RSA and Primality Testing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "RSA and Primality Testing"

Transcription

1 and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter / 81

2 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2 / 81

3 Caesar cipher Correctness of A B C D E F G H I J K L M N O D E F G H I J K L M N O P Q R P Q R S T U V W X Y Z Æ Ø Å S T U V W X Y Z Æ Ø Å A B C E(m) = m + 3 (mod 29) 3 / 81

4 systems Correctness of Suppose the following was encrypted using a Caesar cipher and the Danish alphabet. The key is unknown. What does it say? ZQOØQOØ, RI. 4 / 81

5 systems Correctness of Suppose the following was encrypted using a Caesar cipher and the Danish alphabet. The key is unknown. What does it say? ZQOØQOØ, RI. What does this say about how many keys should be possible? 5 / 81

6 systems Correctness of Caesar Cipher Enigma DES Blowfish IDEA Triple DES AES 6 / 81

7 cryptography Correctness of Bob 2 keys -PK B,SK B PK B Bob s public key SK B Bob s private (secret) key For Alice to send m to Bob, Alice computes: c = E(m,PK B ). To decrypt c, Bob computes: r = D(c,SK B ). r = m It must be hard to compute SK B from PK B. 7 / 81

8 Introduction to Number Theory Correctness of Definition. Suppose a,b Z, a > 0. Suppose c Z s.t. b = ac. Then a divides b. a b. a is a factor of b. b is a multiple of a. e f means e does not divide f. Theorem. a,b,c Z. Then 1. if a b and a c, then a (b+c) 2. if a b, then a bc c Z 3. if a b and b c, then a c. 8 / 81

9 Correctness of Definition. p Z, p > 1. p is prime if 1 and p are the only positive integers which divide p. 2,3,5,7,11,13,17,... p is composite if it is not prime. 4,6,8,9,10,12,14,15,16,... 9 / 81

10 Correctness of Theorem. a Z, d IN unique q,r, 0 r < d s.t. a = dq +r d a dividend q quotient r remainder = a mod d Definition. gcd(a,b) = greatest common of a and b = largest d Z s.t. d a and d b If gcd(a,b) = 1, then a and b are relatively prime. 10 / 81

11 Correctness of Definition. a b (mod m) a is congruent to b modulo m if m (a b). m (a b) k Z s.t. a = b+km. Theorem. a b (mod m) c d (mod m) Then a+c b+d (mod m) and ac bd (mod m). Proof.(of first) k 1,k 2 s.t. a = b+k 1 m c = d+k 2 m a+c = b+k 1 m+d+k 2 m = b+d+(k 1 +k 2 )m 11 / 81

12 Correctness of Definition. a b (mod m) a is congruent to b modulo m if m (a b). m (a b) k Z s.t. a = b+km. Examples (mod 7)? 15 = 22 (mod 7)? (mod 7)? 15 = 1 (mod 7)? (mod 7)? 15 = 37 (mod 7)? (mod 9)? 58 = 22 (mod 9)? 12 / 81

13 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 13 / 81

14 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Example: p = 5, q = 11, e = 3, d = 27, m = 8. Then N = 55. e d = 81. So e d = 1 (mod 4 10). To encrypt m: c = 8 3 (mod 55) = 17. To decrypt c: r = (mod 55) = / 81

15 Security of Correctness of The primes p A and q A are kept secret with d A. Suppose Eve can factor N A. Then she can find p A and q A. From them and e A, she finds d A. Then she can decrypt just like Alice. Factoring must be hard! 15 / 81

16 Factoring Correctness of Theorem. N composite N has a prime N Factor(n) for i = 2 to n do check if i divides n if it does then output (i,n/i) endfor output -1 if not found Corollary There is an algorithm for factoring N (or testing primality) which does O( N) tests of divisibility. 16 / 81

17 Factoring Correctness of Check all possible s between 2 and n. Not finished in your grandchildren s life time for n with 1024 bits. Problem The length of the input is n = log 2 (N +1). So the running time is O(2 n/2 ) exponential. Open Problem Does there exist a polynomial time factoring algorithm? Use primes which are at least 512 (or 1024) bits long. So p A,q A < So p A / 81

18 Correctness of How do we implement? We need to find: p A,q A,N A,e A,d A. We need to encrypt and decrypt. 18 / 81

19 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication 19 / 81

20 Exponentiation Correctness of Theorem. For all nonnegative integers, b,c,m, b c (mod m) = (b (mod m)) (c (mod m)) (mod m). Example: a a 2 (mod n) = (a (mod n))(a 2 (mod n)) (mod n). 8 3 (mod 55) = (mod 55) = 8 64 (mod 55) = 8 (9+55) (mod 55) = 72+(8 55) (mod 55) = (8 55) (mod 55) = / 81

21 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults 21 / 81

22 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults Guess: k 1 modular multiplications. 22 / 81

23 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults Guess: k 1 modular multiplications. This is too many! e A d A 1 (mod (p A 1)(q A 1)). p A and q A have 512 bits each. So at least one of e A and d A has 512 bits. To either encrypt or decrypt would need operations (more than number of atoms in the universe). 23 / 81

24 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? 24 / 81

25 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults 25 / 81

26 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults In general: a 2s (mod n)? 26 / 81

27 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults In general: a 2s (mod n)? a 2s (mod n) (a s (mod n)) 2 (mod n) 27 / 81

28 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults a 2s (mod n) (a s (mod n)) 2 (mod n) In general: a 2s+1 (mod n)? 28 / 81

29 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults a 2s (mod n) (a s (mod n)) 2 (mod n) a 2s+1 (mod n) a ((a s (mod n)) 2 (mod n)) (mod n) 29 / 81

30 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) 30 / 81

31 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3,3,7) 31 / 81

32 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7) (mod 7)) 32 / 81

33 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 33 / 81

34 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 34 / 81

35 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 35 / 81

36 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 c 3 2 (mod 7) 6 36 / 81

37 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 c 3 2 (mod 7) 6 Exp(3,6,7) (6 6) (mod 7) 1 37 / 81

38 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? 38 / 81

39 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? Divide exponent by 2 every other time. How many times can we do that? 39 / 81

40 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? Divide exponent by 2 every other time. How many times can we do that? log 2 (k) So at most 2 log 2 (k) modular multiplications. 40 / 81

41 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Try using N = 35, e = 11 to create keys for. What is d? Try d = 11 and check it. Encrypt 4. Decrypt the result. 41 / 81

42 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Try using N = 35, e = 11 to create keys for. What is d? Try d = 11 and check it. Encrypt 4. Decrypt the result. Did you get c = 9? And r = 4? 42 / 81

43 Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 43 / 81

44 Greatest Common Divisor Correctness of We need to find: e A,d A. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). 44 / 81

45 Greatest Common Divisor Correctness of We need to find: e A,d A. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). Choose random e A. Check that gcd(e A,(p A 1)(q A 1)) = 1. Find d A such that e A d A 1 (mod (p A 1)(q A 1)). 45 / 81

46 The Extended Euclidean Algorithm Correctness of Theorem. a,b IN. s,t Z s.t. sa+tb = gcd(a,b). Proof. Let d be the smallest positive integer in D = {xa+yb x,y Z}. d D d = x a+y b for some x,y Z. gcd(a,b) a and gcd(a,b) b, so gcd(a,b) x a, gcd(a,b) y b, and gcd(a,b) (x a+y b) = d. We will show that d gcd(a,b), so d = gcd(a,b). Note a D. Suppose a = dq +r with 0 r < d. r = a dq = a q(x a+y b) = (1 qx )a (qy )b r D r < d r = 0 d a. Similarly, one can show that d b. Therefore, d gcd(a,b). 46 / 81

47 The Extended Euclidean Algorithm Correctness of How do you find d, s and t? Let d = gcd(a,b). Write b as b = aq +r with 0 r < a. Then, d b d (aq +r). Also, d a d (aq) d ((aq +r) aq) d r. Let d = gcd(a,b aq). Then, d a d (aq) Also, d (b aq) d ((b aq)+aq) d b. Thus, gcd(a, b) = gcd(a, b (mod a)) = gcd(b (mod a),a). This shows how to reduce to a simpler problem and gives us the Extended Euclidean Algorithm. 47 / 81

48 The Extended Euclidean Algorithm Correctness of { Initialize} d 0 b s 0 0 t 0 1 d 1 a s 1 1 t 1 0 n 1 { Compute next d} while d n > 0 do begin n n+1 { Compute d n d n 2 (mod d n 1 )} q n d n 2 /d n 1 d n d n 2 q n d n 1 s n q n s n 1 +s n 2 t n q n t n 1 +t n 2 end s ( 1) n s n 1 t ( 1) n 1 t n 1 gcd(a,b) d n 1 48 / 81

49 The Extended Euclidean Algorithm Correctness of Finding multiplicative inverses modulo m: Given a and m, find x s.t. a x 1 (mod m). Should also find a k, s.t. ax = 1+km. So solve for an s in an equation sa+tm = 1. This can be done if gcd(a,m) = 1. Just use the Extended Euclidean Algorithm. 49 / 81

50 Examples Correctness of Calculate the following: 1. gcd(6,9) 2. s and t such that s 6+t 9 = gcd(6,9) 3. gcd(15, 23) 4. s and t such that s 15+t 23 = gcd(15,23) 50 / 81

51 Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 51 / 81

52 Correctness of We need to find: p A,q A large primes. Choose numbers at random and check if they are prime? 52 / 81

53 Questions Correctness of 1. How many random integers of length 154 are prime? 53 / 81

54 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. (This holds because the expected number of tries until a success, when the probability of success is p, is 1/p.) 54 / 81

55 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. 2. How fast can we test if a number is prime? 55 / 81

56 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. 2. How fast can we test if a number is prime? Quite fast, using randomness. 56 / 81

57 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81

58 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81

59 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81

60 Method 1 Correctness of Sieve of Eratosthenes: Lists: more than number of atoms in universe So we cannot even write out this list! 60 / 81

61 Method 2 Correctness of CheckPrime(n) for i = 2 to n 1 do check if i divides n if it does then output i endfor output -1 if not found Check all possible s between 2 and n (or n). Our sun will die before we re done! 61 / 81

62 Examples of groups Correctness of Z, R sets +, operations Z n = {0,1,...,n 1} integers modulo n a+b a+b (mod n) addition operation a (mod n) = remainder when a is divided by n 4+3 = k (mod 5) 62 / 81

63 Examples of groups Correctness of Z, R sets +, operations Z n = {0,1,...,n 1} integers modulo n a+b a+b (mod n) addition operation (mod 5) a b a b (mod n) multiplication operation (mod 5) Properties: associative commutative identity inverses (for addition) 63 / 81

64 Multiplicative inverses? Correctness of a b = 1+kn n = 15 Element Inverse Computation a = 0 no inverse a = (mod 15) a = (mod 15) a = 3 no inverse a = (mod 15) a = 5 no inverse a = 6 no inverse a = (mod 15) a = (mod 15) a = (mod 15) a = (mod 15) a = (mod 15) 64 / 81

65 Multiplicative inverses? Correctness of Z n = {x 1 x n 1, gcd(x,n) = 1} gcd greatest common Extended Euclidean Algorithm find inverses Z n is the multiplicative group modulo n. The elements in Z n are relatively prime to n. 65 / 81

66 Examples Correctness of Group: set with 1 operation associative, identity, inverses Examples: Z, R with +, not with R 0 with Z n with + Z n with 66 / 81

67 Definitions Correctness of Subgroup: H G if H G and H is a group. Examples: Even integers with addition G = Z7, H = {1,2,4} H is the order of H. Theorem. [La Grange] For a finite group G, if H G, then H divides G. 67 / 81

68 Rabin Miller Primality Testing Correctness of In practice, use a randomized primality test. Miller Rabin primality test: Starts with Fermat test: 2 14 (mod 15) 4 1. So 15 is not prime. Theorem. Suppose p is a prime. Then for all 1 a p 1, a p 1 (mod p) = / 81

69 Rabin Miller Primality Test Correctness of Fermat test: Prime(n) repeat r times Choose random a Z n if a n 1 (mod n) 1 then return(composite) end repeat return(probably Prime) Carmichael Numbers Composite n. For all a Z n, a n 1 (mod n) 1. Example: 561 = If p is prime, 1 (mod p) = {1,p 1}. If p has > 1 distinct factors, 1 has at least 4 square roots. Example: 1 (mod 15) = {1,4,11,14} 69 / 81

70 Rabin Miller Primality Test Correctness of Taking square roots of 1 (mod 561): (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) 67 2 is a witness that 561 is composite. 70 / 81

71 Rabin Miller Primality Test Correctness of Miller Rabin(n, k) Calculate odd m such that n 1 = 2 s m repeat k times Choose random a Z n if a n 1 (mod n) 1 then return(composite) if a (n 1)/2 (mod n) n 1 then break if a (n 1)/2 (mod n) 1 then return(composite) if a (n 1)/4 (mod n) n 1 then break if a (n 1)/4 (mod n) 1 then return(composite)... if a m (mod n) n 1 then break if a m (mod n) 1 then return(composite) end repeat return(probably Prime) 71 / 81

72 Rabin Miller Primality Test Correctness of Analysis: Suppose n is composite: Probability a is not a witness 1 2 Show there exists at least one witness Show that the set of non-witnesses is a subgroup Order of subgroup divides order of group, so it s 1 2 of the group 72 / 81

73 Rabin Miller Primality Test Correctness of Analysis: Suppose n is composite: Probability a is not a witness 1 2 Show there exists at least one witness Show that the set of non-witnesses is a subgroup Order of subgroup divides order of group, so it s 1 2 of the group Probability answer is Probably Prime 1 2 k 73 / 81

74 Conclusions about primality testing Correctness of 1. Miller Rabin is a practical primality test 2. There is a less practical deterministic primality test 3. Randomized algorithms are useful in practice 4. Algebra is used in primality testing 5. is not useless 74 / 81

75 Why does work? Correctness of Thm (The Chinese Remainder Theorem) Let m 1,m 2,...,m k be pairwise relatively prime. For any integers x 1,x 2,...,x k, there exists x Z s.t. x x i (mod m i ) for 1 i k, and this integer is uniquely determined modulo the product m = m 1 m 2...m k. It is also efficiently computable. CRT Algorithm For 1 i k, find u i such that u i 1 (mod m i ) u i 0 (mod m j ) for j i Compute x k i=1 x iu i (mod m). How do you find each u i? 75 / 81

76 Correctness of u i 1 (mod m i ) i integers v i s.t. u i +v i m i = 1. u i 0 (mod m j ) j i integers w i s.t. u i = w i (m/m i ). Thus, w i (m/m i )+v i m i = 1. Solve for the values v i and w i using the Extended Euclidean Algorithm. (Note that this is where we need that the m i are pairwise relatively prime.) After each w i is found, the corresponding u i can be calculated. The existence of the algorithm proves part of the theorem. What about uniqueness? Suppose x and y work. Look at x y. 76 / 81

77 Chinese Remainder Theorem Correctness of Example: Let m 1 = 3, m 2 = 5, and m 3 = 7. Suppose x 1 2 (mod 3) x 2 3 (mod 5) x 3 4 (mod 7) To calculate u 1 : w 1 (35)+v 1 (3) = 1 w 1 = 1; v 1 = 12 u 1 = ( 1)35 70 (mod 105) To calculate u 2 : w 2 (21)+v 2 (5) = 1 w 2 = 1; v 2 = 4 u 2 = (1)21 21 (mod 105) To calculate u 3 : w 3 (15)+v 3 (7) = 1 w 3 = 1; v 3 = 2 u 3 = (1)15 15 (mod 105) So we can calculate x (mod 105). 77 / 81

78 Fermat s Little Theorem Correctness of Why does work? CRT + Fermat s Little Theorem: p is a prime, p a. Then a p 1 1 (mod p) and a p a (mod p). 78 / 81

79 Correctness of Correctness of Consider x = D SA (E SA (m)). Note k s.t. e A d A = 1+k(p A 1)(q A 1). x (m e A (mod N A )) d A (mod N A ) m e Ad A m 1+k(p A 1)(q A 1) (mod N A ). Consider x (mod p A ). x m 1+k(p A 1)(q A 1) m (m (p A 1) ) k(q A 1) m 1 k(q A 1) m (mod p A ). Consider x (mod q A ). x m 1+k(p A 1)(q A 1) m (m (q A 1) ) k(p A 1) m 1 k(p A 1) m (mod q A ). Apply the Chinese Remainder Theorem: gcd(p A,q A ) = 1, x m (mod N A ). So D SA (E SA (m)) = m. 79 / 81

80 Digital Signatures with Correctness of Suppose Alice wants to sign a document m such that: No one else could forge her signature It is easy for others to verify her signature Note m has arbitrary length. is used on fixed length messages. Alice uses a cryptographically secure hash function h, such that: For any message m, h(m ) has a fixed length (512 bits?) It is hard for anyone to find 2 messages (m 1,m 2 ) such that h(m 1 ) = h(m 2 ). 80 / 81

81 Digital Signatures with Correctness of Then Alice decrypts h(m) with her secret key (N A,d A ) s = (h(m)) d A (mod N A ) Bob verifies her signature using her public key (N A,e A ) and h: c = s e A (mod N A ) He accepts if and only if h(m) = c. This works because s e A (mod N A ) = ((h(m)) d A ) e A (mod N A ) = ((h(m)) e A ) d A (mod N A ) = h(m). 81 / 81

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

Homework 5 Solutions

Homework 5 Solutions Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

Integers, Division, and Divisibility

Integers, Division, and Divisibility Number Theory Notes (v. 4.23 October 31, 2002) 1 Number Theory is the branch of mathematics that deals with integers and their properties, especially properties relating to arithmetic operations like addition,

More information

Today s Topics. Primes & Greatest Common Divisors

Today s Topics. Primes & Greatest Common Divisors Today s Topics Primes & Greatest Common Divisors Prime representations Important theorems about primality Greatest Common Divisors Least Common Multiples Euclid s algorithm Once and for all, what are prime

More information

Further linear algebra. Chapter I. Integers.

Further linear algebra. Chapter I. Integers. Further linear algebra. Chapter I. Integers. Andrei Yafaev Number theory is the theory of Z = {0, ±1, ±2,...}. 1 Euclid s algorithm, Bézout s identity and the greatest common divisor. We say that a Z divides

More information

3. Applications of Number Theory

3. Applications of Number Theory 3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

More information

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

More information

9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

More information

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a

More information

Public-Key Cryptography. Oregon State University

Public-Key Cryptography. Oregon State University Public-Key Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secret-key cryptography Exchange the key

More information

Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

More information

Algebra for Digital Communication

Algebra for Digital Communication EPFL - Section de Mathématiques Algebra for Digital Communication Fall semester 2008 Solutions for exercise sheet 1 Exercise 1. i) We will do a proof by contradiction. Suppose 2 a 2 but 2 a. We will obtain

More information

Integers and division

Integers and division CS 441 Discrete Mathematics for CS Lecture 12 Integers and division Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Symmetric matrix Definition: A square matrix A is called symmetric if A = A T.

More information

Primality - Factorization

Primality - Factorization Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

More information

The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

More information

Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b.

Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b. Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Homework until Test #2

Homework until Test #2 MATH31: Number Theory Homework until Test # Philipp BRAUN Section 3.1 page 43, 1. It has been conjectured that there are infinitely many primes of the form n. Exhibit five such primes. Solution. Five such

More information

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University

Asymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem

More information

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

More information

Section 4.2: The Division Algorithm and Greatest Common Divisors

Section 4.2: The Division Algorithm and Greatest Common Divisors Section 4.2: The Division Algorithm and Greatest Common Divisors The Division Algorithm The Division Algorithm is merely long division restated as an equation. For example, the division 29 r. 20 32 948

More information

Mathematics is the queen of sciences and number theory is the queen of mathematics.

Mathematics is the queen of sciences and number theory is the queen of mathematics. Number Theory Mathematics is the queen of sciences and number theory is the queen of mathematics. But why is it computer science? It turns out to be critical for cryptography! Carl Friedrich Gauss Division

More information

Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

More information

Algebraic Systems, Fall 2013, September 1, 2013 Edition. Todd Cochrane

Algebraic Systems, Fall 2013, September 1, 2013 Edition. Todd Cochrane Algebraic Systems, Fall 2013, September 1, 2013 Edition Todd Cochrane Contents Notation 5 Chapter 0. Axioms for the set of Integers Z. 7 Chapter 1. Algebraic Properties of the Integers 9 1.1. Background

More information

Module 5: Basic Number Theory

Module 5: Basic Number Theory Module 5: Basic Number Theory Theme 1: Division Given two integers, say a and b, the quotient b=a may or may not be an integer (e.g., 16=4 =4but 12=5 = 2:4). Number theory concerns the former case, and

More information

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

More information

Mathematics of Cryptography

Mathematics of Cryptography Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2.

More information

Cryptography and Network Security Number Theory

Cryptography and Network Security Number Theory Cryptography and Network Security Number Theory Xiang-Yang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

More information

Practice Problems for First Test

Practice Problems for First Test Mathematicians have tried in vain to this day to discover some order in the sequence of prime numbers, and we have reason to believe that it is a mystery into which the human mind will never penetrate.-

More information

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

More information

8 Primes and Modular Arithmetic

8 Primes and Modular Arithmetic 8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.

More information

Elementary Number Theory

Elementary Number Theory Elementary Number Theory A revision by Jim Hefferon, St Michael s College, 2003-Dec of notes by W. Edwin Clark, University of South Florida, 2002-Dec L A TEX source compiled on January 5, 2004 by Jim Hefferon,

More information

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map 22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

More information

Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.

Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook. Elementary Number Theory and Methods of Proof CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.edu/~cse215 1 Number theory Properties: 2 Properties of integers (whole

More information

2.2 Inverses and GCDs

2.2 Inverses and GCDs 2.2. INVERSES AND GCDS 49 2.2 Inverses and GCDs Solutions to Equations and Inverses mod n In the last section we explored multiplication in Z n.wesaw in the special case with n =12and a =4that if we used

More information

Applications of Fermat s Little Theorem and Congruences

Applications of Fermat s Little Theorem and Congruences Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4

More information

UOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f

UOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f UOSEC Week 2: Asymmetric Cryptography Frank farana@uoregon.edu IRC kee Adam pond2@uoregon.edu IRC xe0 IRC: irc.freenode.net #0x4f Agenda HackIM CTF Results GITSC CTF this Saturday 10:00am Basics of Asymmetric

More information

Computer and Network Security

Computer and Network Security MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

More information

Factoring Algorithms

Factoring Algorithms Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

More information

Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA. Review: Number Theory Basics Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

More information

3. (5%) Use the Euclidean algorithm to find gcd(742, 1908). Sol: gcd(742, 1908) = gcd(742, 424) = gcd(424, 318) = gcd(318, 106) = 106

3. (5%) Use the Euclidean algorithm to find gcd(742, 1908). Sol: gcd(742, 1908) = gcd(742, 424) = gcd(424, 318) = gcd(318, 106) = 106 Mid-term Examination on Discrete Mathematics 1. (4%) Encrypt the message LOVE by translating the letters A through Z into numbers 0 through 25, applying the encryption function f(p) = (3p + 7) (mod 26),

More information

Mathematics of Cryptography Part I

Mathematics of Cryptography Part I CHAPTER 2 Mathematics of Cryptography Part I (Solution to Odd-Numbered Problems) Review Questions 1. The set of integers is Z. It contains all integral numbers from negative infinity to positive infinity.

More information

1) A very simple example of RSA encryption

1) A very simple example of RSA encryption Solved Examples 1) A very simple example of RSA encryption This is an extremely simple example using numbers you can work out on a pocket calculator (those of you over the age of 35 45 can probably even

More information

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range {0,1,...,N

More information

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors. The Prime Numbers Before starting our study of primes, we record the following important lemma. Recall that integers a, b are said to be relatively prime if gcd(a, b) = 1. Lemma (Euclid s Lemma). If gcd(a,

More information

Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University

Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called

More information

b) Find smallest a > 0 such that 2 a 1 (mod 341). Solution: a) Use succesive squarings. We have 85 =

b) Find smallest a > 0 such that 2 a 1 (mod 341). Solution: a) Use succesive squarings. We have 85 = Problem 1. Prove that a b (mod c) if and only if a and b give the same remainders upon division by c. Solution: Let r a, r b be the remainders of a, b upon division by c respectively. Thus a r a (mod c)

More information

Is this number prime? Berkeley Math Circle Kiran Kedlaya

Is this number prime? Berkeley Math Circle Kiran Kedlaya Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not

More information

Mathematics of Cryptography

Mathematics of Cryptography CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

More information

Cryptography and Network Security Chapter 8

Cryptography and Network Security Chapter 8 Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

Number Theory: A Mathemythical Approach. Student Resources. Printed Version

Number Theory: A Mathemythical Approach. Student Resources. Printed Version Number Theory: A Mathemythical Approach Student Resources Printed Version ii Contents 1 Appendix 1 2 Hints to Problems 3 Chapter 1 Hints......................................... 3 Chapter 2 Hints.........................................

More information

RSA Encryption. Kurt Bryan ..., 2, 1, 0, 1, 2,...

RSA Encryption. Kurt Bryan ..., 2, 1, 0, 1, 2,... 1 Introduction Our starting point is the integers RSA Encryption Kurt Bryan..., 2, 1, 0, 1, 2,... and the basic operations on integers, +,,,. The basic material could hardly be more familiar. We denote

More information

Overview of Number Theory Basics. Divisibility

Overview of Number Theory Basics. Divisibility Overview of Number Theory Basics Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Divisibility Definition Given integers a and b, b 0, b divides a (denoted b a) if integer c, s.t. a = cb. b is called

More information

MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.

MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction. MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on

More information

The Laws of Cryptography Cryptographers Favorite Algorithms

The Laws of Cryptography Cryptographers Favorite Algorithms 2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field

More information

This section demonstrates some different techniques of proving some general statements.

This section demonstrates some different techniques of proving some general statements. Section 4. Number Theory 4.. Introduction This section demonstrates some different techniques of proving some general statements. Examples: Prove that the sum of any two odd numbers is even. Firstly you

More information

MODULAR ARITHMETIC KEITH CONRAD

MODULAR ARITHMETIC KEITH CONRAD MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic

More information

Mathematical induction & Recursion

Mathematical induction & Recursion CS 441 Discrete Mathematics for CS Lecture 15 Mathematical induction & Recursion Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Proofs Basic proof methods: Direct, Indirect, Contradiction, By Cases,

More information

Chapter 9. Computational Number Theory. 9.1 The basic groups Integers mod N Groups

Chapter 9. Computational Number Theory. 9.1 The basic groups Integers mod N Groups Chapter 9 Computational Number Theory 9.1 The basic groups We let Z = {..., 2, 1,0,1,2,...} denote the set of integers. We let Z + = {1,2,...} denote the set of positive integers and N = {0,1,2,...} the

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

Shared Secret = Trust

Shared Secret = Trust Trust The fabric of life! Holds civilizations together Develops by a natural process Advancement of technology results in faster evolution of societies Weakening the natural bonds of trust From time to

More information

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a

More information

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

SUM OF TWO SQUARES JAHNAVI BHASKAR

SUM OF TWO SQUARES JAHNAVI BHASKAR SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted

More information

Lecture 13: Factoring Integers

Lecture 13: Factoring Integers CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

More information

The Mathematics of RSA

The Mathematics of RSA The Mathematics of RSA Dimitri Papaioannou May 24, 2007 1 Introduction Cryptographic systems come in two flavors. Symmetric or Private key encryption and Asymmetric or Public key encryption. Strictly speaking,

More information

Computing exponents modulo a number: Repeated squaring

Computing exponents modulo a number: Repeated squaring Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method

More information

Prime Numbers. Chapter Primes and Composites

Prime Numbers. Chapter Primes and Composites Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are

More information

15 Prime and Composite Numbers

15 Prime and Composite Numbers 15 Prime and Composite Numbers Divides, Divisors, Factors, Multiples In section 13, we considered the division algorithm: If a and b are whole numbers with b 0 then there exist unique numbers q and r such

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Congruences. Robert Friedman

Congruences. Robert Friedman Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition

More information

GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!

GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014! GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!!! Challenge Problem 2 (Mastermind) due Fri. 9/26 Find a fourth guess whose scoring will allow you to determine the secret code (repetitions are

More information

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

More information

An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms. The Problem An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

More information

ORDERS OF ELEMENTS IN A GROUP

ORDERS OF ELEMENTS IN A GROUP ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since

More information

Cryptography: RSA and the discrete logarithm problem

Cryptography: RSA and the discrete logarithm problem Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

More information

Stanford University Educational Program for Gifted Youth (EPGY) Number Theory. Dana Paquin, Ph.D.

Stanford University Educational Program for Gifted Youth (EPGY) Number Theory. Dana Paquin, Ph.D. Stanford University Educational Program for Gifted Youth (EPGY) Dana Paquin, Ph.D. paquin@math.stanford.edu Summer 2010 Note: These lecture notes are adapted from the following sources: 1. Ivan Niven,

More information

Prime numbers for Cryptography

Prime numbers for Cryptography Prime numbers for Cryptography What this is going to cover Primes, products of primes and factorisation How to win a million dollars Generating small primes quickly How many primes are there and how many

More information

Related Idea: RSA Encryption Step 1

Related Idea: RSA Encryption Step 1 Related Idea: RSA Encryption Step 1 Example (RSA Encryption: Step 1) Here is how Alice and Bob can do to share a secret from Carl: What Alice Does 1. Alice chooses two (large) prime numbers p and q, which

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Announcements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography

Announcements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl

More information

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS Class Meetings: MW 2:00-3:15 pm in Physics 144, September 7 to December 14 [Thanksgiving break November 23 27; final exam December 21] Instructor:

More information

Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

More information

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,

More information

SOLUTIONS FOR PROBLEM SET 2

SOLUTIONS FOR PROBLEM SET 2 SOLUTIONS FOR PROBLEM SET 2 A: There exist primes p such that p+6k is also prime for k = 1,2 and 3. One such prime is p = 11. Another such prime is p = 41. Prove that there exists exactly one prime p such

More information

Math 319 Problem Set #3 Solution 21 February 2002

Math 319 Problem Set #3 Solution 21 February 2002 Math 319 Problem Set #3 Solution 21 February 2002 1. ( 2.1, problem 15) Find integers a 1, a 2, a 3, a 4, a 5 such that every integer x satisfies at least one of the congruences x a 1 (mod 2), x a 2 (mod

More information

Prime Numbers The generation of prime numbers is needed for many public key algorithms:

Prime Numbers The generation of prime numbers is needed for many public key algorithms: CA547: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Number Theory 2 7.1 Prime Numbers Prime Numbers The generation of prime numbers is needed for many public key algorithms: RSA: Need to find p and q to compute

More information

Chapter Two. Number Theory

Chapter Two. Number Theory Chapter Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the ordinary operations of addition, subtraction, multiplication and

More information

3. QUADRATIC CONGRUENCES

3. QUADRATIC CONGRUENCES 3. QUADRATIC CONGRUENCES 3.1. Quadratics Over a Finite Field We re all familiar with the quadratic equation in the context of real or complex numbers. The formula for the solutions to ax + bx + c = 0 (where

More information

Chapter 6. Number Theory. 6.1 The Division Algorithm

Chapter 6. Number Theory. 6.1 The Division Algorithm Chapter 6 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,

More information