Download presentation
Presentation is loading. Please wait.
1
Advanced Algorithms Analysis and Design
By Dr. Nazir Ahmad Zafar Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
2
Lecture No. 40 Chinese Remainder Theorem RSA Cryptosystem
Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design
3
Addition: Modulo 8 7 6 5 4 3 2 1 Dr. Nazir A. Zafar
4
Multiplication: Modulo 8
1 2 3 4 5 6 7 1 6 7 1 2 3 4 5 2 6 4 6 2 4 2 3 6 1 4 7 2 5 3 4 4 4 4 4 5 7 4 5 2 1 6 3 6 4 2 6 4 2 6 7 7 6 5 4 3 2 1 Dr. Nazir A. Zafar
5
Reduced set of residues mod n
Complete set of residues is Zn = {0, 1, . . ., n-1} Reduced set of residues consists of all those numbers (residues) which are relatively prime to n And it is denoted by Zn* = {k : gcd(k, n) = 1, 0 k < n} The number of elements in reduced set of residues is called the Euler Totient Function (n) Example 1 For n = 10, find reduced list of residues of n All residues: {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} Reduced residues (primes) = {1, 3, 7, 9}, (n) = 4 Dr. Nazir A. Zafar
6
Group Definition of a Group
Group is a set, G, together with a binary operation : G * G G, usually denoted by a*b, such that the following properties are satisfied : Associativity : (a*b)*c = a*(b*c) for all a, b, c G Identity : e G, such that e*g = g = g*e for all g G. Inverse : For each g G, there exists the g’, inverse of g, such that g’*g = g*g’ = e Dr. Nazir A. Zafar
7
Result: The Multiplicative Group Zn*
Statement: Zn* = {k : gcd(k, n) = 1, 1 k < n}. For any positive integer n, Zn* forms a group under multiplication modulo n. Proof: Binary Operation Let a, b Zn*, gcd(a, n) = 1; gcd(b, n) = 1 gcd(ab, n) = gcd(a, n)*gcd(b,n) = 1*1 = 1 Associativity holds, 1 is the identity element. inverse of each element exits Hence (Zn* ,*) forms a group. Dr. Nazir A. Zafar
8
Rings Definition A ring is a set R with two binary operations + : R × R → R and · : R × R → R (where × denotes the Cartesian product), called addition and multiplication, such that: (R, +) is an abelian group with identity element 0 (a + b) + c = a + (b + c) 0 + a = a + 0 = a For every a in R, there exists an element denoted −a, such that a + −a = −a + a = 0 a + b = b + a Dr. Nazir A. Zafar
9
Definition (Cont…) (R, ·) is a monoid with identity element 1:
(a·b)·c = a·(b·c) 1·a = a·1 = a Multiplication distributes over addition: a·(b + c) = (a·b) + (a·c) (a + b)·c = (a·c) + (b·c) Definition: An element a in a ring R is called unit if there exists b in R such that a·b = b·a = 1 Lemma Set of all units in R forms a group under ring multiplication Dr. Nazir A. Zafar
10
Example: Rings Example 2
Prove that Z (+, *) ( the set of integers) is a ring. Solution + and * are binary operation on Z because sum and product of two integers are also an integer Now, a, b, c Z (a + b) + c = a + (b + c), 0 + a = a + 0 = a a + (−a) = (−a) + a = 0 a + b = b + a Hence (Z, +) is an abelian group with identity element 0 Dr. Nazir A. Zafar
11
Example 2: Rings Since, a, b, c Z (a·b)·c = a·(b·c) 1·a = a·1 = a
Hence (Z, ·) is a monoid with identity element 1 Finally a, b, c Z a·(b + c) = (a·b) + (a·c) (a + b)·c = (a·c) + (b·c) i.e., multiplication is distributive over addition Hence we can conclude that Z (+, *) is a ring Dr. Nazir A. Zafar
12
Modular arithmetic for integer n:
Zn = {0, 1, . . ., n-1} forms a commutative ring for addition with a multiplicative identity Lemma 1 For a, b, c Z If (a + b) ≡ (a + c) mod n then b ≡ c mod n Lemma 2 If (a*b) ≡ (a*c) mod n then b ≡ c mod n only if a is relatively prime to n i.e. gcd(a, n) = 1. Dr. Nazir A. Zafar
13
Solving Modular Linear Equations
Definition: A congruence of the form ax ≡ b (mod m) is called a linear congruence. Solving: To solve this congruence, objective is to find the x that satisfy the given equation. An inverse of a, modulo m is any integer a′ such that, a′a ≡ 1 (mod m). If we can find such an a′, then we can solve ax ≡ b by multiplying throughout by it, giving a′ax ≡ a′b, Thus, 1·x ≡ a′b, x ≡ a′b (mod m). Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
14
Solving Modular Linear Equations
Theorem If gcd(a, m) = 1 and m > 1, then a has a unique inverse a′ (modulo m). Proof: Since gcd(a, m) = 1, hence s, t such that, sa + tm = 1 So, sa + tm ≡ 1 (mod m). Since tm ≡ 0 (mod m), sa ≡ 1 (mod m). Thus s is an inverse of a (mod m). Hence this Theorem guarantees that if ra ≡ sa ≡ 1 then r ≡ s, thus this inverse is unique mod m. Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
15
Chinese Remainder Theorem
Let m1,…,mk > 0 be relatively prime. Then the system of equations: x ≡ a1 (mod m1) x ≡ a2 (mod m2) . x ≡ ak (mod mk) has a unique solution modulo m = m1·…·mk. Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
16
Chinese Remainder Theorem
Proof: We are given that, m = m1·…·mk. Let Mi = m/mi. for i = 1, , k Since gcd(mi, Mi) = 1, hence by above Theorem, yi = Mi′ such that yiMi ≡ 1 (mod mi) for i = 1, , k Let x = a1y1M1 + a2y2M akykMk = ∑ aiyiMi Now m1 does don’t divide M1 But m2|M1, m3|M1, , mk|M1 Similarly m2 does don’t divide M2 But m1|M2, m3|M2, m4|M2, . . ., mk|M2 and so on Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
17
Chinese Remainder Theorem
Hence mi does don’t divide Mi, i {1, 2, , k} But mi|Mj, i j, i, j {1, 2, , k} Therefore, Mj ≡ 0 (mod mi) j ≠ i, Now we show that x is simultaneous solution x ≡ a1 (mod m1) Since x = a1y1M1 + a2y2M akykMk Hence x ≡ a1y1M1 ≡ 1.a1 = a1 (mod m1). x ≡ a2y2M2 ≡ 1.a2 = a2 (mod m2). . . . x ≡ akykMk ≡ 1.ak = ak (mod mk). Thus, x is the solution Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
18
Application: Example 3 x ≡ 2 (mod 3), a1 = 2 x ≡ 3 (mod 5), a2 = 3
Solve the given system of linear modular equations using Chinese Remainder Theorem. x ≡ 2 (mod 3), a1 = 2 x ≡ 3 (mod 5), a2 = 3 x ≡ 2 (mod 7) , a3 = 2 Solution As m1 = 3, m2 = 5, m3 = 7, hence m = = 105 Now M1 = m/m1 = 105/3 = 35, M2 = m/m2 = 105/5 = 21 and M3 = m/m3 = 105/7 = 15 Inverse of M1 (modulo 3) = y1 = 2 Inverse of M2 (modulo 5) = y2 = 1 Inverse of M3 (modulo 7) = y3 = 1 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
19
Cont... Verification 23 ≡ 2 (mod 3) 23 ≡ 3 (mod 5) 23 ≡ 2 (mod 7)
Now, x, solution to this systems is x ≡ a1y1M1 + a2y2M2 + a3y3M3 = = 233 (mod 105) ≡ 23 (mod 105) Thus 23 is the smallest positive integer that is a simultaneous solution. Verification 23 ≡ 2 (mod 3) 23 ≡ 3 (mod 5) 23 ≡ 2 (mod 7) Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
20
Unique Representation of a Number by CRT
Let m1,…,mk are pair-wise relatively prime integers, let m = m1·…·mk. Then by CRT it can be proved that any integer a, 0 ≤ a ≤ m can be uniquely represented by n-tuple consisting of its remainders upon division by mi (i = 1, 2, . . ., k). That is we can uniquely represent a by (a mod m1, a mod m2, , a mod mk) = (a1, a2 ,…, ak ) Example 4 Pairs to represent non-negative integers < 12, first component is result of division by 3, second by 4 0 = (0, 0); 1 = (1, 1); 2 = (2, 2); 3 = (0, 3); 4 = (1, 0); 5 = (2, 1); 6 = (0, 2); 7 = (1, 3); 8 = (2, 0); 9 = (0, 1); 10 = (1, 2); 11 = (2, 3) Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
21
Unique Representation of a Number by CRT
Example 5 Compute (1, 2) if m1 = 3 and m2 = 4 Solution x ≡ 1 (mod 3) x ≡ 2 (mod 4) m1 = 3, m2 = 4, hence m = 12 Now M1 = m/m1 = 4, M2 = m/m2 = 3 Inverse of M1 (modulo 3) = y1 = 1 Inverse of M2 (modulo 4) = y2 = 3 Now x ≡ a1y1M1 + a2y2M2 = = 22 mod 12 = 10 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
22
Example 6: Chinese Remainder Theorem
Let m1 = 99, m2 = 98, m3 = 97 and m4 = 95 Now any integer < = 89,403,930 can be uniquely represented by its remainders when divided by 99, 98, 97 and 95 respectively. If a = 123,684, b = 413,456 then compute a + b. Solution Now 123,684 mod 99 = 33; 123,684 mod 98 = 8 123,684 mod 97 = 9; 123,684 mod 95 = 89 Hence a = 123,684 = (33, 8, 9, 89) Similarly 413,456 mod 99 = 32; 413,456 mod 98 = 92 413,456 mod 97 = 42; 413,456 mod 95 = 16 Hence b = 413,456 = (32, 92, 42, 16) Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
23
Example 6: Chinese Remainder Theorem
Now a + b = 123, ,456 = (33, 8, 9, 89) + (32, 92, 42, 16) = (65 mod 99, 100 mod 98, 51 mod 97, 105 mod 99) Now we want to find a number x satisfying following x ≡ 65 (mod 99) x ≡ 2 (mod 98) x ≡ 51 (mod 97) x ≡ 10 (mod 95) This can be solved using CRT, Answer = 537,140 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
24
The RSA Public Key Cryptosystem
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated by the following way: Choose two distinct large random prime numbers p and q such that p q Compute n by the equation n = pq, n is used as the modulus for both the public and private keys Compute the totient function (n) Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
25
The RSA Public Key Cryptosystem
Choose an integer e such that 1 < e < (n) and e and (n) share no factors other than 1 (co-prime), e is released as the public key exponent Compute d to satisfy the congruence relation; de ≡ 1 mod (n) i.e. de = 1 + k(n) for some integer k d is kept as the private key exponent Publish the pair P =(e, n) as his RSA public Key Keep secret pair S =(d, n) as his RSA secret Key Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
26
Property: Totient Function
Prove that (p.q) = (p-1).(q-1), where p and q are prime numbers Proof If n = p, a prime number, then (p) = (p-1); e.g., ((7) = 6 because 7 is prime) If n = p * q where p and q are both prime then (n) = (p*q) As above (p) = p - 1 Similarly (q) = q - 1 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
27
Property: Totient Function
For (n) = (p*q), the residues will be S1 = {0, 1, 2,. . ., (pq-1)} Out of S1, residues that are not relatively prime to n: S2 = {p, 2p, ….(q-1)p}, S3 = {q, 2q,……(p-1)q}, S4 = {0} The number of elements of S1 = pq The number of elements of S2 = q-1 The number of elements of S3 = p-1 The number of elements of S4 = 1 Hence number of relatively prime elements in S1 is (n) = pq – [(q-1)+(p-1)+1] = pq – q + 1 – p = pq – q – p + 1 = (p-1)(q-1) = (p) * (q) Dr Nazir A. Zafar Advanced Algorithms Analysis and Design
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.