Advanced Maths Lecture 3


 Curtis Howard
 11 months ago
 Views:
Transcription
1 Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden EC crypto p. 1
2 Public key cryptography Asymmetric cryptography two keys: Public key widely distributed Private key users keep secret Mathematically related, but private key not (thought to be!) practically computable from just public key EC crypto p. 2
3 What s wrong with RSA? There are subexponential attacks on RSA: ( (64 )) O exp( 9 b) 1/3 log(b) 2/3 GNFS None (discovered) for ECC. So ECC can achieve same security with smaller key sizes. Faster computations Lower power consumption Memory/bandwidth savings Think mobile devices, ubiquitous computing, the environment etc. EC crypto p. 3
4 Key sizes US National Institute of Standards and Technology says for exchanging AES symmetric keys: ECC/RSA key size relationship is not linear. ECC clearly much more futureproof. EC crypto p. 4
5 Trapdoor oneway functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) EC crypto p. 5
6 Trapdoor oneway functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) whose inverse is hard to compute, EC crypto p. 5
7 Trapdoor oneway functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) whose inverse is hard to compute, unless given special information (the private key), in which case the inverse should be easy to compute EC crypto p. 5
8 The discrete logarithm problem Over R + : log(x) = 2 n=0 1 2n + 1 ( ) 2n+1 x 1 x + 1 Easy to compute to arbitrary accuracy, a x over R not oneway. EC crypto p. 6
9 The discrete logarithm problem Over R + : log(x) = 2 n=0 1 2n + 1 ( ) 2n+1 x 1 x + 1 Easy to compute to arbitrary accuracy, a x over R not oneway. For a discrete group (G, ), the discrete log log b (g) for b, g G is the least k Z 0 with: g = b k := b... b }{{} k times In the cyclic groups, b G g G k Z 0 [g = b k ] EC crypto p. 6
10 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. EC crypto p. 7
11 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. EC crypto p. 7
12 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. Identity element is 1. EC crypto p. 7
13 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. Identity element is 1. Inverses If 1 < a p 1, and a 2 1 mod p, then a 2 a mod p or p divides a. Similarly, if a 3 1 mod p, then a 3 a 2 or a mod p etc. Eventually, we must find k, with a k 1 mod p as we will exhaust all (finite) other possibilities. EC crypto p. 7
14 E.g. p = DLP question: What is log 3 (5)? I.e. we want k such that 3 k = 5 EC crypto p. 8
15 E.g. p = DLP question: What is log 3 (5)? I.e. we want k such that 3 k = = = = = = = = = 5 so log 3 (5) = 5. Also, 3 generates the group, log 3 ( ) always defined. EC crypto p. 8
16 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g EC crypto p. 9
17 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 EC crypto p. 9
18 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k EC crypto p. 9
19 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k Publish (G, q, g, h) as public key EC crypto p. 9
20 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k Publish (G, q, g, h) as public key k is private key EC crypto p. 9
21 ElGamal Encryption: Convert message m into an element of G Choose a random 0 y q 1, calculate c 1 = g y and c 2 = mh y Transmit ciphertext (c 1, c 2 ) EC crypto p. 10
22 ElGamal Encryption: Convert message m into an element of G Choose a random 0 y q 1, calculate c 1 = g y and c 2 = mh y Transmit ciphertext (c 1, c 2 ) Decryption: Compute c 2 c k 1 = mhy g ky = mgky g ky = m EC crypto p. 10
23 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message EC crypto p. 11
24 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) EC crypto p. 11
25 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) But no general subexponential DLP algorithm naive algorithm raising to higher and higher powers is exponential EC crypto p. 11
26 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) But no general subexponential DLP algorithm naive algorithm raising to higher and higher powers is exponential However, for DLP using Z p, the index calculus algorithm is subexponential, c.f. general number field sieve for RSA EC crypto p. 11
27 Elliptic curves over R A curve of the form: y 2 = f(x) = x 3 + ax + b where a and b R together with a point on the curve at infinity we call O. Also, the curve must be nonsingular, this means the roots of f(x) must be distinct. EC crypto p. 12
28 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points EC crypto p. 13
29 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points We count intersection multiplicities EC crypto p. 13
30 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points We count intersection multiplicities We add the point at infinity (formally) to the curve, so points on curve is some A R 2 union {O} EC crypto p. 13
31 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one EC crypto p. 14
32 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one If the multiplicity of some intersection point P of a line and an elliptic curve is greater than one, then the line is a tangent at P EC crypto p. 14
33 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one If the multiplicity of some intersection point P of a line and an elliptic curve is greater than one, then the line is a tangent at P Tangent lines at P are guaranteed unique by the nonsingularity requirement (so we can replace a with the in the above), we will see later that this is important EC crypto p. 14
34 Real intersections (1) We define a line to include O iff it is vertical. So now we can talk of intersections between lines and elliptic curves as subsets of R 2 {O}. EC crypto p. 15
35 Real intersections (1) We define a line to include O iff it is vertical. So now we can talk of intersections between lines and elliptic curves as subsets of R 2 {O}. Assume an elliptic curve and a nonvertical line y = mx + c (m, c R) meet in at least 2 real points (counting multiplicities!). Sub into y 2 = x 3 + ax + b: (mx + c) 2 = x 3 + ax + b A cubic in x. Has at least one real root. EC crypto p. 15
36 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. EC crypto p. 16
37 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. Assume at least two real nonzero roots, so cubic is (x r 1 )(x r 2 )(x r 3 ) for r 1, r 2 R and since r 1 r 2 r 3 = b c 2 R, r 3 R, so cubic has three real roots (similarly if r 1 and/or r 2 is zero) EC crypto p. 16
38 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. Assume at least two real nonzero roots, so cubic is (x r 1 )(x r 2 )(x r 3 ) for r 1, r 2 R and since r 1 r 2 r 3 = b c 2 R, r 3 R, so cubic has three real roots (similarly if r 1 and/or r 2 is zero) Key point: if we draw a nonvertical line through two real points on elliptic curve, will always meet at a third real point... we can forget about C, and only care about R 2 {O} EC crypto p. 16
39 Intersection patterns (1) Possible intersection patterns for nonvertical lines through two real points on an elliptic curve: 1: All multiplicities 1. Three distinct real points, all of multiplicity 1. 2: Line is tangent to Q multiplicity = 2, so meets at two real points, one of multiplicity 2, one of multiplicity 1. EC crypto p. 17
40 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b EC crypto p. 18
41 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b Since one of these is real, so is the other. Thus unless y = 0, such lines meet at two distinct real points as well as O, thus all of multiplicity 1. EC crypto p. 18
42 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b Since one of these is real, so is the other. Thus unless y = 0, such lines meet at two distinct real points as well as O, thus all of multiplicity 1. If y = 0, dx dy = 0, so the line is tangent at the real point of intersection (d, 0) and thus it has multiplicity > 1, i.e. 2 and O has multiplicity 1. EC crypto p. 18
43 Intersection patterns (2) Possible intersection patterns for nonvertical lines through two real points on an elliptic curve: 3: P, Q and O all with multiplicity 1. 4: Tangent at P multiplicity 2, O with multiplicity 1. EC crypto p. 19
44 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) EC crypto p. 20
45 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P EC crypto p. 20
46 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20
47 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20
48 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20
49 A binary operation (2) What if we are given a real P and O? Draw the (unique) vertical line through P. Remember that either it meets P with multiplicity 2, in which case, we define P O = P or with multiplicity 1, in which case it meets also at some other point Q, in which case we define P O = Q. EC crypto p. 21
50 A binary operation (2) What if we are given a real P and O? Draw the (unique) vertical line through P. Remember that either it meets P with multiplicity 2, in which case, we define P O = P or with multiplicity 1, in which case it meets also at some other point Q, in which case we define P O = Q. Finally, define O O = O (makes sense if consider line at infinity meeting curve just at O with multiplicity 3, but can just take it formally). EC crypto p. 21
51 Some examples... EC crypto p. 22
52 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. EC crypto p. 23
53 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. Define another (commutative) binary operation + : C(R) C(R) C(R): first compute P Q, draw the line through P Q and O, then P + Q is defined to be the third intersection point of this line with the curve (counting multiplicities), i.e. P + Q := O (P Q) EC crypto p. 23
54 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. Define another (commutative) binary operation + : C(R) C(R) C(R): first compute P Q, draw the line through P Q and O, then P + Q is defined to be the third intersection point of this line with the curve (counting multiplicities), i.e. P + Q := O (P Q) EC crypto p. 23
55 Explicit formulae for + Before we prove that + does indeed make C(R) a group, we show how to derive explicit formulae for the binary operation +: Let λ = q q p p, then x = λ2 p q and y = p + λ(x p) (elliptic curves are symmetric about xaxis). If the two points are the same, we can similarly compute an explicit expression for 2P := P + P. EC crypto p. 24
56 Group law (1) Closure we ve already checked this EC crypto p. 25
57 Group law (1) Closure we ve already checked this Identity element is O EC crypto p. 25
58 Group law (1) Closure we ve already checked this Identity element is O Inverse element is of P = (x, y) is P := (x, y) EC crypto p. 25
59 Group law (2) Associativity hardest to check. Can check using the explicit formulae, but you have to make sure you consider all cases, i.e. those involving O, those where two/three of the points are the same etc. There is a more elegant proof, but it involves a bit more algebraic geometry, for which there is not time now so you will have to just trust me (or bash it out with the explicit formulae!) EC crypto p. 26
60 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 EC crypto p. 27
61 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative EC crypto p. 27
62 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 EC crypto p. 27
63 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c EC crypto p. 27
64 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c 1 0 EC crypto p. 27
65 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c 1 0 Examples are Q, R, C under their usual addition and multiplication. Z is not a field though. EC crypto p. 27
66 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. EC crypto p. 28
67 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. None of what we did earlier, proving that C(R) was a group, was dependent on R, apart from that it is a field, the same thing works for any field, but we lose the geometric analogies and pretty pictures. EC crypto p. 28
68 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. None of what we did earlier, proving that C(R) was a group, was dependent on R, apart from that it is a field, the same thing works for any field, but we lose the geometric analogies and pretty pictures. Bezout s theorem carries across, replacing R with F p and C with the algebraic closure of F p, so we get a group law on C(F p ) EC crypto p. 28
69 Example (1) over F 5. y 2 = x 3 + x + 1 EC crypto p. 29
70 Example (1) y 2 = x 3 + x + 1 over F 5. How can we find all the points on the curve? Plug all 5 possibilities for x in... gives 9 points: C(F 5 ) = {O, (0, ±1), (2, ±1), (3, ±1), (4, ±2)} EC crypto p. 29
71 Example (1) y 2 = x 3 + x + 1 over F 5. How can we find all the points on the curve? Plug all 5 possibilities for x in... gives 9 points: C(F 5 ) = {O, (0, ±1), (2, ±1), (3, ±1), (4, ±2)} So C(F 5 ) is an abelian group of order 9. In fact, it is easy to see that (0, 1) generates the group, so it is the cyclic group of order 9... EC crypto p. 29
72 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). EC crypto p. 30
73 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. EC crypto p. 30
74 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. Subbing in, (3x + 1) 2 = x 3 + x + 1, roots x = 0 and x 2 9x 5 = x 2 4x 5 = x 2 + x = 0, x = 0 and x = 1 = 4. So (0, 1) (0, 1) = (4, 2). EC crypto p. 30
75 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. Subbing in, (3x + 1) 2 = x 3 + x + 1, roots x = 0 and x 2 9x 5 = x 2 4x 5 = x 2 + x = 0, x = 0 and x = 1 = 4. So (0, 1) (0, 1) = (4, 2). Then (0, 1) + (0, 1) = O (4, 2) = (4, 2) C(F 5 ). EC crypto p. 30
76 ECDLP So an elliptic curve over a (large) finite field gives us a (large) finite group, indeed a theorem of Hasse says: ( p 1) 2 C(F p ) ( p + 1) 2 for any elliptic curve C. We can do the discrete log problem in cyclic subgroups of such groups. EC crypto p. 31
77 ECDLP So an elliptic curve over a (large) finite field gives us a (large) finite group, indeed a theorem of Hasse says: ( p 1) 2 C(F p ) ( p + 1) 2 for any elliptic curve C. We can do the discrete log problem in cyclic subgroups of such groups. ECC is then the ElGamal algorithm in subgroups of the group of points on elliptic curves over finite fields EC crypto p. 31
78 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)bit numbers, i.e. proportional to p EC crypto p. 32
79 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)bit numbers, i.e. proportional to p Subexponential algorithm for Z p relied on a special result specific only to these groups EC crypto p. 32
80 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)bit numbers, i.e. proportional to p Subexponential algorithm for Z p relied on a special result specific only to these groups No such subexponential DLP algorithm has been found for elliptic curve groups, thus in terms of key sizes required for the same level of security, ECC beats both RSA and ElGamal over multiplication modulo p groups EC crypto p. 32
81 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA EC crypto p. 33
82 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA NIST recommends a small number of curves and fields, chosen for optimal security (i.e. not vulnerable to any known special case attacks) and implementation efficiency (some curves have properties making the implementation of ECC cheaper) EC crypto p. 33
83 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA NIST recommends a small number of curves and fields, chosen for optimal security (i.e. not vulnerable to any known special case attacks) and implementation efficiency (some curves have properties making the implementation of ECC cheaper) Hardest (publicly) broken ECC scheme to date had 109bit key. 10,000 Pentium class PCs, > 540 days EC crypto p. 33
84 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible EC crypto p. 34
85 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible Elliptic Curves and their Applications to Cryptography by Andreas Enge, actually focussed on crypto expensive though! EC crypto p. 34
86 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible Elliptic Curves and their Applications to Cryptography by Andreas Enge, actually focussed on crypto expensive though! Algebraic Aspects of Cryptography by Neal Koblitz, focusses on lots of interesting areas of algebra and number theory applicable to crypto EC crypto p. 34
Cryptography: RSA and the discrete logarithm problem
Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationElliptic Curves and Elliptic Curve Cryptography
Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently
More informationELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM
ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM DANIEL PARKER Abstract. This paper provides a foundation for understanding Lenstra s Elliptic Curve Algorithm for factoring large numbers. We give
More informationImplementation of Elliptic Curve Digital Signature Algorithm
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First IndoFrench Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationLecture Note 5 PUBLICKEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLICKEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security  MA61027 Modern/Publickey cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More information(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map
22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find
More informationLecture 13  Basic Number Theory.
Lecture 13  Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are nonnegative integers. We say that A divides B, denoted
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationElliptic Curve Cryptography Methods Debbie Roser Math\CS 4890
Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890 Why are Elliptic Curves used in Cryptography? The answer to this question is the following: 1) Elliptic Curves provide security equivalent
More informationHomework 5 Solutions
Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which
More informationPublic Key Cryptography. Performance Comparison and Benchmarking
Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What
More informationAn Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC
An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationECE 842 Report Implementation of Elliptic Curve Cryptography
ECE 842 Report Implementation of Elliptic Curve Cryptography WeiYang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic
More informationElementary Number Theory We begin with a bit of elementary number theory, which is concerned
CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,
More informationOn the generation of elliptic curves with 16 rational torsion points by Pythagorean triples
On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationIn this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamaltype sc
Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy)  Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 20002001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationOutline. Cryptography. Bret Benesh. Math 331
Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people
More informationMATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction
MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key
More informationAlex, I will take congruent numbers for one million dollars please
Alex, I will take congruent numbers for one million dollars please Jim L. Brown The Ohio State University Columbus, OH 4310 jimlb@math.ohiostate.edu One of the most alluring aspectives of number theory
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More information1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720  Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationMultiplicity. Chapter 6
Chapter 6 Multiplicity The fundamental theorem of algebra says that any polynomial of degree n 0 has exactly n roots in the complex numbers if we count with multiplicity. The zeros of a polynomial are
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationLet s just do some examples to get the feel of congruence arithmetic.
Basic Congruence Arithmetic Let s just do some examples to get the feel of congruence arithmetic. Arithmetic Mod 7 Just write the multiplication table. 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0
More informationENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS
ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationIntroduction to finite fields
Introduction to finite fields Topics in Finite Fields (Fall 2013) Rutgers University Swastik Kopparty Last modified: Monday 16 th September, 2013 Welcome to the course on finite fields! This is aimed at
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationI. GROUPS: BASIC DEFINITIONS AND EXAMPLES
I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called
More informationNetwork Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography
More informationGroups in Cryptography
Groups in Cryptography Çetin Kaya Koç http://cs.ucsb.edu/~koc/cs178 koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 1 / 13 Groups in Cryptography A set S and a binary
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationGeometric Transformations
Geometric Transformations Definitions Def: f is a mapping (function) of a set A into a set B if for every element a of A there exists a unique element b of B that is paired with a; this pairing is denoted
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by XiangYang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationA New Efficient Digital Signature Scheme Algorithm based on Block cipher
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 22780661, ISBN: 22788727Volume 7, Issue 1 (Nov.  Dec. 2012), PP 4752 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 97413 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More informationProperties of Real Numbers
16 Chapter P Prerequisites P.2 Properties of Real Numbers What you should learn: Identify and use the basic properties of real numbers Develop and use additional properties of real numbers Why you should
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More information26 Ideals and Quotient Rings
Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan 26 Ideals and Quotient Rings In this section we develop some theory of rings that parallels the theory of groups discussed
More informationContinued Fractions and the Euclidean Algorithm
Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction
More informationA Coder s Guide to Elliptic Curve Cryptography
Colby College Honors Thesis A Coder s Guide to Elliptic Curve Cryptography Author: Stephen Morse Supervisor: Fernando Gouvêa A thesis submitted in fulfilment of the requirements for graduating with Honors
More informationPYTHAGOREAN TRIPLES PETE L. CLARK
PYTHAGOREAN TRIPLES PETE L. CLARK 1. Parameterization of Pythagorean Triples 1.1. Introduction to Pythagorean triples. By a Pythagorean triple we mean an ordered triple (x, y, z) Z 3 such that x + y =
More informationProblem Set 7  Fall 2008 Due Tuesday, Oct. 28 at 1:00
18.781 Problem Set 7  Fall 2008 Due Tuesday, Oct. 28 at 1:00 Throughout this assignment, f(x) always denotes a polynomial with integer coefficients. 1. (a) Show that e 32 (3) = 8, and write down a list
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationSome Notes on Taylor Polynomials and Taylor Series
Some Notes on Taylor Polynomials and Taylor Series Mark MacLean October 3, 27 UBC s courses MATH /8 and MATH introduce students to the ideas of Taylor polynomials and Taylor series in a fairly limited
More informationAPPLICATIONS OF THE ORDER FUNCTION
APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and
More information8 Primes and Modular Arithmetic
8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.
More informationGalois Fields and Hardware Design
Galois Fields and Hardware Design Construction of Galois Fields, Basic Properties, Uniqueness, Containment, Closure, Polynomial Functions over Galois Fields Priyank Kalla Associate Professor Electrical
More informationEfficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks
Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of FrancheComté Journée thématique
More informationSection 1.1 Linear Equations: Slope and Equations of Lines
Section. Linear Equations: Slope and Equations of Lines Slope The measure of the steepness of a line is called the slope of the line. It is the amount of change in y, the rise, divided by the amount of
More information3.4 Complex Zeros and the Fundamental Theorem of Algebra
86 Polynomial Functions.4 Complex Zeros and the Fundamental Theorem of Algebra In Section., we were focused on finding the real zeros of a polynomial function. In this section, we expand our horizons and
More informationPYTHAGOREAN TRIPLES KEITH CONRAD
PYTHAGOREAN TRIPLES KEITH CONRAD 1. Introduction A Pythagorean triple is a triple of positive integers (a, b, c) where a + b = c. Examples include (3, 4, 5), (5, 1, 13), and (8, 15, 17). Below is an ancient
More informationALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION
ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 55350100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,
More information3. Equivalence Relations. Discussion
3. EQUIVALENCE RELATIONS 33 3. Equivalence Relations 3.1. Definition of an Equivalence Relations. Definition 3.1.1. A relation R on a set A is an equivalence relation if and only if R is reflexive, symmetric,
More informationa 11 x 1 + a 12 x 2 + + a 1n x n = b 1 a 21 x 1 + a 22 x 2 + + a 2n x n = b 2.
Chapter 1 LINEAR EQUATIONS 1.1 Introduction to linear equations A linear equation in n unknowns x 1, x,, x n is an equation of the form a 1 x 1 + a x + + a n x n = b, where a 1, a,..., a n, b are given
More informationsome algebra prelim solutions
some algebra prelim solutions David Morawski August 19, 2012 Problem (Spring 2008, #5). Show that f(x) = x p x + a is irreducible over F p whenever a F p is not zero. Proof. First, note that f(x) has no
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationRSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003
RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.
More informationQuotient Rings and Field Extensions
Chapter 5 Quotient Rings and Field Extensions In this chapter we describe a method for producing field extension of a given field. If F is a field, then a field extension is a field K that contains F.
More informationMA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES
MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions
More informationSUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by
SUBGROUPS OF CYCLIC GROUPS KEITH CONRAD 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by g = {g k : k Z}. If G = g, then G itself is cyclic, with g as a generator. Examples
More informationArithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJPRG. R. Barbulescu Sieves 0 / 28
Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJPRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer
More informationMathematics Review for MS Finance Students
Mathematics Review for MS Finance Students Anthony M. Marino Department of Finance and Business Economics Marshall School of Business Lecture 1: Introductory Material Sets The Real Number System Functions,
More informationFunctions and Equations
Centre for Education in Mathematics and Computing Euclid eworkshop # Functions and Equations c 014 UNIVERSITY OF WATERLOO Euclid eworkshop # TOOLKIT Parabolas The quadratic f(x) = ax + bx + c (with a,b,c
More informationMODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.
MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on
More informationMathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR
Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGrawHill The McGrawHill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,
More informationMATH 22. THE FUNDAMENTAL THEOREM of ARITHMETIC. Lecture R: 10/30/2003
MATH 22 Lecture R: 10/30/2003 THE FUNDAMENTAL THEOREM of ARITHMETIC You must remember this, A kiss is still a kiss, A sigh is just a sigh; The fundamental things apply, As time goes by. Herman Hupfeld
More informationCLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010
CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010 1. Greatest common divisor Suppose a, b are two integers. If another integer d satisfies d a, d b, we call d a common divisor of a, b. Notice that as
More informationARITHMETICAL FUNCTIONS II: CONVOLUTION AND INVERSION
ARITHMETICAL FUNCTIONS II: CONVOLUTION AND INVERSION PETE L. CLARK 1. Sums over divisors, convolution and Möbius Inversion The proof of the multiplicativity of the functions σ k, easy though it was, actually
More informationA Fast Semantically Secure Public Key Cryptosystem Based on Factoring
International Journal of Network Security, Vol.3, No., PP.144 150, Sept. 006 (http://ijns.nchu.edu.tw/) 144 A Fast Semantically Secure Public Key Cryptosystem Based on Factoring Sahdeo Padhye and Birendra
More informationModern Block Cipher Standards (AES) Debdeep Mukhopadhyay
Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA 721302 Objectives Introduction
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationImage Encryption and Decryption in A Modification of ElGamal Cryptosystem in MATLAB
International Journal of Sciences: Basic and Applied Research (IJSBAR) ISSN 23074531 (Print & Online) http://gssrr.org/index.php?journal=journalofbasicandapplied 
More informationMath 4310 Handout  Quotient Vector Spaces
Math 4310 Handout  Quotient Vector Spaces Dan Collins The textbook defines a subspace of a vector space in Chapter 4, but it avoids ever discussing the notion of a quotient space. This is understandable
More information1 Review of complex numbers
1 Review of complex numbers 1.1 Complex numbers: algebra The set C of complex numbers is formed by adding a square root i of 1 to the set of real numbers: i = 1. Every complex number can be written uniquely
More informationA new probabilistic public key algorithm based on elliptic logarithms
A new probabilistic public key algorithm based on elliptic logarithms Afonso Comba de Araujo Neto, Raul Fernando Weber 1 Instituto de Informática Universidade Federal do Rio Grande do Sul (UFRGS) Caixa
More information