MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

Similar documents
The application of prime numbers to RSA encryption

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Lecture 13: Factoring Integers

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

Computing exponents modulo a number: Repeated squaring

RSA Encryption. Tom Davis October 10, 2003

CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

An Introduction to the RSA Encryption Method

CIS 5371 Cryptography. 8. Encryption --

Lecture 13 - Basic Number Theory.

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Quantum Computing Lecture 7. Quantum Factoring. Anuj Dawar

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Advanced Cryptography

Public Key Cryptography: RSA and Lots of Number Theory

RSA and Primality Testing

The Mathematics of the RSA Public-Key Cryptosystem

Software Tool for Implementing RSA Algorithm

Continued Fractions and the Euclidean Algorithm

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

k, then n = p2α 1 1 pα k

Math 319 Problem Set #3 Solution 21 February 2002

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

Solutions for Practice problems on proofs

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

Lukasz Pater CMMS Administrator and Developer

FACTORING. n = fall in the arithmetic sequence

Solutions to Problem Set 1

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Factoring Algorithms

Number Theory and Cryptography using PARI/GP

Applications of Fermat s Little Theorem and Congruences

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

Public Key Cryptography and RSA. Review: Number Theory Basics

CS 103X: Discrete Structures Homework Assignment 3 Solutions

Module MA3411: Abstract Algebra Galois Theory Appendix Michaelmas Term 2013

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem)

Cryptography and Network Security Chapter 10

Mathematics Course 111: Algebra I Part IV: Vector Spaces

8 Primes and Modular Arithmetic

GREATEST COMMON DIVISOR

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Lecture 3: One-Way Encryption, RSA Example

Symmetric Key cryptosystem

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Crittografia e sicurezza delle reti. Digital signatures- DSA

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Chapter 3. if 2 a i then location: = i. Page 40

A Factoring and Discrete Logarithm based Cryptosystem

Primality - Factorization

Cryptography and Network Security Chapter 9

How To Know If A Message Is From A Person Or A Machine

Some practice problems for midterm 2

8 Divisibility and prime numbers

CS 758: Cryptography / Network Security

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Notes on Network Security Prof. Hemant K. Soni

How To Know If A Domain Is Unique In An Octempo (Euclidean) Or Not (Ecl)

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

LUC: A New Public Key System

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

The science of encryption: prime numbers and mod n arithmetic

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

A short primer on cryptography

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Quotient Rings and Field Extensions

Introduction to Finite Fields (cont.)

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Cryptography and Network Security Chapter 8

Basic Algorithms In Computer Algebra

On the largest prime factor of x 2 1

CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

A SOFTWARE COMPARISON OF RSA AND ECC

Cryptography: Authentication, Blind Signatures, and Digital Cash

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

The cyclotomic polynomials

CSCE 465 Computer & Network Security

THE NUMBER OF REPRESENTATIONS OF n OF THE FORM n = x 2 2 y, x > 0, y 0

Signature Schemes. CSG 252 Fall Riccardo Pucella

Introduction to Cryptography CS 355

Integer Factorization using the Quadratic Sieve

Number Theory and the RSA Public Key Cryptosystem


Elements of Applied Cryptography Public key encryption

Primality Testing and Factorization Methods

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

ECE 842 Report Implementation of Elliptic Curve Cryptography

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Computer Security: Principles and Practice

Cryptography and Network Security

1 Message Authentication

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Transcription:

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

The RSA encryption scheme works as follows. In order to establish the necessary public and private keys, one first chooses two distinct large prime numbers p and q. Messages to be sent are to be represented by integers n satisfying 0 n < m, where m = pq. Let s = (p 1)(q 1), and let e be any positive integer that is coprime to s. Then there exists a positive integer d such that ed 1 (mod s) (see Lemma 41.12). Indeed there exist integers d and t such that ed st = 1 (Corollary 41.3), and appropriate values for d and t may by found using the Euclidean algorithm. Moreover d and t may be chosen such that d > 1, for if d and t satisfy the equation ed st = 1, and if d = d + ks and t = t + ke for some integer k, then ed st = 1. Thus, once a positive integer e is chosen coprime to s, standard algorithms enable one to calculate a positive integer d such that ed 1 (mod s).

Now suppose that p, q, m, s, e and d have been chosen such that p and q are distinct prime numbers, m = pq, s = (p 1)(q 1), e and d are coprime to s and ed 1 (mod s). Let I = {n Z : 0 n < m}. Then for each integer x belonging to the set I, there exists a unique integer E(x) that belongs to I and satisfies the congruence E(x) x e (mod m). Similarly, for each integer y belonging to the set I, there exists a unique integer D(y) that belongs to I and satisfies the congruence D(y) y d (mod m). Now it follows from standard properties of congruences (Lemma 41.9) that if y and z are integers, and if y z (mod m), then y d z d (mod m). It follows that D(E(x)) D(x e ) x ed (mod m) for all integers x belonging to I. But ed 1 (mod s), where s = (p 1)(q 1). It follows from Theorem 42.1 that x ed x (mod m). We conclude therefore that D(E(x)) x (mod m) for all x I. But every congruence class modulo m is represented by a single integer in the set I. It follows that that D(E(x)) = x for all x I.

On reversing the roles of the numbers e and d, we find that E(D(y)) = y for all y I. Thus E : I I is an invertible function whose inverse is D : I I. On order to apply the RSA cryptographic method one determines integers p, q, m, s, e and d. The pair (m, e) of integers represents the public key and determines the encryption function E : I I. The pair (m, d) of integers represents the corresponding private key and determines the decryption function D : I I. The messages to be sent are represented as integers belonging to I, or perhaps as strings of such integers. If Alice publishes her public key (m, e), but keeps secret her private key (m, d), then Bob can send messages to Alice, encrypting them using the encryption function E determined by Alice s public key. When Alice receives the message from Bob, she can decrypt it using the decryption function D determined by her private key.

Note that if the value of the integer s is known, where s = (p 1)(q 1), then a private key can easily be calculated by means of the Euclidean algorithm. Obviously once the values of p and q are known, then so are the values of m and s. Conversely if the values of m and s are known, then p and q can easily be determined, since these prime numbers are the roots of the polynomial x 2 + (s m 1)x + m. Thus knowledge of s corresponds to knowledge of the factorization of the composite number m as a product of prime numbers. There are known algorithms for factoring numbers as products of primes, but one can make sure that the primes p and q are chosen large enough to ensure that massive resources are required in order to factorize their product pq using known algorithms. The security of RSA also rests on the assumption that there is no method of decryption that requires less computational resources than are required for factorizing the product of the prime numbers determining the public key.

It remains to discuss whether it is in fact feasable to do the calculations involved in encrypting messages using RSA. Now, in order determine the value of E(x) for any non-negative integer x less than m, one needs to determine the congruence class of x e modulo m. Now e could be a very large number. However, in order to determine the congruence class of x e modulo m, it is not necessary to determine the value of the integer x e itself. For given any non-negative integer x less than m, we can determine a sequence a 0, a 1, a 2, a 3,... of non-negative integers less than m such that a 0 = x and a i+1 ai 2 (mod m) for each non-negative integer i. Then a i x 2i for all non-negative integers i. Any positive integer e may then be expressed in the form e = e 0 + 2e 1 + 2 2 e 2 + 2 3 e 3 + where e i has the value 0 or 1 for each non-negative integer i. (These numbers e i are of course the digits in the binary representation of the number e.)

Then x e is then congruent to the product of those integers a i for which e k = i. The execution time required to calculate E(x) by this method is therefore determined by the number of digits in the binary expansion of e, and is therefore bounded above by some constant multiple of log m (assuming that e has been chosen so that it is less than s, and thus less than m).

Moreover the execution time required by the Euclidean algorithm, when applied to natural numbers that are less than m is also bounded above by some constant multiple of log m. For in order to apply the Euclidean algorithm, one is required to calculate a decreasing sequence r 0, r 1, r 2, r 3,... such that, for k 2, the non-negative integer r k is the remainder obtained on dividing r k 2 by r k 1 in integer arithmetic, and therefore satisfies the inequality r k 1 2 r k 2. (To see this, consider separately what happens in the two cases when r k 1 1 2 r k 2 and r k 1 > 1 2 r k 2.)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information