Factoring integers, Producing primes and the RSA cryptosystem


 Stephanie Stone
 2 years ago
 Views:
Transcription
1 Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 1, 2014 Factoring integers, Producing primes and the RSA cryptosystem Francesco Pappalardi
2 Factoring integers,..., RSA Erbil, Kurdistan 1 How large are large numbers? number of cells in a human body: number of atoms in the universe: number of subatomic particles in the universe: number of atoms in a Human Brain: number of atoms in a cat: 10 26
3 Factoring integers,..., RSA Erbil, Kurdistan 2 RSA 2048 = RSA 2048 is a 617 (decimal) digit number
4 Factoring integers,..., RSA Erbil, Kurdistan 3 RSA 2048 =p q, p, q PROBLEM: Compute p and q Price offered on MArch 18, 1991: US$ ( Iraq Dinars)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k Regrettably: RSAlabs believes that factoring in one year requires: number computers memory RSA Tb RSA , 000, Gb RSA ,000 4Gb.
5 Factoring integers,..., RSA Erbil, Kurdistan 4 Challenge Number Prize ($US) RSA 576 $10,000 RSA 640 $20,000 RSA 704 $30,000 RSA 768 $50,000 RSA 896 $75,000 RSA 1024 $100,000 RSA 1536 $150,000 RSA 2048 $200,000
6 Factoring integers,..., RSA Erbil, Kurdistan 4 Numero Premio ($US) Status RSA 576 $10,000 Factored December 2003 RSA 640 $20,000 Factored November 2005 RSA 704 $30,000 Factored July, RSA 768 $50,000 Factored December, RSA 896 $75,000 Not factored RSA 1024 $100,000 Not factored RSA 1536 $150,000 Not factored RSA 2048 $200,000 Not factored The RSA challenges ended in RSA Laboratories stated: Now that the industry has a considerably more advanced understanding of the cryptanalytic strength of common symmetrickey and publickey algorithms, these challenges are no longer active.
7 Factoring integers,..., RSA Erbil, Kurdistan 5 Famous citation!!! A phenomenon whose probability is never happens, and it will never observed.  Émil Borel (Les probabilités et sa vie)
8 Factoring integers,..., RSA Erbil, Kurdistan 6 History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS 1987 Elliptic curves factoring ECF (Lenstra)
9 Factoring integers,..., RSA Erbil, Kurdistan 7 History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene)
10 Factoring integers,..., RSA Erbil, Kurdistan 8 History of the Art of Factoring 1730 Euler =
11 Factoring integers,..., RSA Erbil, Kurdistan 9 How did Euler factor ? Proposition Suppose p is a prime factor of b n + 1. Then 1. p is a divisor of b d + 1 for some proper divisor d of n such that n/d is odd or 2. p 1 is divisible by 2n. Application: Let b = 2 and n = 2 5 = 64. Then is prime or it is divisible by a prime p such that p 1 is divisible by 128. Note that = 3 43, = 257 is prime, = , = and = 641 is prime. Finally = =
12 Factoring integers,..., RSA Erbil, Kurdistan 10 History of the Art of Factoring 1730 Euler =
13 Factoring integers,..., RSA Erbil, Kurdistan 11 History of the Art of Factoring Fermat, Gauss (Sieves  Tables)
14 Factoring integers,..., RSA Erbil, Kurdistan 12 History of the Art of Factoring Fermat, Gauss (Sieves  Tables) Factoring with sieves N = x 2 y 2 = (x y)(x + y)
15 Factoring integers,..., RSA Erbil, Kurdistan 13 Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris shallit/papers/carissan.html
16 Factoring integers,..., RSA Erbil, Kurdistan 14 Figure 2: Lieutenant Eugène Carissan = minutes = minutes = minutes
17 Factoring integers,..., RSA Erbil, Kurdistan 15 State of the Art of Factoring John Brillhart & Michael A. Morrison =
18 Factoring integers,..., RSA Erbil, Kurdistan 16 State of the Art of Factoring is called the n th Fermat number F n = 2 (2n) + 1 Up to today only from F 0 to F 11 are factores. It is not known the factorization of F 12 =
19 Factoring integers,..., RSA Erbil, Kurdistan 17 State of the Art of Factoring Carl Pomerance  Quadratic Sieve
20 Factoring integers,..., RSA Erbil, Kurdistan 18 State of the Art of Factoring Hendrik Lenstra  Elliptic curves factoring
21 Factoring integers,..., RSA Erbil, Kurdistan 19 Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by H. Lenstra. suitable to detect small factors (50 digits) all have sub exponential complexity
22 Factoring integers,..., RSA Erbil, Kurdistan 20 The factorization of RSA 200 RSA 200 = Date: Mon, 9 May :05: (CEST) From: Thorsten Kleinjung Subject: rsa200 We have factored RSA200 by GNFS. The factors are and We did lattice sieving for most special q between 3e8 and 11e8 using mainly factor base bounds of 3e8 on the algebraic side and 18e7 on the rational side. The bounds for large primes were This produced 26e8 relations. Together with 5e7 relations from line sieving the total yield was 27e8 relations. After removing duplicates 226e7 relations remained. A filter job produced a matrix with 64e6 rows and columns, having 11e9 nonzero entries. This was solved by BlockWiedemann. Sieving has been done on a variety of machines. We estimate that lattice sieving would have taken 55 years on a single 2.2 GHz Opteron CPU. Note that this number could have been improved if instead of the PIII binary which we used for sieving, we had used a version of the latticesiever optimized for Opteron CPU s which we developed in the meantime. The matrix step was performed on a cluster of GHz Opterons connected via a Gigabit network and took about 3 months. We started sieving shortly before Christmas 2003 and continued until October The matrix step began in December Line sieving was done by P. Montgomery and H. te Riele at the CWI, by F. Bahr and his family. More details will be given later. F. Bahr, M. Boehm, J. Franke, T. Kleinjung
23 Factoring integers,..., RSA Erbil, Kurdistan 21 Factorization of RSA 768
24 Factoring integers,..., RSA Erbil, Kurdistan 22 RSA Adi Shamir, Ron L. Rivest, Leonard Adleman (1978)
25 Factoring integers,..., RSA Erbil, Kurdistan 23 RSA Ron L. Rivest, Adi Shamir, Leonard Adleman (2003)
26 Factoring integers,..., RSA Erbil, Kurdistan 24 The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption ❹ Attack Bob has to do it Alice has to do it Bob has to do it Charles would like to do it
27 Factoring integers,..., RSA Erbil, Kurdistan 25 Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d Problem: How does Bob do all this? We will go came back to it!
28 Factoring integers,..., RSA Erbil, Kurdistan 26 Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar: E(Sukumar) = (mod ) = = C = JGEBNBAUYTCOFJ
29 Factoring integers,..., RSA Erbil, Kurdistan 27 Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Therefore (ed 1 mod ϕ(m)) Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. D(E(P)) = P ed P mod M Example(cont.):d = mod ϕ( ) = D(JGEBNBAUYTCOFJ) = (mod ) = Sukumar
30 Factoring integers,..., RSA Erbil, Kurdistan 28 RSA at work
31 Factoring integers,..., RSA Erbil, Kurdistan 29 Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1 ) a b mod c = mod c ( [log2 b] j=0,ɛ j =1 a2j mod c
32 Factoring integers,..., RSA Erbil, Kurdistan 30 #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c To encrypt with e = , only 17 operations in Z/MZ are enough
33 Factoring integers,..., RSA Erbil, Kurdistan 31 Key generation Problem. Produce a random prime p subproblems: Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test False Metropolitan Legend: Check primality is equivalent to factoring
34 Factoring integers,..., RSA Erbil, Kurdistan 32 A. Distribution of prime numbers Quantitative version: π(x) = #{p x t. c. p is prime} Theorem. (Hadamard  de la vallee Pussen ) π(x) x log x Therefore Theorem. (Rosser  Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/ < P rob ( (Random( ) = prime ) <
35 Factoring integers,..., RSA Erbil, Kurdistan 33 If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1}
36 Factoring integers,..., RSA Erbil, Kurdistan 34 To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1} then 4 4 x 4 < Ψ(x, 30) < x + 4 Hence, if P k is the probability that among k random numbers coprime with 30, there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Ψ(10 100, 30) and < P 250 <
37 Factoring integers,..., RSA Erbil, Kurdistan 35 B. Primality test Fermat Little Theorem. If p is prime, p a N a p 1 1 mod p NONprimality test M Z, 2 M 1 1 mod M => Mcomposite! Example: 2 RSA mod RSA 2048 Therefore RSA 2048 is composite! Fermat little Theorem does not invert. Infact (mod 93961) but =
38 Factoring integers,..., RSA Erbil, Kurdistan 36 Strong pseudo primes From now on m 3 mod 4 (just to simplify the notation) Definition. m N, m 3 mod 4, composite is said strong pseudo prime (SPSP) in base a if a (m 1)/2 ±1 (mod m). Note. If p > 2 prime => a (p 1)/2 ±1 (mod p) Let S = {a Z/mZ s.t. gcd(m, a) = 1, a (m 1)/2 ±1 (mod m)} ➀ S (Z/mZ) subgroup ➁ If m is composite => proper subgroup ➂ If m is composite => #S ϕ(m) 4 ➃ If m is composite => P rob(m PSPF in base a) 0, 25
39 Factoring integers,..., RSA Erbil, Kurdistan 37 Miller Rabin primality test Let m 3 mod 4 Miller Rabin algorithm with k iterations N = (m 1)/2 for j = 0 to k do a =Random(m) if a N ±1 mod m then OUPUT=(m composite): endfor OUTPUT=(m prime) END Monte Carlo primality test P rob(miller Rabin says m prime and m is composite) 1 4 k In the real world, software uses Miller Rabin with k = 10
40 Factoring integers,..., RSA Erbil, Kurdistan 38 Deterministic primality tests Theorem. (Miller, Bach) If m is composite, then GRH => a 2 log 2 m s.t. a (m 1)/2 ±1 (mod m). (i.e. m is not SPSP in base a.) Consequence: Miller Rabin de randomizes on GRH (m 3 mod 4) for a = 2 to 2 log 2 m do if a (m 1)/2 ±1 mod m then OUPUT=(m composite): endfor OUTPUT=(m prime) END Deterministic Polynomial time algorithm It runs in O(log 5 m) operations in Z/mZ.
41 Factoring integers,..., RSA Erbil, Kurdistan 39 Certified prime records , digits (discovered in 01/2014 ) , digits (discovered in 2008) , digits (discovered in 2009) , digits (discovered in 2008) , digits (discovered in 2006) , digits (discovered in 2005) , digits (discovered in 2005) , digits (discovered in 2004) , digits (discovered in 2003) , digits (discovered in 2001) , digits (discovered in 1999) , digits (discovered in 2003)
42 Factoring integers,..., RSA Erbil, Kurdistan 40 Great Internet Mersenne Prime Search (GIMPS) The Great Internet Mersenne Prime Search (GIMPS) is a collaborative project of volunteers who use freely available software to search for Mersenne prime numbers (i.e. prime numbers of the form 2 p 1 (p prime)). The project was founded by George Woltman in January 1996.
43 Factoring integers,..., RSA Erbil, Kurdistan 41 The AKS deterministic primality test Department of Computer Science & Engineering, I.I.T. Kanpur, Agost 8, Nitin Saxena, Neeraj Kayal and Manindra Agarwal New deterministic, polynomial time, primality test. Solves #1 open question in computational number theory
44 Factoring integers,..., RSA Erbil, Kurdistan 42 How does the AKS work? Theorem. (AKS) Let n N. Assume q, r primes, S N finite: q r 1; n (r 1)/q mod r {0, 1}; gcd(n, b b ) = 1, b, b S (distinct); ( ) q+#s 1 #S n 2 r ; (x + b) n = x n + b in Z/nZ[x]/(x r 1), b S; Then n is a power of a prime Bernstein formulation Fouvry Theorem (1985) => r log 6 n, s log 4 n => AKS runs in O(log 15 n) operations in Z/nZ. Many simplifications and improvements: Bernstein, Lenstra, Pomerance...
45 Factoring integers,..., RSA Erbil, Kurdistan 43 Why is RSA safe? It is clear that if Charles can factor M, then he can also compute ϕ(m) and then also d so to decrypt messages Computing ϕ(m) is equivalent to completely factor M. In fact p, q = M ϕ(m) + 1 ± (M ϕ(m) + 1) 2 4M 2 RSA Hypothesis. The only way to compute efficiently x 1/e mod M, x Z/MZ (i.e. decrypt messages) is to factor M In other words The two problems are polynomially equivalent
46 Factoring integers,..., RSA Erbil, Kurdistan 44 Two kinds of Cryptography Private key (or symmetric) Lucifer DES AES Public key RSA Diffie Hellmann Knapsack NTRU
47 Factoring integers,..., RSA Erbil, Kurdistan 45 Another quotation!!! Have you ever noticed that there s no attempt being made to find really large numbers that aren t prime. I mean, wouldn t you like to see a news report that says Today the Department of Computer Sciences at the University of Washington annouced that 2 58,111,625, is even. This is the largest nonprime yet reported.  University of Washington (Bathroom Graffiti)
Factoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute
RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,
More informationFactoring integers and Producing primes
Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco
More informationPrimality  Factorization
Primality  Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.
More informationPrimality Testing and Factorization Methods
Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,
More informationMathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information
The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet
More informationIs n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur
Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods
More informationRecent Breakthrough in Primality Testing
Nonlinear Analysis: Modelling and Control, 2004, Vol. 9, No. 2, 171 184 Recent Breakthrough in Primality Testing R. Šleževičienė, J. Steuding, S. Turskienė Department of Computer Science, Faculty of Physics
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationMATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction
MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationTHE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY.
THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY. IAN KIMING 1. Forbemærkning. Det kan forekomme idiotisk, at jeg som dansktalende og skrivende i et danskbaseret tidsskrift med en (formentlig) primært dansktalende
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationArithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJPRG. R. Barbulescu Sieves 0 / 28
Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJPRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer
More informationPublicKey Cryptanalysis 1: Introduction and Factoring
PublicKey Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is publickey crypto
More informationLecture Note 5 PUBLICKEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLICKEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security  MA61027 Modern/Publickey cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationCryptography: RSA and the discrete logarithm problem
Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy)  Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 20002001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More information(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map
22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE COFACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II MohammediaCasablanca,
More informationInteger Factorization using the Quadratic Sieve
Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give
More informationFactoring. Factoring 1
Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like
More informationLecture 13  Basic Number Theory.
Lecture 13  Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are nonnegative integers. We say that A divides B, denoted
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationAn Overview of Integer Factoring Algorithms. The Problem
An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Publickey cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationFaster deterministic integer factorisation
David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers
More informationMA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins
MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationA Comparison Of Integer Factoring Algorithms. Keyur Anilkumar Kanabar
A Comparison Of Integer Factoring Algorithms Keyur Anilkumar Kanabar Batchelor of Science in Computer Science with Honours The University of Bath May 2007 This dissertation may be made available for consultation
More informationNumber Theory and Cryptography using PARI/GP
Number Theory and Cryptography using Minh Van Nguyen nguyenminh2@gmail.com 25 November 2008 This article uses to study elementary number theory and the RSA public key cryptosystem. Various commands will
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationFactoring Algorithms
Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors
More informationPrimes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov
Lee 1 Primes in Sequences By: Jae Young Lee Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov Lee 2 Jae Young Lee MA341 Number Theory PRIMES IN SEQUENCES
More informationFACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY
FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this
More informationNotes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests
Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests Jean Gallier Department of Computer and Information Science University of Pennsylvania
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationFactorization of a 1061bit number by the Special Number Field Sieve
Factorization of a 1061bit number by the Special Number Field Sieve Greg Childers California State University Fullerton Fullerton, CA 92831 August 4, 2012 Abstract I provide the details of the factorization
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationComputer and Network Security
MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest
More informationOn Factoring Integers and Evaluating Discrete Logarithms
On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationThe RSA Algorithm. Evgeny Milanov. 3 June 2009
The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 97413 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationRSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p1)(q1) = φ(n). Is this true?
RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p1)(q1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e 1
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationCryptography and Network Security Number Theory
Cryptography and Network Security Number Theory XiangYang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime
More informationInteger Factorization
Master Thesis D I K U Department of Computer Science University of Copenhagen Fall 2005 This document is typeset using L A TEX 2ε. ii Abstract Many public key cryptosystems depend on
More informationPublickey cryptography RSA
Publickey cryptography RSA NGUYEN Tuong Lan LIU Yi Master Informatique University Lyon 1 Objective: Our goal in the study is to understand the algorithm RSA, some existence attacks and implement in Java.
More informationTwo Integer Factorization Methods
Two Integer Factorization Methods Christopher Koch April 22, 2014 Abstract Integer factorization methods are algorithms that find the prime divisors of any positive integer. Besides studying trial division
More informationThe Quadratic Sieve Factoring Algorithm
The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 Introduction Mathematicians have been attempting to find better and faster ways to factor composite
More informationCryptography and Network Security Chapter 8
Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationDetermining the Optimal Combination of Trial Division and Fermat s Factorization Method
Determining the Optimal Combination of Trial Division and Fermat s Factorization Method Joseph C. Woodson Home School P. O. Box 55005 Tulsa, OK 74155 Abstract The process of finding the prime factorization
More informationEXAM questions for the course TTM4135  Information Security June 2010. Part 1
EXAM questions for the course TTM4135  Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationFactoring a semiprime n by estimating φ(n)
Factoring a semiprime n by estimating φ(n) Kyle Kloster May 7, 2010 Abstract A factoring algorithm, called the PhiFinder algorithm, is presented that factors a product of two primes, n = pq, by determining
More informationPRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena
PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Department of Computer Science & Engineering Indian Institute of Technology Kanpur Kanpur208016, INDIA Email: {manindra,kayaln,nitinsa}@iitk.ac.in
More information3. Computational Complexity.
3. Computational Complexity. (A) Introduction. As we will see, most cryptographic systems derive their supposed security from the presumed inability of any adversary to crack certain (number theoretic)
More informationRuntime and Implementation of Factoring Algorithms: A Comparison
Runtime and Implementation of Factoring Algorithms: A Comparison Justin Moore CSC290 Cryptology December 20, 2003 Abstract Factoring composite numbers is not an easy task. It is classified as a hard algorithm,
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (PublicKey) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 811 200 Lecturer: Kartik Krishnan Lectures 222 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More information2.1 Complexity Classes
15859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationNumber Theory and the RSA Public Key Cryptosystem
Number Theory and the RSA Public Key Cryptosystem Minh Van Nguyen nguyenminh2@gmail.com 05 November 2008 This tutorial uses to study elementary number theory and the RSA public key cryptosystem. A number
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationThe Mathematical Cryptography of the RSA Cryptosystem
The Mathematical Cryptography of the RSA Cryptosystem Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France abderrahmanenitaj@unicaenfr http://wwwmathunicaenfr/~nitaj
More information2 Primality and Compositeness Tests
Int. J. Contemp. Math. Sciences, Vol. 3, 2008, no. 33, 16351642 On Factoring R. A. Mollin Department of Mathematics and Statistics University of Calgary, Calgary, Alberta, Canada, T2N 1N4 http://www.math.ucalgary.ca/
More informationFactoring Algorithms
Institutionen för Informationsteknologi Lunds Tekniska Högskola Department of Information Technology Lund University Cryptology  Project 1 Factoring Algorithms The purpose of this project is to understand
More informationECE 842 Report Implementation of Elliptic Curve Cryptography
ECE 842 Report Implementation of Elliptic Curve Cryptography WeiYang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET  University of Roma La Sapienza Email: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationCRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice
CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER
More informationRSA Keys with Common Factors
RSA Keys with Common Factors Joppe W. Bos Cryptography group extreme Computing Group, Microsoft Research 1 / 19 Outline 2 / 19 PublicKey Cryptography 3 / 19 Cryptanalysis of PublicKey Cryptography Popular
More informationElementary Number Theory We begin with a bit of elementary number theory, which is concerned
CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,
More information1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationOn Generalized Fermat Numbers 3 2n +1
Applied Mathematics & Information Sciences 4(3) (010), 307 313 An International Journal c 010 Dixie W Publishing Corporation, U. S. A. On Generalized Fermat Numbers 3 n +1 Amin Witno Department of Basic
More informationSoftware Implementation of GongHarn Publickey Cryptosystem and Analysis
Software Implementation of GongHarn Publickey Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationINTEGER FACTORING USING SMALL ALGEBRAIC DEPENDENCIES
INTEGER FACTORING USING SMALL ALGEBRAIC DEPENDENCIES MANINDRA AGRAWAL, NITIN SAXENA, AND SHUBHAM SAHAI SRIVASTAVA Abstract Integer factoring is a curious number theory problem with wide applications in
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by XiangYang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationCRYPTOG NETWORK SECURITY
CRYPTOG NETWORK SECURITY PRINCIPLES AND PRACTICES FOURTH EDITION William Stallings Prentice Hall Upper Saddle River, NJ 07458 'jkfetmhki^^rij^jibwfcmf «MMr""'^.;
More informationThe science of encryption: prime numbers and mod n arithmetic
The science of encryption: prime numbers and mod n arithmetic Go check your email. You ll notice that the webpage address starts with https://. The s at the end stands for secure meaning that a process
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? Oneway functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards
More informationAn Introduction to RSA PublicKey Cryptography
An Introduction to RSA PublicKey Cryptography David Boyhan August 5, 2008 According to the U.S. Census Bureau, in the 1st quarter of 2008, approximately $33 billion worth of retail sales were conducted
More informationOptimization of the MPQSfactoring algorithm on the Cyber 205 and the NEC SX2
Optimization of the MPQSfactoring algorithm on the Cyber 205 and the NEC SX2 Walter Lioen, Herman te Riele, Dik Winter CWI P.O. Box 94079, 1090 GB Amsterdam, The Netherlands ABSTRACT This paper describes
More information