Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-251 Great Theoretical Ideas in Computer Science.

Published byThomas Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "15-251 Great Theoretical Ideas in Computer Science."— Presentation transcript:

1 15-251 Great Theoretical Ideas in Computer Science

2 Lecture 14 (October 08, 2008) Number Theory, Cryptography and RSA p-1 pp 1

3 The reduced system modulo n: Z n = {0, 1, 2, …, n-1} Define operations + n and * n : a + n b = (a+b mod n) a * n b = (a*b mod n)

4 Z n = {0, 1, 2, …, n-1} a + n b = (a+b mod n) a * n b = (a*b mod n) + n and * n are commutative and associative binary operators from Z n * Z n  Z n

5 The reduced system Z 6 = {0,1,2,3,4,5} +012345 0012345 1123450 2234501 3345012 4450123 5501234 An operator has the permutation property if each row and each column has a permutation of the elements.

6 For every n, + n on Z n has the permutation property +012345 0012345 1123450 2234501 3345012 4450123 5501234 An operator has the permutation property if each row and each column has a permutation of the elements.

7 What about multiplication? Does * 6 on Z 6 have the permutation property? An operator has the permutation property if each row and each column has a permutation of the elements. *012345 0000000 1012345 2024024 3030303 4042042 5054321 No

8 Fundamental lemma of plus, minus, and times modulo n: If (x  n y) and (a  n b). Then 1) x + a  n y + b 2) x - a  n y - b 3) x * a  n y * b

9 Is there a fundamental lemma of division modulo n? cx  n cy  x  n y ? No!

10 When can’t I divide by c? If GCD(c,n) > 1 then you can’t always divide by c.

11 Fundamental lemma of division modulo n. If GCD(c,n)=1, then ca  n cb  a  n b So Consider the set Z n * = {x  Z n | GCD(x,n) =1} Multiplication over this set Z n * will have the cancellation property.

12 Euler Phi Function  (n) Define  (n) = size of Z n * = number of 1 ≤ k < n that are relatively prime to n.

13 Z 6 = {0, 1,2,3,4,5} Z 6 * = {1,5} +012345 0012345 1123450 2234501 3345012 4450123 5501234 *012345 0000000 1012345 2024024 3030303 4042042 5054321

14 Z 12 * = {0 ≤ x < 12 | gcd(x,12) = 1} = {1,5,7,11} * 12 15711 1157 551 7 77 15 751  (12) = 4

15 Z 5 * = {1,2,3,4} *5*5 1234 11234 22413 33142 44321 = Z 5 \ {0} For all primes p, Z p * = Z p \ {0}, since all 0 < x < p satisfy gcd(x,p) = 1

16 If p,q distinct primes then  (pq) = (p-1)(q-1) If p prime then  (p) = (p-1) If p prime then  (p 2 ) = ?

17 What are the properties of Z n * For * n on Z n * the following properties hold [Closure] x, y  Z n  x * n y  Z n [Associativity] x, y, z  Z n  ( x * n y ) * n z = x * n ( y * n z ) [Commutativity] x, y  Z n  x * n y = y * n x

18 The additive inverse of a  Z n is the unique b  Z n such that a + n b  n 0. We denote this inverse by “–a”. It is trivial to calculate: “-a” = (n-a).

19 Efficient algorithm to find multiplicative inverse a -1 from a and n. Extended Euclidean Algorithm(a, n) Get r,s such that ra + sn = gcd(a,n) = 1 So ra  n 1 Output: r is the multiplicative inverse of a

20 Z n = {0, 1, 2, …, n-1} Z n * = {x  Z n | GCD(x,n) =1} Define + n and * n : a + n b = (a+b mod n) a * n b = (a*b mod n) 1.Closed 2.Associative 3.0 is identity 4.Additive Inverses 5.Cancellation 6.Commutative 1.Closed 2.Associative 3.1 is identity 4.Multiplicative Inverses 5.Cancellation 6.Commutative c * n ( a + n b)  n (c * n a) + n (c* n b)

21 new stuff starts here…

22 Fundamental Lemmas until now For x, y, a, b in Z n, (x  n y) and (a  n b). Then 1) x + a  n y + b 2) x - a  n y - b 3) x * a  n y * b For a,b,c in Z n * then ca  n cb  a  n b

23 Fundamental lemma of powers? If (a  n b) Then x a  n x b ? NO! (2  3 5), but it is not the case that: 2 2  3 2 5

24 By the permutation property, two names for the same set: Z n * = aZ n * where aZ n * = {a * n x | x  Z n * }, a  Z n * *1234 11234 22413 a3142 44321 Example: Z 5 *

25 Two products on the same set: Z n * = aZ n * aZ n * = {a * n x | x  Z n * }, a  Z n *  x  n  ax [as x ranges over Z n * ]  x  n  x (a size of Zn* ) [Commutativity] 1 = n a size of Zn* [Cancellation] a  (n) = n 1

26 Euler’s Theorem a  Z n *, a  (n)  n 1 Fermat’s Little Theorem p prime, a  Z p *  a p-1  p 1

27 (Correct) Fundamental lemma of powers. Suppose x  Z n *, and a,b,n are naturals. If a   (n) b Then x a  n x b Equivalently, x a  n x a mod  (n)

28 Defining negative powers Suppose x  Z n *, and a,n are naturals. x -a is defined to be the multiplicative inverse of x a x -a = (x a ) -1

29 Rule of integer exponents Suppose x,y  Z n *, and a,b are integers. (xy) -1  n x -1 y -1 X a X b  n X a+b Can use Lecture 13 to do fast exponentiation!

30 A note about exponentiation

31 How do you calculate 2 6666666666661 mod 7 Fundamental lemma of powers. Suppose x  Z n *, and a,n are naturals. x a  n x a mod  (n) For x 2 Z x *, x a (mod n) = x a mod  (n) (mod n)

32 Time to compute To compute a x (mod n) for a 2 Z n * first, get x’ = x mod Φ (n) By Euler’s theorem: a x = a x’ (mod n) Hence, we can calculate a x’ where x’ · n. But still that might take x’-1 ¼ n steps if we calculate a, a 2, a 3, a 4, …, a x’

33 Faster exponentiation How do you compute a x’ fast? Suppose x’ = 2 k a ! a 2 (mod n) ! a 4 (mod n) … ! a 2 k-1 (mod n) ! a 2 k (mod n) Suppose 2 k ≤ x’ < 2 k+1 a ! a 2 (mod n) ! a 4 (mod n) … ! a 2 k-1 (mod n) ! a 2 k (mod n) multiply together the appropriate powers

34

35 How much time did this take? Only 2 log x’ multiplications Instead of (x’-1) multiplications

36 Ok, back to number theory

37 Agreeing on a secret Alice and Bob have never talked before but they want to agree on a secret… How can they do this?

38 Diffie-Hellman Key Exchange Alice: Picks prime p, and a value g in Z p * Picks random a in Z p * Sends over p, g, g a (mod p) Bob: Picks random b in Z p *, and sends over g b (mod p) Now both can compute g ab (mod p)

39 What about Eve? If Eve’s just listening in, she sees p, g, g a, g b It’s believed that computing g ab (mod p) from just this information is not easy… Alice: Picks prime p, and a value g in Z p * Picks random a in Z p * Sends over p, g, g a (mod p) Bob: Picks random b in Z p *, and sends over g b (mod p) Now both can compute g ab (mod p)

40 btw, discrete logarithms seem hard Discrete-Log: Given p, g, g a (mod p), compute a How fast can you do this? If you can do discrete-logs fast, you can solve the Diffie-Hellman problem fast. How about the other way? If you can break the DH key exchange protocol, do discrete logs fast?

41 The RSA Cryptosystem

42 Our dramatis personae Rivest Shamir Adleman Euler Fermat

43 Pick secret, random large primes: p,q Multiply n = p*q “Publish”: n  (n) =  (p)  (q) = (p-1)*(q-1) Pick random e  Z *  (n) “Publish”: e Compute d = inverse of e in Z *  (n) Hence, e*d = 1 [ mod  (n) ] “Private Key”: d

44 n,e is my public key. Use it to send me a message. p,q random primes e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ]

45 n, e p,q prime, e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ] message m m e [mod n] (m e ) d  n m

46

47 How hard is cracking RSA? If we can factor products of two large primes, can we crack RSA? If we know \phi(n), can we crack RSA? How about the other way? Does cracking RSA mean we must do one of these two? We don’t know..

48 Fundamental lemma of powers Euler phi function  (n) = |Z n * | Euler’s theorem Fermat’s little theorem Fast exponentiation Diffie-Hellman Key Exchange RSA algorithm Here’s What You Need to Know…

Download ppt "15-251 Great Theoretical Ideas in Computer Science."

Similar presentations

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
7. Asymmetric encryption-

7. Asymmetric encryption-
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
Public Encryption: RSA

Public Encryption: RSA
CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.
Cryptography & Number Theory

Cryptography & Number Theory
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography

Similar presentations

Ads by Google