330 likes | 640 Views
CRYPTOGRAPHY AND INFORMATION SECURITY. Lecturer: Dr. Nguyen Nam Hong Tel.: 048781437. Mob.: 0912312816. Email: nguyennamhong2003@yahoo.com.au Website: www.freewebs.com/namhongthanhloc Chapter 9. Introduction to Number Theory. Chapter 9. Introduction to Number Theory (1/3).
E N D
CRYPTOGRAPHY AND INFORMATION SECURITY Lecturer: Dr. Nguyen Nam Hong Tel.: 048781437. Mob.: 0912312816. Email: nguyennamhong2003@yahoo.com.au Website: www.freewebs.com/namhongthanhloc Chapter 9. Introduction to Number Theory
Chapter 9. Introduction to Number Theory (1/3) 9.01. Prime Numbers 9.02. Prime Factoriasation 9.03. Relative Prime Numbers and GCD 9.04. Fermat Theorem 9.05. Euler totient Function 9.06. Eurler Theorem 9.07. Inverses Using Euler Theorem 9.08. Primarity Testing 9.09. Miller Rabin Algorithms Dr. Nguyen Nam Hong, Le Quy Don Technical University
Chapter 9. Introduction to Number Theory (2/3) 9.10. Probabilistic Considerations 9.11. Prime Distribution 9.12. Chinese Remainder Theorem 9.13. Utility of the CRT 9.14. Inverses Using the CRT 9.15. Primary Roots 9.16. Discrete Logarithms 9.17. Rapid Exponent 9.18. Summary Dr. Nguyen Nam Hong, Le Quy Don Technical University
Prime Numbers (1/2) • prime numbers only have divisors of 1 and self • they cannot be written as a product of other numbers • note: 1 is prime, but is generally not of interest • eg. 2,3,5,7 are prime, 4,6,8,9,10 are not • prime numbers are central to number theory
Prime Numbers (2/2) • list of prime number less than 200 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199
Prime Factorisation • to factor a number n is to write it as a product of other numbers: n=a × b × c • note that factoring a number is relatively hard compared to multiplying the factors together to generate the number • the prime factorisation of a number n is when its written as a product of primes • eg. 91=7×13 ; 3600=24×32×52
Relatively Prime Numbers & GCD • two numbers a, b are relatively primeif have no common divisors apart from 1 • eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor • conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers • eg. 300=21×31×52 18=21×32 hence GCD(18,300)=21×31×50=6
Fermat's Theorem • ap-1 mod p = 1 • where p is prime and gcd(a,p)=1 • also known as Fermat’s Little Theorem • useful in public key and primality testing • Ifx = ap-2 mod p thena*x mod p = 1 so x will be the inverse of a in prime p.
Euler Totient Function (n) (1/4) • when doing arithmetic modulo n • complete set of residuesis: 0..n-1 • reduced set of residuesis those numbers (residues) which are relatively prime to n • eg for n=10, • complete set of residues is {0,1,2,3,4,5,6,7,8,9} • reduced set of residues is {1,3,7,9} • number of elements in reduced set of residues is called the Euler Totient Function (n)
Euler Totient Function (n) (2/4) • to compute (n) need to count number of elements to be excluded • in general need prime factorization, but • for p (p prime) (p) = p-1 • for p.q (p,q prime) (p.q) = (p-1)(q-1) • eg. • (37) = 36 • (21) = (3–1)×(7–1) = 2×6 = 12
Euler Totient Function (n) (3/4) case 2: n = pk (with p prime and k an integer) (n) = (pk) = pk - pk-1(pk) = pk-1(p-1) From the pk elements of the CSR, we will subtract all the factors 1p, 2p, 3p, ...(pk-1-1)p and the zero. Example: • RSR(16) = {1,3,5,7,9,11,13,15} (16) = (24) = 24-1(2-1) = 8 • (125) = (53) = 53-1(5-1) = 100 Chapter 7 : Number Theory
Euler Totient Function (n) (4/4) case 3: n = p1e1p2e2 ... ptet (pi are primes) t (n) = piei-1 (pi - 1) i=1 Example: • RSR(20) = {1, 3, 7, 9, 11, 13, 17, 19} (20) = (22 5) = 8 • (360) = (23 325) = 96 Chapter 7 : Number Theory
Euler Theorem • a generalisation of Fermat's Theorem • aø(n) mod N = 1 • where gcd(a,N)=1 • eg. • a = 3; n = 10; ø(10) = 4; hence 34 = 81 = 1 mod 10 • a = 2; n = 11; ø(11) = 10; hence 210 = 1024 = 1 mod 11
Inverses using Euler theorem • If GCD(a,n)=1 then • x =a-1 mod n = a(n)-1 mod n • Example: • inv (4, 9) • (9) = 6 x = 46-1 mod 9 = 7 • Hence inv (4, 9) = 7 and inv (7, 9) = 4 Chapter 7 : Number Theory
Primality Testing (1/2) • often need to find large prime numbers • traditionally sieve using trial division • ie. divide by all numbers (primes) in turn less than the square root of the number • only works for small numbers
Primality Testing (2/2) • alternatively can use statistical primality tests based on properties of primes • for which all primes numbers satisfy property • but some composite numbers, called pseudo-primes, also satisfy the property
Miller Rabin Algorithm • a test based on Fermat’s Theorem • algorithm is: TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n–1) = 2kq 2. Select a random integer a, 1<a<n–1 3. if aqmod n = 1 then return (“maybe prime"); 4. for j = 0 to k – 1 do 5. if (a2jqmod n = n-1) then return(“maybe prime") 6. return ("composite“)
Probabilistic Considerations • if Miller-Rabin returns “composite” the number is definitely not prime • otherwise is a prime or a pseudo-prime • chance it detects a pseudo-prime is < ¼ • hence if repeat test with different random a then chance n is prime after t tests is: • Pr(n prime after t tests) = 1-4-t • eg. for t = 10 this probability is > 0.99999
Prime Distribution • prime number theorem states that primes occur roughly every (ln n) integers • since can immediately ignore evens and multiples of 5, in practice only need test 0.4 ln(n) numbers of size n before locate a prime • note this is only the “average” sometimes primes are close together, at other times are quite far apart
Chinese Remainder Theorem (1/3) • used to speed up modulo computations • working modulo a product of numbers • eg. mod M = m1m2..mk • Chinese Remainder theorem lets us work in each moduli mi separately • since computational cost is proportional to size, this is faster than working in the full modulus M
Chinese Remainder Theorem (2/3) • can implement CRT in several ways • to compute (A mod M) can firstly compute all (ai mod mi) separately and then combine results to get answer using:
Chinese Remainder Theorem (3/3) • If n = d1d2d3 ... dtwith di = piei (p prime) • The system of equations: x mod di = xi (i = 1, 2, 3, ... t) • It has a common solution in [0, n-1 t x = (n/di)yixi mod n i=1 with yi = inv [(n/di), di Chapter 7 : Number Theory
Utility of the CRT • Calculating the inverse of a modulon through the Chinese Remainder Theorem is quite boring and quite absurd as you´ve already noticed • In the Chinese Remainder Theorem algorithm´s development for finding an inverse other inverses must be calculated and this makes no sense... • Besides other things, when we see the RSA cipher system and the chapter dedicated to Cryptographic Protocols, we'll see an interesting application of this theorem. Chapter 7 : Number Theory
Inverses using CRT (1) Problem: find x = inv (49, 3.960) n= 3.960 n = 2332511 = d1d2d3d4 = 89511 a = 49 b = 1 We form the generic equations: a xi mod di = b 49x1 mod 8 = 1 49x2 mod 9 = 1 49x3 mod 5 = 1 49x4 mod 11 = 1 Chapter 7 : Number Theory
Inverses using CRT (2) 49x1 mod 8 = 1 1x1 mod 8 = 1 x1 = 1 49x2 mod 9 = 1 4x2 mod 9 = 1 x2 = 7 49x3 mod 5 = 1 4x3 mod 5 = 1 x3 = 4 49x4 mod 11 = 1 5x4 mod 11 = 1 x4 = 9 Hence x1 = 1 x2 = 7 x3 = 4 x4 = 9 Chapter 7 : Number Theory
Inverses using CRT (3) We solve now the auxiliary equation of the Chinese Remainder Theorem yi = inv [(n/di), di y1 = inv [3.960/8), 8 = inv (495, 8) = 7 y2 = inv [(3.960)/9, 9 = inv (440, 9) = 8 y3 = inv [(3.960)/5, 5 = inv (792,5) = 3 y4 = inv [(3.960)/11, 11 = inv (360, 11) = 7 Hence: y1 = 7 y2 = 8 y3 = 3 y4 = 7 Chapter 7 : Number Theory
Inverses using CRT (4) We finally compute x = [(n/d1)y1x1 + (n/d2)y2x2 + (n/d3)y3x3 + (n/d4)y4x4 = [49571 + 44087 + 79234 + 36079 mod 3.960 = [3.465 + 880 + 1.584 + 2.880 mod 3.960 = 889 Hence: x = inv (49, 3.960) = 889 Chapter 7 : Number Theory
Primitive Roots • from Euler’s theorem have aø(n)mod n=1 • consider ammod n=1, GCD(a,n)=1 • must exist for m= ø(n) but may be smaller • once powers reach m, cycle will repeat • if smallest is m= ø(n) then a is called a primitive root • if p is prime, then successive powers of a "generate" the group mod p • these are useful but relatively hard to find
Discrete Logarithms (1/2) • the inverse problem to exponentiation is to find the discrete logarithmof a number modulo p • that is to find x where ax = b mod p • written as x=loga b mod p or x=inda,p(b)
Discrete Logarithms (2/2) • if a is a primitive root then always exists, otherwise may not • x = log3 4 mod 13 (x st 3x = 4 mod 13) has no answer • x = log2 3 mod 13 = 4 by trying successive powers • whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
Rapid exponentiation algorithm • Problem: Find x = AB mod n • Prepare: Obtain binary representation of the B exponent with k bits: • B2 bk-1bk-2...bi...b1b0 • Algorithm: • Do x = 1 • For i = k-1, ..., 0 do • x = x2 mod n • If (bi = 1) then x = xA mod n • Example: 1983 mod 91 = 24 • (used just 16 operations) Chapter 7 : Number Theory
Summary • have considered: • prime numbers • Fermat’s and Euler’s Theorems • Primality Testing • Chinese Remainder Theorem • Discrete Logarithms • Rapid Exponentiation Algorithm