RSA and Primality Testing


 Alvin Hawkins
 2 years ago
 Views:
Transcription
1 and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter / 81
2 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2 / 81
3 Caesar cipher Correctness of A B C D E F G H I J K L M N O D E F G H I J K L M N O P Q R P Q R S T U V W X Y Z Æ Ø Å S T U V W X Y Z Æ Ø Å A B C E(m) = m + 3 (mod 29) 3 / 81
4 systems Correctness of Suppose the following was encrypted using a Caesar cipher and the Danish alphabet. The key is unknown. What does it say? ZQOØQOØ, RI. 4 / 81
5 systems Correctness of Suppose the following was encrypted using a Caesar cipher and the Danish alphabet. The key is unknown. What does it say? ZQOØQOØ, RI. What does this say about how many keys should be possible? 5 / 81
6 systems Correctness of Caesar Cipher Enigma DES Blowfish IDEA Triple DES AES 6 / 81
7 cryptography Correctness of Bob 2 keys PK B,SK B PK B Bob s public key SK B Bob s private (secret) key For Alice to send m to Bob, Alice computes: c = E(m,PK B ). To decrypt c, Bob computes: r = D(c,SK B ). r = m It must be hard to compute SK B from PK B. 7 / 81
8 Introduction to Number Theory Correctness of Definition. Suppose a,b Z, a > 0. Suppose c Z s.t. b = ac. Then a divides b. a b. a is a factor of b. b is a multiple of a. e f means e does not divide f. Theorem. a,b,c Z. Then 1. if a b and a c, then a (b+c) 2. if a b, then a bc c Z 3. if a b and b c, then a c. 8 / 81
9 Correctness of Definition. p Z, p > 1. p is prime if 1 and p are the only positive integers which divide p. 2,3,5,7,11,13,17,... p is composite if it is not prime. 4,6,8,9,10,12,14,15,16,... 9 / 81
10 Correctness of Theorem. a Z, d IN unique q,r, 0 r < d s.t. a = dq +r d a dividend q quotient r remainder = a mod d Definition. gcd(a,b) = greatest common of a and b = largest d Z s.t. d a and d b If gcd(a,b) = 1, then a and b are relatively prime. 10 / 81
11 Correctness of Definition. a b (mod m) a is congruent to b modulo m if m (a b). m (a b) k Z s.t. a = b+km. Theorem. a b (mod m) c d (mod m) Then a+c b+d (mod m) and ac bd (mod m). Proof.(of first) k 1,k 2 s.t. a = b+k 1 m c = d+k 2 m a+c = b+k 1 m+d+k 2 m = b+d+(k 1 +k 2 )m 11 / 81
12 Correctness of Definition. a b (mod m) a is congruent to b modulo m if m (a b). m (a b) k Z s.t. a = b+km. Examples (mod 7)? 15 = 22 (mod 7)? (mod 7)? 15 = 1 (mod 7)? (mod 7)? 15 = 37 (mod 7)? (mod 9)? 58 = 22 (mod 9)? 12 / 81
13 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 13 / 81
14 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Example: p = 5, q = 11, e = 3, d = 27, m = 8. Then N = 55. e d = 81. So e d = 1 (mod 4 10). To encrypt m: c = 8 3 (mod 55) = 17. To decrypt c: r = (mod 55) = / 81
15 Security of Correctness of The primes p A and q A are kept secret with d A. Suppose Eve can factor N A. Then she can find p A and q A. From them and e A, she finds d A. Then she can decrypt just like Alice. Factoring must be hard! 15 / 81
16 Factoring Correctness of Theorem. N composite N has a prime N Factor(n) for i = 2 to n do check if i divides n if it does then output (i,n/i) endfor output 1 if not found Corollary There is an algorithm for factoring N (or testing primality) which does O( N) tests of divisibility. 16 / 81
17 Factoring Correctness of Check all possible s between 2 and n. Not finished in your grandchildren s life time for n with 1024 bits. Problem The length of the input is n = log 2 (N +1). So the running time is O(2 n/2 ) exponential. Open Problem Does there exist a polynomial time factoring algorithm? Use primes which are at least 512 (or 1024) bits long. So p A,q A < So p A / 81
18 Correctness of How do we implement? We need to find: p A,q A,N A,e A,d A. We need to encrypt and decrypt. 18 / 81
19 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication 19 / 81
20 Exponentiation Correctness of Theorem. For all nonnegative integers, b,c,m, b c (mod m) = (b (mod m)) (c (mod m)) (mod m). Example: a a 2 (mod n) = (a (mod n))(a 2 (mod n)) (mod n). 8 3 (mod 55) = (mod 55) = 8 64 (mod 55) = 8 (9+55) (mod 55) = 72+(8 55) (mod 55) = (8 55) (mod 55) = / 81
21 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults 21 / 81
22 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults Guess: k 1 modular multiplications. 22 / 81
23 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults Guess: k 1 modular multiplications. This is too many! e A d A 1 (mod (p A 1)(q A 1)). p A and q A have 512 bits each. So at least one of e A and d A has 512 bits. To either encrypt or decrypt would need operations (more than number of atoms in the universe). 23 / 81
24 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? 24 / 81
25 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults 25 / 81
26 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults In general: a 2s (mod n)? 26 / 81
27 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults In general: a 2s (mod n)? a 2s (mod n) (a s (mod n)) 2 (mod n) 27 / 81
28 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults a 2s (mod n) (a s (mod n)) 2 (mod n) In general: a 2s+1 (mod n)? 28 / 81
29 encryption/decryption Correctness of We need to encrypt and decrypt: compute a k (mod n). a 2 (mod n) a a (mod n) 1 modular multiplication a 3 (mod n) a (a a (mod n)) (mod n) 2 mod mults How do you calculate a 4 (mod n) in less than 3? a 4 (mod n) (a 2 (mod n)) 2 (mod n) 2 mod mults a 2s (mod n) (a s (mod n)) 2 (mod n) a 2s+1 (mod n) a ((a s (mod n)) 2 (mod n)) (mod n) 29 / 81
30 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) 30 / 81
31 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3,3,7) 31 / 81
32 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7) (mod 7)) 32 / 81
33 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 33 / 81
34 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 34 / 81
35 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 35 / 81
36 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 c 3 2 (mod 7) 6 36 / 81
37 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) To compute 3 6 (mod 7): Exp(3,6,7) c Exp(3, 3, 7) 3 (Exp(3, 2, 7)) (mod 7)) c Exp(3,1,7) 3 Exp(3,2,7) (mod 7)) 3 3 (mod 7) 2 c 3 2 (mod 7) 6 Exp(3,6,7) (6 6) (mod 7) 1 37 / 81
38 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? 38 / 81
39 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? Divide exponent by 2 every other time. How many times can we do that? 39 / 81
40 Exponentiation Correctness of Exp(a,k,n) { Compute a k (mod n) } if k < 0 then report error if k = 0 then return(1) if k = 1 then return(a (mod n)) if k is odd then return(a Exp(a, k 1, n) (mod n)) if k is even then c Exp(a,k/2,n) return((c c) (mod n)) How many modular multiplications? Divide exponent by 2 every other time. How many times can we do that? log 2 (k) So at most 2 log 2 (k) modular multiplications. 40 / 81
41 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Try using N = 35, e = 11 to create keys for. What is d? Try d = 11 and check it. Encrypt 4. Decrypt the result. 41 / 81
42 a public key system Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. Try using N = 35, e = 11 to create keys for. What is d? Try d = 11 and check it. Encrypt 4. Decrypt the result. Did you get c = 9? And r = 4? 42 / 81
43 Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 43 / 81
44 Greatest Common Divisor Correctness of We need to find: e A,d A. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). 44 / 81
45 Greatest Common Divisor Correctness of We need to find: e A,d A. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). Choose random e A. Check that gcd(e A,(p A 1)(q A 1)) = 1. Find d A such that e A d A 1 (mod (p A 1)(q A 1)). 45 / 81
46 The Extended Euclidean Algorithm Correctness of Theorem. a,b IN. s,t Z s.t. sa+tb = gcd(a,b). Proof. Let d be the smallest positive integer in D = {xa+yb x,y Z}. d D d = x a+y b for some x,y Z. gcd(a,b) a and gcd(a,b) b, so gcd(a,b) x a, gcd(a,b) y b, and gcd(a,b) (x a+y b) = d. We will show that d gcd(a,b), so d = gcd(a,b). Note a D. Suppose a = dq +r with 0 r < d. r = a dq = a q(x a+y b) = (1 qx )a (qy )b r D r < d r = 0 d a. Similarly, one can show that d b. Therefore, d gcd(a,b). 46 / 81
47 The Extended Euclidean Algorithm Correctness of How do you find d, s and t? Let d = gcd(a,b). Write b as b = aq +r with 0 r < a. Then, d b d (aq +r). Also, d a d (aq) d ((aq +r) aq) d r. Let d = gcd(a,b aq). Then, d a d (aq) Also, d (b aq) d ((b aq)+aq) d b. Thus, gcd(a, b) = gcd(a, b (mod a)) = gcd(b (mod a),a). This shows how to reduce to a simpler problem and gives us the Extended Euclidean Algorithm. 47 / 81
48 The Extended Euclidean Algorithm Correctness of { Initialize} d 0 b s 0 0 t 0 1 d 1 a s 1 1 t 1 0 n 1 { Compute next d} while d n > 0 do begin n n+1 { Compute d n d n 2 (mod d n 1 )} q n d n 2 /d n 1 d n d n 2 q n d n 1 s n q n s n 1 +s n 2 t n q n t n 1 +t n 2 end s ( 1) n s n 1 t ( 1) n 1 t n 1 gcd(a,b) d n 1 48 / 81
49 The Extended Euclidean Algorithm Correctness of Finding multiplicative inverses modulo m: Given a and m, find x s.t. a x 1 (mod m). Should also find a k, s.t. ax = 1+km. So solve for an s in an equation sa+tm = 1. This can be done if gcd(a,m) = 1. Just use the Extended Euclidean Algorithm. 49 / 81
50 Examples Correctness of Calculate the following: 1. gcd(6,9) 2. s and t such that s 6+t 9 = gcd(6,9) 3. gcd(15, 23) 4. s and t such that s 15+t 23 = gcd(15,23) 50 / 81
51 Correctness of N A = p A q A, where p A,q A prime. gcd(e A,(p A 1)(q A 1)) = 1. e A d A 1 (mod (p A 1)(q A 1)). PK A = (N A,e A ) SK A = (N A,d A ) To encrypt: c = E(m,PK A ) = m e A (mod N A ). To decrypt: r = D(c,PK A ) = c d A (mod N A ). r = m. 51 / 81
52 Correctness of We need to find: p A,q A large primes. Choose numbers at random and check if they are prime? 52 / 81
53 Questions Correctness of 1. How many random integers of length 154 are prime? 53 / 81
54 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. (This holds because the expected number of tries until a success, when the probability of success is p, is 1/p.) 54 / 81
55 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. 2. How fast can we test if a number is prime? 55 / 81
56 Questions Correctness of 1. How many random integers of length 154 are prime? About x lnx numbers < x are prime, so about So we expect to test about 355 before finding a prime. 2. How fast can we test if a number is prime? Quite fast, using randomness. 56 / 81
57 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81
58 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81
59 Method 1 Correctness of Sieve of Eratosthenes: Lists: / 81
60 Method 1 Correctness of Sieve of Eratosthenes: Lists: more than number of atoms in universe So we cannot even write out this list! 60 / 81
61 Method 2 Correctness of CheckPrime(n) for i = 2 to n 1 do check if i divides n if it does then output i endfor output 1 if not found Check all possible s between 2 and n (or n). Our sun will die before we re done! 61 / 81
62 Examples of groups Correctness of Z, R sets +, operations Z n = {0,1,...,n 1} integers modulo n a+b a+b (mod n) addition operation a (mod n) = remainder when a is divided by n 4+3 = k (mod 5) 62 / 81
63 Examples of groups Correctness of Z, R sets +, operations Z n = {0,1,...,n 1} integers modulo n a+b a+b (mod n) addition operation (mod 5) a b a b (mod n) multiplication operation (mod 5) Properties: associative commutative identity inverses (for addition) 63 / 81
64 Multiplicative inverses? Correctness of a b = 1+kn n = 15 Element Inverse Computation a = 0 no inverse a = (mod 15) a = (mod 15) a = 3 no inverse a = (mod 15) a = 5 no inverse a = 6 no inverse a = (mod 15) a = (mod 15) a = (mod 15) a = (mod 15) a = (mod 15) 64 / 81
65 Multiplicative inverses? Correctness of Z n = {x 1 x n 1, gcd(x,n) = 1} gcd greatest common Extended Euclidean Algorithm find inverses Z n is the multiplicative group modulo n. The elements in Z n are relatively prime to n. 65 / 81
66 Examples Correctness of Group: set with 1 operation associative, identity, inverses Examples: Z, R with +, not with R 0 with Z n with + Z n with 66 / 81
67 Definitions Correctness of Subgroup: H G if H G and H is a group. Examples: Even integers with addition G = Z7, H = {1,2,4} H is the order of H. Theorem. [La Grange] For a finite group G, if H G, then H divides G. 67 / 81
68 Rabin Miller Primality Testing Correctness of In practice, use a randomized primality test. Miller Rabin primality test: Starts with Fermat test: 2 14 (mod 15) 4 1. So 15 is not prime. Theorem. Suppose p is a prime. Then for all 1 a p 1, a p 1 (mod p) = / 81
69 Rabin Miller Primality Test Correctness of Fermat test: Prime(n) repeat r times Choose random a Z n if a n 1 (mod n) 1 then return(composite) end repeat return(probably Prime) Carmichael Numbers Composite n. For all a Z n, a n 1 (mod n) 1. Example: 561 = If p is prime, 1 (mod p) = {1,p 1}. If p has > 1 distinct factors, 1 has at least 4 square roots. Example: 1 (mod 15) = {1,4,11,14} 69 / 81
70 Rabin Miller Primality Test Correctness of Taking square roots of 1 (mod 561): (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) (mod 561) 67 2 is a witness that 561 is composite. 70 / 81
71 Rabin Miller Primality Test Correctness of Miller Rabin(n, k) Calculate odd m such that n 1 = 2 s m repeat k times Choose random a Z n if a n 1 (mod n) 1 then return(composite) if a (n 1)/2 (mod n) n 1 then break if a (n 1)/2 (mod n) 1 then return(composite) if a (n 1)/4 (mod n) n 1 then break if a (n 1)/4 (mod n) 1 then return(composite)... if a m (mod n) n 1 then break if a m (mod n) 1 then return(composite) end repeat return(probably Prime) 71 / 81
72 Rabin Miller Primality Test Correctness of Analysis: Suppose n is composite: Probability a is not a witness 1 2 Show there exists at least one witness Show that the set of nonwitnesses is a subgroup Order of subgroup divides order of group, so it s 1 2 of the group 72 / 81
73 Rabin Miller Primality Test Correctness of Analysis: Suppose n is composite: Probability a is not a witness 1 2 Show there exists at least one witness Show that the set of nonwitnesses is a subgroup Order of subgroup divides order of group, so it s 1 2 of the group Probability answer is Probably Prime 1 2 k 73 / 81
74 Conclusions about primality testing Correctness of 1. Miller Rabin is a practical primality test 2. There is a less practical deterministic primality test 3. Randomized algorithms are useful in practice 4. Algebra is used in primality testing 5. is not useless 74 / 81
75 Why does work? Correctness of Thm (The Chinese Remainder Theorem) Let m 1,m 2,...,m k be pairwise relatively prime. For any integers x 1,x 2,...,x k, there exists x Z s.t. x x i (mod m i ) for 1 i k, and this integer is uniquely determined modulo the product m = m 1 m 2...m k. It is also efficiently computable. CRT Algorithm For 1 i k, find u i such that u i 1 (mod m i ) u i 0 (mod m j ) for j i Compute x k i=1 x iu i (mod m). How do you find each u i? 75 / 81
76 Correctness of u i 1 (mod m i ) i integers v i s.t. u i +v i m i = 1. u i 0 (mod m j ) j i integers w i s.t. u i = w i (m/m i ). Thus, w i (m/m i )+v i m i = 1. Solve for the values v i and w i using the Extended Euclidean Algorithm. (Note that this is where we need that the m i are pairwise relatively prime.) After each w i is found, the corresponding u i can be calculated. The existence of the algorithm proves part of the theorem. What about uniqueness? Suppose x and y work. Look at x y. 76 / 81
77 Chinese Remainder Theorem Correctness of Example: Let m 1 = 3, m 2 = 5, and m 3 = 7. Suppose x 1 2 (mod 3) x 2 3 (mod 5) x 3 4 (mod 7) To calculate u 1 : w 1 (35)+v 1 (3) = 1 w 1 = 1; v 1 = 12 u 1 = ( 1)35 70 (mod 105) To calculate u 2 : w 2 (21)+v 2 (5) = 1 w 2 = 1; v 2 = 4 u 2 = (1)21 21 (mod 105) To calculate u 3 : w 3 (15)+v 3 (7) = 1 w 3 = 1; v 3 = 2 u 3 = (1)15 15 (mod 105) So we can calculate x (mod 105). 77 / 81
78 Fermat s Little Theorem Correctness of Why does work? CRT + Fermat s Little Theorem: p is a prime, p a. Then a p 1 1 (mod p) and a p a (mod p). 78 / 81
79 Correctness of Correctness of Consider x = D SA (E SA (m)). Note k s.t. e A d A = 1+k(p A 1)(q A 1). x (m e A (mod N A )) d A (mod N A ) m e Ad A m 1+k(p A 1)(q A 1) (mod N A ). Consider x (mod p A ). x m 1+k(p A 1)(q A 1) m (m (p A 1) ) k(q A 1) m 1 k(q A 1) m (mod p A ). Consider x (mod q A ). x m 1+k(p A 1)(q A 1) m (m (q A 1) ) k(p A 1) m 1 k(p A 1) m (mod q A ). Apply the Chinese Remainder Theorem: gcd(p A,q A ) = 1, x m (mod N A ). So D SA (E SA (m)) = m. 79 / 81
80 Digital Signatures with Correctness of Suppose Alice wants to sign a document m such that: No one else could forge her signature It is easy for others to verify her signature Note m has arbitrary length. is used on fixed length messages. Alice uses a cryptographically secure hash function h, such that: For any message m, h(m ) has a fixed length (512 bits?) It is hard for anyone to find 2 messages (m 1,m 2 ) such that h(m 1 ) = h(m 2 ). 80 / 81
81 Digital Signatures with Correctness of Then Alice decrypts h(m) with her secret key (N A,d A ) s = (h(m)) d A (mod N A ) Bob verifies her signature using her public key (N A,e A ) and h: c = s e A (mod N A ) He accepts if and only if h(m) = c. This works because s e A (mod N A ) = ((h(m)) d A ) e A (mod N A ) = ((h(m)) e A ) d A (mod N A ) = h(m). 81 / 81
Discrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationHomework 5 Solutions
Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationIntegers, Division, and Divisibility
Number Theory Notes (v. 4.23 October 31, 2002) 1 Number Theory is the branch of mathematics that deals with integers and their properties, especially properties relating to arithmetic operations like addition,
More informationToday s Topics. Primes & Greatest Common Divisors
Today s Topics Primes & Greatest Common Divisors Prime representations Important theorems about primality Greatest Common Divisors Least Common Multiples Euclid s algorithm Once and for all, what are prime
More informationFurther linear algebra. Chapter I. Integers.
Further linear algebra. Chapter I. Integers. Andrei Yafaev Number theory is the theory of Z = {0, ±1, ±2,...}. 1 Euclid s algorithm, Bézout s identity and the greatest common divisor. We say that a Z divides
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationElementary Number Theory We begin with a bit of elementary number theory, which is concerned
CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationCHAPTER 5. Number Theory. 1. Integers and Division. Discussion
CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a
More informationPublicKey Cryptography. Oregon State University
PublicKey Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secretkey cryptography Exchange the key
More informationLecture 13  Basic Number Theory.
Lecture 13  Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are nonnegative integers. We say that A divides B, denoted
More informationAlgebra for Digital Communication
EPFL  Section de Mathématiques Algebra for Digital Communication Fall semester 2008 Solutions for exercise sheet 1 Exercise 1. i) We will do a proof by contradiction. Suppose 2 a 2 but 2 a. We will obtain
More informationIntegers and division
CS 441 Discrete Mathematics for CS Lecture 12 Integers and division Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Symmetric matrix Definition: A square matrix A is called symmetric if A = A T.
More informationPrimality  Factorization
Primality  Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationTheorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b.
Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationHomework until Test #2
MATH31: Number Theory Homework until Test # Philipp BRAUN Section 3.1 page 43, 1. It has been conjectured that there are infinitely many primes of the form n. Exhibit five such primes. Solution. Five such
More informationAsymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University
Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationSection 4.2: The Division Algorithm and Greatest Common Divisors
Section 4.2: The Division Algorithm and Greatest Common Divisors The Division Algorithm The Division Algorithm is merely long division restated as an equation. For example, the division 29 r. 20 32 948
More informationMathematics is the queen of sciences and number theory is the queen of mathematics.
Number Theory Mathematics is the queen of sciences and number theory is the queen of mathematics. But why is it computer science? It turns out to be critical for cryptography! Carl Friedrich Gauss Division
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationAlgebraic Systems, Fall 2013, September 1, 2013 Edition. Todd Cochrane
Algebraic Systems, Fall 2013, September 1, 2013 Edition Todd Cochrane Contents Notation 5 Chapter 0. Axioms for the set of Integers Z. 7 Chapter 1. Algebraic Properties of the Integers 9 1.1. Background
More informationModule 5: Basic Number Theory
Module 5: Basic Number Theory Theme 1: Division Given two integers, say a and b, the quotient b=a may or may not be an integer (e.g., 16=4 =4but 12=5 = 2:4). Number theory concerns the former case, and
More informationMA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins
MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public
More informationMathematics of Cryptography
Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2.
More informationCryptography and Network Security Number Theory
Cryptography and Network Security Number Theory XiangYang Li Introduction to Number Theory Divisors b a if a=mb for an integer m b a and c b then c a b g and b h then b (mg+nh) for any int. m,n Prime
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationMathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR
Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGrawHill The McGrawHill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,
More informationPractice Problems for First Test
Mathematicians have tried in vain to this day to discover some order in the sequence of prime numbers, and we have reason to believe that it is a mystery into which the human mind will never penetrate.
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More information8 Primes and Modular Arithmetic
8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.
More informationElementary Number Theory
Elementary Number Theory A revision by Jim Hefferon, St Michael s College, 2003Dec of notes by W. Edwin Clark, University of South Florida, 2002Dec L A TEX source compiled on January 5, 2004 by Jim Hefferon,
More information(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map
22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find
More informationElementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.
Elementary Number Theory and Methods of Proof CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.edu/~cse215 1 Number theory Properties: 2 Properties of integers (whole
More information2.2 Inverses and GCDs
2.2. INVERSES AND GCDS 49 2.2 Inverses and GCDs Solutions to Equations and Inverses mod n In the last section we explored multiplication in Z n.wesaw in the special case with n =12and a =4that if we used
More informationApplications of Fermat s Little Theorem and Congruences
Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4
More informationUOSEC Week 2: Asymmetric Cryptography. Frank IRC kee Adam IRC xe0 IRC: irc.freenode.net #0x4f
UOSEC Week 2: Asymmetric Cryptography Frank farana@uoregon.edu IRC kee Adam pond2@uoregon.edu IRC xe0 IRC: irc.freenode.net #0x4f Agenda HackIM CTF Results GITSC CTF this Saturday 10:00am Basics of Asymmetric
More informationComputer and Network Security
MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationFactoring Algorithms
Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More information3. (5%) Use the Euclidean algorithm to find gcd(742, 1908). Sol: gcd(742, 1908) = gcd(742, 424) = gcd(424, 318) = gcd(318, 106) = 106
Midterm Examination on Discrete Mathematics 1. (4%) Encrypt the message LOVE by translating the letters A through Z into numbers 0 through 25, applying the encryption function f(p) = (3p + 7) (mod 26),
More informationMathematics of Cryptography Part I
CHAPTER 2 Mathematics of Cryptography Part I (Solution to OddNumbered Problems) Review Questions 1. The set of integers is Z. It contains all integral numbers from negative infinity to positive infinity.
More information1) A very simple example of RSA encryption
Solved Examples 1) A very simple example of RSA encryption This is an extremely simple example using numbers you can work out on a pocket calculator (those of you over the age of 35 45 can probably even
More informationDiscrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5
CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range {0,1,...,N
More informationThe Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.
The Prime Numbers Before starting our study of primes, we record the following important lemma. Recall that integers a, b are said to be relatively prime if gcd(a, b) = 1. Lemma (Euclid s Lemma). If gcd(a,
More informationDiscrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University
Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called
More informationb) Find smallest a > 0 such that 2 a 1 (mod 341). Solution: a) Use succesive squarings. We have 85 =
Problem 1. Prove that a b (mod c) if and only if a and b give the same remainders upon division by c. Solution: Let r a, r b be the remainders of a, b upon division by c respectively. Thus a r a (mod c)
More informationIs this number prime? Berkeley Math Circle Kiran Kedlaya
Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not
More informationMathematics of Cryptography
CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter
More informationCryptography and Network Security Chapter 8
Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationNumber Theory: A Mathemythical Approach. Student Resources. Printed Version
Number Theory: A Mathemythical Approach Student Resources Printed Version ii Contents 1 Appendix 1 2 Hints to Problems 3 Chapter 1 Hints......................................... 3 Chapter 2 Hints.........................................
More informationRSA Encryption. Kurt Bryan ..., 2, 1, 0, 1, 2,...
1 Introduction Our starting point is the integers RSA Encryption Kurt Bryan..., 2, 1, 0, 1, 2,... and the basic operations on integers, +,,,. The basic material could hardly be more familiar. We denote
More informationOverview of Number Theory Basics. Divisibility
Overview of Number Theory Basics Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Divisibility Definition Given integers a and b, b 0, b divides a (denoted b a) if integer c, s.t. a = cb. b is called
More informationMODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.
MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on
More informationThe Laws of Cryptography Cryptographers Favorite Algorithms
2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field
More informationThis section demonstrates some different techniques of proving some general statements.
Section 4. Number Theory 4.. Introduction This section demonstrates some different techniques of proving some general statements. Examples: Prove that the sum of any two odd numbers is even. Firstly you
More informationMODULAR ARITHMETIC KEITH CONRAD
MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic
More informationMathematical induction & Recursion
CS 441 Discrete Mathematics for CS Lecture 15 Mathematical induction & Recursion Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Proofs Basic proof methods: Direct, Indirect, Contradiction, By Cases,
More informationChapter 9. Computational Number Theory. 9.1 The basic groups Integers mod N Groups
Chapter 9 Computational Number Theory 9.1 The basic groups We let Z = {..., 2, 1,0,1,2,...} denote the set of integers. We let Z + = {1,2,...} denote the set of positive integers and N = {0,1,2,...} the
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationShared Secret = Trust
Trust The fabric of life! Holds civilizations together Develops by a natural process Advancement of technology results in faster evolution of societies Weakening the natural bonds of trust From time to
More informationOn the generation of elliptic curves with 16 rational torsion points by Pythagorean triples
On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a
More informationFactoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute
RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem HarishChandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationSUM OF TWO SQUARES JAHNAVI BHASKAR
SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationThe Mathematics of RSA
The Mathematics of RSA Dimitri Papaioannou May 24, 2007 1 Introduction Cryptographic systems come in two flavors. Symmetric or Private key encryption and Asymmetric or Public key encryption. Strictly speaking,
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationPrime Numbers. Chapter Primes and Composites
Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are
More information15 Prime and Composite Numbers
15 Prime and Composite Numbers Divides, Divisors, Factors, Multiples In section 13, we considered the division algorithm: If a and b are whole numbers with b 0 then there exist unique numbers q and r such
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationCongruences. Robert Friedman
Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition
More informationGCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!
GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!!! Challenge Problem 2 (Mastermind) due Fri. 9/26 Find a fourth guess whose scoring will allow you to determine the secret code (repetitions are
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to PublicKey Cryptography Israel Koren ECE597/697 Koren Part.6.1
More informationAn Overview of Integer Factoring Algorithms. The Problem
An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm
More informationORDERS OF ELEMENTS IN A GROUP
ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since
More informationCryptography: RSA and the discrete logarithm problem
Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:
More informationStanford University Educational Program for Gifted Youth (EPGY) Number Theory. Dana Paquin, Ph.D.
Stanford University Educational Program for Gifted Youth (EPGY) Dana Paquin, Ph.D. paquin@math.stanford.edu Summer 2010 Note: These lecture notes are adapted from the following sources: 1. Ivan Niven,
More informationPrime numbers for Cryptography
Prime numbers for Cryptography What this is going to cover Primes, products of primes and factorisation How to win a million dollars Generating small primes quickly How many primes are there and how many
More informationRelated Idea: RSA Encryption Step 1
Related Idea: RSA Encryption Step 1 Example (RSA Encryption: Step 1) Here is how Alice and Bob can do to share a secret from Carl: What Alice Does 1. Alice chooses two (large) prime numbers p and q, which
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationAnnouncements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography
Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl
More informationMATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS
MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS Class Meetings: MW 2:003:15 pm in Physics 144, September 7 to December 14 [Thanksgiving break November 23 27; final exam December 21] Instructor:
More informationInteger Factorization using the Quadratic Sieve
Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give
More informationALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION
ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 55350100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,
More informationSOLUTIONS FOR PROBLEM SET 2
SOLUTIONS FOR PROBLEM SET 2 A: There exist primes p such that p+6k is also prime for k = 1,2 and 3. One such prime is p = 11. Another such prime is p = 41. Prove that there exists exactly one prime p such
More informationMath 319 Problem Set #3 Solution 21 February 2002
Math 319 Problem Set #3 Solution 21 February 2002 1. ( 2.1, problem 15) Find integers a 1, a 2, a 3, a 4, a 5 such that every integer x satisfies at least one of the congruences x a 1 (mod 2), x a 2 (mod
More informationPrime Numbers The generation of prime numbers is needed for many public key algorithms:
CA547: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Number Theory 2 7.1 Prime Numbers Prime Numbers The generation of prime numbers is needed for many public key algorithms: RSA: Need to find p and q to compute
More informationChapter Two. Number Theory
Chapter Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the ordinary operations of addition, subtraction, multiplication and
More information3. QUADRATIC CONGRUENCES
3. QUADRATIC CONGRUENCES 3.1. Quadratics Over a Finite Field We re all familiar with the quadratic equation in the context of real or complex numbers. The formula for the solutions to ax + bx + c = 0 (where
More informationChapter 6. Number Theory. 6.1 The Division Algorithm
Chapter 6 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,
More information