Study of algorithms for factoring integers and computing discrete logarithms


 Rhoda Boyd
 2 years ago
 Views:
Transcription
1 Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Kharagpur , India Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 1
2 The integer factorization problem (IFP) Given a positive composite integer n, compute all the prime divisors of n. The IFP is known to be a problem in the complexity class NP conp. The input size is measured by the minimum number of bits needed to encode n, which is log 2 n + 1 = O(log n). No polynomialtime algorithms are known to solve the IFP. The best known algorithms to solve the IFP run in subexponential time. These subexponential algorithms are probabilistic in nature, and their running times often lack rigorous proofs. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 2
3 The discrete logarithm problem (DLP) Let G be a finite cyclic group of size n, and let g be a generator of G. Given a G, compute an integer x = ind g a satisfying a = g x. The index or discrete logarithm x is unique modulo n. There are certain groups where computing indices is computationally difficult. Multiplicative groups of finite fields Groups of rational points on elliptic curves defined over finite fields Jacobians of hyperelliptic curves defined over finite fields Class groups of (algebraic) number fields The finite field discrete logarithm problem is historically of similar complexity as the IFP. The subexponential algorithms for DLP are often adaptations of algorithms for factoring integers. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 3
4 The DiffieHellman problem (DHP) Let G be a finite cyclic group, and g a generator of G. Given g x and g y, compute g xy. If the DLP can be solved easily, the DHP can be solved easily too. The converse implication is not proved. The DHP is relevant for groups where computing discrete logarithms is difficult. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 4
5 Relevance to cryptography Publickey cryptography is based on the apparent intractability of solving some computational problems. The IFP, DLP and DHP are widely used in publickey systems. These problems lead to trapdoor oneway functions. The onewayness cannot be proved, but only believed. NPcomplete problems are not found suitable for building publickey systems. Problems belonging to the class UP (unambiguous polynomialtime) are suitable. We have P UP NP. Both the inclusions are believed to be proper. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 5
6 Cryptography examples RSA is related to the IFP. Inverting RSA keys is probabilistic polynomialtime equivalent to IFP. However, RSA decryption (without the private key) may be easier than solving the IFP. Rabin s encryption algorithm is based on the squareroot problem which is probabilistic polynomialtime equivalent to the IFP. The DiffieHellman key exchange problem is based on the DHP. ElGamal encryption is based on the DHP. Many other encryption and signature algorithms (like ElGamal signature, DSA) are based on the DLP. IFP and DLP find applications in designing authentication schemes too. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 6
7 Efficient implementation of modular arithmetic An old, yet interesting problem. A cryptography toolkit being developed in IIT Kharagpur runs 5 10% faster than GP/PARI for performing modular exponentiation of integers of cryptographic sizes. Exponentiation based on addition chains has been studied by my team. The goal is to generate cryptograde exponents which lead to faster key operations than pseudorandom exponents. These works have not been published yet. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 7
8 Fermat s method of factoring integers Let n be an odd (positive) composite integer. Given v Z n, there exist at least two u Z n such that u 2 v 2 (mod n) and u ±v (mod n). For any such pair (u,v), we obtain the nontrivial factor gcd(u v, n) of n. Examples 899 = = , and gcd(30 1, 899) = 29 is a nontrivial factor of = , and gcd(50 1, 833) = 49 is a nontrivial factor of 833. Most modern subexponential algorithms are based on locating such pairs (u, v). Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 8
9 Modern factoring algorithms Subexponential running time L(n,γ, c) = exp [ (c + o(1))(ln n) γ (ln lnn) 1 γ], 0 < γ < 1, c > 0. Algorithms with running time L[c] = L(n, 1/2, c) CFRAC (Continued fraction method) SQUFOF (Squareform factorization) QSM (Quadratic sieve method) CSM (Cubic sieve method) ECM (Elliptic curve method not based on Fermat s method) Algorithms with running time L(n, 1/3, c) SNFSM (Special number field sieve method) GNFSM (General number field sieve method) Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 9
10 A naive algorithm Choose a in the range 1 a < n and take T(a) = a 2 (mod n), 1 T(a) < n. Try to factor T(a) as T(a) = q e 1 1 q e 2 2 q e t t, where q 1, q 2,...,q t are the first t primes. If all e i are even, take u = a and v = q e 1/2 1 q e 2/2 2 q e t/2 t. In general, it is unreasonable to expect that all e i are even. Collect many such relations and combine the relations to arrive at a congruence of the form u 2 v 2 (mod n). This leads to a linear system modulo 2. The expected value of T(a) is O(n). Instead of T(a), we can also try to factor T(a) + kn for small integers k. One can use sieving while considering different values of k. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 10
11 Quadratic sieve method (QSM) Let H = n, J = H 2 n. For a small integer a, we have (H +a) 2 T(a) (mod n), where T(a) = J +2aH +a 2. Try to factor T(a) over small primes. We have T(a) = O( n). So we get smooth candidates more frequently than in the naive method. Use sieving for running through all values of a. Running time is L[1]. We have studied some variants which reduce T(a) by small constant factors. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 11
12 Cubic sieve method (CSM) Let the integers x,y, z satisfy x 3 y 2 z (mod n) with x 3 y 2 z as integers. For integers a,b,c with a + b + c = 0, one has (x + ay)(x + by)(x + cy) y 2 T(a, b,c) (mod n), where T(a,b,c) = z + (ab + ac + bc)x + (abc)y = b(b + c)(x + cy) + (z c 2 x). If x,y, z are O(n ξ ), then T(a,b,c) is O(n ξ ) for small values of a,b,c. The best value for ξ is 1/3. In this case T(a, b,c) is O(n 1/3 ). Use sieving for running through all triples (a, b, c) with a + b + c = 0. The best running time is L[ 2/3] = L[0.816]. Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 12
13 Our study of the CSM A heuristic idea was proposed to increase the sieving interval by 20 30%. The resulting increase in the running time of the sieving step is nominal (less than 1%). The congruence x 3 y 2 z (mod n) with x 3 y 2 z is studied. It is an open question whether one can obtain x, y, z of the order O(n ξ ) for ξ < 1/2. We proposed some heuristic counting argument to conclude that the number of solutions of the congruence with 1 x,y, z n ξ is O(n 3ξ 1 ). For ξ slightly bigger than 1/3, we expect to get a solution. It remains open how one can compute such a solution for a general value of n. Publication: Abhijit Das and C E Veni Madhavan, On the cubic sieve method for computing discrete logarithms over prime fields, International Journal of Computer Mathematics, Volume 82, Number 12, December 2005, Taylor & Francis, Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 13
14 The number field sieve method (NFSM) Take n = Choose a polynomial f(x) Z[x] and m Z such that f(m) 0 (mod n). For example, take f(x) = x 4 2x + 3 and m = 14. For this choice, f(m) = = 3n. We have (x 3 ) 2 2x 3 3x 2 (mod f(x)). This implies (14 3 ) (mod n). A nontrivial factor of n is gcd( , n) = 191. Indeed, we have n = Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 14
15 Future directions of research Efficient implementation efforts (for cryptographic and cryptanalytic algorithms). Study of the cubic sieve method, particularly, the congruence x 3 y 2 z (mod n). Study of the number field sieve method. Effective parallelization attempts, pertaining most importantly to the linear system solving stage. A high ambition: designing new subexponential algorithms (with smaller values of the exponent γ and/or the constant c). A dream: arriving at polynomialtime algorithms (possibly randomized) for the IFP and/or the DLP, or proving that no such algorithm can exist. (Note that polynomialtime quantum algorithms are known for both these problems.) Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 15
16 Thank you! Dr. Abhijit Das First IndoFrench Workshop on Cryptography and Related Topics, June 11 13, 2007, Paris Slide 16
Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationCHAPTER 3 THE NEW MMP CRYPTO SYSTEM. mathematical problems Hidden Root Problem, Discrete Logarithm Problem and
79 CHAPTER 3 THE NEW MMP CRYPTO SYSTEM In this chapter an overview of the new Mixed Mode Paired cipher text Cryptographic System (MMPCS) is given, its three hard mathematical problems are explained, and
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationCryptography: RSA and the discrete logarithm problem
Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:
More informationPrimality Testing and Factorization Methods
Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationArithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJPRG. R. Barbulescu Sieves 0 / 28
Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJPRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer
More informationAdvanced Maths Lecture 3
Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden rh@doc.ic.ac.uk EC crypto p. 1 Public key cryptography Asymmetric cryptography
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationFACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY
FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this
More informationRSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p1)(q1) = φ(n). Is this true?
RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p1)(q1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e 1
More informationPublicKey Cryptanalysis 1: Introduction and Factoring
PublicKey Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is publickey crypto
More informationPublicKey Cryptography. Oregon State University
PublicKey Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secretkey cryptography Exchange the key
More informationLecture Note 5 PUBLICKEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLICKEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security  MA61027 Modern/Publickey cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationFaster deterministic integer factorisation
David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationFactoring. Factoring 1
Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationFactorization Methods: Very Quick Overview
Factorization Methods: Very Quick Overview Yuval Filmus October 17, 2012 1 Introduction In this lecture we introduce modern factorization methods. We will assume several facts from analytic number theory.
More informationInteger Factorization using the Quadratic Sieve
Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give
More informationALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION
ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 55350100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,
More informationMATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction
MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationElementary Number Theory We begin with a bit of elementary number theory, which is concerned
CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to PublicKey Cryptography Israel Koren ECE597/697 Koren Part.6.1
More informationThe RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm
The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationFACTORING. n = 2 25 + 1. fall in the arithmetic sequence
FACTORING The claim that factorization is harder than primality testing (or primality certification) is not currently substantiated rigorously. As some sort of backward evidence that factoring is hard,
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationInternational Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE COFACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II MohammediaCasablanca,
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationFactoring & Primality
Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationPrimality  Factorization
Primality  Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.
More informationAn Overview of Integer Factoring Algorithms. The Problem
An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationOn Factoring Integers and Evaluating Discrete Logarithms
On Factoring Integers and Evaluating Discrete Logarithms A thesis presented by JOHN AARON GREGG to the departments of Mathematics and Computer Science in partial fulfillment of the honors requirements
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationBreaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring
Breaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The DiffieHellman keyexchange protocol may naturally be extended to k > 2
More informationPrime Numbers The generation of prime numbers is needed for many public key algorithms:
CA547: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Number Theory 2 7.1 Prime Numbers Prime Numbers The generation of prime numbers is needed for many public key algorithms: RSA: Need to find p and q to compute
More informationCryptography and Network Security Chapter 8
Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Postquantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationHomework 5 Solutions
Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which
More informationFactoring Algorithms
Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors
More informationPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse57111/
More informationI. GROUPS: BASIC DEFINITIONS AND EXAMPLES
I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called
More informationIs n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur
Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods
More informationThe Quadratic Sieve Factoring Algorithm
The Quadratic Sieve Factoring Algorithm Eric Landquist MATH 488: Cryptographic Algorithms December 14, 2001 1 Introduction Mathematicians have been attempting to find better and faster ways to factor composite
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationChapter 9. Computational Number Theory. 9.1 The basic groups Integers mod N Groups
Chapter 9 Computational Number Theory 9.1 The basic groups We let Z = {..., 2, 1,0,1,2,...} denote the set of integers. We let Z + = {1,2,...} denote the set of positive integers and N = {0,1,2,...} the
More informationIntroduction to Security Proof of Cryptosystems
Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to
More informationCryptography and Network Security Number Theory
Cryptography and Network Security Number Theory XiangYang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime
More informationPublicKey Cryptanalysis
To appear in Recent Trends in Cryptography, I. Luengo (Ed.), Contemporary Mathematics series, AMSRSME, 2008. PublicKey Cryptanalysis Phong Q. Nguyen Abstract. In 1976, Diffie and Hellman introduced the
More informationFactoring Report. MEC Consulting (communicated via RSA Security) Dr.Preda Mihailescu
Factoring Report 2001 12 4 MEC Consulting (communicated via RSA Security) Dr.Preda Mihailescu Factoring Report Dr. Preda Mihailescu MEC Consulting Seestr. 78, 8700 Erlenbach Zürich Email: preda@upb.de
More informationMA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins
MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public
More informationNotes on Factoring. MA 206 Kurt Bryan
The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy)  Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 20002001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationCHAPTER 5. Number Theory. 1. Integers and Division. Discussion
CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption JeanSébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jeansebastien.coron,david.naccache}@gemplus.com
More informationFactoring pq 2 with Quadratic Forms: Nice Cryptanalyses
Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses Phong Nguyễn http://www.di.ens.fr/~pnguyen & ASIACRYPT 2009 Joint work with G. Castagnos, A. Joux and F. Laguillaumie Summary Factoring A New Factoring
More informationMA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES
MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions
More informationComputer and Network Security
MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? Oneway functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationSmooth numbers and the quadratic sieve
Algorithmic Number Theory MSRI Publications Volume 44, 2008 Smooth numbers and the quadratic sieve CARL POMERANCE ABSTRACT. This article gives a gentle introduction to factoring large integers via the
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More information2. Cryptography 2.4 Digital Signatures
DIFCTUNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 20102011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationNumber theory Harald HancheOlsen
TMA4155 Cryptography, intro 2010 Number theory Harald HancheOlsen http://www.math.ntnu.no/~hanche/ Congruences, or modular arithmetic Arithmetic modulo 12 or 24 is familiar to anyone using a clock, though
More informationIs this number prime? Berkeley Math Circle Kiran Kedlaya
Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not
More informationPublic Key Cryptography. c Eli Biham  March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham  March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known apriori to all the users, before they can encrypt
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first
More informationECE 842 Report Implementation of Elliptic Curve Cryptography
ECE 842 Report Implementation of Elliptic Curve Cryptography WeiYang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationTHE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY.
THE MATHEMATICS OF PUBLIC KEY CRYPTOGRAPHY. IAN KIMING 1. Forbemærkning. Det kan forekomme idiotisk, at jeg som dansktalende og skrivende i et danskbaseret tidsskrift med en (formentlig) primært dansktalende
More informationLibrary (versus Language) Based Parallelism in Factoring: Experiments in MPI. Dr. Michael Alexander Dr. Sonja Sewera.
Library (versus Language) Based Parallelism in Factoring: Experiments in MPI Dr. Michael Alexander Dr. Sonja Sewera Talk 20071019 Slide 1 of 20 Primes Definitions Prime: A whole number n is a prime number
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationUOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f
UOSEC Week 2: Asymmetric Cryptography Frank farana@uoregon.edu IRC kee Adam pond2@uoregon.edu IRC xe0 IRC: irc.freenode.net #0x4f Agenda HackIM CTF Results GITSC CTF this Saturday 10:00am Basics of Asymmetric
More informationPrimality  Factorization
Primality  Factorization Christophe Ritzenthaler February 8, 2016 1 Primality Definition 1.1. An integer p > 1 is called a prime number if it has only 1 and p as divisors. Example 1. There are infinitely
More informationELEMENTARY THOUGHTS ON DISCRETE LOGARITHMS. Carl Pomerance
ELEMENTARY THOUGHTS ON DISCRETE LOGARITHMS Carl Pomerance Given a cyclic group G with generator g, and given an element t in G, the discrete logarithm problem is that of computing an integer l with g l
More informationProblem Set 7  Fall 2008 Due Tuesday, Oct. 28 at 1:00
18.781 Problem Set 7  Fall 2008 Due Tuesday, Oct. 28 at 1:00 Throughout this assignment, f(x) always denotes a polynomial with integer coefficients. 1. (a) Show that e 32 (3) = 8, and write down a list
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationCryptography. Course 2: attacks against RSA. JeanSébastien Coron. September 26, Université du Luxembourg
Course 2: attacks against RSA Université du Luxembourg September 26, 2010 Attacks against RSA Factoring Equivalence between factoring and breaking RSA? Mathematical attacks Attacks against plain RSA encryption
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationLecture 13  Basic Number Theory.
Lecture 13  Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are nonnegative integers. We say that A divides B, denoted
More informationLUC: A New Public Key System
LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of
More informationFaster Cryptographic Key Exchange on Hyperelliptic Curves
Faster Cryptographic Key Exchange on Hyperelliptic Curves No Author Given No Institute Given Abstract. We present a key exchange procedure based on divisor arithmetic for the real model of a hyperelliptic
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 7: Publickey cryptography and RSA Ion Petre Department of IT, Åbo Akademi University 1 Some unanswered questions
More informationFactoring and Discrete Log
Factoring and Discrete Log Nadia Heninger University of Pennsylvania June 1, 2015 Textbook RSA [Rivest Shamir Adleman 1977] Public Key N = pq modulus e encryption exponent Private Key p, q primes d decryption
More informationPublic Key Cryptography. Basic Public Key Cryptography
Public Key Cryptography EJ Jung Basic Public Key Cryptography public key public key? private key Alice Bob Given: Everybody knows Bob s public key  How is this achieved in practice? Only Bob knows the
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More information