5.1 Divisors( 약수 ) Definition 5.1.1Definition –n 과 d 가 정수이고 d  0 일 때, n=dq 를 만족시키는 정수 q 가 존재하 면 d 가 n 을 나눈다 (divide) 라고 정의 q 를 몫 (quotient) 이라 하고, d 를 n 의 약수 (divisor) 또는 인수 (factor) 라고 한다. d 가 n 을 나누면 d|n 으로 표기 –d 가 n 을 나누지 못하면, d ∤ n 으로 표기 – d>0 일 때 주어진 n 에 대하여 n= q d+r (0<=r<d) 인 q 와 r 은 유일 하다. 이 때 q 를 몫, r 을 나머지라 하고 r=n mod d 로 표시한다.

Divisors Theorem Let m, n, and d be integers If d|m and d|n thend|(m+n)If d|m and d|n thend|(m+n) If d|m and d|n thend|(m-n)If d|m and d|n thend|(m-n) If d|m and d|n thend|mnIf d|m and d|n thend|mn 1. d | m and d | n  m = dq 1 and n = dq 2 for some integer q 1 and q 2 (by definition) m + n = dq 1 + dq 2 = d ( q 1 + q 2 )  d |( m + n ) Proof

Prime and Composite Prime( 소수 )Prime( 소수 ) –An integer greater than 1 whose only positive divisors are itself and 1 is called prime. Composite( 합성수 )Composite( 합성수 ) –An integer greater than 1 that is not prime is called composite. Theorem A positive integer n greater than 1 is composite if and only if n has a divisor d satisfying 2  d  n

This algorithm determines whether the integer n >1 is prime.This algorithm determines whether the integer n >1 is prime. If n is prime, the algorithm returns 0.If n is prime, the algorithm returns 0. If n is composite, the algorithm returns a divisor d satisfying 2  d  n.If n is composite, the algorithm returns a divisor d satisfying 2  d  n. –Input: n –Output: d is_prime ( n ) { for d =2 to  n  if ( n mod d ==0) return d return 0 } // algorithm Testing Whether an Integer is Prime( 소수 검사 알고리즘 )

Greatest Common Divisor( 최대공약수 ) Common Divisor( 공약수 )Common Divisor( 공약수 ) –m and n: integers, m  0 and n  0 –A common divisor ( 공약수 ) of m and n is an integer divides both m and n. GCDGCD –gcd(m,n): the greatest common divisor of m and n.

Exponentiation Mod z ( 거듭제곱에 의한 누승수 계산 ) Theorem If a, b, and z are positive integers, ab mod z = [(a mod z)(b mod z)] mod z Let w = ab mod z, x = a mod z, and y = b mod z.Let w = ab mod z, x = a mod z, and y = b mod z. ab = q 1 z + w  w = ab - q 1 zab = q 1 z + w  w = ab - q 1 z similarly, a = q 2 z + x, b = q 3 z + y similarly, a = q 2 z + x, b = q 3 z + y w = ab - q 1 zw = ab - q 1 z = ( q 2 z + x )( q 3 z + y ) - q 1 z = ( q 2 z + x )( q 3 z + y ) - q 1 z = ( q 2 q 3 z + q 2 y + q 3 x - q 1 ) z + xy = ( q 2 q 3 z + q 2 y + q 3 x - q 1 ) z + xy = qz + xy, where q = q 2 q 3 z + q 2 y + q 3 x - q 1 = qz + xy, where q = q 2 q 3 z + q 2 y + q 3 x - q 1 xy = -qz + wxy = -qz + w  w is the remainder when xy is divided by z  w is the remainder when xy is divided by z ( w = xy mod z ) ( w = xy mod z )  ab mod z = [( a mod z )( b mod z )] mod z  ab mod z = [( a mod z )( b mod z )] mod z Proof

Exponentiation Mod z For example, a 29 mod zFor example, a 29 mod z –To compute a 29, we successively computed a, a 5 = a · a 4, a 13 = a 5 · a 8, a 29 = a 13 · a 16 –To compute a 29 mod z, we successively compute a mod z, a 5 mod z, a 13 mod z, a 29 mod z –a 2 mod z = [( a mod z )( a mod z )] mod z a 4 mod z = [( a 2 mod z )( a 2 mod z )] mod z a 8 mod z = [( a 4 mod z )( a 4 mod z )] mod z a 16 mod z = [( a 8 mod z )( a 8 mod z )] mod z a 5 mod z = [( a mod z )( a 4 mod z )] mod z a 13 mod z = [( a 5 mod z )( a 8 mod z )] mod z a 29 mod z = [( a 13 mod z )( a 16 mod z )] mod z

Exponentiation Mod z For example, mod 713For example, mod mod 713 = [(572 mod 713)(572 mod 713)] mod mod 713 = [(572 2 mod 713)(572 2 mod 713)] mod mod 713 = [(572 4 mod 713)(572 4 mod 713)] mod mod 713 = [(572 8 mod 713)(572 8 mod 713)] mod mod 713 = [(572 mod 713)(572 4 mod 713)] mod mod 713 = [(572 5 mod 713)(572 8 mod 713)] mod mod 713 = [( mod 713)( mod 713)] mod 713

5.3 The Euclidean algorithm ( 유클리드 알고리즘 ) Euclid algorithmEuclid algorithm – 두 정수의 최대 공약수를 찾기 위한 것으로, 오래되고 유명한 효율 적인 알고리즘이다. –gcd( a, b ) = gcd( b, a mod b ) –Example a = 105, b = 30 gcd(105, 30) = gcd(30,105 mod 30) = gcd(30, 15) = gcd(15, 30 mod 15) = gcd(15, 0) gcd(15, 0) = 15  gcd(105,30) = 15

a= bq + r, 0  r<b Let c be a common divisor of a and b  c|bq  c|a and c|bq  c | (a-bq) (=r)  c is a common divisor of b and r If c is a common divisor of b and r  c|bq and c|bq + r (=a)  c is a common divisor of a and b  gcd(a, b) = gcd(b, r) Theorem 5.3.2:  If a is a nonnegative integer, b is a positive integer, and r = a mod b,  then gcd( a, b ) = gcd( b, r )

This algorithm finds the gcd of the nonnegative integers a and b (not both a and b are zero)This algorithm finds the gcd of the nonnegative integers a and b (not both a and b are zero) –Input: a, b –Output: greatest common divisor of a and b gcd ( a, b ) { // make a largest if ( a < b ) swap ( a, b ) while ( b  = 0) { r = a mod b a = b b = r } return a } gcd( a, b ) = gcd( b, r ) = gcd( b, a mod b )

A Special Result( 특수한 결과 ) ExampleExample –Find s and t such that gcd(273,110) = s*273 + t* Find gcd(273,110) (=1) 2. Work back, beginning with the last equation Theorem 5.3.7: If a and b are nonnegative integers, not both zero, there exist integers s and t such that gcd( a, b ) = sa + tb a b r 273 mod 110 = mod 53 = 4 53 mod 4 = 1 4 mod 1 = 0 1 = *13 st = 27* *110 1 = 53 - ( *2)*13 = 27* *110 1 = 27*( *2) - 13* = *2 4 = *2 1 = *13

Recursive Euclidean Algorithm ( 재귀적 유클리드 알고리즘 ) This algorithm recursively finds the greatest common divisor of the nonnegative integers a and b, where not both a and b are zero Input : a and b (nonnegative integers, not both zero) Output : Greatest common divisor of a and b gcdr(a,b) { //make a largest if (a<b) swap(a,b) if(b==0) return a r = a mod b return gcdr(b,r) }

g=gcd(a,b) g=gcd(a,b) 즉 g=sa+tb 인 s 와 t 가 있다. (1) 즉 g=sa+tb 인 s 와 t 가 있다. (1) a=bq+r 이면 a=bq+r 이면 g=gcd(b,r) g=gcd(b,r) g=s’b+t’r r=a-bq 이므로 g=s’b+t’r r=a-bq 이므로 =s’b+t’(a-bq) =s’b+t’(a-bq) =t’a+ (s’-t’q)b 이다. =t’a+ (s’-t’q)b 이다. 즉 (1) 의 s 와 t 를 즉 (1) 의 s 와 t 를 s=t’ s=t’ t=s’-t’q 로 설정할 수 있다. t=s’-t’q 로 설정할 수 있다.

STgcdr(a, b, s, t) STgcdr(a, b, s, t) if(a<b) if(a<b) swap(a,b) swap(a,b) if(b==0){ if(b==0){ s=1 s=1 t=0 //a=sa + tb t=0 //a=sa + tb return a return a } q=a/b q=a/b r=a mod b //a=bq+r r=a mod b //a=bq+r g=STgcdr(b,r, s’, t’) g=STgcdr(b,r, s’, t’) //g=s’b+t’r 이므로 g=t’a +(s’-t’q)b //g=s’b+t’r 이므로 g=t’a +(s’-t’q)b s=t’ s=t’ t=s’ –t’*q t=s’ –t’*q return g return g

Computing an Inverse Modulo an Integer ( 나머지의 역원 계산 ) Inverse of n mod  (required by RSA)Inverse of n mod  (required by RSA) – For two integers n>0 and  >1 such that gcd(n,  )=1, find an s, 0<s<  such that ns mod  = 1 1. gcd(n,  )=1  Using Euclidean algorithm, find s’ and t’ such that s’n + t’  = 1 2. Then, ns’ = -t’  + 1 (1) and since  >1, 1 is the remainder. Thus, ns’ mod  = 1 3. s = s’ mod  (s’ may not satisfy 0<s’<  ) 4. s  0. (if s=0 then  |s’  contradiction) Since s = s’ mod , there exists q such that s’ = q  + s. (2) 5. (1), (2)  ns = n(s’ -  q) = ns’ -  nq = -t’  + 1-  nq =  (-t’ - nq) + 1 Therefore, ns mod  = 1

Computing an Inverse Modulo an Integer Example: n = 110,  = 273.Example: n = 110,  = gcd( n,  ) = 1 and -67 n + 27  =1 (slide p12) -ns ’ mod  = 110(-67) mod 273 = 1 -s = s ’ mod  = -67 mod 273 = 206 -The inverse of 110 modulo 273 is 206 s is uniques is unique -Suppose that ns mod  = 1 = ns ’ mod , 0< s < , 0< s ’ <  -s ’ = ( s ’ mod  )( ns mod  ) - = s ’ ns mod  = ( s ’ n mod  )( s mod  ) = s -Therefore, s is unique.

5.4 The RSA public-key cryptosystem(RSA 공개키 암 호 시스템 ) 5.4 The RSA public-key cryptosystem(RSA 공개키 암 호 시스템 ) Cryptosystems( 암호시스템 ): systems for secure communicationsCryptosystems( 암호시스템 ): systems for secure communications -Used by government, industry, investigation agencies, etc. Sender encrypts a messageSender encrypts a message Receiver decrypts the messageReceiver decrypts the message RSA (Rivest, Shamir, Adleman) systemRSA (Rivest, Shamir, Adleman) system -Messages are represented as numbers -Based on the fact that no efficient algorithm exists for factoring large digit integers in polynomial time O(n k ).

The Oldest and Simplest System If a key is defined asIf a key is defined as –character: –replaced by: original message:original message: encrypted message : encrypted message : decrypted message : decrypted message : Simple systems are easily brokenSimple systems are easily broken SMSM KOKO RNRN AEAE NYNY E KOKO RNRN E LWLW IAIA NYNY SQSQ EAEA NRNR DUDU E MSMS OKOK NRNR EAEA YNYN E AIAI BJBJ CFCF EAEA FXFX GVGV HHHH IWIW JPJP K LGLG MSMS NRNR OKOK POPO QBQB RTRT SQSQ TYTY UDUD VMVM WLWL XZXZ YNYN ZCZC

RSA Messages are represented as numbersMessages are represented as numbers –A, B, C, …  2, 3, 4, … –SEND MONEY  20, 6, 15, 5, 1,14, 16, 15, 6, 26 (single integer)  Choose two primes p, q and compute z=pq 2. Compute  =(p-1)(q-1) 3. Choose n such that gcd(n,  )=1 4. Compute s, 0<s< , satisfying ns mod  =1 5. z, n(encryption key, prime): public p, q, s(decryption key): secret p, q, s(decryption key): secret 6. To send a message a, encrypt a c = a n mod z 7. Decrypt a encrypted message c a = c s mod z

Leonhard Euler

Why Does It Work? Euler’s Theorem (1736): Suppose p and q are distinct primes,p and q are distinct primes, z = pq,  =(p-1)(q-1)z = pq,  =(p-1)(q-1) 0 < a< z 인 a 와 u mod  =1 인 a 와 u 에 대하여0 < a< z 인 a 와 u mod  =1 인 a 와 u 에 대하여 a u mod z =a a u mod z =a To send a message a, encrypt a To send a message a, encrypt a c = a n mod z 7. Decrypt a encrypted message c c s mod z= (a n mod z) s mod z=a ns mod z =a (ns mod  =1 이므로 )

RSA ExampleExample –p=23, q=31, n=29 –z = pq = 713,  =(p-1)(q-1) = 660 –s=569 since ns mod  = 29*569 mod 660 = mod 660 = 1 –public: z(713), n(29) secret: s(569), p(23), q(31) –message: a=572 –encryption: c = a n mod z = mod 713 = 113 –decryption: a = c s mod z = mod 713 = 572