Embed Size (px)
Citation preview
Lecture 3.2: Public Key Cryptography II
CS 436/636/736 Spring 2012
Nitesh Saxena
Today’s Informative/Fun Bit – Acoustic Emanations
• http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+emanations&btnG=Google+Search
• http://tau.ac.il/~tromer/acoustic/
204/19/23 Public Key Cryptography -- II
Course Administration
• HW2 – due at 11am on Feb 06• Any questions, or help needed?
304/19/23 Public Key Cryptography -- II
Outline of Today’s Lecture
• Number Theory• Modular Arithmetic
404/19/23 Public Key Cryptography -- II
Modular Arithmetic
• Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m.
Notation: Example: • We work in Zm = {0, 1, 2, …, m-1}, the group of
integers modulo m• Example: Z9 ={0,1,2,3,4,5,6,7,8}• We abuse notation and often write = instead
of 5
)(modmyx 14 5(mod9)
04/19/23 Public Key Cryptography -- II
Addition in Zm :
• Addition is well-defined:
– 3 + 4 = 7 mod 9.– 3 + 8 = 2 mod 9.
6
)(mod''
)(mod'
)(mod'
myxyx
then
myy
mxx
if
04/19/23 Public Key Cryptography -- II
Additive inverses in Zm
• 0 is the additive identity in Zm
• Additive inverse of a is -a mod m = (m-a)– Every element has unique additive inverse. – 4 + 5= 0 mod 9. – 4 is additive inverse of 5.
7
)(mod0)(mod0 mxmxx
04/19/23 Public Key Cryptography -- II
Multiplication in Zm :
• Multiplication is well-defined:
– 3 * 4 = 3 mod 9.– 3 * 8 = 6 mod 9.– 3 * 3 = 0 mod 9.
8
)(mod''
)(mod'
)(mod'
myxyx
then
myy
mxx
if
04/19/23 Public Key Cryptography -- II
Multiplicative inverses in Zm
• 1 is the multiplicative identity in Zm
• Multiplicative inverse (x*x-1=1 mod m)– SOME, but not ALL elements have unique
multiplicative inverse. – In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …,
so 3 does not have a multiplicative inverse (mod 9)– On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2,
4*6=6, 4*7=1, so 4-1=7, (mod 9)
9
)(mod1)(mod1 mxmxx
04/19/23 Public Key Cryptography -- II
Which numbers have inverses?
• In Zm, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1– E.g., 4 in Z9
1004/19/23 Public Key Cryptography -- II
Extended Euclidian: a-1 mod n
• Main Idea: Looking for inverse of a mod n means looking for x such that x*a – y*n = 1.
• To compute inverse of a mod n, do the following:– Compute gcd(a, n) using Euclidean algorithm.– Since a is relatively prime to m (else there will be no inverse) gcd(a, n)
= 1.– So you can obtain linear combination of rm and rm-1 that yields 1.
– Work backwards getting linear combination of ri and ri-1 that yields 1.
– When you get to linear combination of r0 and r1 you are done as r0=n and r1= a.
1104/19/23 Public Key Cryptography -- II
Example – 15-1 mod 37
• 37 = 2 * 15 + 7• 15 = 2 * 7 + 1• 7 = 7 * 1 + 0Now,• 15 – 2 * 7 = 1• 15 – 2 (37 – 2 * 15) = 1• 5 * 15 – 2 * 37 = 1So, 15-1 mod 37 is 5.
1204/19/23 Public Key Cryptography -- II
Modular Exponentiation:Square and Multiply method
• Usual approach to computing xc mod n is inefficient when c is large.
• Instead, represent c as bit string bk-1 … b0 and use the following algorithm:
z = 1For i = k-1 downto 0 doz = z2 mod n
if bi = 1 then z = z* x mod n
1304/19/23 Public Key Cryptography -- II
Example: 3037 mod 77
14
z = z2 mod n
if bi = 1 then z = z* x mod n
i b z
5 1 30 =1*1*30 mod 77
4 0 53 =30*30 mod 77
3 0 37 =53*53 mod 77
2 1 29 =37*37*30 mod 77
1 0 71 =29*29 mod 77
0 1 2 =71*71*30 mod 77
04/19/23 Public Key Cryptography -- II
Other Definitions• An element g in G is said to be a generator of a
group if a = gi for every a in G, for a certain integer i– A group which has a generator is called a cyclic group
• The number of elements in a group is called the order of the group
• Order of an element a is the lowest i (>0) such that ai = e
• A subgroup is a subset of a group that itself is a group
1504/19/23 Public Key Cryptography -- II
Lagrange’s Theorem
• Order of an element in a group divides the order of the group
1604/19/23 Public Key Cryptography -- II
Euler’s totient function
• Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n
• Fact: If p is prime then – {1,2,3,…,p-1} are relatively prime to p.
17
( ) 1p p
)(n
04/19/23 Public Key Cryptography -- II
Euler’s totient function
• Fact: If p and q are prime and n=pq then
• Each number that is not divisible by p or by q is relatively prime to pq.– E.g. p=5, q=7:
{1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-}
– pq-p-(q-1) = (p-1)(q-1)
18
)1)(1()( qpn
04/19/23 Public Key Cryptography -- II
Euler’s Theorem and Fermat’s Theorem
• If a is relatively prime to n then
• If a is relatively prime to p then ap-1 = 1 mod p
Proof : follows from Lagrange’s Theorem
19
na n mod1)(
04/19/23 Public Key Cryptography -- II
Euler’s Theorem and Fermat’s Theorem
EG: Compute 9100 mod 17:
p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100
(916)6(9)4 (mod 17) (1)6(9)4 (mod 17) (81)2 (mod 17) 16
Public Key Cryptography -- II04/19/23 20
Some questions
• 2-1 mod 4 =?• What is the complexity of
– (a+b) mod m– (a*b) mod m– a-1 mod (m)– xc mod (n)
• Order of a group is 5. What can be the order of an element in this group?
2104/19/23 Public Key Cryptography -- II
Further Reading
• Chapter 4 of Stallings• Chapter 2.4 of HAC
2204/19/23 Public Key Cryptography -- II
