Todays Agenda Wrap up of Number Theory (Sec. 3.7) Fermats Little - PowerPoint PPT Presentation

Today’s Agenda • Wrap up of Number Theory (Sec. 3.7) • Fermat’s Little Theorem • Public Key Cryptography (RSA) • Strings and Languages (Chap. 12) Based on Rosen and slides by K. Busch 1

Fermat’s little theorem: For any prime and p integer not divisible by p a  ( ): gcd( , ) 1 a p a   a p 1 1 (mod p ) Pierre de Fermat (1601-1665)  Example:  p 5 a 2   2 4 16 1 (mod 5 ) (We will use FLT in the RSA cryptosystem) 2

Public Key Cryptography (RSA cryptosystem) “MEET YOU IN THE PARK” encryption decryption e mod d mod    1 ( ) ( ) f x x n f y y n “9383772909383637467”   are public keys n p q n , e are private keys for p , q Large primes finding d for any e    (with the condition that ) gcd( e , ( p 1 )( q 1 )) 1 3

Key Idea: Everyone knows n (= pq) and e , but to find d to decrypt, need to know what p and q are. Practically impossible to factor n into p and q if p and q are chosen to be primes of 200 digits or more. 4

   Encryption example: q 59 e 13 43 p    n p q 2537      gcd( e , ( p 1 )( q 1 )) gcd( 13 , 42 58 ) 1 Message to encrypt: “STOP” Translate to equivalent numbers “18 19 14 15” Group into blocks of two numbers “1819 1415” 5

Apply encryption function “1819 1415” to each block  e f ( x ) x mod n Encrypted  13 x mod 2537 message: “2081 2182” Use fast modular exponentiation algorithm:   13 ( 1819 ) 1819 mod 2537 2081 f   13 ( 1415 ) 1415 mod 2537 2182 f 6

Message decryption :an original block of the message M “1819 1415” encrypt “2081 2182” :respective encrypted block C  e C M (mod n ) We want to recover by knowing M C , p , q , e 7

  Let = inverse of modulo ( p 1 )( q 1 ) d e    de 1 (mod( p 1 )( q 1 )) by definition of congruent     de 1 k ( p 1 )( q 1 ) Does inverse d always exist? Inverse exists because    gcd( e , ( p 1 )( q 1 )) 1        gcd( e , ( p 1 )( q 1 )) 1 se t ( p 1 )( q 1 )    i.e., 1 mod( 1 )( 1 ) se p q d  s 8

Encryption  e C M (mod n )   d  Decryption d e (mod n ) C M     de 1 k ( p 1 )( q 1 )      1 ( 1 )( 1 ) d de k p q C M M (mod n ) 9

In real-world case,  gcd( M , p ) 1 (because is a large prime and is small) p M Remember me?  gcd( M , p ) 1 By Fermat’s little theorem   1 M p 1 (mod p ) 10

  1 M p 1 (mod p )    k ( q 1 )     p 1 k ( q 1 ) 1 1 (mod ) M p M  M (mod p ) Multiply under mod    k ( q 1 )     p 1 1 (mod ) M M M p     1 ( 1 )( 1 ) k p q M M (mod p ) 11

We showed:     1 k ( p 1 )( q 1 ) (mod ) M M p By symmetry (by replacing with ): p q     1 k ( p 1 )( q 1 ) (mod ) M M q By Exercise 23 (Sec. 3.7):      1 k ( p 1 )( q 1 ) (mod ) (mod ) M M pq M n 12

We showed:     1 ( 1 )( 1 ) d k p q C M (mod n ) C d  M (mod n )     1 k ( p 1 )( q 1 ) (mod ) M M n In other words, the original message: d mod  M C n 13

   Decryption example: q 59 e 13 43 p    n p q 2537      gcd( e , ( p 1 )( q 1 )) gcd( 13 , 42 58 ) 1 42  Compute = inverse of modulo = e d 58 937 “2081 2182” d mod  M C n   2081 937 2182 937 mod 2537 1819 mod 2537 1415 “1819 1415” “18 19 14 15” = “STOP” 14