Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Similar documents
Fermat s little theorem. RSA.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

The number theory behind cryptography

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Assignment 2. Due: Monday Oct. 15, :59pm

Cryptography, Number Theory, and RSA

L29&30 - RSA Cryptography

Data security (Cryptography) exercise book

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Algorithmic Number Theory and Cryptography (CS 303)

Diffie-Hellman key-exchange protocol

CHAPTER 2. Modular Arithmetic

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Application: Public Key Cryptography. Public Key Cryptography

Public Key Encryption

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Related Ideas: DHM Key Mechanics

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Applications of Fermat s Little Theorem and Congruences

CS70: Lecture 8. Outline.

EE 418: Network Security and Cryptography

1 Introduction to Cryptology

DUBLIN CITY UNIVERSITY

TMA4155 Cryptography, Intro

Final exam. Question Points Score. Total: 150

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

NUMBER THEORY AMIN WITNO

Discrete Math Class 4 ( )

Number Theory/Cryptography (part 1 of CSC 282)

The Chinese Remainder Theorem

Classical Cryptography

Solutions for the Practice Final

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

DUBLIN CITY UNIVERSITY

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Solutions for the Practice Questions

MA 111, Topic 2: Cryptography

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

Math 319 Problem Set #7 Solution 18 April 2002

ElGamal Public-Key Encryption and Signature

Public Key Cryptography

Number Theory and Public Key Cryptography Kathryn Sommers

Primitive Roots. Chapter Orders and Primitive Roots

The Chinese Remainder Theorem

Introduction to Cryptography CS 355

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Math 412: Number Theory Lecture 6: congruence system and

EE 418 Network Security and Cryptography Lecture #3

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Algorithmic Number Theory and Cryptography (CS 303)

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Introduction to Modular Arithmetic

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

Public-key Cryptography: Theory and Practice

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Chinese Remainder. Discrete Mathematics Andrei Bulatov

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

SOLUTIONS FOR PROBLEM SET 4

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

Number Theory and Security in the Digital Age

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

MAT199: Math Alive Cryptography Part 2

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

Drill Time: Remainders from Long Division

MAT Modular arithmetic and number theory. Modular arithmetic

Security Enhancement and Speed Monitoring of RSA Algorithm

MATH 135 Algebra, Solutions to Assignment 7

Math 255 Spring 2017 Solving x 2 a (mod n)

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Math 127: Equivalence Relations

Cryptography Made Easy. Stuart Reges Principal Lecturer University of Washington

University of British Columbia. Math 312, Midterm, 6th of June 2017

Carmen s Core Concepts (Math 135)

Numbers (8A) Young Won Lim 6/21/17

Numbers (8A) Young Won Lim 5/24/17

Foundations of Cryptography

Modular Arithmetic: refresher.

Numbers (8A) Young Won Lim 5/22/17

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Problem Set 6 Solutions Math 158, Fall 2016

1.6 Congruence Modulo m

The Chinese Remainder Theorem

Sheet 1: Introduction to prime numbers.

Distribution of Primes

PT. Primarity Tests Given an natural number n, we want to determine if n is a prime number.

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

Number Theory. Konkreetne Matemaatika

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

Modular Arithmetic. Kieran Cooney - February 18, 2016

High-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem

Transcription:

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography Colin Stirling Informatics Some slides based on ones by Myrto Arapinis Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 1 / 13

Multiplicative inverses Theorem If m, x are positive integers and gcd(m, x) = 1 then x has a multiplicative inverse modulo m (and it is unique modulo m) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 2 / 13

Multiplicative inverses Theorem If m, x are positive integers and gcd(m, x) = 1 then x has a multiplicative inverse modulo m (and it is unique modulo m) Proof. Consider the sequence of m numbers 0, x, 2x,..., (m 1)x. We first show that these are all distinct modulo m. To verify the above claim, suppose that ax mod m = bx mod m for two distinct values a, b in the range 0 a, b m 1. Then we would have (a b)x 0(mod m), or equivalently, (a b)x = km for some integer k. But since x and m are relatively prime, it follows that a b must be an integer multiple of m. This is not possible since a,b are distinct non-negative integers less than m. Now, since there are only m distinct values modulo m, it must then be the case that ax 1(mod m) for exactly one a (modulo m). This a is the unique multiplicative inverse. Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 2 / 13

Chinese remainder theorem Theorem Let m 1, m 2,..., m n be pairwise relatively prime positive integers greater than 1 and a 1, a 2,..., a n be arbitrary integers. Then the system x a 1 (mod m 1 ) x a 2 (mod m 2 ). x a n (mod m n ) has a unique solution modulo m = m 1 m 2 m n Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 3 / 13

Chinese remainder theorem Theorem Let m 1, m 2,..., m n be pairwise relatively prime positive integers greater than 1 and a 1, a 2,..., a n be arbitrary integers. Then the system x a 1 (mod m 1 ) x a 2 (mod m 2 ). x a n (mod m n ) has a unique solution modulo m = m 1 m 2 m n Proof. In the book Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 3 / 13

Example x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) m = 3 5 7 = 105 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example m = 3 5 7 = 105 x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) M 1 = 35 and 2 is an inverse of M 1 mod 3 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example m = 3 5 7 = 105 x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) M 1 = 35 and 2 is an inverse of M 1 mod 3 M 2 = 21 and 1 is an inverse of M 2 mod 5 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example m = 3 5 7 = 105 x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) M 1 = 35 and 2 is an inverse of M 1 mod 3 M 2 = 21 and 1 is an inverse of M 2 mod 5 M 3 = 15 and 1 is an inverse of M 3 mod 7 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example m = 3 5 7 = 105 x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) M 1 = 35 and 2 is an inverse of M 1 mod 3 M 2 = 21 and 1 is an inverse of M 2 mod 5 M 3 = 15 and 1 is an inverse of M 3 mod 7 x = 2 35 2 + 3 21 1 + 5 15 1 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Example m = 3 5 7 = 105 x 2 (mod 3) x 3 (mod 5) x 5 (mod 7) M 1 = 35 and 2 is an inverse of M 1 mod 3 M 2 = 21 and 1 is an inverse of M 2 mod 5 M 3 = 15 and 1 is an inverse of M 3 mod 7 x = 2 35 2 + 3 21 1 + 5 15 1 x = 140 + 63 + 75 = 278 68 (mod 105) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 4 / 13

Fermat s little theorem Theorem If p is prime and p a, then a p 1 1 (mod p). Furthermore, for every integer a we have a p a (mod p) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 5 / 13

Fermat s little theorem Theorem If p is prime and p a, then a p 1 1 (mod p). Furthermore, for every integer a we have a p a (mod p) Proof. Assume p a and so, therefore, gcd(p, a) = 1. Then a, 2a,..., (p 1)a are not pairwise congruent modulo p; if ia ja (mod p) then (i j)a = pm for some m which is impossible (as then i j (mod p) using last result from slides of Lecture 11). Therefore, each element ja mod p is a distinct element in the set {1,..., p 1}. This means that the product a 2a (p 1)a 1 2 p 1 (mod p). Therefore, (p 1)!a p 1 (p 1)! (mod p). Now because gcd(p, q) = 1 for 1 q p 1 it follows that a p 1 1 (mod p). Therefore, also a p a (mod p) and when p a then clearly a p a (mod p). Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 5 / 13

Computing the remainders modulo prime p Find 7 222 mod 11 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 6 / 13

Computing the remainders modulo prime p Find 7 222 mod 11 By Fermat s little theorem, we know that 7 10 1 (mod 11), and so (7 10 ) k 1 (mod 11) for every positive integer k. Therefore, 7 222 = 7 22 10+2 = (7 10 ) 22 7 2 1 22 49 5 (mod 11). Hence, 7 222 mod 11 = 5 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 6 / 13

Computing the remainders modulo prime p Find 7 222 mod 11 By Fermat s little theorem, we know that 7 10 1 (mod 11), and so (7 10 ) k 1 (mod 11) for every positive integer k. Therefore, 7 222 = 7 22 10+2 = (7 10 ) 22 7 2 1 22 49 5 (mod 11). Hence, 7 222 mod 11 = 5 2 340 1 (mod 11) because 2 10 1 (mod 11) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 6 / 13

Private key cryptography Bob wants to send Alice a secret message M Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M Alice and Bob share a secret which could be intercepted by a third party Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M Alice and Bob share a secret which could be intercepted by a third party Example use En(p) = (p + 3) mod 26 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Private key cryptography Bob wants to send Alice a secret message M Alice sends Bob a private key En (which has an inverse De) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M Alice and Bob share a secret which could be intercepted by a third party Example use En(p) = (p + 3) mod 26 What is WKLV LV D VHFSHW? Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 7 / 13

Public key cryptography Bob wants to send Alice a secret message M Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Alice sends Bob a public key En (and keeps her inverse private key De secret from everyone including Bob) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Alice sends Bob a public key En (and keeps her inverse private key De secret from everyone including Bob) Bob encrypts M and sends Alice En(M) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Alice sends Bob a public key En (and keeps her inverse private key De secret from everyone including Bob) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Alice sends Bob a public key En (and keeps her inverse private key De secret from everyone including Bob) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

Public key cryptography Bob wants to send Alice a secret message M Without Alice and Bob sharing a secret Alice sends Bob a public key En (and keeps her inverse private key De secret from everyone including Bob) Bob encrypts M and sends Alice En(M) Alice decrypts En(M), De(En(M)) Important property De(En(M)) = M The challenge: De can t be feasibly computed from En; and given En(M) one can t feasibly compute M Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 8 / 13

RSA Cryptosystem Named after 3 researchers: Rivest, Shamir and Adleman Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 9 / 13

RSA Cryptosystem Named after 3 researchers: Rivest, Shamir and Adleman There are quick algorithms for testing whether a large integer is prime Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 9 / 13

RSA Cryptosystem Named after 3 researchers: Rivest, Shamir and Adleman There are quick algorithms for testing whether a large integer is prime There is no known quick algorithm that can factorise a large integer Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 9 / 13

RSA Cryptosystem Named after 3 researchers: Rivest, Shamir and Adleman There are quick algorithms for testing whether a large integer is prime There is no known quick algorithm that can factorise a large integer Very significant open problem: how hard is it to factorise integers? Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 9 / 13

RSA: key generation Choose two distinct prime numbers p and q Let n = pq and k = (p 1)(q 1) Choose integer e where 1 < e < k and gcd(e, k) = 1 (n, e) is released as the public key Let d be the multiplicative inverse of e modulo k, so de 1 (mod k) (n, d) is the private key and kept secret Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 10 / 13

RSA: encryption and decryption Alice transmits her public key (n, e) to Bob and keeps the private key secret Encryption If Bob wishes to send message M to Alice. 1 He turns M into an integer m, such that 0 m < n by using an agreed-upon reversible protocol known as a padding scheme 2 He computes the ciphertext c corresponding to c = m e mod n. (This can be done quickly) 3 Bob transmits c to Alice. Decryption Alice can recover m from c by 1 Using her private key exponent d via computing m = c d mod n 2 Given m, she can recover the original message M by reversing the padding scheme Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 11 / 13

Unrealistic example n = 43 59 = 2537 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

Unrealistic example n = 43 59 = 2537 gcd(13, 42 58) = 1, so public key is (2537, 13) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

Unrealistic example n = 43 59 = 2537 gcd(13, 42 58) = 1, so public key is (2537, 13) d = 937 is inverse of 13 modulo 2436 = 42 58; private key (2537, 937) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

Unrealistic example n = 43 59 = 2537 gcd(13, 42 58) = 1, so public key is (2537, 13) d = 937 is inverse of 13 modulo 2436 = 42 58; private key (2537, 937) Encrypt STOP as two blocks 1819 for ST and 1415 for OP (padding scheme) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

Unrealistic example n = 43 59 = 2537 gcd(13, 42 58) = 1, so public key is (2537, 13) d = 937 is inverse of 13 modulo 2436 = 42 58; private key (2537, 937) Encrypt STOP as two blocks 1819 for ST and 1415 for OP (padding scheme) So, 1819 13 mod 2537 = 2081 and 1415 13 mod 2537 = 2182 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

Unrealistic example n = 43 59 = 2537 gcd(13, 42 58) = 1, so public key is (2537, 13) d = 937 is inverse of 13 modulo 2436 = 42 58; private key (2537, 937) Encrypt STOP as two blocks 1819 for ST and 1415 for OP (padding scheme) So, 1819 13 mod 2537 = 2081 and 1415 13 mod 2537 = 2182 So encrypted message is 2081 2182 Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 12 / 13

RSA: correctness of decryption Given that c = m e mod n, is m = c d mod n? c d = (m e ) d m ed (mod n) By construction, d and e are each others multiplicative inverses modulo k, i.e. ed 1 (mod k). Also k = (p 1)(q 1). Thus ed 1 = h(p 1)(q 1) for some integer h. We consider m ed mod p If p m then m ed = m h(p 1)(q 1) m = (m p 1 ) h(q 1) m 1 h(q 1) m m (mod p) (by Fermat s little theorem) Otherwise m ed 0 m (mod p) Symmetrically, m ed m (mod q) Since p, q are distinct primes, we have m ed m (mod pq). Since n = pq, we have c d = m ed m (mod n) Colin Stirling (Informatics) Discrete Mathematics (Chap 4) Today 13 / 13

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback