Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about.

Published byClifford Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about."— Presentation transcript:

1 RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about N/ln N primes · N Exercise: If looking for a 512-bit prime, how many randomly generated numbers need to try ?

2 RSA Parameter Generation We need to decide: Given a number x, how to determine if x is a prime ? What is the running time ?

3 Primality Testing Until recently, no (deterministic) poly-time algorithm for primality testing. In 2002, Agrawal, Kayal, and Saxena: Primality testing is in P !!!

4 Primality Testing Good news: there is a faster approach using randomization First, some terminology: A yes-biased Monte Carlo algorithm is a randomized algorithm that: - if the algo says YES, then the answer is correct - if the algo says NO, then the answer might be incorrect, but this happens with a small probability More precisely, there is a (small) error probability ² >0 s.t. for any “yes” instance, the algo says NO with probability · ² (considering all possible random choices of the algo).

5 Primality Testing Good news: there is a faster approach using randomization (yes-biased Monte Carlo algorithm to determine if an input number is composite) First, some terminology: A yes-biased Monte Carlo algorithm is a randomized algorithm that: - if the algo says YES, then the answer is correct - if the algo says NO, then the answer might be incorrect, but this happens with a small probability More precisely, there is a (small) error probability ² >0 s.t. for any “yes” instance, the algo says NO with probability · ² (considering all possible random choices of the algo).

6 Primality Testing – randomized attempt 1 Fermat’s Little Theorem (pg 79): If p is a prime, then a p-1 ´ 1 (mod p) for all a 2 Z p -{0} PseudoPrime(x): 1. Choose random a, 1 ≤ a ≤ x − 1. 2. if a x−1 ≡ 1 (mod x): 3. return prime 4. else 5. return composite Is this a yes-biased Monte Carlo algorithm ? For primes ? For composites ? Polynomial-time ?

7 Primality Testing – randomized attempt 1 Problem: There are composite numbers for which the Fermat’s Little Theorem holds. (A composite number x is a Carmichael number if a x-1 ´ 1 (mod x), for every a 2 Z x -{0}) Good news: Carmichael numbers are very rare: only 255 Carmichael numbers smaller than 10 9 (the first three are 561, 1105, and 1729). Bad news: What is ² for our algo from the previous slide ?

8 Miller-Rabin Miller-Rabin(x): 1. Find k,m such that x−1 = 2 k m, where m is odd 2. Choose random a, 1 ≤ a ≤ x−1 3. Let b = a m mod x 4. if b ≡ 1 (mod x): return prime 5. for i=0 to k−1: 6. if b ≡ −1 (mod x): return prime 7. else: b = b 2 mod x 8. return composite This is a polynomial-time yes-biased Monte Carlo algorithm that tests whether x is composite. Why ? Note: ² ≤ ¼ (we will not prove this)

9 RSA Questions - Eve can compute the e-th root modulo n to decrypt… The catch: computing roots mod n as hard as factoring ! - If Bob chooses p,q but one of them will not be a prime, will RSA still work ? - Can Eve precompute all products of 512-bit primes, to have a table (and factorization) of all possible n ?

Download ppt "RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about."

Similar presentations

RSA.

RSA.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
PRIMALITY TESTING – its importance for cryptography

PRIMALITY TESTING – its importance for cryptography
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
MS 101: Algorithms Instructor Neelima Gupta

MS 101: Algorithms Instructor Neelima Gupta
Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:
Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.

Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
מבוא מורחב 1 Lecture 4 Material in the textbook on Pages 44-46, 50-53 of 2nd Edition Sections 1.2.4 and 1.2.6 + Hanoy towers.

מבוא מורחב 1 Lecture 4 Material in the textbook on Pages 44-46, of 2nd Edition Sections and Hanoy towers.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
and Factoring Integers (I)

and Factoring Integers (I)
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.
1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

Similar presentations

Ads by Google