Exponential and RSA Ciphers

Similar documents
Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

The application of prime numbers to RSA encryption

RSA Encryption. Tom Davis October 10, 2003

Some practice problems for midterm 2

An Introduction to the RSA Encryption Method

Math 319 Problem Set #3 Solution 21 February 2002

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Public Key Cryptography: RSA and Lots of Number Theory

V Quantitative Reasoning: Computers, Number Theory and Cryptography

Factoring Algorithms

Computing exponents modulo a number: Repeated squaring

The Mathematics of the RSA Public-Key Cryptosystem

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

WRITING PROOFS. Christopher Heil Georgia Institute of Technology

8 Primes and Modular Arithmetic

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

RSA and Primality Testing

Applications of Fermat s Little Theorem and Congruences

Clock Arithmetic and Modular Systems Clock Arithmetic The introduction to Chapter 4 described a mathematical system

Number Theory and Cryptography using PARI/GP

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

Network Security. HIT Shimrit Tzur-David

Software Tool for Implementing RSA Algorithm

k, then n = p2α 1 1 pα k

1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works.

Public Key Cryptography and RSA. Review: Number Theory Basics

The science of encryption: prime numbers and mod n arithmetic

CS 758: Cryptography / Network Security

Cryptography and Network Security Chapter 9

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

Number Theory and the RSA Public Key Cryptosystem

Lecture 13 - Basic Number Theory.

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Maths delivers! A guide for teachers Years 11 and 12. RSA Encryption

Vieta s Formulas and the Identity Theorem

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Hill s Cipher: Linear Algebra in Cryptography

Stupid Divisibility Tricks

A short primer on cryptography

COMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012

CRYPTOGRAPHY IN NETWORK SECURITY

3 Some Integer Functions

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Previously, you learned the names of the parts of a multiplication problem. 1. a. 6 2 = 12 6 and 2 are the. b. 12 is the

Chapter 3. if 2 a i then location: = i. Page 40

CSCE 465 Computer & Network Security

Advanced Cryptography

of Nebraska - Lincoln

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Five fundamental operations. mathematics: addition, subtraction, multiplication, division, and modular forms

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Lukasz Pater CMMS Administrator and Developer

mod 10 = mod 10 = 49 mod 10 = 9.

Overview of Public-Key Cryptography

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Solutions to Problem Set 1

SECURITY IN NETWORKS

Playing with Numbers

An Introduction to Hill Ciphers Using Linear Algebra

The Euclidean Algorithm

4.2 Euclid s Classification of Pythagorean Triples

Paillier Threshold Encryption Toolbox

8 Divisibility and prime numbers

Number of Divisors. Terms. Factors, prime factorization, exponents, Materials. Transparencies Activity Sheets Calculators

Solution to Exercise 2.2. Both m and n are divisible by d, som = dk and n = dk. Thus m ± n = dk ± dk = d(k ± k ),som + n and m n are divisible by d.

Cryptography and Network Security

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

The Prime Facts: From Euclid to AKS

The Chinese Remainder Theorem

5544 = = = Now we have to find a divisor of 693. We can try 3, and 693 = 3 231,and we keep dividing by 3 to get: 1

RSA Attacks. By Abdulaziz Alrasheed and Fatima

An Introduction to RSA Public-Key Cryptography

Table of Contents. Bibliografische Informationen digitalisiert durch

Hill Ciphers and Modular Linear Algebra

The Rise of Narrative Non-Fiction

Session 6 Number Theory

ANALYSIS OF RSA ALGORITHM USING GPU PROGRAMMING

7! Cryptographic Techniques! A Brief Introduction

ECE 842 Report Implementation of Elliptic Curve Cryptography

Techniques of Asymmetric File Encryption. Alvin Li Thomas Jefferson High School For Science and Technology Computer Systems Lab

Introduction to Hill cipher

Chapter 11 Number Theory

64-Bit Architecture Speeds RSA By 4x

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

26 Integers: Multiplication, Division, and Order

Programming with TI-Nspire

Cryptography and Network Security

Homework until Test #2

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Omer Rana

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Math Workshop October 2010 Fractions and Repeating Decimals

Transcription:

V55.0106 Quantitative Reasoning: Computers, Number Theory and Cryptography Exponential and RSA Ciphers In the section on Fermat s Little theorem, we proved the following, which we shall put to use: Fermat s little theorem. If p is a prime number and a is any number not divisible by p, then a p 1 1modp Fermat s theorem (Two Prime version). If p and q are different primes and a is any number not divisible by p or by q, then a (p 1)(q 1) 1modpq Some examples: 5 22 1mod23, 7 88 1mod89, 2331 6336 6499 The first two depend on your knowledge that 23 and 89 are primes. The second depends on the factorization 6499 = 67 97 = pq. Inthiscase(p 1)(q 1) = 66 98 = 6336. Here 2332 is not divisible by 67 or by 97. Less obvious are 5135 80908 1 mod 81493 and 31891 548238 1 mod 548239 The first congruence depends on the factorization 81493 = 227 359 into primes. The exponent 80908 is the product of 226 and 358 (each one less than the primes in the factorization of the modulus.) The second congruence depends on the fact that 548238 is a prime (gotten from the PrimeWizard program in the lab.) Large numbers like the last examples are clearly difficult to handle manually, though computers can deal with them by factoring into primes and by determining if a number is prime. Such congruences are used in cryptography. However the prime numbers will have 100 to 200 digits! In this case, the above numbers will seem like chicken feed. And for such huge primes, computers today can determine a factorization into primes only with great difficulty. A fast computer might take 20 or so years working full time to determine if a number is prime. And factoring tremendous numbers is even more hopeless. So if a cipher scheme can be found which involves huge numbers and factoring them into primes, the code would be practically unbreakable even with the best computers and smartest minds. We first show how Fermat s two result are used. We illustrate with 5 22 1 mod 23. If we wish to find 5 223 mod 23, we write 223 = 22 10 + 3, so 5 223 =5 22 10+3 =(5 22 ) 10 5 3 1 10 5 3 =5 3 = 125 10 mod 23 1

This amounts to replacing the exponent 223 by its value mod 22. (We divided by 22 to get the remainder 3.) In general, to compute a s mod p, wherep and a are as before, we can replace s by its value mod (p 1). Note: The congruence is mod p but the exponents of a can be taken mod p 1. Important consequence of Fermat s little theorem. If p is a prime and a is a number not divisible by p, thena r a s mod p when r s mod (p 1). Example. Find 17 1388 mod 67. Answer: Working the exponent mod 66, we find 1388 2 mod 66. So 17 1388 17 2 = 189 25 mod 67. In exactly the same way, we can reduce a power mod n when n is the product of different primes p and q. Important consequence of Fermat s little theorem (Two Prime Version). If p and q are different primes and a is a number not divisible by p or by q, thena r a s mod p when r s mod (p 1)(q 1). Example. Find 7 2763 mod 143. Answer: Note that 143 = 11 13. (If you didn t see this immediately, check 143 mod 11 by the alternating sum test.) So here p =11andq = 13, so (p 1)(q 1) = 10 12 = 120. We can reduce the exponent 2763 mod 120. We have 2763 3 mod 120 so 7 2763 7 3 = 343 57 mod 143. Exponential Codes One Prime. A code attempts to send a message which can be read only by someone who has the key to the code. The message will be a stream of letters, but this is usually coded and transmitted as a stream of numbers. The receiver then decodes these numbers to get the original stream and hence the letters and the message. For example, suppose we wish to sent the message DONT COME BEFORE FIVE CLOCK Ignoring spaces, we convert each of these letters into their number equivalent (alway using two digits and ignoring spaces) and we try to code the number stream 041514200315130502050615180506092205150312150311 We break this into chunks depending on our coding system say chunks of 3 and we then proceed to send coded version of the three digit numbers 041 514 200 315 130 502 050 615 180 506 092 205 150 312 150 311 A (one prime) exponential code is given by the formula C P e mod p where p is a fixed prime, and e is relatively prime to (p 1). Here, P is the plaintext (as number) and C is its cipher. For example, let s take p = 947. Then p 1 = 946 = 2 11 43. Let s take 2

e = 53 which is prime to 946 since it is not divisible by 2 or 3 or 503. 1 exponential cipher we are using will be So in this case, the C P 53 mod 947 Our message is 041 514 200 315... We code this one three digit number at a time. For P = 041, we get 2 C 041 53 544 mod 947 Similarly, P = 514 is coded as C 514 53 mod 947 giving C = 390, and the third triple digit number 200 is coded as 200 53 677 mod 947. Proceeding in this way, we generate the cipher text for each part of our message and we send the message 544 390 677... confident that no one will understand. The receiver knows all about the prime 947 but she takes exponent 357. (This will be shortly explained.) So she decodes 544 to get P = 544 357 mod 947. This works out to 41 or 041 since three digit number are understood. Similarly, 390 357 514 mod 947 and 677 357 200 mod 947. So the decoded message starts as 041 514 200... Making a stream of digits, we get 041514200...or 04 15 14 20... In letters, the decoded message is DONT... Summarizing this technique, we chose p = 947 and e = 53 for coding three digit numbers, and we chose d = 357 for decoding: C P 53 mod 947; P C 357 mod 947 The coder knows exponent 53, the decoder knows exponent 357, both know the prime 947. What is the magic use of the exponents 357 and 53? How does that work? The answer is the 357 and 53 are inverses mod 946. (Note: 946 not 947!). It works because the coded message is C P 53 mod 947. The decoder then take C 357 = P 53 357. But this exponent is congruent to 1 mod 946 since that s how 53 and 357 were chosen. Thus C 357 P 1 = P mod 947. Note that we always get and code three digit numbers since that s the size of the remainders mod 947. Summary of exponential coding mod p. For given prime p and number e relatively prime to p 1, choose d so that ed 1mod(p 1). Then the coding is given by C P e mod p and the decoding is given by P C d mod p. InallcasesP and C are chosen between 0 and p 1 inclusive, namely the possible remainders when dividing by p. 1 The primes and the factorizations in this discussion were all done with the PrimeWizard software in the lab. 2 This was all computed using the ModCalc software in the lab. 3

Exponential Codes Two primes. The situation here is almost the same, but it is the basis for the RSA coding system, considered the most powerful, so far unbreakable coding system ever. We start with two different primes p and q. Take n = pq, andtake e relatively prime to (p 1)(q 1), and take d as an inverse of e mod (p 1)(q 1). Then ed 1mod(p 1)(q 1). The coder is given the exponent e and the decoder the exponent d. Both know the number n = pq. The coder computes the code using the formula C P e mod n and the decoder decodes using the formula P C d mod n. Everything on the surface is the same. For example, let s choose small numbers so we can transmit two digits (or one letter) at a time. Take p =11andq = 17. Then n = pq = 187. Here (p 1)(q 1) = 160 with prime divisors 2 and 5. Choose e = 57, say. Then we must find its inverse d mod 160. This calculates to (trust me) d = 73. The coder is given the number n = 187 and exponent e = 57. The decoder is given the number n = 187 and exponent d = 73. Say the coder wants to sent the message NO, or 14 15. He computes 14 57 mod 187 which works out to be 20, and 15 57 49 mod 187. the message is simply 20 49 The receiver gets the message 20 49. He decodes 20 73 14 mod 187 and 49 73 15. The decoded message is, naturally, 14 15 or NO! Summary of exponential coding mod pq. For given primes p and q take n = pq and number e relatively prime to (p 1)(q 1), choose d so that ed 1mod(p 1)(q 1). Then the coding is given by C P e mod n and the decoding is given by P C d mod n. In all cases P and C are chosen between 0 and n 1 inclusive, namely the possible remainders when dividing by n. Public Key Cryptography. Imagine a company or a department with lots of people who have to send encrypted messages to one another. The person receiving the message is the only one who is able to decode the message and anyone can send an encrypted message to anyone else in the company. In order to do this, every person in the company is given a modulus number n andanexponente. These numbers are listed in a directory for all to see, so anyone can send an encrypted message. (This makes the keys public.) But each person in the company is also given a decoding exponent d, andthisisknownonlytoher. SoifIwant to send a message to Mary, say, I look up her modulus n and her exponent e, and send the message. Mary receives the message and uses her decoding key d and decodes. Anyone else on the list can intercept the message but they can t decode - they don t have the decoding key d they only have the modulus n and Mary s coding exponent e which is public. So Mary decodes and the others are frustrated. The system is called the RSA system in honor of the inventors, R. Rivest, A. Shamir, and L. Adelman. It is based on the two prime system described above. Here n = pq and e is relatively prime to (p 1)(q 1). d is the inverse of e mod (p 1)(q 1). Why, you may ask, is d such a secret decoder. Anyone knows John s modulus n and exponent e. So factor n as pq, and compute p 1)(q 1). Then find d as the inverse of e mod p 1)(q 1). So it would seem that all anyone needs is a little bit of congruence mathematics. But here s the 4

problem: p and q are tremendously large primes say 100 to 200 digits. Since n = pq, n has 200+ digits. How do you factor it. The fact is that this is a problem computers can do but the fastest computer, working full time, will take years 3 to accomplish the factorization. So far, after 25 or so years, this RSA system is regarded as unbreakable. Naturally, people are trying, and if they succeed, it s back to the drawing board! 3 an estimated 4 million years for a 200 digit number!. And much more for a number with more digits. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information