1 / 66

Products of Small Primes in Cryptology, Coding and Theoretical Computer Science

Products of Small Primes in Cryptology, Coding and Theoretical Computer Science. David Naccache ENS. Gödel Numbering. In 1930, Kurt Gödel proved that : 

cole
Download Presentation

Products of Small Primes in Cryptology, Coding and Theoretical Computer Science

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Products of Small Primes in Cryptology, Coding and Theoretical Computer Science David Naccache ENS

  2. Gödel Numbering • In 1930, Kurt Gödel proved that :  “In any consistent formalization of mathematics that is sufficiently strong to define the concept of natural numbers, one can construct a statement that can be neither proved nor disproved within that system”. This is Gödel’s famous incompleteness theorem

  3. Gödel’s Theorem • Very much simplified, the proof of this theorem is the following. Encode (assign a positive integer to) each propositional calculus symbol: Logical symbols Encoding (integers  12) Meaning ¬ 1 not  2 for all  3 if, then ⋀ 4 and ⋁ 5 or ( 6 ) 7 … …

  4. For Integers > 10 • Predicates symbols are encoded by multiples of 3 Symbol Encoding P 12 Q 15 R 18 • Variables are encoded by integers  1 mod 3 Symbol Encoding x 13 y 16 z 19 • Propositional symbols are encoded by integers  2 mod 3 Symbol Encoding E 14 F 17 G 20

  5. Gödel’s Numbering Arithmetical statements are assigned unique Gödel numbers. This is based on a simple code which essentially reads prime1character[1] prime2character[2] … For example the statement x, P(x) Becomes 22 316 512 76 1116 137= 14259844433335185664666562849653536301757812500 Because character[]=2, character[x]=16, character[P]=12, character[(]= 6, character[x]=16, character[)]=7 We say that 142…2500 is the Gödel Number (GN) of x, P(x)

  6. This Lecture Is About Applications of Gödel’s way of encoding information: prime1character[1] prime2character[2] …

  7. Back to Gödel’s Theorem Sequences of statements are also assigned Gödel numbers. e.g. if : a=GN(x,P(x)), b=GN(x,¬P(x)), c=GN(x,¬Q(x)^P(x)) Then the sequence of statements: x,P(x) x,¬P(x) x,¬Q(x)^P(x) gets the GN 2a 3b 5c, which we will call d. The proof of the incompleteness theorem depends on the fact that, in formal arithmetic, some statement sequences logically entail (prove) other statements.

  8. Gödel’s Theorem For example it might be shown that a, b, and c together, (i.e. d), prove e. Because this is a demonstrable relationship between numbers it is entitled to its own symbol, for example R. R(v,x) would then mean "x proves v". In the case where x and v are Gödel numbers e and d we would say R(e,d). Put more simply: R(e,d) means “the sequence of statements which GN is d is the proof of the statement which GN is e.”

  9. Gödel’s Punchline • The punchline is that we can write the statement x,¬R(v,x) • which means: no proposition of type v can be proved • The Gödel number for this statement would be • 22 316 51 718 116 1312 1716 197 • but we will just call it r. • Now if we consider the statement x,¬R(r,x) we will realise that it says: no proposition that says 'no proposition of type v can be proved' can be proved. • This collapses into the statement this proposition cannot be proved, which is inconsistent, because if it is provable then it is not provable, and vice versa.

  10. public key message More Than Forty Years Pass… Diffie and Hellman invent public-key cryptography. encryption algorithm secret key ciphertext decryption algorithm

  11. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  12. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  13. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  14. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  15. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  16. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  17. Diffie-Hellman Key Exchange Diffie and Hellman also proposed a new revolutionary manner to create a unique pair of physical objects.

  18. Diffie-Hellman Key Exchange In reality, Diffie and Hellman provided a mathematical analogy to the protocol that we have just illustrated. Their solution is based on the assumption that the following problem (known as the Discrete Logarithm Problem) is hard: Given g, a, p find x such that gx = a mod p pick random x pick random y compute a=gx mod p compute b=gy mod p send a send b compute k=bx mod p compute k=ay mod p

  19. Discrete Log “Gödel” Encryption Generate a public large prime integer p, select a large secret s and publish the public keys v1,…,vk where vis = pi mod p where pi stands for the ith prime (p1=2,p2=3,p3=5,…) To encrypt a message m (whose bits we denote m[1],…,m[k]) the sender computes the ciphertext: c= v1m[1]… vkm[k] mod p c is decrypted by computing d=cs mod p = p1m[1]… pkm[k] and factoring the result over the integers to determine m.

  20. Discrete Log “Gödel” Encryption For this to work we need to have that p1… pk<p The security of this cryptosystem is based on the hardness of the discrete logarithm problem: Generate and public large prime p, select a largesecret sand publish the public keys v1,…,vk wherevis = pi mod p where pi stands for the ith prime (p1=2,p2=3,p3=5,…) Discrete Logarithm Problem: Given g, a, p find x such that gx = a mod p

  21. A Toy Example

  22. As We Are In an ECC Conference We must say something about ECs.

  23. As We Are In an ECC Conference We must say something about ECs. Can the previous encryption scheme run on an EC?

  24. As We Are In an ECC Conference We must say something about ECs. Can the previous encryption scheme run on an EC? Answer is yes, but only in theory…

  25. As We Are In an ECC Conference We must say something about ECs. Can the previous encryption scheme run on an EC? Answer is yes, but only in theory… We might use, instead of small primes, small rational points on an EC. Publish s pias public keys.

  26. As We Are In an ECC Conference We must say something about ECs. Can the previous encryption scheme run on an EC? Answer is yes, but only in theory… We might use, instead of small primes, small rational points on an EC. Publish s pias public keys. As we get the ciphertext and multiply it over the curve by the inverse of s how do we see which rational points are in there?! Use height and projective coordinates!

  27. As We Are In an ECC Conference Get ciphertext multiply by inverse of s and attempt to subtract each rational point from the result. Height decreases  good guess Height increases  bad guess

  28. Problem We do not know ECs with enough independent small rational points on them. World record is 28. Meaning that we could “encode” 28 message bits in a 10000 bit ciphertext (plaintext too small to be secure). This can be improved slightly by using signed rational points (bandwidth improves to 28 log2 3). We can also shoot for low density message encoding - which allows to stuff more bits into the ciphertext using only 28 points but the price of ciphertext size explosion. Any more elegant ideas to make this fly?

  29. “Gödel” Error-Correction Gödel’s encoding can also be used for error correction. In a very inefficient but yet rather curious way… Before we proceed a few reminders about error correcting codes.

  30. e H l l o Ideal Communication

  31. e H l l o Ideal Communication

  32. e H l l o Ideal Communication

  33. e H l l o Ideal Communication Ideal Noiseless World

  34. e H l l o Real Communication

  35. e H l l o Real Communication

  36. e H l l o Real Communication

  37. e H l l ! Real Communication

  38. e H l l ! Real Communication

  39. e H l l ! Real Communication ?!!

  40. Real Communication

  41. Real Communication Reality

  42. e H l l o z 4 % J 9 d s Error Correcting Codes encoding algorithm

  43. z 4 % J 9 d s Error Correcting Codes

  44. z 4 % J 9 d s Error Correcting Codes

  45. z 4 % J 9 d s Error Correcting Codes

  46. z t % J x d s Error Correcting Codes

  47. z t % J x d s Error Correcting Codes

  48. z t % J x d s Error Correcting Codes

  49. z t % J x d s e H l l o Error Correcting Codes decoding algorithm

  50. Error Correcting Codes A bit of terminology. The number of errors correctable by a code is called the code’s correction capacity (denoted t). The ratio between the length of the encoded message and the original message (in our example 1.4=7/5) is called the code’s expansion rate (denoted r).

More Related