Advanced Maths Lecture 3

Size: px
Start display at page:

Download "Advanced Maths Lecture 3"

Transcription

1 Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden EC crypto p. 1

2 Public key cryptography Asymmetric cryptography two keys: Public key widely distributed Private key users keep secret Mathematically related, but private key not (thought to be!) practically computable from just public key EC crypto p. 2

3 What s wrong with RSA? There are sub-exponential attacks on RSA: ( (64 )) O exp( 9 b) 1/3 log(b) 2/3 GNFS None (discovered) for ECC. So ECC can achieve same security with smaller key sizes. Faster computations Lower power consumption Memory/bandwidth savings Think mobile devices, ubiquitous computing, the environment etc. EC crypto p. 3

4 Key sizes US National Institute of Standards and Technology says for exchanging AES symmetric keys: ECC/RSA key size relationship is not linear. ECC clearly much more future-proof. EC crypto p. 4

5 Trapdoor one-way functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) EC crypto p. 5

6 Trapdoor one-way functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) whose inverse is hard to compute, EC crypto p. 5

7 Trapdoor one-way functions To implement asymmetric crypto, We need a function (of the public key and plaintext), that is easy to compute (giving the ciphertext) whose inverse is hard to compute, unless given special information (the private key), in which case the inverse should be easy to compute EC crypto p. 5

8 The discrete logarithm problem Over R + : log(x) = 2 n=0 1 2n + 1 ( ) 2n+1 x 1 x + 1 Easy to compute to arbitrary accuracy, a x over R not one-way. EC crypto p. 6

9 The discrete logarithm problem Over R + : log(x) = 2 n=0 1 2n + 1 ( ) 2n+1 x 1 x + 1 Easy to compute to arbitrary accuracy, a x over R not one-way. For a discrete group (G, ), the discrete log log b (g) for b, g G is the least k Z 0 with: g = b k := b... b }{{} k times In the cyclic groups, b G g G k Z 0 [g = b k ] EC crypto p. 6

10 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. EC crypto p. 7

11 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. EC crypto p. 7

12 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. Identity element is 1. EC crypto p. 7

13 Harder: Z p Closure if 1 a, b p 1 by defn. 0 (ab mod p) p 1. If ab 0 mod p, p divides ab and thus p divides a or b, contradiction. Associativity obvious because regular multiplication of integers is. Identity element is 1. Inverses If 1 < a p 1, and a 2 1 mod p, then a 2 a mod p or p divides a. Similarly, if a 3 1 mod p, then a 3 a 2 or a mod p etc. Eventually, we must find k, with a k 1 mod p as we will exhaust all (finite) other possibilities. EC crypto p. 7

14 E.g. p = DLP question: What is log 3 (5)? I.e. we want k such that 3 k = 5 EC crypto p. 8

15 E.g. p = DLP question: What is log 3 (5)? I.e. we want k such that 3 k = = = = = = = = = 5 so log 3 (5) = 5. Also, 3 generates the group, log 3 ( ) always defined. EC crypto p. 8

16 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g EC crypto p. 9

17 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 EC crypto p. 9

18 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k EC crypto p. 9

19 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k Publish (G, q, g, h) as public key EC crypto p. 9

20 ElGamal key generation Generate an efficient description of some (large) cyclic group G of order q with generator g Choose a random 0 k q 1 Compute h = g k Publish (G, q, g, h) as public key k is private key EC crypto p. 9

21 ElGamal Encryption: Convert message m into an element of G Choose a random 0 y q 1, calculate c 1 = g y and c 2 = mh y Transmit ciphertext (c 1, c 2 ) EC crypto p. 10

22 ElGamal Encryption: Convert message m into an element of G Choose a random 0 y q 1, calculate c 1 = g y and c 2 = mh y Transmit ciphertext (c 1, c 2 ) Decryption: Compute c 2 c k 1 = mhy g ky = mgky g ky = m EC crypto p. 10

23 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message EC crypto p. 11

24 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) EC crypto p. 11

25 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) But no general sub-exponential DLP algorithm naive algorithm raising to higher and higher powers is exponential EC crypto p. 11

26 Breaking ElGamal Being able to solve the DLP problem for the group G lets you calculate k and thus the original message Still open question whether breaking ElGamal is as hard as solving DLP, has been shown in special cases (c.f. we don t know if breaking RSA is as hard as prime factorisation!) But no general sub-exponential DLP algorithm naive algorithm raising to higher and higher powers is exponential However, for DLP using Z p, the index calculus algorithm is sub-exponential, c.f. general number field sieve for RSA EC crypto p. 11

27 Elliptic curves over R A curve of the form: y 2 = f(x) = x 3 + ax + b where a and b R together with a point on the curve at infinity we call O. Also, the curve must be non-singular, this means the roots of f(x) must be distinct. EC crypto p. 12

28 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points EC crypto p. 13

29 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points We count intersection multiplicities EC crypto p. 13

30 Bezout s theorem Bezout s theorem says a line will intersect an elliptic curve in exactly three points as long as: We allow complex points We count intersection multiplicities We add the point at infinity (formally) to the curve, so points on curve is some A R 2 union {O} EC crypto p. 13

31 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one EC crypto p. 14

32 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one If the multiplicity of some intersection point P of a line and an elliptic curve is greater than one, then the line is a tangent at P EC crypto p. 14

33 Intersection multiplicities What do we need to know about these? Not much, just that: If a line intersects an elliptic curve at P and is a tangent line at P, the multiplicity is greater than one If the multiplicity of some intersection point P of a line and an elliptic curve is greater than one, then the line is a tangent at P Tangent lines at P are guaranteed unique by the non-singularity requirement (so we can replace a with the in the above), we will see later that this is important EC crypto p. 14

34 Real intersections (1) We define a line to include O iff it is vertical. So now we can talk of intersections between lines and elliptic curves as subsets of R 2 {O}. EC crypto p. 15

35 Real intersections (1) We define a line to include O iff it is vertical. So now we can talk of intersections between lines and elliptic curves as subsets of R 2 {O}. Assume an elliptic curve and a non-vertical line y = mx + c (m, c R) meet in at least 2 real points (counting multiplicities!). Sub into y 2 = x 3 + ax + b: (mx + c) 2 = x 3 + ax + b A cubic in x. Has at least one real root. EC crypto p. 15

36 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. EC crypto p. 16

37 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. Assume at least two real non-zero roots, so cubic is (x r 1 )(x r 2 )(x r 3 ) for r 1, r 2 R and since r 1 r 2 r 3 = b c 2 R, r 3 R, so cubic has three real roots (similarly if r 1 and/or r 2 is zero) EC crypto p. 16

38 Real intersections (2) Assume only one real root. Then they meet at one real point with multiplicity (at least) two. But cubic must then also have two complex conjugate roots, so also meets at two other complex points, so counting multiplicities, this is at least four points. Too many, contradicts Bezout. Assume at least two real non-zero roots, so cubic is (x r 1 )(x r 2 )(x r 3 ) for r 1, r 2 R and since r 1 r 2 r 3 = b c 2 R, r 3 R, so cubic has three real roots (similarly if r 1 and/or r 2 is zero) Key point: if we draw a non-vertical line through two real points on elliptic curve, will always meet at a third real point... we can forget about C, and only care about R 2 {O} EC crypto p. 16

39 Intersection patterns (1) Possible intersection patterns for non-vertical lines through two real points on an elliptic curve: 1: All multiplicities 1. Three distinct real points, all of multiplicity 1. 2: Line is tangent to Q multiplicity = 2, so meets at two real points, one of multiplicity 2, one of multiplicity 1. EC crypto p. 17

40 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b EC crypto p. 18

41 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b Since one of these is real, so is the other. Thus unless y = 0, such lines meet at two distinct real points as well as O, thus all of multiplicity 1. EC crypto p. 18

42 Real intersections (3) What about vertical lines, i.e. those through O which intersect in at least one real point? They have the form x = d for some d R so sub in: y 2 = d 3 + ad + b y = ± d 3 + ad + b Since one of these is real, so is the other. Thus unless y = 0, such lines meet at two distinct real points as well as O, thus all of multiplicity 1. If y = 0, dx dy = 0, so the line is tangent at the real point of intersection (d, 0) and thus it has multiplicity > 1, i.e. 2 and O has multiplicity 1. EC crypto p. 18

43 Intersection patterns (2) Possible intersection patterns for non-vertical lines through two real points on an elliptic curve: 3: P, Q and O all with multiplicity 1. 4: Tangent at P multiplicity 2, O with multiplicity 1. EC crypto p. 19

44 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) EC crypto p. 20

45 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P EC crypto p. 20

46 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20

47 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20

48 A binary operation (1) Write for an elliptic curve C, C(R) as the set of points on the curve contained in R 2 {O}, we are going to define a (commutative) binary operation on C(R), called : C(R) C(R) C(R) If P and Q R 2 are distinct, draw the unique line through them... if they both have multiplicity 1, they meet at a third point R with multiplicity 1, define P Q = R if one has multiplicity 2 say P, Q must have multiplicity 1, define P Q = P If P = Q R 2, draw the unique tangent to the curve at P = Q. At P must have multiplicity 2 or 3. If it is 2, meets elsewhere, say R and define P Q = R. Otherwise, P Q = P = Q (in fact, only the mult. 2 case occurs) EC crypto p. 20

49 A binary operation (2) What if we are given a real P and O? Draw the (unique) vertical line through P. Remember that either it meets P with multiplicity 2, in which case, we define P O = P or with multiplicity 1, in which case it meets also at some other point Q, in which case we define P O = Q. EC crypto p. 21

50 A binary operation (2) What if we are given a real P and O? Draw the (unique) vertical line through P. Remember that either it meets P with multiplicity 2, in which case, we define P O = P or with multiplicity 1, in which case it meets also at some other point Q, in which case we define P O = Q. Finally, define O O = O (makes sense if consider line at infinity meeting curve just at O with multiplicity 3, but can just take it formally). EC crypto p. 21

51 Some examples... EC crypto p. 22

52 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. EC crypto p. 23

53 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. Define another (commutative) binary operation + : C(R) C(R) C(R): first compute P Q, draw the line through P Q and O, then P + Q is defined to be the third intersection point of this line with the curve (counting multiplicities), i.e. P + Q := O (P Q) EC crypto p. 23

54 A group law? You might be asking, is C(R) a group under? Unfortunately not, clear that there is no identity. Define another (commutative) binary operation + : C(R) C(R) C(R): first compute P Q, draw the line through P Q and O, then P + Q is defined to be the third intersection point of this line with the curve (counting multiplicities), i.e. P + Q := O (P Q) EC crypto p. 23

55 Explicit formulae for + Before we prove that + does indeed make C(R) a group, we show how to derive explicit formulae for the binary operation +: Let λ = q q p p, then x = λ2 p q and y = p + λ(x p) (elliptic curves are symmetric about x-axis). If the two points are the same, we can similarly compute an explicit expression for 2P := P + P. EC crypto p. 24

56 Group law (1) Closure we ve already checked this EC crypto p. 25

57 Group law (1) Closure we ve already checked this Identity element is O EC crypto p. 25

58 Group law (1) Closure we ve already checked this Identity element is O Inverse element is of P = (x, y) is P := (x, y) EC crypto p. 25

59 Group law (2) Associativity hardest to check. Can check using the explicit formulae, but you have to make sure you consider all cases, i.e. those involving O, those where two/three of the points are the same etc. There is a more elegant proof, but it involves a bit more algebraic geometry, for which there is not time now so you will have to just trust me (or bash it out with the explicit formulae!) EC crypto p. 26

60 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 EC crypto p. 27

61 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative EC crypto p. 27

62 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 EC crypto p. 27

63 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c EC crypto p. 27

64 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c 1 0 EC crypto p. 27

65 Fields Recall that a field was a set F together with two binary operations, + and, where (F, +) is an abelian group with identity we call 0 is associative and commutative has an identity (we call 1) and inverses for all elements except 0 distributes over +, i.e. a (b + c) = a b + a c 1 0 Examples are Q, R, C under their usual addition and multiplication. Z is not a field though. EC crypto p. 27

66 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. EC crypto p. 28

67 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. None of what we did earlier, proving that C(R) was a group, was dependent on R, apart from that it is a field, the same thing works for any field, but we lose the geometric analogies and pretty pictures. EC crypto p. 28

68 Finite fields Recall the integers {1,..., p 1} (prime p) under multiplication modulo p. Knowing that this is a group, it is easy to see that {0, 1,..., p 1} is a field with addition modulo p. Call it F p. None of what we did earlier, proving that C(R) was a group, was dependent on R, apart from that it is a field, the same thing works for any field, but we lose the geometric analogies and pretty pictures. Bezout s theorem carries across, replacing R with F p and C with the algebraic closure of F p, so we get a group law on C(F p ) EC crypto p. 28

69 Example (1) over F 5. y 2 = x 3 + x + 1 EC crypto p. 29

70 Example (1) y 2 = x 3 + x + 1 over F 5. How can we find all the points on the curve? Plug all 5 possibilities for x in... gives 9 points: C(F 5 ) = {O, (0, ±1), (2, ±1), (3, ±1), (4, ±2)} EC crypto p. 29

71 Example (1) y 2 = x 3 + x + 1 over F 5. How can we find all the points on the curve? Plug all 5 possibilities for x in... gives 9 points: C(F 5 ) = {O, (0, ±1), (2, ±1), (3, ±1), (4, ±2)} So C(F 5 ) is an abelian group of order 9. In fact, it is easy to see that (0, 1) generates the group, so it is the cyclic group of order 9... EC crypto p. 29

72 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). EC crypto p. 30

73 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. EC crypto p. 30

74 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. Subbing in, (3x + 1) 2 = x 3 + x + 1, roots x = 0 and x 2 9x 5 = x 2 4x 5 = x 2 + x = 0, x = 0 and x = 1 = 4. So (0, 1) (0, 1) = (4, 2). EC crypto p. 30

75 Example (2) Let s try to compute (0, 1) 2 = (0, 1) + (0, 1) in C(F 5 ). We need the (formal) tangent to y 2 = x 3 + x + 1 at (0, 1). Compute dy dx = 3x2 +1 2y = 1/2 = = 1 3 = 3, so tangent is y = 3x + 1. Subbing in, (3x + 1) 2 = x 3 + x + 1, roots x = 0 and x 2 9x 5 = x 2 4x 5 = x 2 + x = 0, x = 0 and x = 1 = 4. So (0, 1) (0, 1) = (4, 2). Then (0, 1) + (0, 1) = O (4, 2) = (4, 2) C(F 5 ). EC crypto p. 30

76 ECDLP So an elliptic curve over a (large) finite field gives us a (large) finite group, indeed a theorem of Hasse says: ( p 1) 2 C(F p ) ( p + 1) 2 for any elliptic curve C. We can do the discrete log problem in cyclic subgroups of such groups. EC crypto p. 31

77 ECDLP So an elliptic curve over a (large) finite field gives us a (large) finite group, indeed a theorem of Hasse says: ( p 1) 2 C(F p ) ( p + 1) 2 for any elliptic curve C. We can do the discrete log problem in cyclic subgroups of such groups. ECC is then the ElGamal algorithm in subgroups of the group of points on elliptic curves over finite fields EC crypto p. 31

78 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)-bit numbers, i.e. proportional to p EC crypto p. 32

79 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)-bit numbers, i.e. proportional to p Sub-exponential algorithm for Z p relied on a special result specific only to these groups EC crypto p. 32

80 ECDLP For an EC group of size p, roughly need same number of bits as for multiplication modulo p group (Hasse), in both cases your key is a constant number of log 2 (p)-bit numbers, i.e. proportional to p Sub-exponential algorithm for Z p relied on a special result specific only to these groups No such sub-exponential DLP algorithm has been found for elliptic curve groups, thus in terms of key sizes required for the same level of security, ECC beats both RSA and ElGamal over multiplication modulo p groups EC crypto p. 32

81 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA EC crypto p. 33

82 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA NIST recommends a small number of curves and fields, chosen for optimal security (i.e. not vulnerable to any known special case attacks) and implementation efficiency (some curves have properties making the implementation of ECC cheaper) EC crypto p. 33

83 ECDLP Certain curves are vulnerable to special attacks and should be avoided, c.f. chinese remainder theorem attacks on RSA NIST recommends a small number of curves and fields, chosen for optimal security (i.e. not vulnerable to any known special case attacks) and implementation efficiency (some curves have properties making the implementation of ECC cheaper) Hardest (publicly) broken ECC scheme to date had 109-bit key. 10,000 Pentium class PCs, > 540 days EC crypto p. 33

84 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible EC crypto p. 34

85 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible Elliptic Curves and their Applications to Cryptography by Andreas Enge, actually focussed on crypto expensive though! EC crypto p. 34

86 References A beautiful book: Rational Points on Elliptic Curves by Silverman and Tate, Chapter 4 addresses finite fields, very accessible Elliptic Curves and their Applications to Cryptography by Andreas Enge, actually focussed on crypto expensive though! Algebraic Aspects of Cryptography by Neal Koblitz, focusses on lots of interesting areas of algebra and number theory applicable to crypto EC crypto p. 34

Cryptography: RSA and the discrete logarithm problem

Cryptography: RSA and the discrete logarithm problem Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

More information

Elements of Applied Cryptography Public key encryption

Elements of Applied Cryptography Public key encryption Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

More information

Elliptic Curves and Elliptic Curve Cryptography

Elliptic Curves and Elliptic Curve Cryptography Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently

More information

ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM

ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM DANIEL PARKER Abstract. This paper provides a foundation for understanding Lenstra s Elliptic Curve Algorithm for factoring large numbers. We give

More information

Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

More information

Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

More information

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

More information

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

More information

Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

More information

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

(x + a) n = x n + a Z n [x]. Proof. If n is prime then the map 22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

More information

Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890 Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890 Why are Elliptic Curves used in Cryptography? The answer to this question is the following: 1) Elliptic Curves provide security equivalent

More information

Homework 5 Solutions

Homework 5 Solutions Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

More information

Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography. Performance Comparison and Benchmarking Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

More information

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

More information

Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

More information

ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

More information

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

Elementary Number Theory We begin with a bit of elementary number theory, which is concerned CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

More information

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a

More information

9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Notes on Network Security Prof. Hemant K. Soni

Notes on Network Security Prof. Hemant K. Soni Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

More information

In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc

In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane

More information

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

More information

Outline. Cryptography. Bret Benesh. Math 331

Outline. Cryptography. Bret Benesh. Math 331 Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people

More information

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

More information

Alex, I will take congruent numbers for one million dollars please

Alex, I will take congruent numbers for one million dollars please Alex, I will take congruent numbers for one million dollars please Jim L. Brown The Ohio State University Columbus, OH 4310 jimlb@math.ohio-state.edu One of the most alluring aspectives of number theory

More information

A Factoring and Discrete Logarithm based Cryptosystem

A Factoring and Discrete Logarithm based Cryptosystem Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

More information

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

More information

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

More information

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

More information

Multiplicity. Chapter 6

Multiplicity. Chapter 6 Chapter 6 Multiplicity The fundamental theorem of algebra says that any polynomial of degree n 0 has exactly n roots in the complex numbers if we count with multiplicity. The zeros of a polynomial are

More information

The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

More information

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch

Table of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch 1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

More information

Let s just do some examples to get the feel of congruence arithmetic.

Let s just do some examples to get the feel of congruence arithmetic. Basic Congruence Arithmetic Let s just do some examples to get the feel of congruence arithmetic. Arithmetic Mod 7 Just write the multiplication table. 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0

More information

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Introduction to finite fields

Introduction to finite fields Introduction to finite fields Topics in Finite Fields (Fall 2013) Rutgers University Swastik Kopparty Last modified: Monday 16 th September, 2013 Welcome to the course on finite fields! This is aimed at

More information

3. Applications of Number Theory

3. Applications of Number Theory 3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

More information

A New Generic Digital Signature Algorithm

A New Generic Digital Signature Algorithm Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

More information

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called

More information

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

More information

Groups in Cryptography

Groups in Cryptography Groups in Cryptography Çetin Kaya Koç http://cs.ucsb.edu/~koc/cs178 koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 1 / 13 Groups in Cryptography A set S and a binary

More information

The application of prime numbers to RSA encryption

The application of prime numbers to RSA encryption The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Geometric Transformations

Geometric Transformations Geometric Transformations Definitions Def: f is a mapping (function) of a set A into a set B if for every element a of A there exists a unique element b of B that is paired with a; this pairing is denoted

More information

CS549: Cryptography and Network Security

CS549: Cryptography and Network Security CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

More information

Computing exponents modulo a number: Repeated squaring

Computing exponents modulo a number: Repeated squaring Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method

More information

Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

More information

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

A New Efficient Digital Signature Scheme Algorithm based on Block cipher IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

More information

A SOFTWARE COMPARISON OF RSA AND ECC

A SOFTWARE COMPARISON OF RSA AND ECC International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

More information

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

More information

Properties of Real Numbers

Properties of Real Numbers 16 Chapter P Prerequisites P.2 Properties of Real Numbers What you should learn: Identify and use the basic properties of real numbers Develop and use additional properties of real numbers Why you should

More information

RSA and Primality Testing

RSA and Primality Testing and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

More information

26 Ideals and Quotient Rings

26 Ideals and Quotient Rings Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan 26 Ideals and Quotient Rings In this section we develop some theory of rings that parallels the theory of groups discussed

More information

Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

More information

A Coder s Guide to Elliptic Curve Cryptography

A Coder s Guide to Elliptic Curve Cryptography Colby College Honors Thesis A Coder s Guide to Elliptic Curve Cryptography Author: Stephen Morse Supervisor: Fernando Gouvêa A thesis submitted in fulfilment of the requirements for graduating with Honors

More information

PYTHAGOREAN TRIPLES PETE L. CLARK

PYTHAGOREAN TRIPLES PETE L. CLARK PYTHAGOREAN TRIPLES PETE L. CLARK 1. Parameterization of Pythagorean Triples 1.1. Introduction to Pythagorean triples. By a Pythagorean triple we mean an ordered triple (x, y, z) Z 3 such that x + y =

More information

Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00

Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00 18.781 Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00 Throughout this assignment, f(x) always denotes a polynomial with integer coefficients. 1. (a) Show that e 32 (3) = 8, and write down a list

More information

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

More information

Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA. Review: Number Theory Basics Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

More information

Some Notes on Taylor Polynomials and Taylor Series

Some Notes on Taylor Polynomials and Taylor Series Some Notes on Taylor Polynomials and Taylor Series Mark MacLean October 3, 27 UBC s courses MATH /8 and MATH introduce students to the ideas of Taylor polynomials and Taylor series in a fairly limited

More information

APPLICATIONS OF THE ORDER FUNCTION

APPLICATIONS OF THE ORDER FUNCTION APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and

More information

8 Primes and Modular Arithmetic

8 Primes and Modular Arithmetic 8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.

More information

Galois Fields and Hardware Design

Galois Fields and Hardware Design Galois Fields and Hardware Design Construction of Galois Fields, Basic Properties, Uniqueness, Containment, Closure, Polynomial Functions over Galois Fields Priyank Kalla Associate Professor Electrical

More information

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks J. M. BAHI, C. GUYEUX, and A. MAKHOUL Computer Science Laboratory LIFC University of Franche-Comté Journée thématique

More information

Section 1.1 Linear Equations: Slope and Equations of Lines

Section 1.1 Linear Equations: Slope and Equations of Lines Section. Linear Equations: Slope and Equations of Lines Slope The measure of the steepness of a line is called the slope of the line. It is the amount of change in y, the rise, divided by the amount of

More information

3.4 Complex Zeros and the Fundamental Theorem of Algebra

3.4 Complex Zeros and the Fundamental Theorem of Algebra 86 Polynomial Functions.4 Complex Zeros and the Fundamental Theorem of Algebra In Section., we were focused on finding the real zeros of a polynomial function. In this section, we expand our horizons and

More information

PYTHAGOREAN TRIPLES KEITH CONRAD

PYTHAGOREAN TRIPLES KEITH CONRAD PYTHAGOREAN TRIPLES KEITH CONRAD 1. Introduction A Pythagorean triple is a triple of positive integers (a, b, c) where a + b = c. Examples include (3, 4, 5), (5, 1, 13), and (8, 15, 17). Below is an ancient

More information

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,

More information

3. Equivalence Relations. Discussion

3. Equivalence Relations. Discussion 3. EQUIVALENCE RELATIONS 33 3. Equivalence Relations 3.1. Definition of an Equivalence Relations. Definition 3.1.1. A relation R on a set A is an equivalence relation if and only if R is reflexive, symmetric,

More information

a 11 x 1 + a 12 x 2 + + a 1n x n = b 1 a 21 x 1 + a 22 x 2 + + a 2n x n = b 2.

a 11 x 1 + a 12 x 2 + + a 1n x n = b 1 a 21 x 1 + a 22 x 2 + + a 2n x n = b 2. Chapter 1 LINEAR EQUATIONS 1.1 Introduction to linear equations A linear equation in n unknowns x 1, x,, x n is an equation of the form a 1 x 1 + a x + + a n x n = b, where a 1, a,..., a n, b are given

More information

some algebra prelim solutions

some algebra prelim solutions some algebra prelim solutions David Morawski August 19, 2012 Problem (Spring 2008, #5). Show that f(x) = x p x + a is irreducible over F p whenever a F p is not zero. Proof. First, note that f(x) has no

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

RSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003

RSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.

More information

Quotient Rings and Field Extensions

Quotient Rings and Field Extensions Chapter 5 Quotient Rings and Field Extensions In this chapter we describe a method for producing field extension of a given field. If F is a field, then a field extension is a field K that contains F.

More information

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions

More information

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by SUBGROUPS OF CYCLIC GROUPS KEITH CONRAD 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by g = {g k : k Z}. If G = g, then G itself is cyclic, with g as a generator. Examples

More information

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28 Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

More information

Mathematics Review for MS Finance Students

Mathematics Review for MS Finance Students Mathematics Review for MS Finance Students Anthony M. Marino Department of Finance and Business Economics Marshall School of Business Lecture 1: Introductory Material Sets The Real Number System Functions,

More information

Functions and Equations

Functions and Equations Centre for Education in Mathematics and Computing Euclid eworkshop # Functions and Equations c 014 UNIVERSITY OF WATERLOO Euclid eworkshop # TOOLKIT Parabolas The quadratic f(x) = ax + bx + c (with a,b,c

More information

MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.

MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction. MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on

More information

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

More information

MATH 22. THE FUNDAMENTAL THEOREM of ARITHMETIC. Lecture R: 10/30/2003

MATH 22. THE FUNDAMENTAL THEOREM of ARITHMETIC. Lecture R: 10/30/2003 MATH 22 Lecture R: 10/30/2003 THE FUNDAMENTAL THEOREM of ARITHMETIC You must remember this, A kiss is still a kiss, A sigh is just a sigh; The fundamental things apply, As time goes by. Herman Hupfeld

More information

CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010

CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010 CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010 1. Greatest common divisor Suppose a, b are two integers. If another integer d satisfies d a, d b, we call d a common divisor of a, b. Notice that as

More information

ARITHMETICAL FUNCTIONS II: CONVOLUTION AND INVERSION

ARITHMETICAL FUNCTIONS II: CONVOLUTION AND INVERSION ARITHMETICAL FUNCTIONS II: CONVOLUTION AND INVERSION PETE L. CLARK 1. Sums over divisors, convolution and Möbius Inversion The proof of the multiplicativity of the functions σ k, easy though it was, actually

More information

A Fast Semantically Secure Public Key Cryptosystem Based on Factoring

A Fast Semantically Secure Public Key Cryptosystem Based on Factoring International Journal of Network Security, Vol.3, No., PP.144 150, Sept. 006 (http://ijns.nchu.edu.tw/) 144 A Fast Semantically Secure Public Key Cryptosystem Based on Factoring Sahdeo Padhye and Birendra

More information

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Introduction

More information

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher

More information

Image Encryption and Decryption in A Modification of ElGamal Cryptosystem in MATLAB

Image Encryption and Decryption in A Modification of ElGamal Cryptosystem in MATLAB International Journal of Sciences: Basic and Applied Research (IJSBAR) ISSN 2307-4531 (Print & Online) http://gssrr.org/index.php?journal=journalofbasicandapplied ---------------------------------------------------------------------------------------------------------------------------

More information

Math 4310 Handout - Quotient Vector Spaces

Math 4310 Handout - Quotient Vector Spaces Math 4310 Handout - Quotient Vector Spaces Dan Collins The textbook defines a subspace of a vector space in Chapter 4, but it avoids ever discussing the notion of a quotient space. This is understandable

More information

1 Review of complex numbers

1 Review of complex numbers 1 Review of complex numbers 1.1 Complex numbers: algebra The set C of complex numbers is formed by adding a square root i of 1 to the set of real numbers: i = 1. Every complex number can be written uniquely

More information

A new probabilistic public key algorithm based on elliptic logarithms

A new probabilistic public key algorithm based on elliptic logarithms A new probabilistic public key algorithm based on elliptic logarithms Afonso Comba de Araujo Neto, Raul Fernando Weber 1 Instituto de Informática Universidade Federal do Rio Grande do Sul (UFRGS) Caixa

More information