Fermat s little theorem. RSA.

Similar documents
Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

SOLUTIONS FOR PROBLEM SET 4

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

CHAPTER 2. Modular Arithmetic

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Solutions for the Practice Questions

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

1.6 Congruence Modulo m

Assignment 2. Due: Monday Oct. 15, :59pm

Number Theory/Cryptography (part 1 of CSC 282)

Final exam. Question Points Score. Total: 150

Algorithmic Number Theory and Cryptography (CS 303)

Application: Public Key Cryptography. Public Key Cryptography

Number Theory. Konkreetne Matemaatika

Applications of Fermat s Little Theorem and Congruences

Modular Arithmetic. claserken. July 2016

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Math 255 Spring 2017 Solving x 2 a (mod n)

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Introduction to Modular Arithmetic

Solutions for the Practice Final

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

Classical Cryptography

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Carmen s Core Concepts (Math 135)

The Chinese Remainder Theorem

MAT199: Math Alive Cryptography Part 2

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

NUMBER THEORY AMIN WITNO

The number theory behind cryptography

Modular Arithmetic: refresher.

Public Key Encryption

Math 127: Equivalence Relations

Diffie-Hellman key-exchange protocol

Discrete Math Class 4 ( )

EE 418 Network Security and Cryptography Lecture #3

1 Introduction to Cryptology

Math 319 Problem Set #7 Solution 18 April 2002

Number Theory and Security in the Digital Age

6.2 Modular Arithmetic

CS70: Lecture 8. Outline.

ALGEBRA: Chapter I: QUESTION BANK

LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI

Cryptography, Number Theory, and RSA

Primitive Roots. Chapter Orders and Primitive Roots

Distribution of Primes

The Chinese Remainder Theorem

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Sheet 1: Introduction to prime numbers.

Algorithmic Number Theory and Cryptography (CS 303)

MAT Modular arithmetic and number theory. Modular arithmetic

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

The Chinese Remainder Theorem

Numbers (8A) Young Won Lim 6/21/17

Practice Midterm 2 Solutions

University of British Columbia. Math 312, Midterm, 6th of June 2017

Numbers (8A) Young Won Lim 5/24/17

Numbers (8A) Young Won Lim 5/22/17

Modular arithmetic Math 2320

Math 412: Number Theory Lecture 6: congruence system and

Chinese Remainder. Discrete Mathematics Andrei Bulatov

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

MODULAR ARITHMETIC II: CONGRUENCES AND DIVISION

Modular Arithmetic. Kieran Cooney - February 18, 2016

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

Wilson s Theorem and Fermat s Theorem

Data security (Cryptography) exercise book

Public Key Cryptography

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

N-Queens Problem. Latin Squares Duncan Prince, Tamara Gomez February

An elementary study of Goldbach Conjecture

DUBLIN CITY UNIVERSITY

Number-Theoretic Algorithms

ON MODULI FOR WHICH THE FIBONACCI SEQUENCE CONTAINS A COMPLETE SYSTEM OF RESIDUES S. A. BURR Belt Telephone Laboratories, Inc., Whippany, New Jersey

Goldbach Conjecture (7 th june 1742)

Solutions for the 2nd Practice Midterm

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Constructions of Coverings of the Integers: Exploring an Erdős Problem

Number Theory and Public Key Cryptography Kathryn Sommers

CS1800 Discrete Structures Fall 2016 Profs. Aslam, Gold, Ossowski, Pavlu, & Sprague 7 November, CS1800 Discrete Structures Midterm Version C

Outline Introduction Big Problems that Brun s Sieve Attacks Conclusions. Brun s Sieve. Joe Fields. November 8, 2007

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

DUBLIN CITY UNIVERSITY

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

The Sign of a Permutation Matt Baker

Transcription:

..

Computing large numbers modulo n (a) In modulo arithmetic, you can always reduce a large number to its remainder a a rem n (mod n). (b) Addition, subtraction, and multiplication preserve congruence: if a b (mod n) and c d (mod n), then a + c b + d (mod n), a c b d (mod n), ac bd (mod n). and (c) Instead of a congruence relation, you can work with the equality of the remainders a b (mod n) if and only if a rem n = b rem n p. 2

Example Find x such that (25 8 + 13 2 + 15) x (mod 21). In fact, we need to compute the remainder (25 8 +13 2 +15) rem 21: 25 2 625 16 (mod 21) 25 4 (25 2 ) 2 16 2 256 4 (mod 21) 25 8 (25 4 ) 2 4 2 16 (mod 21) 13 2 169 1 (mod 21) 25 8 + 13 2 + 15 16 + 1 + 15 32 11 (mod 21) Also we can say that (25 8 + 13 2 + 15) rem 21 = 11. p. 3

Example Compute x = 12 135 rem 137. p. 4

Example Compute x = 12 135 rem 137. 12 2 144 7 (mod 137) 12 4 (12 2 ) 2 7 2 49 (mod 137) 12 8 (12 4 ) 2 49 2 2401 72 (mod 137) 12 16 (12 8 ) 2 72 2 5184 115 (mod 137) 12 32 (12 16 ) 2 115 2 13225 73 (mod 137) 12 64 (12 32 ) 2 73 2 5329 123 (mod 137) 12 128 (12 64 ) 2 123 2 15129 59 (mod 137) 12 135 12 128 12 4 12 2 12 59 49 7 12 242844 80 (mod 137) p. 5

Lemma 1 Lemma. Let p be a prime. If k is not a multiple of p, then if ak bk (mod p) then a b (mod p) Proof. p (ak bk) p k(a b) By the lemma we proved in the previous lecture, p k or p (a b). Since p k, we conclude that p (a b), or equivalently, a b (mod p). p. 6

Observation x 5 6 7 8 9 10 11 12 13 14 15 16 x rem 7 5 6 0 1 2 3 4 5 6 0 1 2 When computing remainders of the division by p for a sequence of consecutive integers, we get all numbers from 0 to p 1. Can we come up with other ways for producing these numbers? p. 7

Observation For example, we take every second integer: 2, 4, 6, 8,... x 1 2 3 4 5 6 7 8 9 10 11 12 13 14 x rem 7 2 4 6 1 3 5 0 We generate the same numbers, even though they are permuted. Can we try another sequence: 3, 6, 9, 12, 15,... right? Yes, we can, but we can prove a more general result. p. 8

Lemma 2 Lemma. Let p be a prime. If k is not a multiple of p, the sequence k rem p, 2k rem p, 3k rem p,... (p 1)k rem p is a permuation of 1, 2, 3,... p 1. Proof. All remainders are in the interval between 1 and p 1. Let s prove by contradiction that all of them are different. Assume that exist two distinct integers 1 i j p 1 such that ik rem p = jk rem p ik jk (mod p) By Lemma 1, i j (mod p), and so i = j, because both are integers between 1 and p 1. Therefore, all remainders are different, and this proves the lemma. p. 9

Examples k = 2 and p = 5: 2 rem 5 = 2 4 rem 5 = 4 6 rem 5 = 1 8 rem 5 = 3 k = 12 and p = 7: 12 rem 7 = 5 24 rem 7 = 3 36 rem 7 = 1 48 rem 7 = 6 60 rem 7 = 4 72 rem 7 = 2 p. 10

Theorem. Let p be a prime. If k is not a multiple of p (i.e. p k) then k p 1 1 (mod p) Proof. 1 2 3 (p 1) = (k rem p )(2k rem p) (3k rem p) ((p 1)k rem p) }{{}}{{}}{{} k (mod p) 2k (mod p)... 1 2 3 (p 1) k 2k 3k (p 1)k (mod p) 1 2 3 (p 1) k p 1 (mod p). 1 k p 1 (mod p). (by Lemma 1) p. 11

Theorem. Let p be a prime. If k is not a multiple of p then k p 1 1 (mod p) Using this, we can find an inverse, x, kx 1 (mod p). How can we do that? If k is not a multiple of p and p is a prime than k p 2 is an inverse! k k p 2 = k p 1 1 (mod p) Because we need an inverse modulo p, the remainder (k p 2 rem p) is an inverse too. Notice the difference with the Extended Euclid s algorithm that can be used for computing an inverse even when p is not a prime. p. 12

Compute an inverse of 12 modulo 137, that is find x such that 12x 1 (mod 137) 137 is a prime, so we apply the, 12 12 137 2 1 (mod 137). The inverse is x = 12 137 2 = 12 135. Or, in fact, just the remainder 12 135 rem 137 is also the inverse, and we have computed it already: 12 135 rem 137 = 80. Let s check: 12 80 960 1 (mod 137) Thus 80 is a multiplicative inverse, indeed. p. 13

Theorem. Let p be a prime. If k is not a multiple of p then k p 1 1 (mod p) Find x such that 12 274 x (mod 137). By, 12 136 1 (mod 137), so p. 14

Theorem. Let p be a prime. If k is not a multiple of p then k p 1 1 (mod p) Find x such that 12 274 x (mod 137). By, 12 136 1 (mod 137), so 12 274 12 136 12 136 12 2 1 1 12 2 144 13 (mod 137) p. 15

Find x such that 2015 40321 x (mod 2017). By, 2015 2016 1 (mod 2017), so p. 16

Find x such that 2015 40321 x (mod 2017). By, 2015 2016 1 (mod 2017), so 2015 40321 2015 2016 20 2015 1 20 2015 2015 2 (mod 2017) p. 17

Theorem (Chinese remainder). Let n 1, n 2,..., n k be pairwise relatively prime positive integers greater than one and a 1, a 2,..., a n arbitrary integers. Then the system x a 1 (mod n 1 ), x a 2 (mod n 2 ),... x a k (mod n k ) has a unique solution modulo n = n 1 n 2 n k. (That is, there is a solution x with 0 x < n, and all other solutions are congruent modulo n to this solution.) p. 18

cryptosystem is a public key cryptosystem introduced by Ronald Rivest, Adi Shamir, and Leonard Adleman. Constructing a publuc key: 1. You pick two large primes p and q. (How large? In practice, if their decimal representations are more than 200 digits long, they are large enough). 2. Let n = pq. 3. You pick an integer e such that gcd e, (p 1)(q 1) = 1. The public key is a pair (n, e). p. 19

encryption You are given the public key (n, e), such that n = pq, and gcd e, (p 1)(q 1) = 1. Where p and q are unknown primes. 1. You break the message (a long string of digits) into blocks so that each is less than n Message = 17519273 }{{} 40137520 }{{} 43028230 }{{} 14459489 }{{} M 1 <n M 2 <n M 3 <n M 4 <n 2. Each block is encrypted separately: C i = M e i rem n 3. The encrypted blocks can be transmitted to the receiver. p. 20

decryption The decryption key is an integer d such that ed 1 (mod (p 1)(q 1)) So, d is the multiplicative inverse of e modulo (p 1)(q 1). If p and q are unknown, it s hard to compute d. To decrypt each encrypted block C i, you compute C d rem n. i Turns out that the original message M i = C d rem n. i Let s show that this is the case. p. 21

decryption The decryption key d is such that ed 1 (mod (p 1)(q 1)) ed = 1 + k(p 1)(q 1) C i M e i C d i (mod pq) (M e i )d M 1+k(p 1)(q 1) i (mod pq) M i M k(p 1)(q 1) i (mod pq) If a b (mod pq), there exists t s.t. a b = t pq, and so Therefore, a b (mod q) and a b (mod p). C d i C d i M i M k(p 1)(q 1) i (mod p) M i M k(p 1)(q 1) i (mod q) p. 22

decryption Take the first: C d i M i (M p 1 i ) k(q 1) (mod p) If p M i, then M i 0 (mod p). This means C d i Hence, C d 0 M i i (mod p) If p M i, then M p 1 i Therefore in any case, 0 (mod p). 1 (mod p) by, hence C d i M i 1 k(q 1) M i (mod p) C d i M i (mod p) Similarly, C d i M i (mod q) p. 23

decryption We have shown that C d M i i (mod p) C d M i i (mod q) Recall that we want to prove that C d i M i (mod pq) If this is the case, then we can decrypt C i by taking the remainder C d rem pq. i C d M i i is a multiple of p and a multiple of q, which are primes. But because the prime factorization is unique, the difference C d M i i should be also a multiple of pq. Thus C d i M i (mod pq) This is why decryption works! p. 24

decryption We have shown that C d M i i (mod p) C d M i i (mod q) Recall that we want to prove that C d i M i (mod pq) If this is the case, then we can decrypt C i by taking the remainder C d rem pq. i C d i M i is a multiple of p and a multiple of q, which are primes. But because the prime factorization is unique, the difference C d i should be also a multiple of pq. Thus M i C d i M i (mod pq) This is why decryption works! p. 25

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback