Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

Size: px
Start display at page:

Download "Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute"

Transcription

1 RSA cryptosystem HRI, Allahabad, February, Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005

2 RSA cryptosystem HRI, Allahabad, February,

3 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =

4 RSA cryptosystem HRI, Allahabad, February, RSA 2048 = RSA 2048 is a 617 (decimal) digit number

5 RSA cryptosystem HRI, Allahabad, February, RSA 2048 = RSA 2048 is a 617 (decimal) digit number

6 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q

7 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q

8 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!!

9 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k

10 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k Regrettably: RSAlabs believes that factoring in one year requires: number computers memory RSA Tb RSA , 000, Gb RSA ,000 4Gb.

11 RSA cryptosystem HRI, Allahabad, February,

12 RSA cryptosystem HRI, Allahabad, February, Challenge Number Prize ($US) RSA 576 $10,000 RSA 640 $20,000 RSA 704 $30,000 RSA 768 $50,000 RSA 896 $75,000 RSA 1024 $100,000 RSA 1536 $150,000 RSA 2048 $200,000

13 RSA cryptosystem HRI, Allahabad, February, Challenge Number Prize ($US) Status RSA 576 $10,000 Factored December 2003 RSA 640 $20,000 Not Factored RSA 704 $30,000 Not Factored RSA 768 $50,000 Not Factored RSA 896 $75,000 Not Factored RSA 1024 $100,000 Not Factored RSA 1536 $150,000 Not Factored RSA 2048 $200,000 Not Factored

14 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring

15 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene )

16 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler =

17 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables)

18 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: =

19 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine)

20 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart =

21 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS

22 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves - Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS 1987 Elliptic curves factoring ECF (Lenstra)

23 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine

24 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris

25 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris shallit/papers/carissan.html

26 RSA cryptosystem HRI, Allahabad, February, Figure 2: Lieutenant Eugène Carissan

27 RSA cryptosystem HRI, Allahabad, February, Figure 2: Lieutenant Eugène Carissan = minutes = minutes = minutes

28 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring

29 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = =

30 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = =

31 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = =

32 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by da H. Lenstra. suitable to find prime factors with 50 digits (small)

33 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by da H. Lenstra. suitable to find prime factors with 50 digits (small)

34 RSA cryptosystem HRI, Allahabad, February, All: sub exponential running time

35 RSA cryptosystem HRI, Allahabad, February, RSA Adi Shamir, Ron L. Rivest, Leonard Adleman (1978)

36 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem

37 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998)

38 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it

39 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles)

40 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it ❶ ❷ ❸ ❹ A (Alice) B (Bob) C (Charles)

41 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation Bob has to do it ❷ ❸ ❹

42 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption Bob has to do it Alice has to do it ❸ ❹

43 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption Bob has to do it Alice has to do it Bob has to do it ❹

44 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption ❹ Attack Bob has to do it Alice has to do it Bob has to do it Charles would like to do it

45 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation

46 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation

47 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q )

48 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1)

49 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t.

50 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1

51 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3

52 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e =

53 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m)

54 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m)))

55 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d

56 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d Problem: How does Bob do all this?- We will go came back to it!

57 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption

58 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ

59 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA 27...

60 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding

61 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M)

62 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar:

63 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar: E(Sukumar) = (mod ) = = C = JGEBNBAUYTCOFJ

64 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption

65 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M)

66 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d.

67 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m.

68 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. Therefore (ed 1 mod ϕ(m)) D(E(P)) = P ed P mod M

69 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Therefore (ed 1 mod ϕ(m)) Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. D(E(P)) = P ed P mod M Example(cont.):d = mod ϕ( ) = D(JGEBNBAUYTCOFJ) = (mod ) = Sukumar

70 RSA cryptosystem HRI, Allahabad, February, RSA at work

71 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm

72 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c?

73 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod )

74 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod )

75 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j

76 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j =

77 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]:

78 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c

79 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1

80 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1 ) a b mod c = mod c ( [log2 b] j=0,ɛ j =1 a2j mod c

81 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b

82 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z

83 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c

84 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c

85 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c To encrypt with e = , only 17 operations in Z/MZ are enough

86 RSA cryptosystem HRI, Allahabad, February, Key generation

87 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1

88 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems:

89 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?)

90 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test

91 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test False Metropolitan Legend: Check primality is equivalent to factoring

92 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers

93 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers π(x) = #{p x t. c. p is prime}

94 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers π(x) = #{p x t. c. p is prime} Theorem. (Hadamard - de la vallee Pussen ) π(x) x log x

95 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers Quantitative version: π(x) = #{p x t. c. p is prime} Theorem. (Hadamard - de la vallee Pussen ) π(x) x log x Theorem. (Rosser - Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/2

96 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers Quantitative version: Therefore π(x) = #{p x t. c. p is prime} Theorem. (Hadamard - de la vallee Pussen ) π(x) x log x Theorem. (Rosser - Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/ < P rob (Random( ) = prime <

97 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then

98 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 )

99 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 <

100 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5.

101 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1}

102 RSA cryptosystem HRI, Allahabad, February, To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5.

103 RSA cryptosystem HRI, Allahabad, February, To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1} then

Factoring integers, Producing primes and the RSA cryptosystem

Factoring integers, Producing primes and the RSA cryptosystem Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 1, 2014 Factoring integers, Producing primes and

More information

Factoring integers and Producing primes

Factoring integers and Producing primes Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco

More information

Primality - Factorization

Primality - Factorization Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

More information

Primality Testing and Factorization Methods

Primality Testing and Factorization Methods Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,

More information

Is n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur

Is n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods

More information

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

Prime Numbers The generation of prime numbers is needed for many public key algorithms:

Prime Numbers The generation of prime numbers is needed for many public key algorithms: CA547: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Number Theory 2 7.1 Prime Numbers Prime Numbers The generation of prime numbers is needed for many public key algorithms: RSA: Need to find p and q to compute

More information

Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA. Review: Number Theory Basics Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

More information

3. Applications of Number Theory

3. Applications of Number Theory 3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

More information

Shor s algorithm and secret sharing

Shor s algorithm and secret sharing Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful

More information

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

More information

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

More information

Cryptography: RSA and the discrete logarithm problem

Cryptography: RSA and the discrete logarithm problem Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

More information

Chapter 9 Public Key Cryptography and RSA

Chapter 9 Public Key Cryptography and RSA Chapter 9 Public Key Cryptography and RSA Cryptography and Network Security: Principles and Practices (3rd Ed.) 2004/1/15 1 9.1 Principles of Public Key Private-Key Cryptography traditional private/secret/single

More information

THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY.

THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY. THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY. IAN KIMING 1. Forbemærkning. Det kan forekomme idiotisk, at jeg som dansktalende og skrivende i et danskbaseret tidsskrift med en (formentlig) primært dansktalende

More information

RSA and Primality Testing

RSA and Primality Testing and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

More information

Recent Breakthrough in Primality Testing

Recent Breakthrough in Primality Testing Nonlinear Analysis: Modelling and Control, 2004, Vol. 9, No. 2, 171 184 Recent Breakthrough in Primality Testing R. Šleževičienė, J. Steuding, S. Turskienė Department of Computer Science, Faculty of Physics

More information

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map 22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

More information

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

More information

Mathematics is the queen of sciences and number theory is the queen of mathematics.

Mathematics is the queen of sciences and number theory is the queen of mathematics. Number Theory Mathematics is the queen of sciences and number theory is the queen of mathematics. But why is it computer science? It turns out to be critical for cryptography! Carl Friedrich Gauss Division

More information

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem

More information

Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Public-key cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions

More information

9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

More information

An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms. The Problem An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

More information

The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

More information

Public-Key Cryptography. Oregon State University

Public-Key Cryptography. Oregon State University Public-Key Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secret-key cryptography Exchange the key

More information

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28 Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

More information

Is n a prime number? Nitin Saxena. Turku, May Centrum voor Wiskunde en Informatica Amsterdam

Is n a prime number? Nitin Saxena. Turku, May Centrum voor Wiskunde en Informatica Amsterdam Is n a prime number? Nitin Saxena Centrum voor Wiskunde en Informatica Amsterdam Turku, May 2007 Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 1 / 36 Outline 1 The Problem 2 The High

More information

Faster deterministic integer factorisation

Faster deterministic integer factorisation David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests

Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests Notes on Public Key Cryptography And Primality Testing Part 1: Randomized Algorithms Miller Rabin and Solovay Strassen Tests Jean Gallier Department of Computer and Information Science University of Pennsylvania

More information

Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

More information

Prime numbers for Cryptography

Prime numbers for Cryptography Prime numbers for Cryptography What this is going to cover Primes, products of primes and factorisation How to win a million dollars Generating small primes quickly How many primes are there and how many

More information

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

More information

PRIME NUMBERS & SECRET MESSAGES

PRIME NUMBERS & SECRET MESSAGES PRIME NUMBERS & SECRET MESSAGES I. RSA CODEBREAKER GAME This is a game with two players or teams. The players take turns selecting either prime or composite numbers as outlined on the board below. The

More information

Applied Cryptography Public Key Algorithms

Applied Cryptography Public Key Algorithms Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013 FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

More information

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

More information

CRYPTOGRAPHIC ALGORITHMS (AES, RSA)

CRYPTOGRAPHIC ALGORITHMS (AES, RSA) CALIFORNIA STATE POLYTECHNIC UNIVERSITY, POMONA CRYPTOGRAPHIC ALGORITHMS (AES, RSA) A PAPER SUBMITTED TO PROFESSOR GILBERT S. YOUNG IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE COURSE CS530 : ADVANCED

More information

The RSA Algorithm. Evgeny Milanov. 3 June 2009

The RSA Algorithm. Evgeny Milanov. 3 June 2009 The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Is this number prime? Berkeley Math Circle Kiran Kedlaya

Is this number prime? Berkeley Math Circle Kiran Kedlaya Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

More information

Cryptography and Network Security Number Theory

Cryptography and Network Security Number Theory Cryptography and Network Security Number Theory Xiang-Yang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Factoring & Primality

Factoring & Primality Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

More information

Public-Key Cryptanalysis 1: Introduction and Factoring

Public-Key Cryptanalysis 1: Introduction and Factoring Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Cryptography and Network Security Chapter 8

Cryptography and Network Security Chapter 8 Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:

More information

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Integer Factorization

Integer Factorization Master Thesis D I K U Department of Computer Science University of Copenhagen Fall 2005 This document is typeset using L A TEX 2ε. ii Abstract Many public key cryptosystems depend on

More information

Public-Key Cryptography RSA Attacks against RSA. Système et Sécurité

Public-Key Cryptography RSA Attacks against RSA. Système et Sécurité Public-Key Cryptography RSA Attacks against RSA Système et Sécurité 1 Public Key Cryptography Overview Proposed in Diffieand Hellman (1976) New Directions in Cryptography public-key encryption schemes

More information

RSA Public Key Encryption Algorithm Key Generation Select p, q

RSA Public Key Encryption Algorithm Key Generation Select p, q RSA Public Key Encryption Algorithm Key Generation Select p, q p and q both prime Calculate n n = p q Select integer d gcd( (n), d) = 1; 1 < d < (n) Calculate e e = d -1 mod (n) Public Key KU = {e, n}

More information

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

PUBLIC KEY ENCRYPTION

PUBLIC KEY ENCRYPTION PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Communications security

Communications security University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm

More information

Number Theory and Cryptography using PARI/GP

Number Theory and Cryptography using PARI/GP Number Theory and Cryptography using Minh Van Nguyen nguyenminh2@gmail.com 25 November 2008 This article uses to study elementary number theory and the RSA public key cryptosystem. Various commands will

More information

STRUCTURE AND RANDOMNESS IN THE PRIME NUMBERS. 1. Introduction. The prime numbers 2, 3, 5, 7,... are one of the oldest topics studied in mathematics.

STRUCTURE AND RANDOMNESS IN THE PRIME NUMBERS. 1. Introduction. The prime numbers 2, 3, 5, 7,... are one of the oldest topics studied in mathematics. STRUCTURE AND RANDOMNESS IN THE PRIME NUMBERS TERENCE TAO Abstract. A quick tour through some topics in analytic prime number theory.. Introduction The prime numbers 2, 3, 5, 7,... are one of the oldest

More information

On Factoring Integers and Evaluating Discrete Logarithms

On Factoring Integers and Evaluating Discrete Logarithms On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements

More information

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

More information

3. Computational Complexity.

3. Computational Complexity. 3. Computational Complexity. (A) Introduction. As we will see, most cryptographic systems derive their supposed security from the presumed inability of any adversary to crack certain (number theoretic)

More information

A Factoring and Discrete Logarithm based Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

More information

An Introduction to the RSA Encryption Method

An Introduction to the RSA Encryption Method April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems

More information

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov Lee 1 Primes in Sequences By: Jae Young Lee Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov Lee 2 Jae Young Lee MA341 Number Theory PRIMES IN SEQUENCES

More information

PRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena

PRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Department of Computer Science & Engineering Indian Institute of Technology Kanpur Kanpur-208016, INDIA Email: {manindra,kayaln,nitinsa}@iitk.ac.in

More information

EULER S THEOREM. 1. Introduction Fermat s little theorem is an important property of integers to a prime modulus. a p 1 1 mod p.

EULER S THEOREM. 1. Introduction Fermat s little theorem is an important property of integers to a prime modulus. a p 1 1 mod p. EULER S THEOREM KEITH CONRAD. Introduction Fermat s little theorem is an important property of integers to a prime modulus. Theorem. (Fermat). For prime p and any a Z such that a 0 mod p, a p mod p. If

More information

A Comparison Of Integer Factoring Algorithms. Keyur Anilkumar Kanabar

A Comparison Of Integer Factoring Algorithms. Keyur Anilkumar Kanabar A Comparison Of Integer Factoring Algorithms Keyur Anilkumar Kanabar Batchelor of Science in Computer Science with Honours The University of Bath May 2007 This dissertation may be made available for consultation

More information

Chapter 10 Asymmetric-Key Cryptography

Chapter 10 Asymmetric-Key Cryptography Chapter 10 Asymmetric-Key Cryptography Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives To distinguish between two cryptosystems: symmetric-key

More information

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice

CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER

More information

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

Chapter 10 Asymmetric-Key Cryptography

Chapter 10 Asymmetric-Key Cryptography Chapter 10 Asymmetric-Key Cryptography Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives Present asymmetric-key cryptography. Distinguish

More information

Public-key cryptography RSA

Public-key cryptography RSA Public-key cryptography RSA NGUYEN Tuong Lan LIU Yi Master Informatique University Lyon 1 Objective: Our goal in the study is to understand the algorithm RSA, some existence attacks and implement in Java.

More information

Prime Numbers. Chapter Primes and Composites

Prime Numbers. Chapter Primes and Composites Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are

More information

Modular arithmetic. x ymodn if x = y +mn for some integer m. p. 1/??

Modular arithmetic. x ymodn if x = y +mn for some integer m. p. 1/?? p. 1/?? Modular arithmetic Much of modern number theory, and many practical problems (including problems in cryptography and computer science), are concerned with modular arithmetic. While this is probably

More information

6 Introduction to Cryptography

6 Introduction to Cryptography 6 Introduction to Cryptography This section gives a short introduction to cryptography. It is based on the recent tutorial by Jörg Rothe. For an in-depth treatment of cryptography, please consult the Handbook

More information

Comparative Analysis for Performance acceleration of Modern Asymmetric Crypto Systems

Comparative Analysis for Performance acceleration of Modern Asymmetric Crypto Systems J. of Comp. and I.T. Vol. 3(1&2), 1-6 (2012). Comparative Analysis for Performance acceleration of Modern Asymmetric Crypto Systems RAJ KUMAR 1 and V.K. SARASWAT 2 1,2 Department of Computer Science, ICIS

More information

The Future of Digital Signatures. Johannes Buchmann

The Future of Digital Signatures. Johannes Buchmann The Future of Digital Signatures Johannes Buchmann Digital Signatures Digital signatures document sign signature verify valid / invalid secret public No IT-Security without digital signatures Software

More information

Module 5: Basic Number Theory

Module 5: Basic Number Theory Module 5: Basic Number Theory Theme 1: Division Given two integers, say a and b, the quotient b=a may or may not be an integer (e.g., 16=4 =4but 12=5 = 2:4). Number theory concerns the former case, and

More information

EXAM questions for the course TTM4135 - Information Security June 2010. Part 1

EXAM questions for the course TTM4135 - Information Security June 2010. Part 1 EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question

More information

Factoring. Factoring 1

Factoring. Factoring 1 Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like

More information

Computer and Network Security

Computer and Network Security MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

More information

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

Exercise 1 Perfect Secrecy

Exercise 1 Perfect Secrecy Exercise 1 Perfect Secrecy Let us consider the following cryptosystem P = {a, b, c}; Pr(a) = 1/2; Pr(b) = 1/3; Pr(c) = 1/6 K = {k1, k2, k3}; Pr(k1) = Pr(k2) = Pr(k2) = 1/3; P=Plaintext C=Ciphertext K=Key

More information

7! Cryptographic Techniques! A Brief Introduction

7! Cryptographic Techniques! A Brief Introduction 7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

More information

UOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f

UOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f UOSEC Week 2: Asymmetric Cryptography Frank farana@uoregon.edu IRC kee Adam pond2@uoregon.edu IRC xe0 IRC: irc.freenode.net #0x4f Agenda HackIM CTF Results GITSC CTF this Saturday 10:00am Basics of Asymmetric

More information