Cryptography Some Mathematical Definitions and Concepts Revisited - PowerPoint PPT Presentation

Cryptography Some Mathematical Definitions and Concepts Revisited Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group

Disclaimer ◮ Some concepts are discussed which are used later ◮ Most of them have been taught in other courses (like the different math courses for CS) ◮ Slides are a remainder for the students . . . ◮ . . . and provide some starting points to search for deeper explanations of the concepts

Divisibility ◮ Let N = { 1 , 2 , . . . } , Z = { 0 , ± 1 , ± 2 , , . . . } and a , b ∈ Z a divides n ( a | n ), if there is an integer b such that n = ab ◮ Example: 13 | 182, since 182 = 14 · 13 − 5 | 30, since 30 = ( − 5 ) · ( − 6 ) ◮ Every integer a divides 0, because 0 = a · 0 ◮ 0 is the only integer which is dividable by 0 (because a = 0 · b → a = 0) holds ◮ Properties: For all a , b , c ∈ Z , the following holds 1. a | a 2. a | b and b | c imply a | c 3. a | b implies ac | bc for all c 4. c | a and c | b imply c | ( da + eb ) for all d , e ∈ Z 5. a | b and b � = 0 imply | a | ≤ | b | 6. a | b and b | a imply a = ± b

(Greatest) Common Divisor (GCD) An integer c is a common divisor of a and b , if c | a and c | b hold A non-negative integer d is the greatest common divisor of a and b ( d = gcd ( a , b )) , if 1. d is a common divisor of a and b and 2. if c | a and c | b hold, then c | d holds Example: Common divisors of 12 and 18 are ± 1 , ± 2 , ± 3 , ± 6 The greatest common divisor of 12 and 18 is 6

Quotient and Remainder Let a , b ∈ Z , b > 0. Then there are unique q , r ∈ Z , s.t. a = qb + r and 0 ≤ r < b , where q = ⌊ a / b ⌋ and r = a − bq ◮ The integer q is called quotient, r is called remainder ◮ Example: Let a = − 50 and b = 8. Then q = − 7 and r = 6 ◮ For all a , b ∈ Z with b � = 0, a div b = ⌊ a / b ⌋ and a mod b = a − b ⌊ a / b ⌋ hold ◮ The replacement of a by a mod b is often called the reduction a modulo b

Complexity of Operations in Z ◮ Asymptotic upper bound ( O notation) f ( n ) ∈ O ( g ( n )) (often f ( n ) = O ( g ( n )) ), if there are pos- itive constants c , n 0 ∈ Z , such that 0 ≤ f ( n ) ≤ cg ( n ) holds for all n ≥ n 0 ◮ Number of bits to represent n : ⌊ ld n ⌋ + 1 ◮ Complexity of classical algorithms for operations (for a , b ∈ Z with 0 ≤ a , b ≤ n ) operation bit complexity a + b O ( ld a + ld b ) = O ( ld n ) Addition a − b O ( ld a + ld b ) = O ( ld n ) Subtraction a · b O ( ld a ld b ) = O (( ld n ) 2 ) Multiplication a = qb + r O ( ld a ld b ) = O (( ld n ) 2 ) Division

Congruences ◮ Let a , b ∈ Z , let m be a positive integer a is congruent to b modulo m ( a ≡ b mod m ), if m divides b − a ◮ b is called the residue of a modulo m ; m is the modulus ◮ Exa: − 2 ≡ 19 mod 21, since 19 − ( − 2 ) is divided by 21 ◮ The congruence mod m is an equivalence relation on Z 1. Reflexivity: Every number is congruent to itself modulo m 2. Symmetry: ( a ≡ b mod m ) → ( b ≡ a mod m ) 3. Transitivity: ( a ≡ b mod m ) ∧ ( b ≡ c mod m ) → ( a ≡ c mod m ) ◮ From a ≡ b mod m and c ≡ d mod m , it follows that 1. − a ≡ ( − b ) mod m 2. a + c ≡ ( b + d ) mod m 3. ac ≡ ( bd ) mod m

Motivation for the Modular Arithmetic ◮ Good for implementation, since (intermediate) results have restricted length ◮ Add, sub, mult mod n on k bit numbers yield at most 2 k bit ( ➥ Exponentiation mod n does not result in big numbers) ◮ There are fast algorithms for modular arithmetic and exponentiation mod n (e.g., 107 2 mod 257 is easy to compute) ◮ Security issue: Computation of discrete logarithm and square root mod n computationally expensive (e.g., find square root of 107 mod 257 is computationally hard, i.e., find x , such that x 2 ≡ 107 mod 257)

Rules for the Modular Arithmetic ◮ Let a , b , c , n ∈ Z , n > 0 ◮ Associative law: (( a + b ) + c ) mod n ( a + ( b + c )) mod n = (( a · b ) · c ) mod n ( a · ( b · c )) mod n = ◮ Commutative law: ( a + b ) mod n ( b + a ) mod n = ( a · b ) mod n ( b · a ) mod n = ◮ Distributive law: ( a · ( b + c )) mod n ( a · b + a · c ) mod n = ◮ Reducibility: ( a + b ) mod n (( a mod n ) + ( b mod n )) mod n = ( a · b ) mod n (( a mod n ) · ( b mod n )) mod n =

Residue Classes (RCs) ◮ Equivalence class of a mod m : { b | b ≡ a mod m } = a + m Z ◮ This is the residue class of a mod m ◮ Exa: RC of 1 mod 4: { 1 , 1 ± 4 , 1 ± 2 · 4 , . . . } = { 1 , − 3 , 5 , . . . } ◮ RCs mod 4 are: 0 + 4 Z , 1 + 4 Z , 2 + 4 Z , 3 + 4 Z ◮ Set of all RCs mod m : Z / m Z (has m elements) ◮ System of representatives (for mod m ) Set of integer with exactly 1 element from every RC a mod m The integers modulo m , Z m , is the set { 0 , 1 , . . . , m − 1 } . Add, sub and mult in Z m are performed modulo m .

Definition of a Semigroup (SG) ◮ A semigroup H = ( S , ◦ ) consists of a nonempty set S and an operation ◦ such that: 1. S is closed under ◦ , i.e., ∀ a , b ( a , b ∈ S → a ◦ b ∈ S ) 2. The operation ◦ is associative ◮ A SG is commutative (or abelian) if ◦ is commutative ◮ Let H be a semigroup ◮ An element e ∈ S is called the identity of H , if a ◦ e = e ◦ a = a holds ∀ a ∈ S ◮ An element a − 1 ∈ S is called the inverse of a ∈ S , if a ◦ a − 1 = a − 1 ◦ a = e ◮ A semigroup with an identity is called a monoid Exa: Set of all strings with concatenation and ǫ as identity

Definition of a Group ◮ A group consists of a set G and an operation ◦ such that: 1. ( G , ◦ ) is a semigroup with identity e 2. For every a ∈ G , there is its inverse a − 1 ∈ G ◮ A group is abelian if the underlying semigroup is abelian ◮ The order of a finite group is the number of its elements ◮ Cancelation: Let G be a group and a , b , c ∈ G If c ◦ a = c ◦ b or a ◦ c = b ◦ c hold, then a = b holds ◮ Exa: ( Z , +) with e = 0 and a − 1 = − a ( ∀ a ∈ Z ) is a group ( Z m , + mod m ) with e = 0 and a − 1 = m − a ( ∀ a ∈ Z ) also ( N , +) is not a group ◮ A group is cyclic, if there is an α ∈ G s.t. for each b ∈ G , there is an int i with b = α i ( α is called a generator of G )

Multiplicative Inverses and Division Let a ∈ Z m . The multiplicative inverse of a mod m is an integer x ∈ Z m , such that the following holds: a ◦ x ≡ 1 mod m . If such an x exists, then it is unique and a is called invertible (or unit). Let a , b ∈ Z m . The division of a by b mod m is the “product” of a and b − 1 mod m (only defined, if b − 1 exists!). Let a ∈ Z m . Then a is invertible iff gcd ( a , m ) = 1 holds, i.e., if a and m are coprime. Exa: ( Z m \ { 0 } , · mod m ) ( m prime) is a group of order m − 1

The Multiplicative Group Z ∗ m m = { a ∈ Z m | gcd ( a , m ) = 1 } ◮ Z ∗ ◮ If m is prime, then Z ∗ m = { 1 , . . . , m − 1 } and it is a group (the multiplicative group of Z m where ◦ is multiplication mod m ) ◮ The Euler function ϕ ( n ) (of n ∈ N ) is defined to be the number of positive integers < n that are coprime to n. ◮ Therefore, ϕ ( m ) specifies the number of elements in Z ∗ m ◮ For ϕ ( n ) , the following holds: 1. If n is a prime number, then ϕ ( n ) = n − 1 2. It is multiplicative: If gcd ( m , n ) = 1 then ϕ ( mn ) = ϕ ( m ) ϕ ( n ) 3. If n is of the form p k 1 1 · . . . · p k l l with p 1 , . . . , p l prime numbers and all different, then � l · ( p i − 1 ) = n · � l ϕ ( Q l i = 1 p k i i = 1 p k i − 1 i = 1 ( p i − 1 ) / p i i ) = i

Definition of a Ring ◮ A ring is a triple ( R , + , · ) with: 1. ( R , +) is an abelian group with an identity denoted by 0 2. ( R , · ) is a semigroup with identity denoted by 1 (0 � = 1) 3. The law of distributivity holds for all a , b , c ∈ R ◮ a · ( b + c ) = a · b + a · c ◮ ( a + b ) · c = a · c + b · c ◮ The ring is commutative, if the semigroup is commutative ◮ An element a ∈ R of a ring is called a unit or (multiplicative invertible), if there is an a − 1 ∈ R s.t. a · a − 1 = a − 1 · a = 1 ◮ Examples ◮ ( Z , + , · ) is a commutative ring ◮ ( Z m , + mod m , · mod m ) is a commutative ring

Fields ◮ A field is a ring in which all non-zero elements are multiplicative invertible ◮ The characteristic of a field is 0, if � m i = 1 1 � = 0 for every m ≥ 1. Otherwise, it is the least m ∈ Nat , s.t. � m i = 1 1 = 0 ◮ The field is finite if it has only finitely many elements ◮ The order of a field is the number of its elements ◮ Examples ◮ The field of rational numbers ◮ ( Z m , + mod m , · mod m ) is a field if m is prime. Then the characteristic of ( Z m , + mod m , · mod m ) is m . ◮ ( Z , + , · ) is not a field

Polynomial Rings (PRs) ◮ Let R be a ring, a i ∈ R , n ≥ 0. A polynomial in x over R is a n x n + a n − 1 x n − 1 + · · · + a 2 x 2 + a 1 x + a 0 f ( x ) = ◮ a i is the coefficient of x i in f ( x ) (0 ≤ i ≤ n ) ◮ Degree of f ( x ) ( deg ( f ( x )) ): largest m such that a m � = 0 ◮ f ( x ) is called monic, if its leading coefficient is 1 ◮ Let R be a commutative ring. ◮ The polynomial ring R [ x ] is the ring of all polynomials in x with coefficients from R . ◮ The 2 operations are add and mult of polynomials ◮ The coefficient arithmetic is performed in R ◮ Example: f ( x ) = x 3 + x + 1 , g ( x ) = x 2 + x ∈ Z 2 [ x ] x 3 + x 2 + 1 f ( x ) + g ( x ) (since 1 · x + 1 · x = 0 in Z 2 ) = x 5 + x 4 + x 3 + x 2 + x 2 + x = x 5 + x 4 + x 3 + x f ( x ) · g ( x ) =