Number-Theoretic Algorithms (RSA and related algorithms) Chapter 31, CLRS book p1.
Outline • Modular arithmetic • RSA encryption scheme • Miller-Rabin algorithm (a probabilistic algorithm) p2.
Modular Arithmetic p3.
Integers | : divides , is a divisor of . a b a b a b gcd( , ): greatest common divisor of and . a b a b Coprime or relatively prime: gcd( , ) 1. a b Euclid's algorithm: compute gcd( , ). a b Extented Eucli d's algorithm: compute integers and such that gcd( , ). x y a x b y a b p4.
Integers modulo n Let 2 be an integer. n Definition: is congruent to modulo , written a b n mo d , if | ( ), i.e., and have the a b n n a b a b same remainder when divided by . n Note: mo d and mo d are different. a b n a b n Definition: [ ] : mod . a x Z x a n n [ ] is called a residue class modulo , and is a a n a n representative of that class. p5.
There are exactly residue classes modulo : n n [0], [1], [2], , [ 1]. n If [ ], [ ], then [ ] and [ ]. x a y b x y a b x y a b Define addition and multiplication for residue classes: [ ] [ ] [ ] a b a b n [ ] [ ] [ ]. a b a b n p6.
Group A group, denoted by ( , ), is a set with a G G binary operation such that 1. , , (closure) x y G x y G 1. ( ) ( ) (associativity) x y z x y z 2. s.t. , ( identi t y ) e G x G e x x e x 3. , s.t. ( invers e ) x G y G x y y x e A group ( , ) is abel a i n if , , . G x y G x y y x Examples: ( , ), ( , ), ( \{0}, ), ( , ), Z Q Q R ( \{0}, ). R p7.
Define [0], [1], ..., [ 1] . Z n n Or, more conveniently, 0, 1, ..., 1 . Z n n , forms an abelian additiv e group. Z n For , , a b Z n ( )mod . (Or, [ ] [ ] [ ] [ mod ].) a b a b n a b a b a b n 0 is th e identity element. The inverse of , denoted by , is . a a n a When doing addition/substraction in , just do the regular Z n addition/substraction and reduce the result modulo . n In , 5 5 9 4 6 2 8 3 ? Z 10 p8.
1 , is not a group, because 0 does not exist. Z n Even if we exclude 0 and consider only \{0}, Z Z n n 1 , is not necessarily a group; some may not exist. Z a n a n 1 For , exists if and on ly if gcd( , ) 1. a Z a n p9.
* Let : gcd( , ) 1 . Z a Z a n n n , is an abelian multiplicative group. Z n mod . a b ab n mod . a b ab n 1 is the identity elemen t. a 1 The inverse of , written , can be computed by the a Extended Euclidean Algorithm. * For example, 1,5,7, 11 . 5 7 35 mod12 1 1. Z 12 * Q: How many e lements ar e there in ? Z n p10.
Euler's totient function: * ( ) n Z n = : and gcd( , ) 1 a a Z a n n Fac ts: 1 e e 1. ( ) ( 1) for prime p p p p 2. ( ) ( ) ( ) if gc d( , ) 1 ab a b a b p11.
Let be a (multiplicative) f inite group. G | | G Lagrange's theorem: For any element , . a G a e mod m G m Co rollary: For any element , . a G a a Euler's theorem: * ( ) * n If (for any 1), the n 1 in . a Z n a Z n n Fermat's little theorem: * ( ) 1 * p p If ( a prime), then 1 in . a Z p a a Z p p p12.
Example: 15 n * = 1, 2, 4, 7, 8, 11, 13, 14 Z 15 * (15) (3) (5) 2 4 8 Z 15 * : 1 2 4 7 8 11 13 14 a Z 15 ord( ) : 1 4 2 4 4 2 4 2 a k ord( ) : smallest integer such that 1. a k a ( ) 8 n 1 a a 816243240481 13 ? p13.
Algorithms gcd , a b 1 mod a n k mod a n 3 Running time: log O n Here we assume , . a b Z n p14.
Euclid's Algorithm Given 0, compute gcd( , ). ( , ) n a b a b a b Z n Theorem: If 0, gcd( , ) . b a b a If 0, gcd( , ) gcd( , mod ) b a b b a b Euclid( , ) a b if 0 b then retur n( ) a els e return Euclid( , mod ) b a b The number of recursive calls to Euclid is (log ). O n 2 Computing mo d takes (l og ) . a b O n 15 p15.
Extended Euclidean Algorithm Given 0, compute , such that gcd( , ) . a b x y d a b ax by Example: gcd(299,221) ? 299 1 221 78 221 2 78 65 78 1 65 13 65 5 13 0 gcd(229,221) 13 78 65 78 ( 221 2 78 ) 3 78 2 21 299 3 ( 1 221) 221 3 299 4 221 p16.
Extended Euclidean Algorithm Given 0, compute , , such that gcd( , ) . a b d x y a b d a x b y Extende d - Euclid( , ) a b if 0 t hen b return( ,1,0) a els e ( , , ) Extended -Eucl i d( , mod ) d x y b a b ( , , ) , , d x y d y x a b y return( , , ) d x y p17.
Correctness Proof If 0, gcd( , ) 1 0 . b a b a a b The returned answer ( ,1,0) is correct. a If ( , , ) is correct, d x y gcd( , mod ) ( mod ) b a b d b x a b y gcd( , mod ) b a b d b x a a b b y gcd( , ) a b d a y b x a b y ( , , ) , , is correct d x y d y x a b y p18.
How to compute 1 mod ? a n 1 * Compute in . a Z n 1 exists if and only if gcd( , ) 1. a a n Use extended Euclidean algorithm to find , x y such that gcd( , ) 1 (in ) ax ny a n Z [ ] [ ] [ ][ ] [1] a x n y [ ][ ] [1] (since [ ] [0]) a x n 1 [ ] [ ]. a x Note: may omit [ ], but reduce everything modulo . n p19.
Example 1 Compute 15 mod 47. Using extended Euclidean algorithm, we obtain gcd(15,47) 1 15 2 2 47 7 1 15 mod 47 22 1 * That is, 15 22 in Z 47 p20.
Algorithm: Square-and-Multiply( , , ) x c n c Comment: compute mod , where in binary. x n c c c c 1 0 k k 1 z for downto 0 do i k 2 mod z z n if 1 then mod c z z x n i retu rn ( ) z 2 c 2 if c i s even x c Note: x 2 2 c if is o dd x x c p21.
Example: 2 3 11 mod187 23 10111 b 1 z 2 11 mod 187 11 (square and multiply) z z 2 mod 187 121 (square) z z 2 11 mod 187 44 (square and multiply) z z 2 11 mod 187 165 (square and mu ltiply) z z 2 11 mod 187 88 (square and multiply) z z p22.
RSA Encryption p23.
Public-key Encryption Alice’s Alice’s Bob Alice public key secret key E D c m m plaintext encryption ciphertext decryption algorithm algorithm p24.
The RSA Cryptosystem By ivest, hamir & dleman of MIT in 1977. R S A Best known and most widely used public-key scheme. Based on the assumed one-way property of mo du lar powering: e : mod (easy) f x x n 1 e : mod (hard) f x x n In turn based on the hardness of integer factorization. p25.
Recommend
More recommend
