Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discrete Logarithm(s) (DLs) Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that a x ≡ b (mod p) is called the discrete.

Published byMeredith Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Discrete Logarithm(s) (DLs) Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that a x ≡ b (mod p) is called the discrete."— Presentation transcript:

1 Discrete Logarithm(s) (DLs) Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that a x ≡ b (mod p) is called the discrete logarithm problem. Suppose that n is the smallest integer such that a n ≡1 (mod p), i.e., n=ord p (a). By assuming 0≤x<n, we denote x=L a (b), and call it the discrete log of b w.r.t. a (mod p) Ex: p=11, a=2, b=9, then x=L 2 (9)=6

2 Discrete Logarithms In the RSA algorithms, the difficulty of factoring a large integer yields good cryptosystems In the ElGamal method, the difficulty of solving the discrete logarithm problem yields good cryptosystems Given p, a, b, solve a x ≡ b (mod p) a is suggested to be a primitive root mod p

3 One-Way Function A function f(x) is called a one-way function if f(x) is easy to compute, but, given y, it is computationally infeasible to find x with y=f(x). L a (b) is a one-way function if p is large

4 Primitive Roots mod 13 a is a primitive root mod p if {a k | 1 ≦ k ≦ p-1} = {1,2, …,p-1} ♪ 2, 6,7,11 are primitive roots mod 13 3 3 ≡ 1 (mod 13), 4 6 ≡ 1 (mod 13), 5 4 ≡ 1 (mod 13), 8 4 ≡ 1 (mod 13), 9 3 ≡ 1 (mod 13), 10 6 ≡ 1 (mod 13), 12 2 ≡ 1 (mod 13)

5 Solve a x ≡ b (mod p) An exhaustive search for all 0 ≤ x < p Check only for even x or odd x according to b (p-1)/2 ≡ (a x ) (p-1)/2 ≡(a (p-1)/2 ) x ≡(-1) x ≡ 1 or -1 (mod p), where a is a primitive root (Ex) p=11, a=2, b=9, since b (p-1)/2 ≡9 5 ≡1, then check for even numbers {0,2,4,6,8,10} only to find x=6 such that 2 6 ≡ 9 (mod 11)

6 Solve a x ≡ b (mod p) by Pohlig- Hellman Let p-1 = Πq r for all q|(p-1), write b 0 =b,and x=x 0 + x 1 q +x 2 q 2 + … + x r-1 q r-1 for 0 ≤ x i ≤ q-1 1. Find 0≤ k ≤q-1 such that (a (p-1)/q ) k ≡b (p-1)/q, then x 0 ≡k, next let b 1 ≡b 0 a -x0 2. Find 0≤ k ≤q-1 such that (a (p-1)/q ) k ≡[b 1 ] (p-1)/q^2, then x 1 ≡k, next let b 2 ≡b 1 a -x1 3. Repeat steps 1, 2 until x r-1 is found for a q 4. Repeat steps 1~3 for all q’s, then apply Chinese Remainder Theorem to get the final solution

7 7 x ≡12 (mod 41); p=41, a=7, b=12, p-1=41-1=40 =2 3 5 b 0 =12 For q=2: b 0 =12, b 1 =31, b 2 =31, and x = x 0 +2x 1 +4x 2 ≡1+2·0+4·1≡ 5 (mod 8) For q=5: b 0 =12, b 1 =18, and x = x 0 ≡ 3 (mod 5) Solving x ≡ 5 (mod 8) and x≡ 3 (mod 5), We have x≡13 (mod 40)

8 Solve a x ≡ b (mod p) by Index Calculus Let B be a bound and let p 1,p 2,…, p m be the primes less than B and cover all of the prime Factors of p-1. Then appropriately choose k(j)’s such that a k(j) ≡(p 1 ) r1 (p 2 ) r2 … (p m ) rm, i.e., r 1 *L a (p 1 )+r 2 *L a (p 2 )+… + r m *L a (p m ) ≡k(j) for several j’s, solve the linear system to get L a (p 1 ), L a (p 2 ), …, L a (p m ), then select R apply ba R ≡(p 1 ) b1 (p 2 ) b2 … (p m ) bm, then the solution is L a (b)≡-R+Πb i L a (p i )

9 Solve 2 x ≡37 (mod 131) p=131, a=2, b=37, let B=10, then p 1 =2, p 2 =3, p 3 =5, p 4 =7, since 2 8 ≡5 3, 2 12 ≡5·7, 2 14 ≡3 2, 2 34 ≡3·5 2 (mod p), we have 3L 2 (5)≡ 8 (mod 130) L 2 (5)+ L 2 (7)≡12 (mod 130) 2L 2 (3)≡14 (mod 130) L 2 (3)+2L 2 (5)≡34 (mod 130)

10 L 2 ([3, 5, 7])=[72, 46, 96] Choose R=43, then 37·2 43 ≡3·5·7 (mod 131), so we have L 2 (37) ≡-43+ L 2 (3)+ L 2 (5)+ L 2 (7) ≡ 41 (mod 130) ♪ L 2 (11) ≡ 56 (mod 130) [R=4] ♪ L 2 (23) ≡ 23 (mod 130) [R=5]

11 A Lemma on p≡3 (mod 4) Let p≡3 (mod 4), r≥2. Suppose a and g are nonzero integers such that g≡a y(2^r) (mod p). Then g (p+1)/4 ≡ a y[2^(r-1)] (mod p) [Proof] g (p+1)/4 ≡ a (p+1)y[2^(r-2)] ≡a y(2^(r-1)) [a (p-1) ] y(2^(r-2)) ≡ a y(2^(r-1)) (mod p)

12 A L a (b) (mod 4) Machine Let a be a primitive root (mod p), where p≡3 (mod 4) is large, then Computing L a (b) (mod 4) is as difficult as finding the solution of a x ≡ b (mod p) [P.172]

13 The ElGamal Public Key Cryptosystem Alice wants to send a message m to Bob. Bob chooses a large prime p and a primitive root a. Assume m is an integer 0≤m<p, and Bob selects a secret integer x to compute b≡a x (mod p). The information (p,a,b) is made public and is Bob’s public key. Alice does the following procedures.

14 Encryption and Decryption 1.Downloads (p,a,b) 2.Chooses a secret random k and computes r≡a k (mod p) 3.Computes t≡b k m (mod p) 4.Sends the pair (t,r) to Bob Bob decrypts by computing tr -x (≡m (mod p))

15 Exercises on Pages 175 and 176

Download ppt "Discrete Logarithm(s) (DLs) Fix a prime p. Let a, b be nonzero integers (mod p). The problem of finding x such that a x ≡ b (mod p) is called the discrete."

Similar presentations

Public Key Cryptosystem

Public Key Cryptosystem
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
7. Asymmetric encryption-

7. Asymmetric encryption-
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,

Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.

Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:

Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Similar presentations

Ads by Google