Embed Size (px)
Citation preview
Dan Boneh
Intro. Number Theory
Modular e’th roots
Online Cryptography Course Dan Boneh
Dan Boneh
Modular e’th rootsWe know how to solve modular linear equations:
a x + b = 0 ⋅ in ZN Solution: x = −b a⋅ -1 in ZN
What about higher degree polynomials?
Example: let p be a prime and c Z∈ p . Can we solve:
x2 – c = 0 , y3 – c = 0 , z37 – c = 0 in Zp
Dan Boneh
Modular e’th rootsLet p be a prime and c Z∈ p .
Def: x Z∈ p s.t. xe = c in Zp is called an e’th root of c .
Examples: 71/3 = 6 in
31/2 = 5 in
11/3 = 1 in
21/2 does not exist in
Dan Boneh
The easy caseWhen does c1/e in Zp exist? Can we compute it efficiently?
The easy case: suppose gcd( e , p-1 ) = 1Then for all c in (Zp)*: c1/e exists in Zp and is easy to
find.
Proof: let d = e-1 in Zp-1 . Then
d e = 1 in Z⋅ p-1 ⇒
Dan Boneh
The case e=2: square rootsIf p is an odd prime then gcd( 2, p-1) ≠ 1
Fact: in , x x⟶ 2 is a 2-to-1 function
Example: in :
Def: x in is a quadratic residue (Q.R.) if it has a square root in
p odd prime the # of Q.R. in is (p-1)/2 + 1 ⇒
1 10
1
2 9
4
3 8
9
4 7
5
5 6
3
x −x
x2
Dan Boneh
Euler’s theoremThm: x in (Zp)* is a Q.R. x⟺ (p-1)/2 = 1 in Zp (p odd prime)
Example:
Note: x≠0 x⇒ (p-1)/2 = (xp-1)1/2 = 11/2 { 1, -1 } in Z∈ p
Def: x(p-1)/2 is called the Legendre Symbol of x over p (1798)
in : 15, 25, 35, 45, 55, 65, 75, 85, 95, 105
= 1 -1 1 1 1, -1, -1, -1, 1, -1
Dan Boneh
Computing square roots mod pSuppose p = 3 (mod 4)
Lemma: if c (Z∈ p)* is Q.R. then √c = c(p+1)/4 in Zp
Proof:
When p = 1 (mod 4), can also be done efficiently, but a bit harder
run time ≈ O(log3 p)
Dan Boneh
Solving quadratic equations mod pSolve: a x⋅ 2 + b x + c = 0 in Z⋅ p
Solution: x = (-b ± √b2 – 4 a c ) / 2a in Z⋅ ⋅ p
• Find (2a)-1 in Zp using extended Euclid.
• Find square root of b2 – 4 a c ⋅ ⋅ in Zp (if one exists)
using a square root algorithm
Dan Boneh
Computing e’th roots mod N ??Let N be a composite number and e>1
When does c1/e in ZN exist? Can we compute it efficiently?
Answering these questions requires the factorization of N(as far as we know)
Dan Boneh
End of Segment
