Mathematics of Cryptography

Similar documents
Cryptography and Network Security Chapter 8

Public Key Cryptography: RSA and Lots of Number Theory

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Factoring Algorithms

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Some practice problems for midterm 2

8 Primes and Modular Arithmetic

Lecture 13 - Basic Number Theory.

The application of prime numbers to RSA encryption

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Computing exponents modulo a number: Repeated squaring

SOLUTIONS FOR PROBLEM SET 2

An Introduction to the RSA Encryption Method

Homework until Test #2

The Euclidean Algorithm

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

RSA and Primality Testing

RSA Encryption. Tom Davis October 10, 2003

Lecture 13: Factoring Integers

Overview of Public-Key Cryptography

Factoring & Primality

Cryptography and Network Security Number Theory

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Elementary factoring algorithms

Computer and Network Security

Public Key Cryptography and RSA. Review: Number Theory Basics

CIS 5371 Cryptography. 8. Encryption --

Primality - Factorization

Applications of Fermat s Little Theorem and Congruences

CSCE 465 Computer & Network Security

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Public-key cryptography RSA

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

MATH10040 Chapter 2: Prime and relatively prime numbers

8 Divisibility and prime numbers

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

Basic Algorithms In Computer Algebra

1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works.

Chapter. Number Theory and Cryptography. Contents

How To Know If A Message Is From A Person Or A Machine

Advanced Cryptography

Primes. Name Period Number Theory

z 0 and y even had the form

GREATEST COMMON DIVISOR

Overview of Number Theory Basics. Divisibility

Greatest Common Factor and Least Common Multiple

Settling a Question about Pythagorean Triples

Factoring Whole Numbers

Primality Testing and Factorization Methods

MATH 13150: Freshman Seminar Unit 10

SUM OF TWO SQUARES JAHNAVI BHASKAR

CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

Stupid Divisibility Tricks

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Kevin James. MTHSC 412 Section 2.4 Prime Factors and Greatest Comm

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

s = s = s =

The Mathematics of the RSA Public-Key Cryptosystem

CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

Faster deterministic integer factorisation

CS 103X: Discrete Structures Homework Assignment 3 Solutions

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

11 Ideals Revisiting Z

Clock Arithmetic and Modular Systems Clock Arithmetic The introduction to Chapter 4 described a mathematical system

Lecture 3: One-Way Encryption, RSA Example

Math 319 Problem Set #3 Solution 21 February 2002

Notes on Network Security Prof. Hemant K. Soni

Chapter 11 Number Theory

FACTORING. n = fall in the arithmetic sequence

Grade 7/8 Math Circles Fall 2012 Factors and Primes

MATH 289 PROBLEM SET 4: NUMBER THEORY

Grade 6 Math Circles March 10/11, 2015 Prime Time Solutions

Solutions to Problem Set 1

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem)


Notes on Factoring. MA 206 Kurt Bryan

1. Define: (a) Variable, (b) Constant, (c) Type, (d) Enumerated Type, (e) Identifier.

k, then n = p2α 1 1 pα k

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

SYSTEMS OF PYTHAGOREAN TRIPLES. Acknowledgements. I would like to thank Professor Laura Schueller for advising and guiding me

THE NUMBER OF REPRESENTATIONS OF n OF THE FORM n = x 2 2 y, x > 0, y 0

Number Theory: A Mathemythical Approach. Student Resources. Printed Version

Applied Cryptography Public Key Algorithms

Integer Factorization using the Quadratic Sieve

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

The last three chapters introduced three major proof techniques: direct,

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!

2 Primality and Compositeness Tests

Revised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)

The cyclotomic polynomials

CSE Final Project: crypchat Encrypted Chat Program Christopher Durr, Matthew Mooney, Paul Zakas

An Introduction to RSA Public-Key Cryptography

On Generalized Fermat Numbers 3 2n +1

Transcription:

Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2.

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Look at the applet

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number.

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p;

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p;

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p a 2t+2 = a mod p;

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p a 2t+2 = a mod p; a 2(t+1) = a mod p;

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p a 2t+2 = a mod p; a 2(t+1) = a mod p; (a t+1 ) 2 = a mod p

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p a 2t+2 = a mod p; a 2(t+1) = a mod p; (a t+1 ) 2 = a mod p 4. so, if p = 4t + 3, then find the t, the square root of a is a t+1

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 Every number a has either 2 square roots ( a, a ) or 0 square roots Solve x 2 = a mod p where p is a prime number. 1. p mod 4 can be either 1 or 3 suppose it is 3 2. then p = 4t + 3 where t is some positive integer 3. but a (p 1)/2 = 1 mod p; a (4t+3 1)/2 = 1 mod p; a 2t+1 = 1 mod p a 2t+2 = a mod p; a 2(t+1) = a mod p; (a t+1 ) 2 = a mod p 4. so, if p = 4t + 3, then find the t, the square root of a is a t+1 example: p=19 = 4*4+3, so t=4. Suppose a is 7 7 mod 19 = 7 5 mod 19 = 11 mod 19 check: 121 mod 19 = 7 mod 19

Finding a prime Probability that a random number p is prime: 1/ln(p) For 100 digit number this is 1/230.

Finding a prime Probability that a random number p is prime: 1/ln(p) For 100 digit number this is 1/230. But how to test for being prime?

Finding a prime Probability that a random number p is prime: 1/ln(p) For 100 digit number this is 1/230. But how to test for being prime? If p is prime and 0 < a < p, then a p 1 = 1 mod p Pr(p isn't prime but a p 1 = 1 mod p) is small

} Finding a prime Can always express a number p 1 as 2 b c for some odd number c. ex: 48 = 2 4 3 110101100 Here is the 2 b } Here is the odd number

Finding a prime Can always express a number p 1 as 2 b c for some odd number c. Then can compute a p 1 mod p by computing a c mod p and squaring the result b times. If the result is not 1 then p is not prime.

Finding a prime Trivial square roots of 1 mod p : 1 mod p and 1 mod p If p is prime, there are no nontrivial square roots of 1 mod p Let x be a square root of 1 mod p. Then x 2 = 1 mod p. Or, (x 1)(x+1) = 0 mod p. But x 1 and x+1 are divisible by prime p. Hence, the product cannot be divisible by p. Therefore x does not exist.

Finding a prime Consider p 1 = 2 b c again. If p is prime then a c = 1 mod p or for some r < b, a 2rc = 1 mod p.

Finding a prime Choose a random odd integer p to test. Calculate b = # times 2 divides p 1. Calculate m such that p = 1 + 2 b m. Choose a random integer a such that 0 < a < p. If a m 1 mod p a 2jm 1 mod p, for some 0 j b 1, then p passes the test. A prime will pass the test for all a.

Finding a prime Choose a random odd integer p to test. Calculate b = # times 2 divides p 1. Calculate m such that p = 1 + 2 b m. Choose a random integer a such that 0 < a < p. If a m 1 mod p a 2jm 1 mod p, for some 0 j b 1, then p passes the test. A prime will pass the test for all a. A non prime number passes the test for at most 1/4 of all possible a. So, repeat N times and probability of error is (1/4) N. Look at the applet

Finding a prime importance to RSA Choose e first, then find p and q so (p 1) and (q 1) are relatively prime to e RSA is no less secure if e is always the same and small Popular values for e are 3 and 65537 For e = 3, though, must pad message or else ciphertext = plaintext Choose p 2 mod 3 so p 1 = 1 mod 3 so p is relatively prime to e So, choose random odd number, multiply by 3 and add 2, then test for primality

Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2. Greatest Common Divisor: Largest integer that evenly divides two given numbers gcd(3, 7) = 1; gcd(294, 385) = 7; 294 = 42 7; 385 = 55 7;

Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2. Greatest Common Divisor: Largest integer that evenly divides two given numbers gcd(3, 7) = 1; gcd(294, 385) = 7; 294 = 42 7; 385 = 55 7; Given integers m, n, suppose integer r is the smallest for which there exist integers u, v such that r > 0 and u m + v n = r then r is the greatest common divisor of m and n.

Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2. Greatest Common Divisor: Largest integer that evenly divides two given numbers gcd(3, 7) = 1; gcd(294, 385) = 7; 294 = 42 7; 385 = 55 7; Given integers m, n, suppose integer r is the smallest for which there exist integers u, v such that r > 0 and u m + v n = r then r is the greatest common divisor of m and n. If p > r is common divisor then u m/p + v n/p = an integer = r/p < 1

Greatest Common Divisor 385 294

Greatest Common Divisor 385 294 = 1 R 91 91 = 1 385 1 294

Greatest Common Divisor 385 294 = 1 R 91 In other words we need the gcd of 91 + 294 and 294

Greatest Common Divisor 385 294 = 1 R 91 In other words we need the gcd of 91 + 294 and 294 But this is the same gcd as for 91 and 294! because (91+294)/a 294/a = 91/a which must be an integer.

Greatest Common Divisor 385 294 91 = 1 385 1 294 294 91

Greatest Common Divisor 385 294 91 = 1 385 1 294 294 91 = 3 R 21 21 = 294 3(385 294) = 3 385 + 4 294

Greatest Common Divisor 385 294 91 = 1 385 1 294 294 91 21 = 3 385 + 4 294 91 21

Greatest Common Divisor 385 294 91 = 1 385 1 294 294 91 21 = 3 385 + 4 294 91 21 = 4 R 7 7 = 1 385 1 294 4( 3 385 + 4 294) = 13 385 17 294

Greatest Common Divisor 385 294 294 91 91 21 7 = 1 385 1 294 4( 3 385 + 4 294) = 13 385 17 294 21 7

Greatest Common Divisor 385 294 294 91 91 21 7 = 1 385 1 294 4( 3 385 + 4 294) = 13 385 17 294 21 7 = 3 R 0

Greatest Common Divisor 385 294 294 91 91 21 7 = 1 385 1 294 4( 3 385 + 4 294) = 13 385 17 294 21 7 So, the gcd of 385 and 294 is 7

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v.

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime.

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42:

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 =5

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42 42-8 5 = 2

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42 42-8 5 2 = 1 42-8(1 89-2 42) = -8 89 + 17 42

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42 42-8 5 2 = 1 42-8(1 89-2 42) = -8 89 + 17 42 5-2 2 = 1

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42 42-8 5 2 = 1 42-8(1 89-2 42) = -8 89 + 17 42 5-2 2 1 = 1 89-2 42-2(-8 89 + 17 42) = 17 89-36 42

Finding Multiplicative Inverses Find an inverse of m mod n. That is, a number u such that u m = 1 mod n. In other words, find u such that u m + v n = 1 for some v. Apply previous algorithm (gcd(m,n)) to get u, v but only if m and n are relatively prime. Example: Inverse of 89 mod 42: 89-2 42 5 = 1 89-2 42 42-8 5 2 = 1 42-8(1 89-2 42) = -8 89 + 17 42 5-2 2 1 = 1 89-2 42-2(-8 89 + 17 42) = 17 89-36 42 Conclusion: 17 is the inverse of 89 mod 42! Look at the applet

Chinese Remainder Theorem There are certain things whose number is unknown. Repeatedly divided by 3, the remainder is 2; by 5 the remainder is 3; and by 7 the remainder is 2. What will be the number?

Chinese Remainder Theorem There are certain things whose number is unknown. Repeatedly divided by 3, the remainder is 2; by 5 the remainder is 3; and by 7 the remainder is 2. What will be the number? Application: An army general about 2000 years ago sent by messenger a note to the emperor telling how many troops he had. But the number was encrypted in the following way: dividing 602 by 3 gives a remainder of 2 dividing 602 by 5 gives a remainder of 2 dividing 602 by 7 gives a remainder of 0 dividing 602 by 11 gives a remainder of 8 So the message is: 2,2,0,8 It turns out that by the Chinese Remainder Theorem (CRT) it is possible to uniquely determine the number of troops provided all the divisions were by relatively prime numbers.

Chinese Remainder Theorem There are certain things whose number is unknown. Repeatedly divided by 3, the remainder is 2; by 5 the remainder is 3; and by 7 the remainder is 2. What will be the number? Application: An old Chinese woman on the way to the market came upon a horse and rider. The horse stepped on her basket and crushed the eggs in her basket. The rider offered to pay for the broken eggs and asked how many eggs were in the basket. She did not remember the exact number, but when she had taken them out two at a time, there was one egg left. The same happened when she picked them out three, four, five, and six at a time, but when she took them seven at a time they came out even. What is the smallest number of eggs she could have had?

Chinese Remainder Theorem If the prime factorization of n is n 1 n 2... n k then the system of equations: x mod n 1 = a 1 x = a 1 mod n 1 x mod n 2 = a 2 x = a 2 mod n 2 x mod n 3 = a 3 x = a 3 mod n 3...... x mod n k = a k x = a k mod n k has a unique solution x given any a 1, a 2,..., a k where x < n.

Chinese Remainder Theorem Why? Define n i = n 1 n 2... n i-1 n i+1... n k This means, for each 1 i k, there is an r i and s i such that r i n i + s i n i = 1 and r i and s i can be found using the gcd algorithm. Since n i contains all n j as factors except for n i it is evenly divisible by all but n i. Then s i n i = 0 mod n j for all i j and s i n i = 1 mod n i

Chinese Remainder Theorem Why? The solution is k x = a i s i n i mod n 1 n 2... n k i=1 Therefore, as a check x mod n 1 = a 1 1 + a 2 0 + a 3 0 +... + a k 0 = a 1 x mod n 2 = a 1 0 + a 2 1 + a 3 0 +... + a k 0 = a 2 x mod n 3 = a 1 0 + a 2 0 + a 3 1 +... + a k 0 = a 3... x mod n k = a 1 0 + a 2 0 + a 3 0 +... + a k 1 = a k

Chinese Remainder Theorem x mod n 1 = a 1 x a 1 mod n 1 x mod n 2 = a 2 x a 2 mod n 2 x mod n 3 = a 3 x a 3 mod n 3...... x mod n k = a k x a k mod n k has a unique solution x given any a 1, a 2,..., a k where x < n 1 n 2 n k

Chinese Remainder Theorem x mod n 1 = a 1 x a 1 mod n 1 x mod n 2 = a 2 x a 2 mod n 2 x mod n 3 = a 3 x a 3 mod n 3...... x mod n k = a k x a k mod n k Return to the original problem: divide x by 3 and get a remainder of 2 a 1 = 2 n 1 = 3 divide x by 5 and get a remainder of 3 a 2 = 3 n 2 = 5 divide x by 7 and get a remainder of 2 a 3 = 2 n 3 = 7 What is the value of x that is no greater than 3 5 7?

Chinese Remainder Theorem x mod n 1 = a 1 x a 1 mod n 1 x mod n 2 = a 2 x a 2 mod n 2 x mod n 3 = a 3 x a 3 mod n 3...... x mod n k = a k x a k mod n k Return to the original problem: divide x by 3 and get a remainder of 2 a 1 = 2 n 1 = 3 divide x by 5 and get a remainder of 3 a 2 = 3 n 2 = 5 divide x by 7 and get a remainder of 2 a 3 = 2 n 3 = 7 What is the value of x that is no greater than 3 5 7? Inverses of: 5 7 mod 3=2 3 7 mod 5=1 3 5 mod 7=1

Chinese Remainder Theorem x mod n 1 = a 1 x a 1 mod n 1 x mod n 2 = a 2 x a 2 mod n 2 x mod n 3 = a 3 x a 3 mod n 3...... x mod n k = a k x a k mod n k Return to the original problem: divide x by 3 and get a remainder of 2 a 1 = 2 n 1 = 3 divide x by 5 and get a remainder of 3 a 2 = 3 n 2 = 5 divide x by 7 and get a remainder of 2 a 3 = 2 n 3 = 7 What is the value of x that is no greater than 3 5 7? Inverses of: 5 7 mod 3=2 3 7 mod 5=1 3 5 mod 7=1 x = 2 35 2 + 3 21 1 + 2 15 1 mod 3 5 7 = 23 (128, 233,...)

Chinese Remainder Theorem Second problem: x = 1 mod 2 x = 2 t + 1 x = 1 mod 3 x = 3 p + 1 x = 1 mod 4 x = 4 r + 1 x = 1 mod 5 x = 5 s + 1 x = 1 mod 6 x = 6 q + 1 x = 0 mod 7 x = 7 w

Chinese Remainder Theorem Second problem: Whoops! not a prime factorization x = 1 mod 2 x = 2 t + 1 x = 1 mod 3 x = 3 p + 1 x = 1 mod 4 x = 4 r + 1 x = 1 mod 5 x = 5 s + 1 x = 1 mod 6 x = 6 q + 1 x = 0 mod 7 x = 7 w so, 2 t = 3 p = 4 r = 5 s = 6 q from last two q = v 5 and s = v 6 but r = 3 q/2 so q = v 2 5 and s = v 2 6 making r = v 3 5 also p = 2 q = v 4 5 and t = 2 r = v 30 so x = 60 v + 1; n = 7 w 7 w = 60 v + 1

Chinese Remainder Theorem Immediate consequence: Suppose everyone's RSA public key e part is 3. Consider the same message sent to three people. These are: c[1] = m 3 mod n[1] c[2] = m 3 mod n[2] c[3] = m 3 mod n[3] By the Chinese Remainder Theorem One can compute m 3 mod n[1] n[2] n[3] Since m is smaller than any of the n[i], m 3 is known and taking the cube root finds m.

Z*n All numbers less than n that are relatively prime with n Examples: Z*10 = { 1, 3, 7, 9 }; Z*15 = { 1, 2, 4, 7, 8, 11, 13, 14 } If numbers a, b are members of Z*n then so is a b mod n. Examples: 4 11 mod 15 = 44 mod 15 = 14; 13 14 mod 15 = 182 mod 15 = 2.

Z*n All numbers less than n that are relatively prime with n Examples: Z*10 = { 1, 3, 7, 9 }; Z*15 = { 1, 2, 4, 7, 8, 11, 13, 14 } If numbers a, b are members of Z*n then so is a b mod n. Examples: 4 11 mod 15 = 44 mod 15 = 14; 13 14 mod 15 = 182 mod 15 = 2. Why? Since a and b are relatively prime to n there must be integers s.t. u a + v n = 1 and w b + x n = 1.

Z*n All numbers less than n that are relatively prime with n Examples: Z*10 = { 1, 3, 7, 9 }; Z*15 = { 1, 2, 4, 7, 8, 11, 13, 14 } If numbers a, b are members of Z*n then so is a b mod n. Examples: 4 11 mod 15 = 44 mod 15 = 14; 13 14 mod 15 = 182 mod 15 = 2. Why? Since a and b are relatively prime to n there must be integers s.t. u a + v n = 1 and w b + x n = 1. Multiply both equations: (u w) a b + (u x a + v w b + x v n) n = 1 Hence a b is relatively prime to n.

Euler's Totient Function: Defined: (n) is number of elements in Z*n. Example: (7) = 6 ({1,2,3,4,5,6}) ; (10) = 4 ({1,3,7,9}) Suppose n = p q and p and q are relatively prime Example: (70): { 1, 3, 9, 11, 13, 17, 19, 23, 27, 29, 31, 33, 37, 39, 41, 43, 47, 51, 53, 57, 59, 61, 67, 69} (70) = (7) (10) = 24. Why?

Euler's Totient Function: Defined: (n) is number of elements in Z*n. Example: (7) = 6 ({1,2,3,4,5,6}) ; (10) = 4 ({1,3,7,9}) Suppose n = p q and p and q are relatively prime Example: (70): { 1, 3, 9, 11, 13, 17, 19, 23, 27, 29, 31, 33, 37, 39, 41, 43, 47, 51, 53, 57, 59, 61, 67, 69} (70) = (7) (10) = 24. Why? By the Chinese Remainder Theorem there is a 1-1 correspondence between a number m and m p = m mod p 1 = 29 mod 7 4 = 39 mod 7 m q = m mod q 9 = 29 mod 10 9 = 39 mod 10

Euler's Totient Function: Defined: (n) is number of elements in Z*n. Example: (7) = 6 ({1,2,3,4,5,6}) ; (10) = 4 ({1,3,7,9}) Suppose n = p q and p and q are relatively prime Example: (70): { 1, 3, 9, 11, 13, 17, 19, 23, 27, 29, 31, 33, 37, 39, 41, 43, 47, 51, 53, 57, 59, 61, 67, 69} (70) = (7) (10) = 24. Why? By the Chinese Remainder Theorem there is a 1-1 correspondence between a number m and m p = m mod p m q = m mod q If m is relatively prime to pq, then there are integers u,v, such that um + vpq = 1.

Euler's Totient Function: Substituting m = m p + kp gives um p + (uk + vq)p = 1 so m p is relatively prime to p. Same for m q and q. Therefore, m in Z*pq means m p is in Z*p and m q is in Z*q. Why? By the Chinese Remainder Theorem there is a 1-1 correspondence between a number m and m p = m mod p m q = m mod q If m is relatively prime to pq, then there are integers u,v, such that um + vpq = 1.

Euler's Totient Function: Substituting m = m p + kp gives um p + (uk + vq)p = 1 so m p is relatively prime to p. Same for m q and q. Therefore, m in Z*pq means m p is in Z*p and m q is in Z*q. Similar tricks can be used to show that m q in Z*q and m p in Z*p imply m in Z*pq. Why? By the Chinese Remainder Theorem there is a 1-1 correspondence between a number m and m p = m mod p m q = m mod q If m is relatively prime to pq, then there are integers u,v, such that um + vpq = 1.

Euler's Theorem: For all a in Z*n, a (n) = 1 mod n. Why? By example: suppose n = 10, a = 3. Multiply all elements of Z*n = { 1, 3, 7, 9 } to get x = 189. But x mod 10 = 9 which is an element of Z*n. The inverse of x is 9.

Euler's Theorem: For all a in Z*n, a (n) = 1 mod n. Why? By example: suppose n = 10, a = 3. Multiply all elements of Z*n = { 1, 3, 7, 9 } to get x = 189. But x mod 10 = 9 which is an element of Z*n. The inverse of x is 9. Multiply all elements of Z*n by 3 and multiply all those numbers: (3 1) (3 3) (3 7) (3 9) = 3 (n) x But 3 1 = 3, 3 3 = 9, 3 7 = 1, 3 9 = 7 (all mod 10) Hence a (n) x = x mod n. So, a (n) = 1 mod n

Euler's Theorem: For all a in Z*n, and any non-neg int k, a (k (n)+1) = a mod n. Why?

Euler's Theorem: For all a in Z*n, and any non-neg int k, a (k (n)+1) = a mod n. Why? a (k (n)+1) = (a (n) ) k a = 1 k a = a

Euler's Theorem: For all a in Z*n, and any non-neg int k, a (k (n)+1) = a mod n. Why? a (k (n)+1) = (a (n) ) k a = 1 k a = a For all a and any non-neg int k, a (k (n)+1) = a mod n, if n = p q, p and q are prime then (n) = (p-1) (q-1)

Euler's Theorem: For all a in Z*n, and any non-neg int k, a (k (n)+1) = a mod n. Why? a (k (n)+1) = (a (n) ) k a = 1 k a = a For all a and any non-neg int k, a (k (n)+1) = a mod n, if n = p q, p and q are prime then (n) = (p-1) (q-1) Why?

Euler's Theorem: For all a in Z*n, and any non-neg int k, a (k (n)+1) = a mod n. Why? a (k (n)+1) = (a (n) ) k a = 1 k a = a For all a and any non-neg int k, a (k (n)+1) = a mod n, if n = p q, p and q are prime then (n) = (p-1) (q-1) Why? Only interesting case: a is a multiple of p or q. Suppose a is a multiple of q. Since a is relatively prime to p, a (p) = 1 mod p. Since (n)= (p) (q), (mod p) a (k (n)+1) = (a ( (p) (q)) ) k a = 1 (k (n)) a = a mod p and a=0 mod q so a (k (n)+1) = 0 = a mod q. By CRT a (k (n)+1) = a mod n.

RSA: n = p*q (n) = (p-1)*(q-1) e relatively prime to (n) d such that e*d-1 divisible by (n) hence (e*d-1) / (n) = k, a positive integer so e*d = k* (n) + 1 therefore m e *d = m k * (n)+1 = m mod n

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information