# Factoring integers, Producing primes and the RSA cryptosystem

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 1, 2014 Factoring integers, Producing primes and the RSA cryptosystem Francesco Pappalardi

2 Factoring integers,..., RSA Erbil, Kurdistan 1 How large are large numbers? number of cells in a human body: number of atoms in the universe: number of subatomic particles in the universe: number of atoms in a Human Brain: number of atoms in a cat: 10 26

3 Factoring integers,..., RSA Erbil, Kurdistan 2 RSA 2048 = RSA 2048 is a 617 (decimal) digit number

4 Factoring integers,..., RSA Erbil, Kurdistan 3 RSA 2048 =p q, p, q PROBLEM: Compute p and q Price offered on MArch 18, 1991: US\$ ( Iraq Dinars)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k Regrettably: RSAlabs believes that factoring in one year requires: number computers memory RSA Tb RSA , 000, Gb RSA ,000 4Gb.

5 Factoring integers,..., RSA Erbil, Kurdistan 4 Challenge Number Prize (\$US) RSA 576 \$10,000 RSA 640 \$20,000 RSA 704 \$30,000 RSA 768 \$50,000 RSA 896 \$75,000 RSA 1024 \$100,000 RSA 1536 \$150,000 RSA 2048 \$200,000

6 Factoring integers,..., RSA Erbil, Kurdistan 4 Numero Premio (\$US) Status RSA 576 \$10,000 Factored December 2003 RSA 640 \$20,000 Factored November 2005 RSA 704 \$30,000 Factored July, RSA 768 \$50,000 Factored December, RSA 896 \$75,000 Not factored RSA 1024 \$100,000 Not factored RSA 1536 \$150,000 Not factored RSA 2048 \$200,000 Not factored The RSA challenges ended in RSA Laboratories stated: Now that the industry has a considerably more advanced understanding of the cryptanalytic strength of common symmetric-key and public-key algorithms, these challenges are no longer active.

7 Factoring integers,..., RSA Erbil, Kurdistan 5 Famous citation!!! A phenomenon whose probability is never happens, and it will never observed. - Émil Borel (Les probabilités et sa vie)

8 Factoring integers,..., RSA Erbil, Kurdistan 6 History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS 1987 Elliptic curves factoring ECF (Lenstra)

9 Factoring integers,..., RSA Erbil, Kurdistan 7 History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene)

10 Factoring integers,..., RSA Erbil, Kurdistan 8 History of the Art of Factoring 1730 Euler =

11 Factoring integers,..., RSA Erbil, Kurdistan 9 How did Euler factor ? Proposition Suppose p is a prime factor of b n + 1. Then 1. p is a divisor of b d + 1 for some proper divisor d of n such that n/d is odd or 2. p 1 is divisible by 2n. Application: Let b = 2 and n = 2 5 = 64. Then is prime or it is divisible by a prime p such that p 1 is divisible by 128. Note that = 3 43, = 257 is prime, = , = and = 641 is prime. Finally = =

12 Factoring integers,..., RSA Erbil, Kurdistan 10 History of the Art of Factoring 1730 Euler =

13 Factoring integers,..., RSA Erbil, Kurdistan 11 History of the Art of Factoring Fermat, Gauss (Sieves - Tables)

14 Factoring integers,..., RSA Erbil, Kurdistan 12 History of the Art of Factoring Fermat, Gauss (Sieves - Tables) Factoring with sieves N = x 2 y 2 = (x y)(x + y)

15 Factoring integers,..., RSA Erbil, Kurdistan 13 Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris shallit/papers/carissan.html

16 Factoring integers,..., RSA Erbil, Kurdistan 14 Figure 2: Lieutenant Eugène Carissan = minutes = minutes = minutes

17 Factoring integers,..., RSA Erbil, Kurdistan 15 State of the Art of Factoring John Brillhart & Michael A. Morrison =

18 Factoring integers,..., RSA Erbil, Kurdistan 16 State of the Art of Factoring is called the n th Fermat number F n = 2 (2n) + 1 Up to today only from F 0 to F 11 are factores. It is not known the factorization of F 12 =

19 Factoring integers,..., RSA Erbil, Kurdistan 17 State of the Art of Factoring Carl Pomerance - Quadratic Sieve

20 Factoring integers,..., RSA Erbil, Kurdistan 18 State of the Art of Factoring Hendrik Lenstra - Elliptic curves factoring

21 Factoring integers,..., RSA Erbil, Kurdistan 19 Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by H. Lenstra. suitable to detect small factors (50 digits) all have sub exponential complexity

22 Factoring integers,..., RSA Erbil, Kurdistan 20 The factorization of RSA 200 RSA 200 = Date: Mon, 9 May :05: (CEST) From: Thorsten Kleinjung Subject: rsa200 We have factored RSA200 by GNFS. The factors are and We did lattice sieving for most special q between 3e8 and 11e8 using mainly factor base bounds of 3e8 on the algebraic side and 18e7 on the rational side. The bounds for large primes were This produced 26e8 relations. Together with 5e7 relations from line sieving the total yield was 27e8 relations. After removing duplicates 226e7 relations remained. A filter job produced a matrix with 64e6 rows and columns, having 11e9 non-zero entries. This was solved by Block-Wiedemann. Sieving has been done on a variety of machines. We estimate that lattice sieving would have taken 55 years on a single 2.2 GHz Opteron CPU. Note that this number could have been improved if instead of the PIII- binary which we used for sieving, we had used a version of the lattice-siever optimized for Opteron CPU s which we developed in the meantime. The matrix step was performed on a cluster of GHz Opterons connected via a Gigabit network and took about 3 months. We started sieving shortly before Christmas 2003 and continued until October The matrix step began in December Line sieving was done by P. Montgomery and H. te Riele at the CWI, by F. Bahr and his family. More details will be given later. F. Bahr, M. Boehm, J. Franke, T. Kleinjung

23 Factoring integers,..., RSA Erbil, Kurdistan 21 Factorization of RSA 768

24 Factoring integers,..., RSA Erbil, Kurdistan 22 RSA Adi Shamir, Ron L. Rivest, Leonard Adleman (1978)

25 Factoring integers,..., RSA Erbil, Kurdistan 23 RSA Ron L. Rivest, Adi Shamir, Leonard Adleman (2003)

26 Factoring integers,..., RSA Erbil, Kurdistan 24 The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption ❹ Attack Bob has to do it Alice has to do it Bob has to do it Charles would like to do it

27 Factoring integers,..., RSA Erbil, Kurdistan 25 Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d Problem: How does Bob do all this?- We will go came back to it!

28 Factoring integers,..., RSA Erbil, Kurdistan 26 Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar: E(Sukumar) = (mod ) = = C = JGEBNBAUYTCOFJ

29 Factoring integers,..., RSA Erbil, Kurdistan 27 Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Therefore (ed 1 mod ϕ(m)) Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. D(E(P)) = P ed P mod M Example(cont.):d = mod ϕ( ) = D(JGEBNBAUYTCOFJ) = (mod ) = Sukumar

30 Factoring integers,..., RSA Erbil, Kurdistan 28 RSA at work

31 Factoring integers,..., RSA Erbil, Kurdistan 29 Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1 ) a b mod c = mod c ( [log2 b] j=0,ɛ j =1 a2j mod c

32 Factoring integers,..., RSA Erbil, Kurdistan 30 #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c To encrypt with e = , only 17 operations in Z/MZ are enough

33 Factoring integers,..., RSA Erbil, Kurdistan 31 Key generation Problem. Produce a random prime p subproblems: Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test False Metropolitan Legend: Check primality is equivalent to factoring

34 Factoring integers,..., RSA Erbil, Kurdistan 32 A. Distribution of prime numbers Quantitative version: π(x) = #{p x t. c. p is prime} Theorem. (Hadamard - de la vallee Pussen ) π(x) x log x Therefore Theorem. (Rosser - Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/ < P rob ( (Random( ) = prime ) <

35 Factoring integers,..., RSA Erbil, Kurdistan 33 If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1}

36 Factoring integers,..., RSA Erbil, Kurdistan 34 To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1} then 4 4 x 4 < Ψ(x, 30) < x + 4 Hence, if P k is the probability that among k random numbers coprime with 30, there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Ψ(10 100, 30) and < P 250 <

37 Factoring integers,..., RSA Erbil, Kurdistan 35 B. Primality test Fermat Little Theorem. If p is prime, p a N a p 1 1 mod p NON-primality test M Z, 2 M 1 1 mod M => Mcomposite! Example: 2 RSA mod RSA 2048 Therefore RSA 2048 is composite! Fermat little Theorem does not invert. Infact (mod 93961) but =

38 Factoring integers,..., RSA Erbil, Kurdistan 36 Strong pseudo primes From now on m 3 mod 4 (just to simplify the notation) Definition. m N, m 3 mod 4, composite is said strong pseudo prime (SPSP) in base a if a (m 1)/2 ±1 (mod m). Note. If p > 2 prime => a (p 1)/2 ±1 (mod p) Let S = {a Z/mZ s.t. gcd(m, a) = 1, a (m 1)/2 ±1 (mod m)} ➀ S (Z/mZ) subgroup ➁ If m is composite => proper subgroup ➂ If m is composite => #S ϕ(m) 4 ➃ If m is composite => P rob(m PSPF in base a) 0, 25

39 Factoring integers,..., RSA Erbil, Kurdistan 37 Miller Rabin primality test Let m 3 mod 4 Miller Rabin algorithm with k iterations N = (m 1)/2 for j = 0 to k do a =Random(m) if a N ±1 mod m then OUPUT=(m composite): endfor OUTPUT=(m prime) END Monte Carlo primality test P rob(miller Rabin says m prime and m is composite) 1 4 k In the real world, software uses Miller Rabin with k = 10

40 Factoring integers,..., RSA Erbil, Kurdistan 38 Deterministic primality tests Theorem. (Miller, Bach) If m is composite, then GRH => a 2 log 2 m s.t. a (m 1)/2 ±1 (mod m). (i.e. m is not SPSP in base a.) Consequence: Miller Rabin de randomizes on GRH (m 3 mod 4) for a = 2 to 2 log 2 m do if a (m 1)/2 ±1 mod m then OUPUT=(m composite): endfor OUTPUT=(m prime) END Deterministic Polynomial time algorithm It runs in O(log 5 m) operations in Z/mZ.

41 Factoring integers,..., RSA Erbil, Kurdistan 39 Certified prime records , digits (discovered in 01/2014 ) , digits (discovered in 2008) , digits (discovered in 2009) , digits (discovered in 2008) , digits (discovered in 2006) , digits (discovered in 2005) , digits (discovered in 2005) , digits (discovered in 2004) , digits (discovered in 2003) , digits (discovered in 2001) , digits (discovered in 1999) , digits (discovered in 2003)

42 Factoring integers,..., RSA Erbil, Kurdistan 40 Great Internet Mersenne Prime Search (GIMPS) The Great Internet Mersenne Prime Search (GIMPS) is a collaborative project of volunteers who use freely available software to search for Mersenne prime numbers (i.e. prime numbers of the form 2 p 1 (p prime)). The project was founded by George Woltman in January 1996.

43 Factoring integers,..., RSA Erbil, Kurdistan 41 The AKS deterministic primality test Department of Computer Science & Engineering, I.I.T. Kanpur, Agost 8, Nitin Saxena, Neeraj Kayal and Manindra Agarwal New deterministic, polynomial time, primality test. Solves #1 open question in computational number theory

44 Factoring integers,..., RSA Erbil, Kurdistan 42 How does the AKS work? Theorem. (AKS) Let n N. Assume q, r primes, S N finite: q r 1; n (r 1)/q mod r {0, 1}; gcd(n, b b ) = 1, b, b S (distinct); ( ) q+#s 1 #S n 2 r ; (x + b) n = x n + b in Z/nZ[x]/(x r 1), b S; Then n is a power of a prime Bernstein formulation Fouvry Theorem (1985) => r log 6 n, s log 4 n => AKS runs in O(log 15 n) operations in Z/nZ. Many simplifications and improvements: Bernstein, Lenstra, Pomerance...

45 Factoring integers,..., RSA Erbil, Kurdistan 43 Why is RSA safe? It is clear that if Charles can factor M, then he can also compute ϕ(m) and then also d so to decrypt messages Computing ϕ(m) is equivalent to completely factor M. In fact p, q = M ϕ(m) + 1 ± (M ϕ(m) + 1) 2 4M 2 RSA Hypothesis. The only way to compute efficiently x 1/e mod M, x Z/MZ (i.e. decrypt messages) is to factor M In other words The two problems are polynomially equivalent

46 Factoring integers,..., RSA Erbil, Kurdistan 44 Two kinds of Cryptography Private key (or symmetric) Lucifer DES AES Public key RSA Diffie Hellmann Knapsack NTRU

47 Factoring integers,..., RSA Erbil, Kurdistan 45 Another quotation!!! Have you ever noticed that there s no attempt being made to find really large numbers that aren t prime. I mean, wouldn t you like to see a news report that says Today the Department of Computer Sciences at the University of Washington annouced that 2 58,111,625, is even. This is the largest non-prime yet reported. - University of Washington (Bathroom Graffiti)

### Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,

### Factoring integers and Producing primes

Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco

### Primality - Factorization

Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

### Primality Testing and Factorization Methods

Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,

### Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

### Is n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur

Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Recent Breakthrough in Primality Testing

Nonlinear Analysis: Modelling and Control, 2004, Vol. 9, No. 2, 171 184 Recent Breakthrough in Primality Testing R. Šleževičienė, J. Steuding, S. Turskienė Department of Computer Science, Faculty of Physics

### Prime Numbers The generation of prime numbers is needed for many public key algorithms:

CA547: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Number Theory 2 7.1 Prime Numbers Prime Numbers The generation of prime numbers is needed for many public key algorithms: RSA: Need to find p and q to compute

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

### THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY.

THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY. IAN KIMING 1. Forbemærkning. Det kan forekomme idiotisk, at jeg som dansktalende og skrivende i et danskbaseret tidsskrift med en (formentlig) primært dansktalende

### Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

### Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

### Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Public-Key Cryptanalysis 1: Introduction and Factoring

Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto

### Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Is n a prime number? Nitin Saxena. Turku, May Centrum voor Wiskunde en Informatica Amsterdam

Is n a prime number? Nitin Saxena Centrum voor Wiskunde en Informatica Amsterdam Turku, May 2007 Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 1 / 36 Outline 1 The Problem 2 The High

### RSA and Primality Testing

and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

### (x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### Mathematics is the queen of sciences and number theory is the queen of mathematics.

Number Theory Mathematics is the queen of sciences and number theory is the queen of mathematics. But why is it computer science? It turns out to be critical for cryptography! Carl Friedrich Gauss Division

### Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

### Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

### Public-Key Cryptography. Oregon State University

Public-Key Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secret-key cryptography Exchange the key

### 9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

### MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

### Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

### Factoring. Factoring 1

Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like

### Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Faster deterministic integer factorisation

David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers

### An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

### Cryptography and Network Security

Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Public-key cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions

### Is this number prime? Berkeley Math Circle Kiran Kedlaya

Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not

### Prime numbers for Cryptography

Prime numbers for Cryptography What this is going to cover Primes, products of primes and factorisation How to win a million dollars Generating small primes quickly How many primes are there and how many

### CRYPTOGRAPHIC ALGORITHMS (AES, RSA)

CALIFORNIA STATE POLYTECHNIC UNIVERSITY, POMONA CRYPTOGRAPHIC ALGORITHMS (AES, RSA) A PAPER SUBMITTED TO PROFESSOR GILBERT S. YOUNG IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE COURSE CS530 : ADVANCED

### Factoring & Primality

Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

### Chapter 9 Public Key Cryptography and RSA

Chapter 9 Public Key Cryptography and RSA Cryptography and Network Security: Principles and Practices (3rd Ed.) 2004/1/15 1 9.1 Principles of Public Key Private-Key Cryptography traditional private/secret/single

### Prime Numbers. Chapter Primes and Composites

Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### A Comparison Of Integer Factoring Algorithms. Keyur Anilkumar Kanabar

A Comparison Of Integer Factoring Algorithms Keyur Anilkumar Kanabar Batchelor of Science in Computer Science with Honours The University of Bath May 2007 This dissertation may be made available for consultation

### Number Theory and Cryptography using PARI/GP

Number Theory and Cryptography using Minh Van Nguyen nguyenminh2@gmail.com 25 November 2008 This article uses to study elementary number theory and the RSA public key cryptosystem. Various commands will

### Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests

Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests Jean Gallier Department of Computer and Information Science University of Pennsylvania

### Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

Lee 1 Primes in Sequences By: Jae Young Lee Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov Lee 2 Jae Young Lee MA341 Number Theory PRIMES IN SEQUENCES

### UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

### Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

### Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University

Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem

### FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### Computer and Network Security

MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### Factorization of a 1061-bit number by the Special Number Field Sieve

Factorization of a 1061-bit number by the Special Number Field Sieve Greg Childers California State University Fullerton Fullerton, CA 92831 August 4, 2012 Abstract I provide the details of the factorization

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### The RSA Algorithm. Evgeny Milanov. 3 June 2009

The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### On Factoring Integers and Evaluating Discrete Logarithms

On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements

### RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1

### EULER S THEOREM. 1. Introduction Fermat s little theorem is an important property of integers to a prime modulus. a p 1 1 mod p.

EULER S THEOREM KEITH CONRAD. Introduction Fermat s little theorem is an important property of integers to a prime modulus. Theorem. (Fermat). For prime p and any a Z such that a 0 mod p, a p mod p. If

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### Cryptography and Network Security Number Theory

Cryptography and Network Security Number Theory Xiang-Yang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime

### Integer Factorization

Master Thesis D I K U Department of Computer Science University of Copenhagen Fall 2005 This document is typeset using L A TEX 2ε. ii Abstract Many public key cryptosystems depend on

### Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

### Two Integer Factorization Methods

Two Integer Factorization Methods Christopher Koch April 22, 2014 Abstract Integer factorization methods are algorithms that find the prime divisors of any positive integer. Besides studying trial division

### PRIME NUMBERS & SECRET MESSAGES

PRIME NUMBERS & SECRET MESSAGES I. RSA CODEBREAKER GAME This is a game with two players or teams. The players take turns selecting either prime or composite numbers as outlined on the board below. The

### RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

### The Quadratic Sieve Factoring Algorithm

The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 Introduction Mathematicians have been attempting to find better and faster ways to factor composite

### Cryptography and Network Security Chapter 8

Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:

### The Mathematical Cryptography of the RSA Cryptosystem

The Mathematical Cryptography of the RSA Cryptosystem Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France abderrahmanenitaj@unicaenfr http://wwwmathunicaenfr/~nitaj

### The Laws of Cryptography Cryptographers Favorite Algorithms

2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field

### Determining the Optimal Combination of Trial Division and Fermat s Factorization Method

Determining the Optimal Combination of Trial Division and Fermat s Factorization Method Joseph C. Woodson Home School P. O. Box 55005 Tulsa, OK 74155 Abstract The process of finding the prime factorization

### Public-key cryptography RSA

Public-key cryptography RSA NGUYEN Tuong Lan LIU Yi Master Informatique University Lyon 1 Objective: Our goal in the study is to understand the algorithm RSA, some existence attacks and implement in Java.

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Factoring a semiprime n by estimating φ(n)

Factoring a semiprime n by estimating φ(n) Kyle Kloster May 7, 2010 Abstract A factoring algorithm, called the Phi-Finder algorithm, is presented that factors a product of two primes, n = pq, by determining

### PRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena

PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Department of Computer Science & Engineering Indian Institute of Technology Kanpur Kanpur-208016, INDIA Email: {manindra,kayaln,nitinsa}@iitk.ac.in

### 7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

### STRUCTURE AND RANDOMNESS IN THE PRIME NUMBERS. 1. Introduction. The prime numbers 2, 3, 5, 7,... are one of the oldest topics studied in mathematics.

STRUCTURE AND RANDOMNESS IN THE PRIME NUMBERS TERENCE TAO Abstract. A quick tour through some topics in analytic prime number theory.. Introduction The prime numbers 2, 3, 5, 7,... are one of the oldest

### Runtime and Implementation of Factoring Algorithms: A Comparison

Runtime and Implementation of Factoring Algorithms: A Comparison Justin Moore CSC290 Cryptology December 20, 2003 Abstract Factoring composite numbers is not an easy task. It is classified as a hard algorithm,

### Symmetric Key cryptosystem

SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

### 3. Computational Complexity.

3. Computational Complexity. (A) Introduction. As we will see, most cryptographic systems derive their supposed security from the presumed inability of any adversary to crack certain (number theoretic)

### 2.1 Complexity Classes

15-859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look

### 1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

### Number Theory and the RSA Public Key Cryptosystem

Number Theory and the RSA Public Key Cryptosystem Minh Van Nguyen nguyenminh2@gmail.com 05 November 2008 This tutorial uses to study elementary number theory and the RSA public key cryptosystem. A number

### EXAM questions for the course TTM4135 - Information Security June 2010. Part 1

EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question

### 6 Introduction to Cryptography

6 Introduction to Cryptography This section gives a short introduction to cryptography. It is based on the recent tutorial by Jörg Rothe. For an in-depth treatment of cryptography, please consult the Handbook

### ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Factoring Algorithms

Institutionen för Informationsteknologi Lunds Tekniska Högskola Department of Information Technology Lund University Cryptology - Project 1 Factoring Algorithms The purpose of this project is to understand