Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ryan Henry I 538 /B 609 : Introduction to Cryptography.

Published byBeverley Vivien Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "Ryan Henry I 538 /B 609 : Introduction to Cryptography."— Presentation transcript:

1 Ryan Henry I 538 /B 609 : Introduction to Cryptography

2 Ryan Henry After the talk, Chris will stick around to meet with students in LH 102 from 4:30 to 5:00 TOMORROW at 3pm in LH 102! 1

3 Ryan Henry Another upcoming talk! Who: abhi shelat (University of Virginia) When: 12:00—1:00pm on Thursday Oct 5 (One week from today!) Where: Maurer 335 Title: TBA Abstract: TBA 2

4 Ryan Henry Tuesday’s lecture: More number theory Introduction to groups Today’s lecture: Modular e th roots Discrete logarithms 3

5 Ryan Henry Assignment 5 is due Tuesday, November 10! (Please fill out Doodle poll for the optional lab!) 4

6 Ryan Henry Recall: Groups ab∈G Def n : Let G be a non-empty set and let ‘’ be a binary operation acting on ordered pairs of elements from G. The pair (G,) is called a group if 1. Closure: ∀a,b∈G, 2. Associativity: ∀a,b,c∈G, 3. Identity: ∃e∈G, 4. Inverses: ∀a∈G, The group (G,) is abelian (or commutative) if 5. Commutative: ∀a,b∈G, ??? (ab)c=a(bc) ∀a∈G, ae=ea=a ∃a -1 ∈G such that aa -1 =a -1 a=e a b=b a ??? ??? ??? ??? Note: We often refer to just the set G as the group if the operation is clear 5

7 Ryan Henry Recall: Exponentiation in a group ▪F▪For n∈{1,2,3,…} we define a n =aaaa ▪F▪For n=0, we define a n =e ▪F▪For n∈{-1,-2,-3, …} we define a n =(a -1 ) -n ▪A▪Additive notation: If (G,+) is a group under addition, then we write na≔a+a+⋯+a n times Thm (law of exponents): Let (G,) be a group and let m,n∈ℤ. For each a∈G, a m a n =a m+n and (a m ) n =a mn. n times 6

8 Ryan Henry e th roots Def n : Let (G,) be a group and let a∈G. An e th root of a in G is an element b∈G such that a≡b e mod n. ??? ?? ?? ?? 4 8 5 (since 55=25≡8 mod 17) ?? 2 Def n : An e th root of a modulo n is an e th root of a in (℥ n,⊡), where ⊡ denotes multiplication modulo n. e≠identity! (from here on, we’ll denote the identity by 1) 7

9 Ryan Henry e th roots Q: Do e th roots modulo n always exist? A: No! (So when do they exist?) Q: If an e th root of a modulo n exists, is it unique? A: In general, no! (But when is it unique?) Q: If an e th root of a modulo n exists, is it easy to compute? A: Yes, provided we know the factorization of n! (2 1/2 mod 11 does not exist, since 1 2 ≡1, 2 2 ≡4, 3 2 ≡9, 4 2 ≡5, 5 2 ≡3, 6 2 ≡3, 7 2 ≡5, 8 2 ≡9, 9 2 ≡4, 10 2 ≡1!) (3 1/2 ≡5 or 6 mod 11, since 5 2 =25≡3 mod 11 and 6 2 =36≡ 3 mod 11) 8

10 Ryan Henry e th roots modulo p Suppose p>2 is prime and let a∈ℤ p Q: When does a unique solution for a 1⁄e mod p exist? A: If gcd(e,p-1)=1, then a 1/e ≡a d mod p where d≔e -1 mod p-1 If gcd(e,p-1)≠1, then a 1/e may or may not exist; if it does exist, then it is not unique! Fact: If p>2 is prime, then the squaring function, which maps each a∈G to a 2 is a 2—to—1 function in ℥ p. 9

11 Ryan Henry Quadratic residues Def n : An element a∈ℤ n is a quadratic residue modulo n if and only if it has a square root modulo n. –A–At most half of elements in ℤ n can be quadratic residues modulo n! ▪T▪The set of quadratic residues modulo n is denoted QR n. –F–Fact: (QR n,⊡) is a group, where ⊡ is multiplication modulo n! More generally, a is an e th residue modulo n if it has an e th root modulo n. 10

12 Ryan Henry Legendre symbols 11

13 Ryan Henry Jacobi Symbols 12

14 Ryan Henry Computing square roots modulo n Thm: If p is a prime such that p≡3 mod 4 and a is a quadratic residue modulo p, then a 1/2 ≡a (p+1)⁄4 mod p. Proof: (a (p+1)⁄4 ) 2 ≡a (p+1)⁄2 (law of exponents) ≡a 1+(p-1)⁄2 (rearranging) ≡aa (p-1)⁄2 ≡a (Euler’s Criterion) ☐ Q: Why do we insist on p≡3 mod 4? A: If p≡1 mod 4, then (p+1)⁄4 is not an integer! (If p≡1 mod 4, more complicated algorithm compute a 1/2 in O(lg 3 p) steps) 13

15 Ryan Henry e th roots modulo n Suppose n is composite and let a∈℥ n Q: When does a solution for a 1⁄e mod n exist? When is it unique? A: If gcd ( e,φ(n) ) =1, then a 1/e ≡a d mod n where d≔e -1 mod φ(n) If gcd ( e,φ(n) ) ≠1, then a 1/e may or may not exist; if it does exist, then it is not unique! ▪N▪Note: Suppose n=pq for distinct primes p and q. Then knowledge of φ(n) is sufficient to determine n ▪I▪It appears hard to determine existence of a 1/e when factorization of n is not known… 14

16 Ryan Henry Computing p and q from φ(pq) ▪G▪Goal: Given n=pq and φ(n), determine p and q. φ(n)=(p-1)(q-1)=pq-p-q+1=(n+1)-p-q (def n of φ(n)) ⇒ (n+1)-φ(n)=p+q so that q=(n+1)-φ(n)-p (rearranging) ⇒ n=p(n+1-φ(n)-p)=-p 2 +(n+1φ(p)) (substitute into n=pq) ⇒ p 2 -(n+1-φ(n))p+n=0 (rearranging) ▪T▪This is a quadratic equation in indeterminant p with a=1 b=-(n+1-φ(n)) c=n ⇒ the quadratic formula yields p and q as the two roots! 15

17 Ryan Henry The e th root problem Def n : The eth root problem (aka the RSA problem) is: Given (n,e,a) such that 1. n=pq for distinct s-bit primes p and q, 2. a∈℥ n, and 3. gcd(e,φ(n))=1, compute a 1/e mod n. 16 One possible solution: compute d≔e -1 mod φ(n) and output a d mod n Fact: Compute d is equivalent to factoring n! Q: Is solving e th root as hard as factoring? A: Well…err, maybe? I dunno! (It may be possible to compute a 1/e directly!)

18 Ryan Henry Practice: Computing square roots modulo p ▪C▪Compute the square roots of 3 mod 139, if they exist. ▪C▪Compute the square roots of 5 mod 139, if they exist. Legendre Symbol: 3 (139-1)/2 ≡138≡-1 mod 139 Legendre Symbol: 5 (139-1)/2 = 1 mod 139 Mod 4 congruence: 139 = 3 mod 4 “Positive” root: 5 (139+1)/4 = 127 mod 139 “Negative” root: 139-127 = 12 mod 139  Roots do not exist! Roots exist! Simple formula for computing roots!

19 Ryan Henry Practice: Computing e th roots modulo n ▪ Compute 51 1/11 mod 10 961 (Note: 10 961=113·97) Compute φ(10 961): (113-1)(97-1)=10 752 Relative primeness: gcd(11, 112·96) = 1 Inverse mod 10 752: 11 -1 ≡1955 mod 10 752 Compute root: 51 1955 = 6 066 mod 10 961 unique root exists!

20 Ryan Henry Logarithms Def n : The logarithm of a to the base b is the number x such that We denote that x is the logarithm of a to the base b by log b a=x 19 a=b x ??? –l–log 4 16= –l–log 5 125= –l–log 2 128= –l–log 2 16= 4, since 2 4 =16 7, since 2 7 =128 3, since 5 3 =125 2, since 4 2 =16 ??? ??? ??? ???

21 Ryan Henry Recall: Order of a group element Def n : The number of elements in a group (G,) is called its order. We write |G| to denote the order of (G,). Def n : Let (G,) be a group and let a∈G. The smallest positive integer i such that a i =e is called the order of a in (G,). We write |a| to denote the order of a∈G. If |a|=|G|, then we call a a generator of (G,). 20

22 Ryan Henry Euler’s Theorem for finite groups Thm: Let (G,) be a group and let a∈G. a i =a j in G if and only if i≡j mod |a|. Trick: To compute a i mod n, first reduce the exponent (i.e., i) modulo |a|, or |G| if |a| is not known. - Lagrange’s Theorem: Let (G,) be a group with order |G|=N. Then |a| divides N for all a∈G. - Corollary: If i≡j mod |G|, then a i =a j in G. 21

23 Ryan Henry Cyclic groups Def n : If (G,) has one or more generators, then we call it a cyclic group. 22 Thm: If |G| is prime, then (G,) is cyclic. -T-This follows directly from the generalization of Euler’s Theorem on the last slide! Note: If (G,) is cyclic and |G| is given, then given any generator g∈G, it is easy to select h∊G is easy. (How?) - Choose r∊{0,1,…,|G|-1} and output h=g r

24 Ryan Henry Discrete logarithms Def n : Let G be a group with |G|=n and let g,h∈G. A discrete logarithm (DL) of h to the base g in G is a number x∈ℤ n such that 23 h=g x in G. ??? Q: Does the DL of h to the base g always exist? A: No! (So when does it exist?) Q: If the DL of h to the base g exists, is it unique? A: Sort of… If x 1 and x 2 are DLs of h to the base g, then x 1 ≡x 2 mod |g| Thm: If (G,) is a cyclic group of order n with g a generator, then ∀h∈G, x=log g h exists and is unique in ℤ n - We therefore speak of the DL of h to the base g

25 Ryan Henry The DL problem Def n : Let (G,) be a cyclic group of order n and let g be a generator of G. Then the DL problem in (G,) is: Given (G,n,g,h) where g,h∈G with |g|=n, compute x=log g h 24

26 Ryan Henry Intractable problems ▪ Intuitively, we call a problem intractable if no PPT algorithm can solve a uniform random instance the problem, except with negligible probability ▪ The factoring, e th root, and DL problems are all believed to lead to “intractable” problems – Attacker must be PPT in what parameter? – Success probability must be negligible in what parameter? ▪ So far, all problems are defined in a particular finite group 25

27 Ryan Henry Group generating algorithm Def n : A group generating algorithm G is a PPT algorithm that, on input a security parameter 1 s, outputs a finite group (G,) with s-bit prime order q and a generating g∈G. We write (G,,q,g)← G (1 s ) to indicate that (G,) is a group with s-bit prime order q and generator g, sampled from the output of G. 26

28 Ryan Henry That’s all for today, folks! 27

Download ppt "Ryan Henry I 538 /B 609 : Introduction to Cryptography."

Similar presentations

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Section 11 Direct Products and Finitely Generated Abelian Groups One purpose of this section is to show a way to use known groups as building blocks to.

Section 11 Direct Products and Finitely Generated Abelian Groups One purpose of this section is to show a way to use known groups as building blocks to.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
1.  Detailed Study of groups is a fundamental concept in the study of abstract algebra. To define the notion of groups,we require the concept of binary.

1.  Detailed Study of groups is a fundamental concept in the study of abstract algebra. To define the notion of groups,we require the concept of binary.
7. Asymmetric encryption-

7. Asymmetric encryption-
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
and Factoring Integers (I)

and Factoring Integers (I)
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel:03- 5742968, Fax : 886-3-572-3694.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
and Factoring Integers

and Factoring Integers
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.

Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.

Cryptography Lecture 6 Stefan Dziembowski

Cryptography Lecture 6 Stefan Dziembowski
FINITE FIELDS 7/30 陳柏誠.

FINITE FIELDS 7/30 陳柏誠.

Similar presentations

Ads by Google