Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-251 Great Theoretical Ideas in Computer Science for Some.

Published byBarrie Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "15-251 Great Theoretical Ideas in Computer Science for Some."— Presentation transcript:

1 15-251 Great Theoretical Ideas in Computer Science for Some

2 Lecture 17 (March 18, 2008) Modular Arithmetic and the RSA Cryptosystem p-1 pp 1

3 Public Key Cryptography -----BEGIN PGP PRIVATE KEY BLOCK----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com lQHNBEOedR4RBAC6bfed3ULzOwVF/BouyO8kfs8wkOmk3vaMF6+6JyeEJqyImaVh pVhU7lst6QtXTyAF734FtClM/9Dq9Dn7GDoO3E9+nGVO7wJ1OT+X4lgkoiM68WWG eioT958Hg0zq0KquHUBFM+Kldc+nr0e0Q6uCgwIYM7oH60/WX8e2WnvycwCgzba0 kRzxNtmw9w9IEQUk9pa2CK8D/2FjRxtEDN6nY7/l1wUrkMjI/uXYnsNWwrIAbwHp qhUZQYst27XpwNplAmI6YuS+3O+L4vgURj1hVcnNG+2bZXjbt4Fg3RLhrTV/jiuL ohBayAAdZZ4+72Cja1+18xp700GVTF96jYc8dIoxNx1AgHzQUffj3GnscAzo7ud3 HyYHA/9sI6Gijh/ubr1qTzHwZPdilDjfnEyQwR6+forUUegwCO0YawsC2lG6F7MG q3RHnJSwI3DiH/gY5bYk3XxhinkKxqk54DiL6vrHIw/E9J6RazY+ocicLRZ+6XjO JPXpK8s2v64pH5gyrsfANwSTTyECPx/hp2G+0BW/mtMU+JqFPP8DAwKvgRN08aTW 1WAW5/ak/URD4OAOT6OXlyg4YwhaJodb9vfwck4V8bnNLVNhbXBsZSBTZWN1cmVC bGFja2JveCBQR1Aga2V5PGluZm9AZWxkb3MuY29tPp0DJgRDnnWkEAgAxIwIsmEC mLGfQMH6GfNqn8XG9/bvT/nL/m7TjUVv1JGrKDASbASsPlYLnDel4opyp24Azu5x nQ0/QlsOifmXjINcWzNtWcJkW3rBamP1Vw6ZhxN8e1ARRrxwOn42V/yn/HoMFH0O Hhm2M5r8W/rOxo4dPdKPmRPdMaPVMndgM8WcOGPJ6TbMb4g9hphb+E4o3glI6fhP 41GZy57wWdKY9DnQ3W2PGoFaFAlQdyAtekzOmixp2/jXpq4+br9Yd088Unp2sw4Z 56j8sAbTk7NFpcTUSxsnFXpiGr0WkV+qfDyYTBvEnFXIteiThAWYzJgge6Tb6qzL 1XjD5uR1z2FgTwACAgf/fGBkVe8yETYwARrcn0xXv991AEvA4wlNI0/gygJKXxTV 0wTImdsOnsKsxtTCKdchSCFRuGYsBPzc7lUsPKk4jNkAv1EZELhqHkZTC51tEPxA m3/i8iAYFz2rTPfZkrjBJ2xP6ChRqmj0BTcZjo3bzRwjlUMTejGaR9BQDqB9A59z 2rCBn6nz9f6F+1oZ62gThjS6WUbUbhBKCwvfntFsXFrpXWHr5Apv+5zbxteTdHr0 1x3NRl0RzvzJ4wQ4WsVFiZFI3l7HykRd37XE+hSvRSr2iWqE/PdR7alxAswc5LET GCH//3xzP1/7Au3XLUaD4LaFoXY1bIBui2Srmu1kcP8DAwIYqvVK6L5Df2CejmTt hiA1DBnNck4dF7gPOaYku6Rfw27EOvhWmdZ1pp13uw2Tm6SEBoG7rkq1a01UWEjs PhUPkfxhVT6qHd4Bs3EOGSh7sNFsv8IbbAyP3rPOtbt3m9t02xEzKl5ZOqD85EZC HYK/l6lLD8pUX2dJQqZwTN4lkdl99HOf7XYPxHvCmbh1S1CgTM3H2wc5M7QROMhr -----END PGP PRIVATE KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com mQGiBEOedR4RBAC6bfed3ULzOwVF/BouyO8kfs8wkOmk3vaMF6+6JyeEJqyImaVh pVhU7lst6QtXTyAF734FtClM/9Dq9Dn7GDoO3E9+nGVO7wJ1OT+X4lgkoiM68WWG eioT958Hg0zq0KquHUBFM+Kldc+nr0e0Q6uCgwIYM7oH60/WX8e2WnvycwCgzba0 kRzxNtmw9w9IEQUk9pa2CK8D/2FjRxtEDN6nY7/l1wUrkMjI/uXYnsNWwrIAbwHp qhUZQYst27XpwNplAmI6YuS+3O+L4vgURj1hVcnNG+2bZXjbt4Fg3RLhrTV/jiuL ohBayAAdZZ4+72Cja1+18xp700GVTF96jYc8dIoxNx1AgHzQUffj3GnscAzo7ud3 HyYHA/9sI6Gijh/ubr1qTzHwZPdilDjfnEyQwR6+forUUegwCO0YawsC2lG6F7MG q3RHnJSwI3DiH/gY5bYk3XxhinkKxqk54DiL6vrHIw/E9J6RazY+ocicLRZ+6XjO JPXpK8s2v64pH5gyrsfANwSTTyECPx/hp2G+0BW/mtMU+JqFPM0tU2FtcGxlIFNl Y3VyZUJsYWNrYm94IFBHUCBrZXk8aW5mb0BlbGRvcy5jb20+wkkEEBECABMCmQEF AkOedaQJEKl84ZsqNet0AAAROgCggFcJOrmvNvpdmADv0iEzVUVci+gAoJDD9wbm WOq7M06k4rSOZSj2me0GuQINBEOedaQQCADEjAiyYQKYsZ9AwfoZ82qfxcb39u9P +cv+btONRW/UkasoMBJsBKw+VgucN6XiinKnbgDO7nGdDT9CWw6J+ZeMg1xbM21Z wmRbesFqY/VXDpmHE3x7UBFGvHA6fjZX/Kf8egwUfQ4eGbYzmvxb+s7Gjh090o+Z E90xo9Uyd2AzxZw4Y8npNsxviD2GmFv4TijeCUjp+E/jUZnLnvBZ0pj0OdDdbY8a gVoUCVB3IC16TM6aLGnb+Nemrj5uv1h3TzxSenazDhnnqPywBtOTs0WlxNRLGycV emIavRaRX6p8PJhMG8ScVci16JOEBZjMmCB7pNvqrMvVeMPm5HXPYWBPAAICB/98 YGRV7zIRNjABGtyfTFe/33UAS8DjCU0jT+DKAkpfFNXTBMiZ2w6ewqzG1MIp1yFI IVG4ZiwE/NzuVSw8qTiM2QC/URkQuGoeRlMLnW0Q/ECbf+LyIBgXPatM99mSuMEn bE/oKFGqaPQFNxmOjdvNHCOVQxN6MZpH0FAOoH0Dn3PasIGfqfP1/oX7WhnraBOG NLpZRtRuEEoLC9+e0WxcWuldYevkCm/7nNvG15N0evTXHc1GXRHO/MnjBDhaxUWJ -----END PGP PUBLIC KEY BLOCK-----

4 Public Key Cryptography Private Key Public Key P Secret M E P [M]

5 The RSA Cryptosystem Rivest, Shamir, and Adelman (1978) RSA is one of the most used cryptographic protocols on the net. Your browser uses it to establish a secure session with a site.

6 Pick secret, random large primes: p,q “Publish”: n = p*q  (n) =  (p)  (q) = (p-1)*(q-1) Pick random e  Z *  (n) “Publish”: e Compute d = inverse of e in Z *  (n) Hence, e*d = 1 [ mod  (n) ] “Private Key”: d Mumbo jumbo… More Mumbo jumbo…

7 But how does it all work? What is φ (n)? What is Z φ (n) * ? … Why do all the steps work? To understand this, we need a little number theory...

8 MAX(a,b) + MIN(a,b) =a+b n|m means that: m is an integer multiple of n. (We say that “n divides m”.)

9 Greatest Common Divisor: GCD(x,y) = greatest k ≥ 1 such that k|x and k|y LCM(x,y) = smallest k ≥ 1 such that x|k and y|k You can use MAX(a,b) + MIN(a,b) = a+b to prove the above fact. Fact: GCD(x,y) × LCM(x,y) = x × y Least Common Multiple:

10 (a mod n) means: If a = dn + r with 0 ≤ r < n Then r = (a mod n) and d = (a div n) the remainder when a is divided by n Modulus

11 Modular Equivalence Written as a  n b, and spoken “a and b are equivalent modulo n” 31  81 [mod 2] 31  2 81 a  b [mod n]  (a mod n) = (b mod n)  n|(a-b) Example:

12  n is an Equivalence Relation In other words, it is: Reflexive: a  n a Symmetric: (a  n b)  (b  n a) Transitive: (a  n b and b  n c)  (a  n c)  n induces a partition of Z into n classes a and b are said to be in the same “residue class” or “congruence class” when a  n b

13 a  n b  n|(a-b) “a and b are equivalent modulo n” Define Residue class [i] = the set of all integers that are congruent to i modulo n [0] = { …, -6, -3, 0, 3, 6,..} [1] = { …, -5, -2, 1, 4, 7,..} [2] = { …, -4, -1, 2, 5, 8,..} [-6]= { …, -6, -3, 0, 3, 6,..} [7] = { …, -5, -2, 1, 4, 7,..} [-1] = { …, -4, -1, 2, 5, 8,..} Residue Classes Mod 3:

14 Fact: equivalence mod n implies equivalence mod any divisor of n. If (x  n y) and (k|n) then: x  k y Example: 10  6 16  10  3 16 Proof: x  n y  n|(x-y)  k|(x-y)  x  k y

15 If (x  n y) and (a  n b), then: 1. x + a  n y + b 2. x - a  n y – b 3. x * a  n y * b Fundamental lemma of plus, minus, and times mod n: When doing plus, minus, and times modulo n, you can at any time replace a number with a number in the same residue class modulo n What is (249)(504) mod 251? When working mod 251: (-2)(2) = -4 = 247

16 A Unique Representation System Modulo n: We pick exactly one representative from each residue class. We do all our calculations using these representatives.

17 +012 0012 1120 2201 *012 0000 1012 2021 Unique Representation System Modulo 3 Finite set S = {0, 1, 2} + and * defined on S:

18 +01 001 11 0 01 Unique Representation System Modulo 3 Finite set S = {0, 1, -1} + and * defined on S: *01 0000 101 0 1

19 Perhaps The Most Convenient Set of Representatives The reduced system modulo n: Z n = {0, 1, 2, …, n-1} Define operations + n and * n : a + n b = (a+b mod n) a * n b = (a*b mod n)

20 +2+2 01 001 110 *2*2 01 000 101 The Reduced System Modulo 2 Z 2 = {0, 1} Two binary, associative operators on Z 2 :

21 The Reduced System Modulo 2 Z 2 = {0, 1} Two binary, associative operators on Z 2 : + 2 XOR 01 001 110 * 2 AND 01 000 101

22 +0123 00123 11230 22301 33012 *0123 00000 10123 20202 30321 The Reduced System Z 4 = {0,1,2,3}

23 The Reduced System Z 6 = {0,1,2,3,4,5} +012345 0012345 1123450 2234501 3345012 4450123 5501234 An operator has the permutation property if each row and each column has a permutation of the elements. For every n, + n on Z n has the permutation property

24 What about multiplication? Does * 6 on Z 6 have the permutation property? *012345 0000000 1012345 2024024 3030303 4042042 5054321 NO!

25 *01234567 0 1 2 3 4 5 6 7 What about * 8 on Z 8 ? Which rows have the permutation property? 03614725 04040440

26 A visual way to understand multiplication and the “permutation property”.

27 The multiples of c modulo n is the set: {0, c, c + n c, c + n c + n c, ….} = {kc mod n | 0 ≤ k ≤ n-1} There are exactly 8 distinct multiples of 3 modulo 8: 7 53 1 0 6 2 4 Hit all numbers  row 3 has the “permutation property”

28 There are exactly 2 distinct multiples of 4 modulo 8 7 53 1 0 6 2 4

29 There is exactly 1 distinct multiple of 8 modulo 8 7 53 1 0 6 2 4

30 There are exactly 4 distinct multiples of 6 modulo 8 7 53 1 0 6 2 4

31 There number of distinct multiples of c modulo n is: LCM(n,c)/c = n/GCD(c,n) Hence only those values of c with GCD(c,n) = 1 have the permutation property for * n on Z n

32 Theorem: There are exactly k = n/GCD(c,n) = LCM(c,n)/c distinct multiples of c modulo n, and these are: { c*i mod n | 0 ≤ i < k } Proof: Clearly, c/GCD(c,n) ≥ 1 is a whole number ck =cn/GCD(c,n) =n(c/GCD(c,n))  n 0 So there are at most k multiples of c mod n: c*0, c*1, c*2, …, c*(k-1) Also, k = all the factors of n missing from c  cx  n cy  n|c(x-y)  k|(x-y)  x-y ≥ k Hence, there are exactly k multiples of c.

33 If (x  n y) and (a  n b), then: 1. x + a  n y + b 2. x - a  n y – b 3. x * a  n y * b Fundamental lemma of plus, minus, and times mod n:

34 Is there a fundamental lemma of division modulo n? cx  n cy  x  n y ? Of course not! If c=0[mod n], cx  n cy for all x and y. Canceling the c is like dividing by zero.

35 Let’s Fix That! Repaired fundamental lemma of division modulo n? if c  0 [mod n], then cx  n cy  x  n y ? 6*3  10 6*8, but not 3  10 8 2*2  6 2*5, but not 2  6 5 This also doesn’t work!

36 When Can’t I Divide By c? Theorem: There are exactly n/GCD(c.n) distinct multiples of c modulo n Corollary: If GCD(c,n) > 1, then the number of multiples of c is less than n Corollary: If GCD(c,n) > 1 then you can’t always divide by c. There must exist distinct x,y < n such that c*x=c*y (but x  y). Hence can’t divide. Proof:

37 Fundamental lemma of division modulo n: if GCD(c,n)=1, then ca  n cb  a  n b Proof: ca  n cb  n|(cb-ca)  n|c(b-a)  n|(b-a)  a  n b (because GCD(c,n)=1)

38 Fundamental lemma of division modulo n: if GCD(c,n)=1, then ca  n cb  a  n b Consider the set: Z n * = {x  Z n | GCD(x,n) =1} Multiplication over this set Z n * will have the cancellation property

39 Z 6 = {0, 1,2,3,4,5} Z 6 * = *012345 0000000 1012345 2024024 3030303 4042042 5054321 {1,5}

40 Z 12 * = {0 ≤ x < 12 | gcd(x,12) = 1} = {1,5,7,11} * 12 15711 1157 551 7 77 15 751

41 Z 5 * = {1,2,3,4} = Z 5 \ {0} *5*5 1234 11234 22413 33142 44321 For all primes p, Z p * = Z p \ {0}, since all 0 < x < p satisfy gcd(x,p) = 1

42 Euler Phi Function  (n) Define  (n) = size of Z n * (number of 1 ≤ k < n that are relatively prime to n) If p is prime, then  (p) = p-1

43 Z 12 * = {0 ≤ x < 12 | gcd(x,12) = 1} = {1,5,7,11} * 12 15711 1157 551 7 77 15 751  (12) = 4

44 Theorem: if p,q distinct primes then:  (pq) = (p-1)(q-1) # of integers from 1 to pq: # of multiples of q up to pq: # of multiples of p up to pq: # of multiples of both p and q up to pq: Proof:  (pq) = = (p-1)(q-1) pq p q 1 pq – p – q + 1

45 The additive inverse of a  Z n is the unique b  Z n such that a + n b  n 0. We denote this inverse by “–a” It is trivial to calculate: “-a” = n-a Additive Inverse

46 The multiplicative inverse of a  Z n * is the unique b  Z n * such that a * n b  n 1 Multiplicative Inverse We denote this inverse by “a -1 ” or “1/a” *1b34 11234 22413 a3142 44321 The unique inverse of “a” must exist because the “a” row contains a permutation of the elements and hence contains a unique 1.

47 Efficient Algorithm To Compute a -1 From a and n Run Extended Euclidean Algorithm on the numbers a and n It will give two integers r and s such that ra + sn = gcd(a,n) = 1 Taking both sides modulo n, we obtain: ra  n 1 Output r, which is the inverse of a

48 If (x  n y) and (a  n b), then: 1. x + a  n y + b 2. x - a  n y – b 3. x * a  n y * b Fundamental Lemmas Until Now For a,b,c in Z n * then ca  n cb  a  n b

49 If (a  n b) then x a  n x b ? (2  3 5), but it is not the case that: 2 2  3 2 5 NO!

50 Euler’s Theorem: a  Z n *, a  (n)  n 1 Fermat’s Little Theorem: p prime, a  Z p *  a p-1  p 1

51 Fundamental Lemma of Powers: If a   (n) b Then x a  n x b Equivalently, x a  n x a mod  (n)

52 What is 2 4444444441 mod 5? x a (mod n) = x a mod  (n) (mod n) 44444444441   (5) 1 So 2 4444444441 mod 5 = 2

53 Negative Powers Suppose x  Z n *, and a,n are naturals. x -a is defined to be the multiplicative inverse of x a x -a = (x a ) -1

54 Suppose x,y  Z n *, and a,b are integers: (xy) -1  n x -1 y -1 X a X b  n X a+b Rule of Integer Exponents

55 The RSA Cryptosystem

56 Pick secret, random large primes: p,q “Publish”: n = p*q  (n) =  (p)  (q) = (p-1)*(q-1) Pick random e  Z *  (n) “Publish”: e Compute d = inverse of e in Z *  (n) Hence, e*d = 1 [ mod  (n) ] “Private Key”: d

57 n,e is my public key. Use it to send me a message. p,q random primes, e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ]

58 n, e p,q prime, e random  Z *  (n) n = p*q e*d = 1 [ mod  (n) ] message m m e [mod n] (m e ) d  n m

59 Working modulo integer n Definitions of Z n, Z n * and their properties Fundamental lemmas of +,-,*,/ When can you divide out How to calculate c -1 mod n. Fundamental lemma of powers Euler phi function  (n) = |Z n * | Euler’s theorem Fermat’s little theorem RSA algorithm Here’s What You Need to Know…

Download ppt "15-251 Great Theoretical Ideas in Computer Science for Some."

Similar presentations

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Number Theory and Cryptography

Number Theory and Cryptography
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Number Theory(L5) Number Theory Number Theory(L5).

Number Theory(L5) Number Theory Number Theory(L5).
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
and Factoring Integers (I)

and Factoring Integers (I)
CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic

CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
and Factoring Integers

and Factoring Integers
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
Cryptography & Number Theory

Cryptography & Number Theory
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.

CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
BY MISS FARAH ADIBAH ADNAN IMK

BY MISS FARAH ADIBAH ADNAN IMK

Similar presentations

Ads by Google