Algorithmic Number Theory and Cryptography (CS 303)

Similar documents
Algorithmic Number Theory and Cryptography (CS 303)

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Public Key Encryption

Introduction to Modular Arithmetic

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Fermat s little theorem. RSA.

Diffie-Hellman key-exchange protocol

NUMBER THEORY AMIN WITNO

Data security (Cryptography) exercise book

CHAPTER 2. Modular Arithmetic

Assignment 2. Due: Monday Oct. 15, :59pm

L29&30 - RSA Cryptography

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Sheet 1: Introduction to prime numbers.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

DUBLIN CITY UNIVERSITY

Wilson s Theorem and Fermat s Theorem

Applications of Fermat s Little Theorem and Congruences

MAT Modular arithmetic and number theory. Modular arithmetic

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

The number theory behind cryptography

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Application: Public Key Cryptography. Public Key Cryptography

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Math 319 Problem Set #7 Solution 18 April 2002

Cryptography, Number Theory, and RSA

The Chinese Remainder Theorem

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

DUBLIN CITY UNIVERSITY

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

EE 418: Network Security and Cryptography

University of British Columbia. Math 312, Midterm, 6th of June 2017

1 Introduction to Cryptology

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Solutions for the Practice Final

ElGamal Public-Key Encryption and Signature

Discrete Square Root. Çetin Kaya Koç Winter / 11

Number Theory. Konkreetne Matemaatika

Number Theory and Security in the Digital Age

Final exam. Question Points Score. Total: 150

Classical Cryptography

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Number Theory/Cryptography (part 1 of CSC 282)

Modular Arithmetic. claserken. July 2016

SOLUTIONS TO PROBLEM SET 5. Section 9.1

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Number-Theoretic Algorithms

Math 127: Equivalence Relations

CS70: Lecture 8. Outline.

The Chinese Remainder Theorem

ALGEBRA: Chapter I: QUESTION BANK

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

Primitive Roots. Chapter Orders and Primitive Roots

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Number Theory and Public Key Cryptography Kathryn Sommers

EE 418 Network Security and Cryptography Lecture #3

Practice Midterm 2 Solutions

MAT199: Math Alive Cryptography Part 2

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

Security Enhancement and Speed Monitoring of RSA Algorithm

1 = 3 2 = 3 ( ) = = = 33( ) 98 = = =

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Public Key Cryptography

Carmen s Core Concepts (Math 135)

1.6 Congruence Modulo m

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

Solutions for the Practice Questions

Distribution of Primes

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

CS1800 Discrete Structures Fall 2016 Profs. Aslam, Gold, Ossowski, Pavlu, & Sprague 7 November, CS1800 Discrete Structures Midterm Version C

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

MATH 13150: Freshman Seminar Unit 15

Chinese Remainder. Discrete Mathematics Andrei Bulatov

Public-key Cryptography: Theory and Practice

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

SOLUTIONS FOR PROBLEM SET 4

The Chinese Remainder Theorem

Final Exam, Math 6105

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

Asynchronous vs. Synchronous Design of RSA

High-Speed RSA Crypto-Processor with Radix-4 4 Modular Multiplication and Chinese Remainder Theorem

Introduction to Cryptography CS 355

Modular Arithmetic. Kieran Cooney - February 18, 2016

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Modular arithmetic Math 2320

x 8 (mod 15) x 8 3 (mod 5) eli 2 2y 6 (mod 10) y 3 (mod 5) 6x 9 (mod 11) y 3 (mod 11) So y = 3z + 3u + 3w (mod 990) z = (990/9) (990/9) 1

MA 111, Topic 2: Cryptography

17. Symmetries. Thus, the example above corresponds to the matrix: We shall now look at how permutations relate to trees.

Modular Arithmetic and Doomsday

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Transcription:

Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson 1

Introduction Objective: To understand what a public key cryptosystem is and how the RSA algorithm works. To review the number theory behind the RSA algorithm. Public Key Cryptosystems RSA Algorithm Modular Arithmetic Euler s Identity Chinese Remainder Theorem References: Rivest, Shamir, Adelman. 2

Modular Arithmetic (Z n ) Definition: a b (mod n) n (b - a) Alternatively, a = qn + b Properties (equivalence relation) a a (mod n) [Reflexive] a b (mod n) b a (mod n) [Symmetric] a b (mod n) and b c (mod n) a c (mod n) [Transitive] Definition: An equivalence class mod n [a] = { x: x a (mod n)} = { a + qn q Ζ} 3

Modular Arithmetic (Z n ) It is possible to perform arithmetic with equivalence classes mod n. [a] + [b] = [a+b] [a] * [b] = [a*b] In order for this to make sense, you must get the same answer (equivalence) class independent of the choice of a and b. In other words, if you replace a and b by numbers equivalent to a or b mod n you end of with the sum/product being in the same equivalence class. a 1 a 2 (mod n) and b 1 b 2 (mod n) a 1 + b 1 a 2 + b 2 (mod n) a 1 * b 1 a 2 * b 2 (mod n) (a + q 1 n) + (b + q 2 n) = a + b + (q 1 + q 2 )n (a + q 1 n) * (b + q 2 n) = a * b + (b*q 1 + a*q 2 + q 1 * q 2 )n 4

Representation of Z n The equivalence classes [a] mod n, are typically represented by the representatives a. Positive Representation: Choose the smallest positive integer in the class [a] then the representation is {0,1,,n- 1}. Symmetric Representation: Choose the integer with the smallest absolute value in the class [a]. The representation is {- (n-1)/2,, n/2 }. When n is even, choose the positive representative with absolute value n/2. E.G. Z 6 = {-2,-1,0,1,2,3}, Z 5 = {-2,-1,0,1,2} 5

Modular Inverses Definition: x is the inverse of a mod n, if ax 1 (mod n) The equation ax 1 (mod n) has a solution iff gcd(a,n) = 1. By the Extended Euclidean Algorithm, there exist x and y such that ax + ny = gcd(a,n). When gcd(a,n) = 1, we get ax + ny = 1. Taking this equation mod n, we see that ax 1 (mod n) By taking the equation mod n, we mean applying the mod n homomorphism: φ m Z Z m, which maps the integer a to the equivalence class [a]. This mapping preserves sums and products. I.E. φ m (a+b) = φ m (a) + φ m (b), φ m (a*b) = φ m (a) * φ m (b) 6

Fermat s Theorem Theorem: If a 0 Z p, then a p-1 1 (mod p). More generally, if a Z p, then a p a (mod p). Proof: Assume that a 0 Z p. Then a * 2a * (p-1)a = (p-1)! * a p-1 Also, since a*i a*j (mod p) i j (mod p), the numbers a, 2a,, (p-1)a are distinct elements of Z p. Therefore they are equal to 1,2,,(p-1) and their product is equal to (p-1)! mod p. This implies that (p-1)! * a p-1 (p-1)! (mod p) a p-1 1 (mod p). 7

Euler phi function Definition: phi(n) = #{a: 0 < a < n and gcd(a,n) = 1} Properties: ϕ(p) = p-1, for prime p. ϕ(p^e) = (p-1)*p^(e-1) ϕ (m*n) = ϕ (m)* ϕ(n) for gcd(m,n) = 1. ϕ(p*q) = (p-1)*(q-1) Examples: ϕ(15) = ϕ(3)* ϕ(5) = 2*4 = 8. = #{1,2,4,7,8,11,13,14} ϕ(9) = (3-1)*3^(2-1) = 2*3 = 6 = #{1,2,4,5,7,8} 8

Euler s Identity The number of elements in Z n that have multiplicative inverses is equal to phi(n). Theorem: Let (Z n )* be the elements of Z n with inverses (called units). If a (Z n )*, then a ϕ(n) 1 (mod n). Proof. The same proof presented for Fermat s theorem can be used to prove this theorem. 9

Chinese Remainder Theorem Theorem: If gcd(m,n) = 1, then given a and b there exist an integer solution to the system: x a (mod m) and x = b (mod n). Proof: Consider the map x (x mod m, x mod n). This map is a 1-1 map from Z mn to Z m Z n, since if x and y map to the same pair, then x y (mod m) and x y (mod n). Since gcd(m,n) = 1, this implies that x y (mod mn). Since there are mn elements in both Z mn and Z m Z n, the map is also onto. This means that for every pair (a,b) we can find the desired x. 10

Alternative Interpretation of CRT Let Z m Z n denote the set of pairs (a,b) where a Z m and b Z n. We can perform arithmetic on Z m Z n by performing componentwise modular arithmetic. (a,b) + (c,d) = (a+b,c+d) (a,b)*(c,d) = (a*c,b*d) Theorem: Z mn Z m Z n. I.E. There is a 1-1 mapping from Z mn onto Z m Z n that preserves arithmetic. (a*c mod m, b*d mod n) = (a mod m, b mod n)*(c mod m, d mod n) (a+c mod m, b+d mod n) = (a mod m, b mod n)+(c mod m, d mod n) The CRT implies that the map is onto. I.E. for every pair (a,b) there is an integer x such that (x mod m, x mod n) = (a,b). 11

Constructive Chinese Remainder Theorem Theorem: If gcd(m,n) = 1, then there exist e m and e n (orthogonal idempotents) e m 1 (mod m) e m 0 (mod n) e n 0 (mod m) e n 1 (mod n) It follows that a*e m + b* e n a (mod m) and b (mod n). Proof. Since gcd(m,n) = 1, by the Extended Euclidean Algorithm, there exist x and y with m*x + n*y = 1. Set e m = n*y and e n = m*x 12

Public Key Cryptosystem Let M be a message and let C be the encrypted message (ciphertext). A public key cryptosystem has a separate method E() for encrypting and D() decrypting. D(E(M)) = M Both E() and D() are easy to compute Publicly revealing E() does not make it easy to determine D() E(D(M)) = M - needed for signatures The collection of E() s are made publicly available but the D() s remain secret. Called a one-way trap-door function (hard to invert, but easy if you have the secret information) 13

RSA Public Key Cryptosystem Based on the idea that it is hard to factor large numbers. First encode M as an integer (e.g. use ASCII). Large messages will need to be blocked. Choose n = p*q, the product of two large prime numbers. Choose e such that gcd(e,phi(n)) = 1. Choose d such that de 1 (mod ϕ (n)) E = (e,n) and E(M) = M e mod n D = (d,n) and D(M) = M d mod n 14

Correctness of the RSA Algorithm Theorem: D(E(M)) = E(D(M)) = M. Proof. D(E(M)) = (M e ) d (mod n) = M ed (mod n). Since ed 1 (mod ϕ (n)), ed = k* ϕ (n) + 1, for some integer k. M k*ϕ (n)+1 (M k*ϕ (n)+1 mod p, M k*ϕ (n)+1 mod q) = (M k*ϕ (n) * M mod p, M k*ϕ (n) * M mod q) = (M (p-1)*(q-1)*k * M mod p, M (q-1)*(p-1)*k * M mod q) [since n = pq] = ((M (p-1) ) (q-1)*k * M mod p, (M (q-1) ) (p-1)*k * M mod q) = (M mod p, M mod q) [By Fermat s theorem] Therefore, by the CRT, M k*ϕ (n)+1 M (mod n). 15

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback