1 / 40

Modular Arithmetic with Applications to Cryptography

Modular Arithmetic with Applications to Cryptography. Lecture 47 Section 10.4 Wed, Apr 13, 2005. Congruence Modulo m. We say that two integers a and b are congruent modulo m if a – b is a multiple of m ( m > 0). Write a  b (mod m ). For example, 2  7 (mod 5).

byron-mayo
Download Presentation

Modular Arithmetic with Applications to Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005

  2. Congruence Modulo m • We say that two integers a and b are congruent modulo m if a – b is a multiple of m (m > 0). • Write a b (mod m). • For example, 2  7 (mod 5). • This is the “relational” notation. • Congruence modulo m is an equivalence relation on Z.

  3. Operator Notation • We can also treat mod as an operator, like the % operator in C. • Then a mod m is the smallest nonnegative integer b such that a b (mod m). • For example, 100 mod 7 = 2. • The relation a  b (mod m) is equivalent to the relation a mod m = b mod m.

  4. Congruence Modulo m • Theorem: Let a, b, and m be integers with m > 0. Then the following statements are equivalent. • m(a – b) • a  b (mod m) • a = b + km for some integer k • a mod m = b mod m

  5. Modular Arithmetic • Theorem: Let a, b, c, d, and m be integers with m > 0. If a c (mod m) and b  d (mod m), then • a + b  c + d (mod m) • a – b  c – d (mod m) • ab  cd (mod m) • In other words, modular addition, subtraction, and multiplication is consistent with ordinary arithmetic.

  6. Modular Arithmetic • Proof of ab cd (mod m): • Let a = c + um for some integer u and let b = d + vm for some integer v. • Then • ab = (c + um)(d + vm) = cd + cvm + dum + uvm2 = cd + (cv + du + uvm)m. • Therefore, ab  cd (mod m).

  7. Example • For example, • 100  2 (mod 7) and • 80  3 (mod 7). • Therefore, • 100 + 80 = 180  5 (mod 7) • 100 – 80 = 20  -1  6 (mod 7) • 100  80 = 8000  6 (mod 7)

  8. Raising to Powers • Using the principle of Exercise 26 in Section 9.5, there is a very fast algorithm for computing an mod m.

  9. Raising to Powers • We modify this to be

  10. Example • Find 14100 mod 27. • 14100 = 1464 1432  144. • Compute • 142 mod 27 = 7. • 144 mod 27 = 72 mod 49 = 22 • 148 mod 27 = 222 mod 27 = (-5)2 mod 27 = 25 • 1416 mod 27 = 252 mod 27 = (-2)2 mod 27 = 4 • 1432 mod 27 = 42 mod 27 = 16 • 1464 mod 27 = 162 mod 27 = 13

  11. Example • So, 14100 mod 27 = (22  16  13) mod 27 = 13.

  12. Example • What are the last 4 digits of 21000? • So 21000 = 2512 2256 2128 264 232 28. • Using the same method as in the last example, we get 21000 mod 10000 = 9376.

  13. Modular Division • Modular division is a little tricky. • That is because, in general, the quotient of two integers is not an integer, and in modular arithmetic we use only integers.

  14. Modular Division • What is the “defining property” of ½? • It is the fact that if you multiply it by 2, you get 1. • That is, it is the solution to the equation 2x = 1.

  15. Modular Division • Analogously, we may define “½” mod m to be the solution to the congruence 2x 1 (mod m), if there is a unique solution.

  16. Modular Division • For example, if m = 5, then ½ is 3 since 2 3  1 (mod 5). • We call 3 the (multiplicative) inverse of 2. • Modulo 5, dividing by 2 is the same as multiplying by 3. • For example, 4/2  4 3  12  2 (mod 5) and 3/2  3 3  9  4 (mod 5).

  17. The Extended Euclidean Algorithm • The question is how to find inverses in general. • We use the extended Euclidean algorithm. • Recall the basic Euclidean algorithm: • Given integers A and B, B > 0, let a = A, b = B. while b 0 Apply quot-rem theorem: a = qb + r, 0  r < b. Let a = b, b = r. a is the gcd of A and B.

  18. The Euclidean Algorithm • For example, find the gcd of 25520 and 19314: • 25520 = 1  19314 + 6206 • 19314 = 3  6206 + 696 • 6206 = 8  696 + 638 • 696 = 1  638 + 58 • 638 = 11  58 • Thus, gcd(25520, 19314) = 58.

  19. The Euclidean Algorithm • We may present this in the form of a table:

  20. The Extended Euclidean Algorithm • The extended Euclidean algorithm adds two more columns to this table, labeled s and t. • In row -1, initialize s-1 to 1 and t-1 to 0. • In row 0, initialize s0 to 0 and t0 to 1. • In each succeeding row, compute sn and tn recursively: sn = sn – 2 – qn sn – 1 tn = tn – 2 – qntn – 1

  21. Example • Apply this to A = 25520 and B = 19314.

  22. The Extended Euclidean Algorithm • In each row, it is the case that Asn + Btn = rn. • In particular, in the second-to-last row, we see that 25520  (-28) + 19314  37 = 58, which is the gcd of 25520 and 19314.

  23. The Extended Euclidean Algorithm • Theorem: Let a and b be integers, not both 0. The smallest positive element in the set {as + bt  s, t  Z} is the gcd of a and b.

  24. Modular Inverses • Now we can find inverses modulo m. • Theorem: The integer a has an inverse modulo m if and only if gcd(a, m) = 1. • Proof (): • Suppose gcd(a, m) = 1. • Apply the extended Euclidean algorithm to find s and t such that as + mt = 1.

  25. Modular Inverses • Then consider corresponding congruence modulo m: as + mt 1 (mod m) as  1 (mod m) • Thus, s is the inverse of a, modulo m.

  26. Example • Find the inverse of 10, modulo 27. • Apply the extended Euclidean algorithm to get s = -8 and t = 3, implying that 10(-8) + 27(3) = 1. • Thus, 10(-8)  1 (mod 27). • So, 10(19)  1 (mod 27). • Therefore, for example, 5/10  5(19)  95  14 (mod 27).

  27. The RSA Cryptosystem • The RSA cryptosystem was named after Ronald Rivest, Adi Shamir, and Leonard Adleman, who are now quite rich. • It is a “public-key” cryptosystem. • The encryption key can be made public without revealing the decryption key. • Thus, anyone can encrypt a message and send it, but only holders of the private decryption key can decrypt them.

  28. The RSA Cryptosystem • The RSA cryptosystem begins with two large primes p and q. • “Large” means at least 100 digits long. • Theorem: Let a be any integer not divisible by p or q. Then a(p – 1)(q – 1) 1 (mod pq).

  29. The RSA Cryptosystem • For example, if p = 37 and q = 41, then pq = 1517 and (p – 1)(q – 1) = 1440. • Let a = 7. • A simple computation verifies that 71440  1 (mod 1517).

  30. The RSA Cryptosystem • Next, choose an integer e that is relatively prime to (p – 1)(q – 1). This is the encryption key. • The public key is the pair (pq, e). • Use the extended Euclidean algorithm to find the inverse of e, modulo (p – 1)(q – 1). Call it d, the decryption key.

  31. The RSA Cryptosystem • Let M be the plaintext message, expressed as an integer between 0 and pq – 1. • For example, ASCII may be used. • Longer messages are broken into blocks of such integers. • Encrypt M to the ciphertextC as follows: C = Me mod pq.

  32. The RSA Cryptosystem • The decryption procedure is similar. • Given the ciphertext C, recover M as follows: M = Cd mod pq. • Why does this work? • Why does this recover M? • Why can’t the enemy obtain d from e.

  33. Why RSA Recovers M • Since e and d are inverses modulo (p – 1)(q – 1), then ed = 1 + k(p – 1)(q – 1), for some integer k. • Thus, Cd (Me)d  Med  M1 + k(p – 1)(q – 1)  M  (Mk)(p – 1)(q – 1)  M (mod pq).

  34. Why RSA Is Secure • How would the enemy obtain d from e? • He would use the extended Euclidean algorithm. • To do so, he would have to know (p – 1)(q – 1). • This cannot easily be obtained without a knowledge of p and q. • p and q can be obtained only by factoring pq.

  35. RSA and Tractability • Encryption and decryption require raising an integer to a high power, modulo m. • This operation can be done very efficiently. • On the other hand, breaking the code requires factoring a large number, which is of order (2n), where n is the number of bits in pq.

  36. The Security of RSA • Clearly, the enemy could break the code if he knew p and q. • He could also break the code if he knew the value of (p – 1)(q – 1). • He would then know pq – (p + q) + 1, so he could determine p + q. • From knowledge of pq and p + q, it is easy to determine p and q.

  37. RSA Example • Let p = 37 and q = 41. • Then pq = 1517 and (p – 1)(q – 1) = 1440. • Choose e = 7. • Compute d = 823. • Publish the key (1517, 7).

  38. RSA Example • Alice wants to send Bob the message “ATTACK AT DAWN” • In ASCII, this is the plaintext 65, 84, 84, 65, 67, 75, 32, 65, 84, 32, 69, 65, 87, 78 • Let’s encrypt only 65 for this example. • Compute Me = 657mod 1517 = 1094 = C. • Transmit 1094.

  39. RSA Example • Bob receives the ciphertext 1094, 1194, 1194, 1094, 1483, 926, 870, 1094, 1194, 870, 56, 1094, 143, 918 • Let’s decrypt only 1094 for this example. • A simple calculation shows that Cd = 1094823 mod 1517 = 65 = ‘A’

  40. The Security of RSA • Suppose we were given the numbers 37 . 41 = 1517 and 37 + 41 = 76. How would we find 37 and 41? • Consider the quadratic equation (x – 37)(x – 41) = x2 – 76x + 1517 = 0. • We could use the quadratic formula to find the two roots, 37 and 41.

More Related