Factoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute


 Cordelia Horn
 1 years ago
 Views:
Transcription
1 RSA cryptosystem HRI, Allahabad, February, Factoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute Allahabad (UP), INDIA February, 2005
2 RSA cryptosystem HRI, Allahabad, February,
3 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =
4 RSA cryptosystem HRI, Allahabad, February, RSA 2048 = RSA 2048 is a 617 (decimal) digit number
5 RSA cryptosystem HRI, Allahabad, February, RSA 2048 = RSA 2048 is a 617 (decimal) digit number
6 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q
7 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q
8 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!!
9 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k
10 RSA cryptosystem HRI, Allahabad, February, RSA 2048 =p q, p, q PROBLEM: Compute p and q Price: US$ ( 87, 36, 000 Indian Rupee)!! Theorem. If a N! p 1 < p 2 < < p k primes s.t. a = p α 1 1 pα k k Regrettably: RSAlabs believes that factoring in one year requires: number computers memory RSA Tb RSA , 000, Gb RSA ,000 4Gb.
11 RSA cryptosystem HRI, Allahabad, February,
12 RSA cryptosystem HRI, Allahabad, February, Challenge Number Prize ($US) RSA 576 $10,000 RSA 640 $20,000 RSA 704 $30,000 RSA 768 $50,000 RSA 896 $75,000 RSA 1024 $100,000 RSA 1536 $150,000 RSA 2048 $200,000
13 RSA cryptosystem HRI, Allahabad, February, Challenge Number Prize ($US) Status RSA 576 $10,000 Factored December 2003 RSA 640 $20,000 Not Factored RSA 704 $30,000 Not Factored RSA 768 $50,000 Not Factored RSA 896 $75,000 Not Factored RSA 1024 $100,000 Not Factored RSA 1536 $150,000 Not Factored RSA 2048 $200,000 Not Factored
14 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring
15 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene )
16 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler =
17 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables)
18 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: =
19 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine)
20 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart =
21 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS
22 RSA cryptosystem HRI, Allahabad, February, History of the Art of Factoring 220 BC Greeks (Eratosthenes of Cyrene ) 1730 Euler = Fermat, Gauss (Sieves  Tables) 1880 Landry & Le Lasseur: = Pierre and Eugène Carissan (Factoring Machine) 1970 Morrison & Brillhart = Quadratic Sieve QS (Pomerance) Number Fields Sieve NFS 1987 Elliptic curves factoring ECF (Lenstra)
23 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine
24 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris
25 RSA cryptosystem HRI, Allahabad, February, Carissan s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et Métiers in Paris shallit/papers/carissan.html
26 RSA cryptosystem HRI, Allahabad, February, Figure 2: Lieutenant Eugène Carissan
27 RSA cryptosystem HRI, Allahabad, February, Figure 2: Lieutenant Eugène Carissan = minutes = minutes = minutes
28 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring
29 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = =
30 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = =
31 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = =
32 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by da H. Lenstra. suitable to find prime factors with 50 digits (small)
33 RSA cryptosystem HRI, Allahabad, February, Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 voluntaries, 20 countries) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = = = ❷ (February ), Number Fields Sieve (NFS): (160 Sun, 4 months) RSA 155 = = = ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = = = ❹ Elliptic curves factoring: introduced by da H. Lenstra. suitable to find prime factors with 50 digits (small)
34 RSA cryptosystem HRI, Allahabad, February, All: sub exponential running time
35 RSA cryptosystem HRI, Allahabad, February, RSA Adi Shamir, Ron L. Rivest, Leonard Adleman (1978)
36 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem
37 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998)
38 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it
39 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles)
40 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it ❶ ❷ ❸ ❹ A (Alice) B (Bob) C (Charles)
41 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation Bob has to do it ❷ ❸ ❹
42 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption Bob has to do it Alice has to do it ❸ ❹
43 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption Bob has to do it Alice has to do it Bob has to do it ❹
44 RSA cryptosystem HRI, Allahabad, February, The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A (Alice) B (Bob) C (Charles) ❶ Key generation ❷ Encryption ❸ Decryption ❹ Attack Bob has to do it Alice has to do it Bob has to do it Charles would like to do it
45 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation
46 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation
47 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q )
48 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1)
49 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t.
50 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1
51 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3
52 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e =
53 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m)
54 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m)))
55 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d
56 RSA cryptosystem HRI, Allahabad, February, Bob: Key generation He chooses randomly p and q primes (p, q ) He computes M = p q, ϕ(m) = (p 1) (q 1) He chooses an integer e s.t. 0 e ϕ(m) and gcd(e, ϕ(m)) = 1 Note. One could take e = 3 and p q 2 mod 3 Experts recommend e = He computes arithmetic inverse d of e modulo ϕ(m) (i.e. d N (unique ϕ(m)) s.t. e d 1 (mod ϕ(m))) Publishes (M, e) public key and hides secret key d Problem: How does Bob do all this? We will go came back to it!
57 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption
58 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ
59 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA 27...
60 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding
61 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M)
62 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar:
63 RSA cryptosystem HRI, Allahabad, February, Alice: Encryption Represent the message P as an element of Z/MZ (for example) A 1 B 2 C 3... Z 26 AA Sukumar = Note. Better if texts are not too short. Otherwise one performs some padding C = E(P) = P e (mod M) Example: p = , q = , M = , e = = 65537, P = Sukumar: E(Sukumar) = (mod ) = = C = JGEBNBAUYTCOFJ
64 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption
65 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M)
66 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d.
67 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m.
68 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. Therefore (ed 1 mod ϕ(m)) D(E(P)) = P ed P mod M
69 RSA cryptosystem HRI, Allahabad, February, Bob: Decryption P = D(C) = C d (mod M) Note. Bob decrypts because he is the only one that knows d. Therefore (ed 1 mod ϕ(m)) Theorem. (Euler) If a, m N, gcd(a, m) = 1, a ϕ(m) 1 (mod m). If n 1 n 2 mod ϕ(m) then a n 1 a n 2 mod m. D(E(P)) = P ed P mod M Example(cont.):d = mod ϕ( ) = D(JGEBNBAUYTCOFJ) = (mod ) = Sukumar
70 RSA cryptosystem HRI, Allahabad, February, RSA at work
71 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm
72 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c?
73 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod )
74 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod )
75 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j
76 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j =
77 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]:
78 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c
79 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1
80 RSA cryptosystem HRI, Allahabad, February, Repeated squaring algorithm Problem: How does one compute a b mod c? (mod ) Compute the binary expansion b = [log 2 b] j=0 ɛ j 2 j = Compute recursively a 2j mod c, j = 1,..., [log 2 b]: ( 2 a 2j mod c = a 2j 1 mod c) mod c Multiply the a 2j mod c with ɛ j = 1 ) a b mod c = mod c ( [log2 b] j=0,ɛ j =1 a2j mod c
81 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b
82 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z
83 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c
84 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c
85 RSA cryptosystem HRI, Allahabad, February, #{oper. in Z/cZ to compute a b mod c} 2 log 2 b JGEBNBAUYTCOFJ is decrypted with 131 operations in Z/ Z Pseudo code: e c (a, b) = a b mod c e c (a, b) = if b = 1 then a mod c if 2 b then e c (a, b 2 )2 mod c else a e c (a, b 1 2 )2 mod c To encrypt with e = , only 17 operations in Z/MZ are enough
86 RSA cryptosystem HRI, Allahabad, February, Key generation
87 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1
88 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems:
89 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?)
90 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test
91 RSA cryptosystem HRI, Allahabad, February, Key generation Problem. Produce a random prime p Probabilistic algorithm (type Las Vegas) 1. Let p = Random( ) 2. If isprime(p)=1 then Output=p else goto 1 subproblems: A. How many iterations are necessary? (i.e. how are primes distributes?) B. How does one check if p is prime? (i.e. how does one compute isprime(p)?) Primality test False Metropolitan Legend: Check primality is equivalent to factoring
92 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers
93 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers π(x) = #{p x t. c. p is prime}
94 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers π(x) = #{p x t. c. p is prime} Theorem. (Hadamard  de la vallee Pussen ) π(x) x log x
95 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers Quantitative version: π(x) = #{p x t. c. p is prime} Theorem. (Hadamard  de la vallee Pussen ) π(x) x log x Theorem. (Rosser  Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/2
96 RSA cryptosystem HRI, Allahabad, February, A. Distribution of prime numbers Quantitative version: Therefore π(x) = #{p x t. c. p is prime} Theorem. (Hadamard  de la vallee Pussen ) π(x) x log x Theorem. (Rosser  Schoenfeld) if x 67 x log x 1/2 < π(x) < x log x 3/ < P rob (Random( ) = prime <
97 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then
98 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 )
99 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 <
100 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5.
101 RSA cryptosystem HRI, Allahabad, February, If P k is the probability that among k random numbers there is a prime one, then P k = 1 ( ) k 1 π(10100 ) Therefore < P 250 < To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1}
102 RSA cryptosystem HRI, Allahabad, February, To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5.
103 RSA cryptosystem HRI, Allahabad, February, To speed up the process: One can consider only odd random numbers not divisible by 3 nor by 5. Let Ψ(x, 30) = # {n x s.t. gcd(n, 30) = 1} then
Factoring integers, Producing primes and the RSA cryptosystem
Factoring integers,..., RSA Erbil, Kurdistan 0 Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 1, 2014 Factoring integers, Producing primes and
More informationIT IS EASY TO DETERMINE WHETHER A GIVEN INTEGER IS PRIME
BULLETIN (New Series) OF THE AMERICAN MATHEMATICAL SOCIETY Volume 42, Number 1, Pages 3 38 S 02730979(04)010377 Article electronically published on September 30, 2004 IT IS EASY TO DETERMINE WHETHER
More informationIs n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur
Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods
More informationPRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena
PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Department of Computer Science & Engineering Indian Institute of Technology Kanpur Kanpur208016, INDIA Email: {manindra,kayaln,nitinsa}@iitk.ac.in
More informationCryptography and Network Security, part I: Basic cryptography
Cryptography and Network Security, part I: Basic cryptography T. Karvi October 2013 T. Karvi () Cryptography and Network Security, part I: Basic cryptographyoctober 2013 1 / 133 About the Course I Content:
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationA Method for Obtaining Digital Signatures and PublicKey Cryptosystems
A Method for Obtaining Digital Signatures and PublicKey Cryptosystems R.L. Rivest, A. Shamir, and L. Adleman Abstract An encryption method is presented with the novel property that publicly revealing
More informationFactorization Attack to RSA Attack Daniel Lerch Hostalot Difficulty RSA is, without any doubts, the most popular public key criptosystem which is being used and which has survived the analysis of the criptoanalysts
More informationThe number field sieve
The number field sieve A.K. Lenstra Bellcore, 435 South Street, Morristown, NJ 07960 H.W. Lenstra, Jr. Department of Mathematics, University of California, Berkeley, CA 94720 M.S. Manasse DEC SRC, 130
More informationElementary Number Theory: Primes, Congruences, and Secrets
This is age i Printer: Oaque this Elementary Number Theory: Primes, Congruences, and Secrets William Stein November 16, 2011 To my wife Clarita Lefthand v vi Contents This is age vii Printer: Oaque this
More informationAn Introductory Course in Elementary Number Theory. Wissam Raji
An Introductory Course in Elementary Number Theory Wissam Raji 2 Preface These notes serve as course notes for an undergraduate course in number theory. Most if not all universities worldwide offer introductory
More informationOn the possibility of constructing meaningful hash collisions for public keys
On the possibility of constructing meaningful hash collisions for public keys full version, with an appendix on colliding X.509 certificates Arjen Lenstra 1,2 and Benne de Weger 2 1 Lucent Technologies,
More informationA new probabilistic public key algorithm based on elliptic logarithms
A new probabilistic public key algorithm based on elliptic logarithms Afonso Comba de Araujo Neto, Raul Fernando Weber 1 Instituto de Informática Universidade Federal do Rio Grande do Sul (UFRGS) Caixa
More informationComputations in Number Theory Using Python: A Brief Introduction
Computations in Number Theory Using Python: A Brief Introduction Jim Carlson March 2003 Contents 1 Introduction 1 2 Python as a calculator 4 3 Case study: factoring 8 4 Loops and conditionals 11 5 Files
More informationIntroductory Number Theory
Introductory Number Theory Course No. 100 331 Sring 2006 Michael Stoll Contents 1. Very Basic Remarks 2 2. Divisibility 2 3. The Euclidean Algorithm 2 4. Prime Numbers and Unique Factorization 4 5. Congruences
More informationJournal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 Counting points on elliptic curves over nite elds par Rene SCHOOF Abstract. {We describe three algorithms to count the number of points on an
More informationA Course on Number Theory. Peter J. Cameron
A Course on Number Theory Peter J. Cameron ii Preface These are the notes of the course MTH6128, Number Theory, which I taught at Queen Mary, University of London, in the spring semester of 2009. There
More information= 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that
Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without
More informationLogical Cryptanalysis as a SAT Problem
Journal of Automated Reasoning 24: 165 203, 2000. 2000 Kluwer Academic Publishers. Printed in the Netherlands. 165 Logical Cryptanalysis as a SAT Problem Encoding and Analysis of the U.S. Data Encryption
More informationCloud Security Mechanisms
Cloud Security Mechanisms Christian Neuhaus, Andreas Polze (Hrsg.) Technische Berichte Nr. 87 des HassoPlattnerInstituts für Softwaresystemtechnik an der Universität Potsdam ISBN 9783869562810 ISSN
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (PublicKey) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationDoug Ravenel. October 15, 2008
Doug Ravenel University of Rochester October 15, 2008 s about Euclid s Some s about primes that every mathematician should know (Euclid, 300 BC) There are infinitely numbers. is very elementary, and we
More informationAN EFFICIENT HARDWARE IMPLEMENTATION OF THE TATE PAIRING IN CHARACTERISTIC THREE
1 AN EFFICIENT HARDWARE IMPLEMENTATION OF THE TATE PAIRING IN CHARACTERISTIC THREE by Giray Kömürcü B.S., Microelectronics Engineering, Sabanci University, 2005 Submitted to the Institute for Graduate
More informationWhat Is Number Theory?
Chapter 1 What Is Number Theory? Number theory is the study of the set of positive whole numbers 1, 2, 3, 4, 5, 6, 7,..., which are often called the set of natural numbers. We will especially want to study
More informationSecure Session Framework: An Identitybased Cryptographic Key Agreement and Signature Protocol. D i s s e r t a t i o n
Secure Session Framework: An Identitybased Cryptographic Key Agreement and Signature Protocol D i s s e r t a t i o n zur Erlangung des Doktorgrades der Naturwissenschaften (Dr. rer. nat.) dem Fachbereich
More informationA Survey On Euclidean Number Fields
University of Bordeaux I Department Of Mathematics A Survey On Euclidean Number Fields Author: M.A. Simachew Supervisor: JP. Cerri 2009 University of Bordeaux I Department Of Mathematics A Survey On
More informationIntroduction to Algebraic Number Theory
Introduction to Algebraic Number Theory William Stein May 5, 2005 2 Contents 1 Introduction 9 1.1 Mathematical background I assume you have............. 9 1.2 What is algebraic number theory?...................
More informationRevised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)
Chapter 23 Squares Modulo p Revised Version of Chapter 23 We learned long ago how to solve linear congruences ax c (mod m) (see Chapter 8). It s now time to take the plunge and move on to quadratic equations.
More informationThe DiffieHellman Problem
Chapter 21 The DiffieHellman Problem This is a chapter from version 1.1 of the book Mathematics of Public Key Cryptography by Steven Galbraith, available from http://www.isg.rhul.ac.uk/ sdg/cryptobook/
More informationPROOFS BY DESCENT KEITH CONRAD
PROOFS BY DESCENT KEITH CONRAD As ordinary methods, such as are found in the books, are inadequate to proving such difficult propositions, I discovered at last a most singular method... that I called the
More information