2(0+2(1+2(1+2(0+2(0+2(1)))))) 9 459 18 2(1+2(1+2(0+2(0+2(1))))) 9 459 324 324 2(1+2(0+2(0+2(1)))) 9 459 324 39 39 2(0+2(0+2(1))) 2(1))) 9 459 324 39 732 2(0+2(1)) 9 459 324 39 93 2(1) 9 459 324 39 759 mod 789 22

Exponentiation in m (cont d) Mthd2 Method 2: 1234 = 1024 + 128 + 64 + 16 + 2 (10011010010) 2 3 1234 3 0+2(1+2(0+2(0+2(1+2(0+2(1+2(1+2(0+2(0+2(1)))))))))) (3 3 2(0+2(1+2(0+2(1+2(1+2(0+2(0+2(1)))))))) ) 2 (3 (3 2(1+2( 0+2(1+2(1+2(0+2(0+2(1))))))) ) 2 ) 2 (3 ((3 3 (( 2( 0+2(1+2(1+2(0+2(0+2(1)))))) ) 2 ) 2 ) 2 (3 ((3 (3 2(1+2(1+2(0+2(0+2(1))))) ) 2 ) 2 ) 2 ) 2 (3 ((3 ((3 3 2(1+2(0+2(0+2(1)))) ) 2 ) 2 ) 2 ) 2 ) 2 (3 ((3 ((3 (3 3 2(0+2(0+2(1))) ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 (3 ((3 ((3 (3 (3 2(0+2(1)) ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 (3 ((3 ((3 (3 ((3 2(1) ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 (3 ((3 ((3 (3 (((3 1 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 ) 2 23

Chinese Remainder Theorem (CRT) i j {1,2, k}, gcd(r i, r j ) = 1, 0 m i r i Is there an m that satisfies simultaneously the following set of congruence equations? m m 1 (mod r 1 ) ex: m 1 (mod 3) m 2 (mod r 2 ) 2 (mod 5) 3 (mod 7) Note: gcd(3,5) = 1 m k (mod r k ) gcd(3,7) = 1 gcd(5,7) = 1 韓信點兵 : 三個一數餘一, 五個一數餘二, 七個一數餘三, 請問隊伍中至少有幾名士兵? 24

Chinese Remainder Theorem (CRT) first solution: n = r 1 r 2 r k z i = n / r i s i Z* ri s.t. s i z i 1 (mod r i ) (since gcd(z i, r i ) = 1) k m z i s i m i (mod n) i=1 ex: n = 3 5 7 m 1 =1, m 2 =2, m 3 =3 r 1 =3, r 2 =5, r 3 =7 z 1 =35, z 2 =21, z 3 =15 s 1 =2, s 2 =1, s 3=1 Unique solution in Z n? m 3521 + 2112 + 1513 157 52 (mod 105) 25

Chinese Remainder Theorem (CRT) Uniqueness: 1. If there exists m' Z n ( m) also satisfies the previous k congruence relations, then i, m'-m 0 (mod r i ). 2. This is equivalent to i, m' = m + k i r i m+r j m+2r j m m+r i m+2r i m' m' = m + k lcm(r 1, r 2 r k ) = m + k n m' Z n for all k 0 contradiction! 26

Chinese Remainder Theorem (CRT) second solution: R i = r 1 r 2 r i-1 * t i Z ri s.t. t i R i 1 (mod r i ) (since gcd(r i, r i ) = 1) ^ m = m satisfies the first i-1 congruence relations 1 1 m^ i = m^ i-1 + R i (m i -m^ i-1 ) t i (mod R i+1 ) i 2 ^ m = m k Note that m^ i m 1 (mod r 1 ) m 2 (mod r 2 ) m i (mod r i ) m 1 =1, m 2 =2, m 3 =3 r 1 =3, r 2 =5, r 3 =7 R 2 =3, R 3 =15, R 4 =105 t 2 =2, t 3 =1 ex: m^ 1 1 m^ 2 1+3(2-1)2=7 m ^ m 3 7+15(3-7)1-53 52 (mod 105) 27

1 step step 2 Chinese Remainder Theorem (CRT) special case: x m (mod r 1 ) m (mod r 2 ) m n (mod r n ) x m (mod r 1 r 2 r n ) insight i of the second solution: every step satisfies one more requirement x m 1 (mod r 1 ) lt^ let m 1 = m 1 m ^ r m ^ =r 1 1 1 +r 2r 1 1 R 2 1 m 1 is the only solution for x in Z* R2 general solution of x must be m^ 1 + kr 2 for some k x m 1 (mod r 1 ) m m2 2 (mod r ^ r 2 r 1 ^ 2r 2 r 1 R 3 = r 2 r 2 ) m 2 + r 2 r 1 1 let m^ 2 m^ 1 + k * R 2 (mod R 3 ) where k * = t 2 (m 2 -m^ 1 ) and t 2 R 2 1 (mod r 2 ) m * 2 is the only solution for x in Z R3 general solution of x must be m^ 2 + k R 3 for some k 2m2+ m 2 1 2 r2r1 2 1 28

Chinese Remainder Theorem (CRT) Applications: solve x 2 1(mod35) 35 = 5 7 x* satisfies f(x*) 0 (mod 35) x* satisfies both f(x*) 0 (mod 5) and f(x*) 0 (mod 7) Proof: ( ) ( ) f(x*) = k 1 p and f(x*) = k 2 q imply that f(x*) = k lcm(p q) = k p q i.e. f(x*) 0 (mod p q) f(x*) = k p q implies that f(x*) = (k p) q = (k q) p i.e. f(x*) 0( (mod p) 0 (mod q) 29

Chinese Remainder Theorem (CRT) since 5 and 7 are prime, we can solve x 2 1 (mod 5) and x 2 1 (mod 7) far more easily than x 2 1 (mod 35) Why? x 2 1 (mod 5) has exactly two solutions: x 1 (mod 5) x 2 1 (mod 7) has exactly two solutions: o s: x 1 (mod 7) put them together and use CRT, there are four solutions x 1(mod5) 1(mod7) x 1(mod35) x 1 (mod 5) 6 (mod 7) x 6 (mod 35) x 4 (mod 5) 1 (mod 7) x 29 (mod 35) x 4 (mod 5) 6 (mod 7) x 34 (mod 35) 30

Mtlbt Matlab tools format rat format long format long matrix inverse inv(a) matrix determinant det(a) p = q d + r r = mod(p, d) or r = rem(p, d) q = floor( p / d ) g = gcd(a, b) g = a s + b t [g, s, t] = gcd(a, b) factoring factor(n) prime numbers < N primes(n) test prime isprime(p) mod exponentiation * powermod(a,b,n) find primitive root * primitiveroot(p) crt * crt([a 1 a 2 a 3...], [m 1 m 2 m 3...]) (N) * eulerphi(n) 31

Field Field: a set that has the operation of addition, multiplication, subtraction, and division by nonzero elements. Also, the associative, commutative, and distributive laws hold. Ex. Real numbers, complex numbers, rational numbers, integers mod a prime are fields Ex. Integers, 2 2 matrices with real entries are not fields Ex. GF(4) = {0, 1,, 2 } 0 + x = x x + x = 0 1 x=x x + 1 = 2 Addition and multiplication are commutative and associative, and the distributive law x(y+z)=xy+xz holds for all x, y, z x 3 = 1 for all nonzero elements 32

Gli Galois Field Fild Galois Field: A field with finite element, finite field For every power p n of a prime, there is exactly one finite field with p n elements (called GF(p n )), and these are the only finite fields. For n > 1, {integers (mod p n )} do not form a field. Ex. p x 1 (mod p n ) does not have a solution (i.e. p does not have multiplicative inverse) 33

How to construct ta GF(p n )? Def: Z 2 [X]: the set of polynomials whose coefficients are integers mod 2 ex. 0, 1, 1+X 3 +X 6 add/subtract/multiply/divide/euclidean Algorithm: process all coefficients i mod 2 (1+X 2 +X 4 ) + (X+X 2 ) = 1+X+X 4 (1+X+X 3 )(1+X) = 1+X 2 +X 3 +X 4 bitwise XOR X 4 +X 3 +1 = (X 2 +1)(X 2 +X+1) + X long division can be written as X 4 +X 3 +1 X (mod X 2 +X+1) 34

How to construct tgf(2 n )? Define Z 2 [X] (mod X 2 +X+1) to be {0, 1, X, X+1} addition, subtraction, multiplication are done mod X 2 +X+1 f(x) g(x) (mod X 2 +X+1) if f(x) and g(x) have the same remainder when divided by X 2 +X+1 or equivalently h(x) such that f(x) - g(x) = (X 2 +X+1) h(x) ex. XX = X 2 X+1 (mod X 2 +X+1) if we replace X by, we can get the same GF(4) as before the modulus polynomial X 2 +X+1 should be irreducible Irreducible: polynomial does not factor into polynomials of lower degree with mod 2 arithmetic ex. X 2 +1 is not irreducible since X 2 +1 = (X+1)(X+1) 35

How to construct tgf( GF(p n )? Z p [X] is the set of polynomials with coefficients mod p Choose P(X) to be any one irreducible polynomial mod p of degree n (other irreducible P(X) s would result to isomorphisms) Let GF(p n )bez[x] p mod P(X) An element tin Z p [X] mod P(X) must be of the form a 0 + a 1 X + + a n-1 X n-1 each a i are integers mod p, and have p choices, hence there are p n possible elements in GF(p n ) multiplicative inverse of any element in GF(p n ) can be found using extended Euclidean algorithm (over polynomial) 36

GF(2 8 ) AES (Rijndael) uses GF(2 8 ) with irreducible polynomial 8 4 3 X 8 + X 4 + X 3 + X + 1 each element is represented as b 7 X 7 + b 6 X 6 + b 5 X 5 + b 4 X 4 + b 3 X 3 + b 2 X 2 +b 1 X + b 0 each b i is either 0 or 1 elements of GF(2 8 ) can be represented as 8-bit bytes b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 mod 2 operations can be implemented by XOR in H/W 37

GF(p n ) Definition of generating polynomial g(x) is parallel to the generator in Z p : every element in GF(p n ) (except 0) can be expressed as a power of g(x) the smallest exponent k such that g(x) k 1 is p n -1 Discrete log problem in GF(p n ): given h(x), find an integer k such that h(x) g(x) k (mod P(X)) believed to be very hard in most situations 38

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback