Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-251 Great Theoretical Ideas in Computer Science.

Published byTyler Heath Modified over 8 years ago

Similar presentations

Presentation on theme: "15-251 Great Theoretical Ideas in Computer Science."— Presentation transcript:

1 15-251 Great Theoretical Ideas in Computer Science

2 Clarifications of some of the homework Problems. Problem 1 Problem 5 Problem 6

3 Lecture 14 (February 25, 2010) Raising numbers to powers, Cyrptography and RSA, p-1 pp 1

4 It’s all done with splay trees. QED. Class Dismissed.

5 Not

6 How do you compute… 5858 First idea: 5 5252 5353 5454 5 5656 5757 5858 = 5*5 = 5 2 *5 using few multiplications?

7 How do you compute… 5858 Better idea: 5 5252 5454 5858 = 5*5 = 5 2 *5 2 = 5 4 *5 4 Used only 3 mults instead of 7 !!!

8 Repeated squaring calculates a 2 k in k multiply operations compare with (2 k – 1) multiply operations used by the naïve method

9 How do you compute… 5 13 5 16 too high! what now? assume no divisions allowed… Use repeated squaring again? 5 5252 5454 5858

10 How do you compute… 5 13 Use repeated squaring again? 5 5252 5454 5858 Note that 13 = 8+4+1 So a 13 = a 8 * a 4 * a 1 Two more multiplies! 13 10 = (1101) 2

11 To compute a m Suppose 2 k ≤ m < 2 k+1 a a2a2 a4a4 a8a8 This takes k multiplies Now write m as a sum of distinct powers of 2 a m = a 2 k * a 2 i1 * … * a 2 it a2ka2k... say, m = 2 k + 2 i 1 + 2 i 2 … + 2 i t at most k more multiplies

12 Hence, we can compute a m while performing at most 2  log 2 m  multiplies

13 How do you compute… 5 13 (mod 11) First idea: Compute 5 13 using 5 multiplies 5 5252 5454 5858 5 12 5 13 = 5 8 *5 4 = 5 12 *5 then take the answer mod 11 = 1 220 703 125 1220703125 (mod 11) = 4

14 How do you compute… 5 13 (mod 11) Better idea: keep reducing the answer mod 11 5 5252 5454 5858 5 12 5 13 ´ 11 3 ´ 11 9 ´ 11 81 ´ 11 36 ´ 11 15 ´ 11 4 ´ 11 3 ´ 11 4 25

15 Hence, we can compute a m (mod n) while performing at most 2  log 2 m  multiplies where each time we multiply together numbers with  log 2 n  + 1 bits

16 How do you compute… 5 121242653 (mod 11) The current best idea would still need about 54 calculations answer = 4 Can we exponentiate any faster?

17 OK, need a little more number theory for this one…

18 Z n = {0, 1, 2, …, n-1} Z n * = {x  Z n | GCD(x,n) =1} First, recall…

19 Fundamental lemmas mod n: If (x  n y) and (a  n b). Then 1) x + a  n y + b 2) x * a  n y * b 3) x - a  n y – b 4) cx  n cy  a  n b i.e., if c in Z n *

20 Euler Phi Function Á (n) Á (n) = size of Z n * p prime  Á (p) = p-1 p, q distinct primes  Á (pq) = (p-1)(q-1)

21 Fundamental lemma of powers? If (x  n y) Then a x  n a y ? NO! (2  3 5), but it is not the case that: 2 2  3 2 5

22 (Correct) Fundamental lemma of powers. Equivalently, for a  Z n *, a x  n a x mod Á (n) If a  Z n * and x  Á (n) y then a x  n a y

23 How do you compute… 5 121242653 (mod 11) 121242653 (mod 10) = 3 5 3 (mod 11) = 125 mod 11 = 4 Why did we take mod 10?

24 Hence, we can compute a m (mod n) while performing at most 2  log 2 Á (n)  multiplies where each time we multiply together numbers with  log 2 n  + 1 bits for a  Z n *, a x  n a x mod Á (n)

25 343281 327847324 mod 39 Step 1: reduce the base mod 39 Step 2: reduce the exponent mod Á (39) = 24 Step 3: use repeated squaring to compute 3 4, taking mods at each step NB: you should check that gcd(343280,39)=1 to use lemma of powers

26 (Correct) Fundamental lemma of powers. Equivalently, for a  Z n *, a x  n a x mod Á (n) If a  Z n * and x  Á (n) y then a x  n a y

27 Use Euler’s Theorem For a  Z n *, a Á (n)  n 1 Corollary: Fermat’s Little Theorem For p prime, a  Z p *  a p-1  p 1 How do you prove the lemma for powers?

28 Proof of Euler’s Theorem: for a  Z n *, a Á (n)  n 1 Define a Z n * = {a * n x | x  Z n * } for a  Z n * By the cancellation property, Z n * = aZ n *  x  n  ax [as x ranges over Z n * ]  x  n  x (a size of Zn* ) [Commutativity] 1 = n a size of Zn* [Cancellation] a Á (n) = n 1

29 Euler’s Theorem For a  Z n *, a Á (n)  n 1 Corollary: Fermat’s Little Theorem For p prime, a  Z p *  a p-1  p 1 Please remember

30 Basic Cryptography

31 One Time Pads

32 they give perfect security!

33 But reuse is bad XOR = Can do other attacks as well

34 Agreeing on a secret One time pads rely on having a shared secret! Alice and Bob have never talked before but they want to agree on a secret… How can they do this?

35 A couple of small things A value g in Z n * “generates” Z n * if g, g 2, g 3, g 4, …, g Á (n) contains all elements of Z n *

36 Diffie-Hellman Key Exchange Alice: Picks prime p, and a generator g in Z p * Picks random a in Z p * Sends over p, g, g a (mod p) Bob: Picks random b in Z p *, and sends over g b (mod p) Now both can compute g ab (mod p)

37 What about Eve? If Eve’s just listening in, she sees p, g, g a, g b It’s believed that computing g ab (mod p) from just this information is not easy… Alice: Picks prime p, and a value g in Z p * Picks random a in Z p * Sends over p, g, g a (mod p) Bob: Picks random b in Z p *, and sends over g b (mod p) Now both can compute g ab (mod p)

38 also, discrete logarithms seem hard Discrete-Log: Given p, g, g a (mod p), compute a How fast can you do this? If you can do discrete-logs fast, you can solve the Diffie-Hellman problem fast. How about the other way? If you can break the DH key exchange protocol, do discrete logs fast?

39 Diffie Hellman requires both parties to exchange information to share a secret can we get rid of this assumption?

40 The RSA Cryptosystem

41 Our dramatis personae Rivest Shamir Adleman Euler Fermat

42 Pick secret, random large primes: p,q Multiply n = p*q “Publish”: n  (n) =  (p)  (q) = (p-1)*(q-1) Pick random e  Z *  (n) “Publish”: e Compute d = inverse of e in Z *  (n) Hence, e*d = 1 [ mod  (n) ] “Private Key”: d

43 n,e is my public key. Use it to send me a message. p,q random primes e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ]

44 n, e p,q prime, e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ] message m m e [mod n] (m e ) d  n m

45

46 Extended gcd on ocaml. (egcd a b) returns a triple (x,y,g) such That g is the gcd(a,b) and g=ax+by. let rec egcd a b = if a = 0 then (0,1,b) else let (x,y,g) = egcd (b mod a) a in (y-(b/a)*x, x, g)

47 How hard is cracking RSA? If we can factor products of two large primes, can we crack RSA? If we know n and Á (n), can we crack RSA? How about the other way? Does cracking RSA mean we must do one of these two? We don’t know (yet)…

48 Fast exponentiation Fundamental lemma of powers Euler phi function  (n) = |Z n * | Euler’s theorem Fermat’s little theorem Diffie-Hellman Key Exchange RSA algorithm Here’s What You Need to Know…

Download ppt "15-251 Great Theoretical Ideas in Computer Science."

Similar presentations

RSA and Public Key Cryptography Oct. 2002 Nathanael Paul.

RSA and Public Key Cryptography Oct Nathanael Paul.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
7. Asymmetric encryption-

7. Asymmetric encryption-
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPublic Key Cryptography1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography & Number Theory

Cryptography & Number Theory
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.

Introduction to Modern Cryptography Lecture 7 1.RSA Public Key CryptoSystem 2.One way Trapdoor Functions.
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.

CSCI 172/283 Fall 2010 Public Key Cryptography. New paradigm introduced by Diffie and Hellman The mailbox analogy: Bob has a locked mailbox Alice can.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.

Similar presentations

Ads by Google