Groups in Cryptography



Similar documents
Math 319 Problem Set #3 Solution 21 February 2002

(0, 0) : order 1; (0, 1) : order 4; (0, 2) : order 2; (0, 3) : order 4; (1, 0) : order 2; (1, 1) : order 4; (1, 2) : order 2; (1, 3) : order 4.

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Lecture 13 - Basic Number Theory.

Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan

26 Ideals and Quotient Rings

4. FIRST STEPS IN THE THEORY 4.1. A

Cryptography and Network Security Number Theory

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Homework until Test #2

Abstract Algebra Cheat Sheet

Cryptography and Network Security Chapter 8

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Applications of Fermat s Little Theorem and Congruences

Today s Topics. Primes & Greatest Common Divisors

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

COMMUTATIVE RINGS. Definition: A domain is a commutative ring R that satisfies the cancellation law for multiplication:

r + s = i + j (q + t)n; 2 rs = ij (qj + ti)n + qtn.

Chapter 8 Integers 8.1 Addition and Subtraction

k, then n = p2α 1 1 pα k

A New Generic Digital Signature Algorithm

Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan

Chapter 13: Basic ring theory

Overview of Number Theory Basics. Divisibility

Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic. Theoretical Underpinnings of Modern Cryptography

Factoring Polynomials

Public Key Cryptography and RSA. Review: Number Theory Basics

Solutions to TOPICS IN ALGEBRA I.N. HERSTEIN. Part II: Group Theory

Factorization Algorithms for Polynomials over Finite Fields

8 Primes and Modular Arithmetic

CS 103X: Discrete Structures Homework Assignment 3 Solutions

2. Let H and K be subgroups of a group G. Show that H K G if and only if H K or K H.

Group Fundamentals. Chapter Groups and Subgroups Definition

(Q, ), (R, ), (C, ), where the star means without 0, (Q +, ), (R +, ), where the plus-sign means just positive numbers, and (U, ),

Quotient Rings and Field Extensions

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Chapter 3. if 2 a i then location: = i. Page 40

Elements of Abstract Group Theory

ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS

Some practice problems for midterm 2

minimal polyonomial Example

An Overview of Integer Factoring Algorithms. The Problem

4.5 Finite Mathematical Systems

Boolean Algebra Part 1

Introduction to Modern Algebra

Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay

Number Theory: A Mathemythical Approach. Student Resources. Printed Version

Test1. Due Friday, March 13, 2015.

25 Integers: Addition and Subtraction

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

7. Some irreducible polynomials

Advanced Cryptography

Winter Camp 2011 Polynomials Alexander Remorov. Polynomials. Alexander Remorov

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

Group Theory. Contents

Some applications of LLL

RSA and Primality Testing

FACTORS AND MULTIPLES Answer Key

Geometric Transformations

Math Workshop October 2010 Fractions and Repeating Decimals

SYSTEMS OF PYTHAGOREAN TRIPLES. Acknowledgements. I would like to thank Professor Laura Schueller for advising and guiding me

The application of prime numbers to RSA encryption

26 Integers: Multiplication, Division, and Order

SUM OF TWO SQUARES JAHNAVI BHASKAR

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Computer and Network Security

Name: Section Registered In:

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

Implementation of Elliptic Curve Digital Signature Algorithm

Notes on Algebraic Structures. Peter J. Cameron

How To Prove The Dirichlet Unit Theorem

ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM

Math 3000 Section 003 Intro to Abstract Math Homework 2

p e i 1 [p e i i ) = i=1

COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS

6.1 The Greatest Common Factor; Factoring by Grouping

RSA Encryption. Tom Davis October 10, 2003

Handout #1: Mathematical Reasoning

17 Greatest Common Factors and Least Common Multiples

BOOLEAN ALGEBRA & LOGIC GATES

A Second Course in Mathematics Concepts for Elementary Teachers: Theory, Problems, and Solutions

Introduction to Finite Fields (cont.)

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

MATH10040 Chapter 2: Prime and relatively prime numbers

Tests for Divisibility, Theorems for Divisibility, the Prime Factor Test

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

Properties of Real Numbers

Lectures on Number Theory. Lars-Åke Lindahl

The last three chapters introduced three major proof techniques: direct,

Chapter 7. Permutation Groups

CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures

Public Key Cryptography: RSA and Lots of Number Theory

Kevin James. MTHSC 412 Section 2.4 Prime Factors and Greatest Comm

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

Transcription:

Groups in Cryptography Çetin Kaya Koç http://cs.ucsb.edu/~koc/cs178 koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 1 / 13

Groups in Cryptography A set S and a binary operation together is called a group G = (S, ) if the operation and the set satisfy the following rules Closure: If a,b S then a b S Associativity: For a,b,c S, (a b) c = a (b c) There exists a neutral element: e S such that a e = e a = a Every element a S has an inverse inv(a) S: a inv(a) = inv(a) a = e Commutativity: If a b = b a, then the group G is called an a commutative group or an Abelian group In cryptography we deal with Abelian groups Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 2 / 13

Multiplicative Groups The operation is a multiplication The neutral element is generally called the unit element e = 1 Multiplication of an element k times by itself is denoted as a k = k times { }} { a a a The inverse of an element a is denoted as a 1 Example: (Z n, mod n); note that Z n is the set {1,2,...,n 1} when n is prime, and the operation is multiplication mod n When n is not a prime, Z n is the set of invertible elements modulo n, since a Z n implies gcd(a,n) = 1, and thus a is invertible mod n Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 3 / 13

Multiplicative Group Examples Consider the multiplication tables mod 5 and 6, respectively, below * mod 6 1 2 3 4 5 * mod 5 1 2 3 4 1 1 2 3 4 5 1 1 2 3 4 2 2 4 0 2 4 2 2 4 1 3 3 3 0 3 0 3 3 3 1 4 2 4 4 2 0 4 2 4 4 3 2 1 5 5 4 3 2 1 Mod 5 multiplication operation on the set Z 5 = {1,2,3,4} forms the group Z 5 Mod 6 multiplication operation on the set Z 6 = {1,2,3,4,5} does not form a group since 2, 3 and 4 are not invertible Mod 6 multiplication operation on the set of invertible elements forms a group: (Z6, mod 6) = ({1,5}, mod 6) Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 4 / 13

Additive Groups The operation is an addition + The neutral element is generally called the zero element e = 0 Addition of an element a k times by itself, denoted as [k]a = k times { }} { a+ +a The inverse of an element a is denoted as a Example: (Z n,+ mod n) is a group; the set is Z n = {0,1,2,...,n 1} and the operation is addition mod n Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 5 / 13

Additive Group Examples Consider the addition tables mod 4 and 5, respectively, below + mod 5 0 1 2 3 4 + mod 4 0 1 2 3 0 0 1 2 3 4 0 0 1 2 3 1 1 2 3 4 0 1 1 2 3 0 2 2 3 4 0 1 2 2 3 0 1 3 3 4 0 1 2 3 3 0 1 2 4 4 0 1 2 3 Mod 4 addition operation on set Z 4 = {0,1,2,3} forms the group (Z 4,+ mod 4) Mod 5 addition operation on set Z 5 = {0,1,2,3,4} forms the group (Z 5,+ mod 5) Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 6 / 13

Order of a Group The order of a group is the number of elements in the set The order of (Z11, mod 11) is 10, since the set Z 11 has 10 elements: {1,2,...,10} The order of group (Z p, mod p) is equal to p 1; since p is prime, the group order p 1 is not prime The order of (Z 11,+ mod 11) is 11, since the set Z 11 has 11 elements: {0,1,2,...,10} The order of (Z n,+ mod n) is n, since the set Z n has n elements: {0,1,2,...,n 1}; here n could be prime or composite Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 7 / 13

Order of an Element The order of an element a in a multiplicative group is the smallest integer k such that a k = 1 (where 1 is the unit element of the group) order(3) = 5 in (Z11, mod 11) since { 3 i mod 11 1 i 10} = {3,9,5,4,1} order(2) = 10 in (Z11, mod 11) since { 2 i mod 11 1 i 10} = {2,4,8,5,10,9,7,3,6,1} Note that order(1) = 1 Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 8 / 13

Order of an Element The order of an element a in an additive group is the smallest integer k such that [k]a = 0 (where 0 is the zero element of the group) order(3) in (Z 11,+ mod 11) is computed by finding the smallest k such that [k]3 = 0, which is obtained by successively computing 3 = 3, 3+3 = 6, 3+3+3 = 9, 3+3+3+3 = 1, until we obtain the zero element If we proceed, we find order(3) = 11 in (Z 11,+ mod 11) { [i]3 mod 11 1 i 11} = {3,6,9,1,4,7,10,2,5,8,0} Note that order(0) = 1 Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 9 / 13

Lagrange s Theorem Theorem: The order of an element divides the order of the group. Lagrange s theorem applies to any group, and any element in the group The order of the group (Z11, mod 11) is equal to 10, while order(3) = 5 in (Z11, mod 11), and 5 divides 10, i.e., 5 10 order(2) = 10 in (Z11, mod 11), and 10 divides 10, i.e., 10 10 Similarly, order(1) = 1 in (Z11, mod 11), and 1 divides 10, i.e., 1 10 Since the order of the group (Z11, mod 11) is 10, and the divisors of 10 are 1, 2, 5, and 10, the element orders can only be 1, 2, 5, or 10 Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 10 / 13

Lagrange Theorem On the other hand, order(3) = 11 in (Z 11,+ mod 11), and 11 11 Similarly, order(2) = 11 in (Z 11,+ mod 11) We also found order(0)=1 Since the order of the group (Z 11,+ mod 11) is 11, and 11 is a prime number (divisors are 1 and 11), the order of any element in this group can be either 1 or 11 It turns out 0 is the only element in (Z 11,+ mod 11) whose order is 1; all other elements have the same order 11 which is the group order Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 11 / 13

Primitive Elements An element whose order is equal to the group order is called primitive The order of the group (Z11, mod 11) is 10 and order(2) = 10, therefore, 2 is a primitive element of the group order(2) = 11 and order(3) = 11 in (Z 11,+ mod 11), which is the order of the group, therefore 2 and 3 are both primitive elements in fact all elements of (Z 11,+ mod 11) are primitive except 0 Theorem: The number of primitive elements in (Z p, mod p) is φ(p 1) There are φ(10) = 4 primitive elements in (Z11, mod 11), they are: 2, 6, 7, 8; all of these elements are of order 10 Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 12 / 13

Cyclic Groups and Generators We call a group cyclic if all elements of the group can be generated by repeated application of the group operation on a single element This element is called a generator Any primitive element is a generator For example, 2 is a generator of (Z11, mod 11) since {2 i 1 i 10} = {2,4,8,5,10,9,7,3,6,1} = Z 11 Also, 2 is a generator of (Z 11,+ mod 11) since { [i]2 mod 11 1 i 11} = {2,4,6,8,10,1,3,5,7,9,0} = Z 11 Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 13 / 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information