YSLInformation Security -- Public-Key Cryptography1 Prime and Relatively Prime Numbers Divisors: We say that b 0 divides a if a = mb for some m, where

YSL Information Security -- Public-Key Cryptography 1

Prime and Relatively Prime Numbers

• Divisors: We say that b 0 divides a if a = mb for some m, where a, b and m are integers.

• b divides a if there is no remainder on division.

• The notation b|a is commonly used to mean that b divides a.

• If b|a, we say that b is a divisor of a.


Prime and Relatively Prime Numbers (cont’d)

• If a|1, then a = 1.

• If a|b and b|a, then a = b.

• Any b 0 divides 0.

• If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n.





2 3 5 7 11 1 3 1 7 1 9 2 3 2 9 3 1 3 7 4 1 4 3 4 7 5 3 5 9 6 1 6 7 7 1 7 3 7 9 8 3 8 9 9 7

1 0 1 1 0 3 1 0 7 1 0 9 11 3 1 2 7 1 3 1 1 3 7 1 3 9 1 4 9 1 5 1 1 5 7 1 6 3 1 6 7 1 7 3 1 7 9 1 8 1 1 9 1 1 9 3 1 9 7 1 9 9

2 1 1 2 2 3 2 2 7 2 2 9 2 3 3 2 3 9 2 4 1 2 5 1 2 5 7 2 6 3 2 6 9 2 7 1 2 8 1 2 8 3 2 9 3

3 0 7 3 11 3 1 3 3 1 7 3 3 1 3 3 7 3 4 7 3 4 9 4 4 9 4 5 7 4 6 1 4 6 3 4 6 7 4 7 9 4 8 7 4 9 1 4 9 9

4 0 1 4 0 9 4 1 9 4 2 1 4 3 1 4 3 3 4 3 9 4 4 3 4 4 9 4 5 7 4 6 1 4 6 3 4 6 7 4 7 9 4 8 7 4 9 1 4 9 9

5 0 3 5 0 9 5 2 1 5 2 3 5 4 1 5 4 7 5 5 7 5 6 3 5 6 9 5 7 1 5 7 7 5 8 7 5 9 3 5 9 9

6 0 1 6 0 7 6 1 3 6 1 7 6 1 9 6 3 1 6 4 1 6 4 3 6 4 7 6 5 3 6 5 9 6 6 1 6 7 3 6 7 7 6 8 3 6 9 1

7 0 1 7 0 9 7 1 9 7 2 7 7 3 3 7 3 9 7 4 3 7 5 1 7 5 7 7 6 1 7 6 9 7 7 3 7 8 7 7 9 7

8 0 9 8 11 8 2 1 8 2 3 8 2 7 8 2 9 8 3 9 8 5 3 8 5 7 8 5 9 8 6 3 8 7 7 8 8 1 8 8 3 8 8 7

9 0 7 9 11 9 1 9 9 2 9 9 3 7 9 4 1 9 4 7 9 5 3 9 6 7 9 7 1 9 7 7 9 8 3 9 9 1 9 9 7

1 0 0 9 1 0 1 3 1 0 1 9 1 0 2 1 1 0 3 1 1 0 3 3 1 0 3 9 1 0 4 9 1 0 5 1 1 0 6 1 1 0 6 3 1 0 6 9 1 0 8 7 1 0 9 1 1 0 9 3 1 0 9 7

11 0 3 1 1 0 9 1 11 7 11 2 3 11 2 9 1 1 5 1 1 1 5 3 11 6 3 11 7 1 1 1 8 1 1 1 8 7 11 9 3

1 2 0 1 1 2 1 3 1 2 1 7 1 2 2 3 1 2 2 9 1 2 3 1 1 2 3 7 1 2 4 9 1 2 5 9 1 2 7 7 1 2 7 9 1 2 8 3 1 2 8 9 1 2 9 1 1 2 9 7

1 3 0 1 1 3 0 3 1 3 0 7 1 3 1 9 1 3 2 1 1 3 2 7 1 3 6 1 1 3 6 7 1 3 7 3 1 3 8 1 1 3 9 9

1 4 0 9 1 4 2 3 1 4 2 7 1 4 2 9 1 4 3 3 1 4 3 9 1 4 4 7 1 4 5 1 1 4 5 3 1 4 5 9 1 4 7 1 1 4 8 1 1 4 8 3 1 4 8 7 1 4 8 9 1 4 9 3 1 4 9 9

1 5 11 1 5 2 3 1 5 3 1 1 5 4 3 1 5 4 9 1 5 5 3 1 5 5 9 1 5 6 7 1 5 7 1 1 5 7 9 1 5 8 3 1 5 9 7

1 6 0 1 1 6 0 7 1 6 0 9 1 6 1 3 1 6 1 9 1 6 2 1 1 6 2 7 1 6 3 7 1 6 5 7 1 6 6 3 1 6 6 7 1 6 6 9 1 6 9 3 1 6 9 7 1 6 9 9

1 7 0 9 1 7 2 1 1 7 2 3 1 7 3 3 1 7 4 1 1 7 4 7 1 7 5 3 1 7 5 9 1 7 7 7 1 7 8 3 1 7 8 7 1 7 8 9

1 8 0 1 1 8 1 1 1 8 2 3 1 8 3 1 1 8 4 7 1 8 6 1 1 8 6 7 1 8 7 1 1 8 7 3 1 8 7 7 1 8 7 9 1 8 8 91 9 0 1 1 9 0 7 1 9 1 3 1 9 3 1 1 9 3 3 1 9 4 9 1 9 5 1 1 9 7 3 1 9 7 9 1 9 8 7 1 9 9 3 1 9 9 7 1 9 9 9

Table 7.1 Primes under 2000



• The above statement is referred to as the prime number theorem, which was proven in 1896 by Hadaward and Poussin.

x (x) x/ln x ((x) ln x)/x103 168 144.8 1.160104 1229 1085.7 1.132105 9592 8685.9 1.104106 78498 74382.4 1.085107 664579 620420.7 1.071108 5761455 5428681.0 1.061109 50847534 48254942.4 1.0541010 455052512 434294481.9 1.048





• Whether there exists a simple formula to generate prime numbers?

• An ancient Chinese mathematician conjectured that if n divides 2n - 2 then n is prime. For n = 3, 3 divides 6 and n is prime. However, For n = 341 = 11 31, n dives 2341 - 2.

• Mersenne suggested that if p is prime then Mp = 2p - 1 is prime. This type of primes are referred to as Mersenne primes. Unfortunately, for p = 11, M11 = 211 -1 = 2047 = 23 89.



• Fermat conjectured that if Fn = 22n

+ 1, where n is a non-negative integer, then Fn is prime. When n is less than or equal to 4, F0 = 3, F1 = 5, F2 = 17, F3 = 257 and F4 = 65537 are all primes. However, F5 = 4294967297 = 641 6700417 is not a prime bumber.

• n2 - 79n + 1601 is valid only for n < 80.• There are an infinite number of primes of the form

4n + 1 or 4n + 3.• There is no simple way so far to gererate prime nu

mbers.



• Factorization of an integer as a product of prime numbers

• Example: 91 = 7 13; 11011 = 7 112 13.

• Useful for checking divisibility and relative primality to be discussed later.

• Factorization is in gereral difficult.



• Define notation gcd(a,b) to mean the greatest common divisor of a and b.

• The positive integer c is said to be the gcd of a and b if– c|a and c|b– any divisor of a and b is a dividor of c.

• Equivalently, gcd(a,b) = max[k, such that k|a and k|b]

• gcd(a,b) = gcd(-a,b) = gcd(a,-b) = gcd(-a,-b) =gcd(|a|,|b|)



• gcd(a,0) = |a|.• Factorization is one possible but in general in

efficient way to calculate gcd. Whereas, Euclid‘s algorithm (to be discussed later) is more efficient.

• Relative primality– the integers a and b are relatively prime if they ha

ve no prime factors in common– or equivalently, their only common factor is 1– or equivalently, gcd(a,b) = 1


Modular Arithmetic


Modular Arithmetic (cont’d)

• Examples:– a = 11; n = 7; 11 = 1 7 + 4; r = 4.– a = -11; n = 7; -11 = (-2) 7 + 3; r = 3.

• If a is an integer and n is a positive integer, define a mod n to be the remainder when a is divided by n.

• Then, a = a/n n + (a mod n);Example: 11 mod 7 = 4; -11 mod 7 = 3.



The modulo operator has the following properties:

1. a≡ b mod n if n|(a-b).2. (a mod n)＝(b mod n) implies a≡ b mod n.3. a≡ b mod n implies b≡ a mod n.4. a≡ b mod n and b≡ c mod n imply a≡ c mod n.

23≡ 8 (mod 5) because 23－8＝15＝5× 3-11≡ 5 (mod 8) because -11－5＝-16＝8× (-2)81≡ 0 (mod 27) because 81－0＝81＝27× 3



• Properties of modular arithmetic operations

• Proof of Property 1:Define (a mod n) = ra and (b mod n) = rb. Then a = ra + jn and b =

rb + kn for some integers j and k. Then,

(a+b) mod n = (ra + jn + rb + kn) mod n

= (ra + rb + (j + k)n) mod n

= (ra + rb) mod n = [(a mod n) + (b mod n)] mod n

1. [(a mod n)＋(b mod n)] mod n＝(a＋b) mod n2. [(a mod n)－(b mod n)] mod n＝(a－b) mod n3. [(a mod n) × (b mod n)] mod n＝(a × b) mod n



11 mod 8＝3; 15 mod 8＝7[(11 mod 8)＋(15 mod 8)] mod 8＝10 mod 8＝2(11＋15) mod 8＝26 mod 8＝2[(11 mod 8)－(15 mod 8)] mod 8＝-4 mod 8＝4(11－15) mod 8＝-4 mod 8＝4[(11 mod 8)× (15 mod 8)] mod 8＝21 mod 8＝5(11× 15)mod 8＝165 mod 8＝5

Examples for the above three properties



• Properties of modular arithmetic– Let Zn = {0,1,2,…,(n-1)} be the set of residues

modulo n.Property ExpressionCommunicative laws

Associative laws

Distributive lawIdentities

Additive inverse(-w)

(w＋x) mod n = (x＋w) mod n(w× x) mod n = (x× w) mod n[(w＋x)＋y] mod n = [w＋(x＋y)] mod n[(w× x)× y] mod n = [w× (x× y)] mod n[w× (x+y)] mod n = [(w× x)+(w× y)] mod n(0＋w) mod n = w mod n(1× w) mod n = w mod nFor each wZn, there exists a z such that w＋z≡ 0 mod n



• Properties of modular arithmetic (cont’d)– if (a + b) (a + c) mod n, then b c mod n (due to

the existence of an additive inverse)– if (a b) (a c) mod n, then b c mod n (only if

a is relatively prime to n; due to the possible absence of a multiplicative inverse)

e.g. 6 3 = 18 2 mod 8 and 6 7 = 42 2 mod 8 but 3 7 mod 8 (6 is not relatively prime to 8)– If n is prime then the property of multiplicative

inverse holds (from a ring to a field).



• Properties of modular arithmetic (cont’d)Table 7.3 Arithmetic Modulo 7

+ 0 1 2 3 4 5 60 0 1 2 3 4 5 61 1 2 3 4 5 6 02 2 3 4 5 6 0 13 3 4 5 6 0 1 24 4 5 6 0 1 2 35 5 6 0 1 2 3 46 6 0 1 2 3 4 5

(a)Addition modulo7

* 0 1 2 3 4 5 60 0 0 0 0 0 0 01 0 1 2 3 4 5 62 0 2 4 6 1 3 53 0 3 6 2 5 1 44 0 4 1 5 2 6 35 0 5 3 1 6 4 26 0 6 5 4 3 2 1

(b)Multiplication modulo7

w -w w^-10 0 ---1 6 12 5 43 4 54 3 25 2 36 1 6

(c)Additive and multiplicative inverses modulo 7


Fermat’s and Euler’s Theorems

• Fermat’s theorem

Fermat’s Theorem

Fermat’s theorem states the following: If p is prime and a is a positive integer not

divisible by p,then

a^(p-1)≡ 1 mod p (7.3)

Proof:From our previous discussion, we know that if all the elements of Zp are

multiplied by a, modulo p, the result consists of the elements of Zp in some order.

Furthermore, a*0≡ 0 mod p. Therefore, the (p-1) numbers {a mod p, 2a mod p, …,(p-1)a

mod p}are just the numbers {1,2,…,(p-1)}in some order. Multiply these number together:

a * 2a * … * ((p-1)a) ≡ [(a mod p) * (2a mod p) * … *((p-1)a mod p)]mod p

≡ (p-1)! mod p

But

a * 2a * … *((p-1)a) = (p-1)!a (p-1)

Therefore,

(p-1)!a (p-1) ≡ (p-1)! mod p

We can cancel the (p-1)! term because it is relatively prime to p [see Equation (7.2)]. This

yields Equation (7.3).

a = 7,p = 19

7 2 = 49 ≡ 11 mod 19

7 4 ≡ 121 ≡ 7 mod 19

7 8 ≡ 49 ≡ 11 mod 19

7 16 ≡ 121 ≡ 7 mod 19

a (p-1) = 7 18 = 7 16 * 7 2 ≡ 7*11 ≡ 1 mod 19


Fermat’s and Euler’s Theorems (cont’d)

• Fermat’s theorem (cont’d)– alternative form

if p is prime and a is any positive integer, then

ap a mod p

example: p = 5, a = 3, 35 = 243 3 mod 5



• Euler’s totient functionTable 7.4 Some Values of Euler’s Totient Function φ( n)

n φ (n)1 12 13 24 25 46 27 68 49 610 4

n φ (n)11 1012 413 1214 615 816 817 1618 619 1820 8

n φ (n)21 1222 1023 2224 825 2026 1227 1828 1229 2830 8





• Euler’s totient function (cont’d)– if n is the product of two primes p and q

φ(n) = pq – [(q – 1)+(p –1) + 1]

= pq – (p + q) + 1

= (p – 1) (q – 1)

= φ (p) φ (q)



• Euler’s theoremE u l e r ’ s t h e o r e m s t a t e s t h a t f o r e v e r y a a n d n t h a t a r e r e l a t i v e l y p r i m e ,

na n mo d1

11mo d11 0 2 42;1 0)11(;11;2

1 0mo d18 13;4)1 0(;1 0;31 0

4

na

na

P r o o f : E q u a t i o n ( 7 . 5 ) i s t r u e i f n i s p r i m e , b e c a u s e i n t h a t c a s e )1()( nn , a n d

F e r m a t ’ s t h e o r e m h o l d s . H o w e v e r , i t a l s o h o l d s f o r a n y i n t e g e r n . R e c a l l t h a t )( n

i s t h e n u m b e r o f p o s i t i v e i n t e g e r s l e s s t h a n n t h a t a r e r e l a t i v e l y p r i m e t o n . C o n s i d e r

t h e s e t o f s u c h i n t e g e r s , l a b e l e d a s f o l l o w s :

},,,{ )(21 nxxxR

N o w m u l t i p l y e a c h e l e m e n t b y a , m o d u l o n :

)}mo d(,),mo d(),mo d{( )(21 na xna xna xS n

( 7 . 5 )



• Euler’s totient function (cont’d)T h i s s e t i s a p e r m u t a t i o n o f R , b y t h e f o l l o w i n g l i n e o f r e a s o n i n g :

1 . B e c a u s e a i s r e l a t i v e l y p r i m e t o n a n d ix i s r e l a t i v e l y p r i m e t o n , iax m u s t a l s o b e r e l a t i v e l y

p r i m e t o n .

2 . T h e r e a r e n o d u p l i c a t e s i n S . R e f e r t o E q u a t i o n ( 7 . 2 ) . I f iax m o d n = jax m o d n , t h e n ji xx .T h e r e f o r e ,

)(mod1

)(mod

)(mod

)mod(

)(

)(

1

)(

1

)(

)(

1

)(

1

)(

1

)(

1

na

nxxa

nxax

xnax

n

n

ii

n

ii

n

n

ii

n

ii

n

ii

n

ii

A n a l t e r n a t i v e f o r m o f t h e t h e o r e m i s a l s o u s e f u l :

)(mod1)( naa n ( 7 . 6 )


Testing for Primality

• If p is an odd prime, then the equation

x2 1 (mod p) has only two solutions, 1 and -1.x²≡ 1 (mod 7) x²≡ 1 (mod 8)Using Table 7.3b: Using Table 7.2b:1²≡ 1 mod 7 1²≡ 1 mod 86²≡ 36 mod 7≡ 1 mod 7;6≡ -1 mod7

3²≡ 9 mod 8≡ 1 mod 8

Solutions: 1, -1 5²≡ 25 mod 8≡ 1 mod 8;5≡ -3 mod 87²≡ 49 mod 8≡ 1 mod 8;7≡ -1 mod 8Solutions: 1, -1, 3, -3


Testing for Primality (cont’d)


Testing for Primality (cont’d)

• Probabilistic primality testWITNESS (a, n)

1. let bkbk-1…b0 be the binary representation of (n－1)

2. d 1

3. for i k downto 0

4. do x d

5. d (d× d) mod n

6. if d＝1 and x≠ 1 and x≠ n－1

7. then return TRUE

8. if bi＝1

9. then d (d× a) mod n

10. if d≠ 1

11. then return TRUE

12. return FALSE


Euclid’s Algorithm


Euclid’s Algorithm (cont’d)

EUCLID(d,f)

1. X ← f ; Y← d

2. If Y=0 return X=gcd(d,f)

3. R=X mod Y

4. X← Y

5. Y← R

6. Go to 2






Extended Euclid’s Algorithm

EXTENDED EUCLID(d,f)

1.(X1,X2,X3) ←(1,0,f);(Y1,Y2,Y3) ←(0,1,d)

2.if Y3=0 return X3=gcd(d,f); no inverse

3.if Y3=1 return Y3=gcd(d,f); Y2=d-1 mod f

4.Q=

3

3

Y

X

5.(T1,T2,T3) ← (X1－QY1,X2－QY2,X3－QY3)

6.(X1,X2,X3) ← (Y1,Y2,Y3)

7.(Y1,Y2,Y3) ← (T1,T2,T3)

8. goto 2


Chinese Remainder Theorem


Chinese Remainder Theorem (cont’d)


Discrete Logarithms

Table 7.6 Powers of Integers, Modulo 19

a 2a

3a

4a

5a

6a

7a

8a

9a

10a

11a

12a

13a

14a

15a

16a

17a

18a

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 12 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 13 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 14 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 15 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 16 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 17 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 18 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 19 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 110 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 111 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 112 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 113 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 114 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 115 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 116 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 117 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 118 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1


Discrete Logarithms (cont’d)

Table 7.7 Tables of Discrete Logarithms, Modulo 19

(a) Discrete logarithms to the base 2, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind2,19(a) 18 1 13 2 16 14 6 3 8 17 12 15 5 7 11 4 10 9

(b) Discrete logarithms to the base 3, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind3,19(a) 18 7 1 14 4 8 6 3 2 11 12 15 17 13 5 10 16 9

(c) Discrete logarithms to the base 10, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind10,19(a) 18 17 5 16 2 4 12 15 10 1 6 3 13 11 7 14 8 9

(d) Discrete logarithms to the base 13, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind13,19(a) 18 11 17 4 14 10 12 15 16 7 6 3 1 5 13 8 2 9

(e) Discrete logarithms to the base 14, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind14,19(a) 18 13 7 8 10 2 6 3 14 5 12 15 11 1 17 16 14 9

(f) Discrete logarithms to the base 15, modulo 19

a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind15,19(a) 18 5 11 10 8 16 12 15 4 13 6 3 7 17 1 2 12 9s

Documents

YSLInformation Security -- Public-Key Cryptography1 Prime and Relatively Prime Numbers Divisors: We say that b 0 divides a if a = mb for some m, where