Lecture 3.2: Public Key Cryptography II 6/20/2018 Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2013 Nitesh Saxena

Today’s Informative/Fun Bit – Acoustic Emanations 6/20/2018 Today’s Informative/Fun Bit – Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+emanations&btnG=Google+Search http://tau.ac.il/~tromer/acoustic/ 6/20/2018 Public Key Cryptography -- II

Course Administration 6/20/2018 Course Administration HW1 – due at 11am on Feb 08 Any questions, or help needed? 6/20/2018 Public Key Cryptography -- II

Outline of Today’s Lecture 6/20/2018 Outline of Today’s Lecture Number Theory Modular Arithmetic 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Modular Arithmetic Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: We work in Zm = {0, 1, 2, …, m-1}, the group of integers modulo m Example: Z9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write = instead of 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Addition in Zm : Addition is well-defined: 3 + 4 = 7 mod 9. 3 + 8 = 2 mod 9. 6/20/2018 Public Key Cryptography -- II

Additive inverses in Zm 6/20/2018 Additive inverses in Zm 0 is the additive identity in Zm Additive inverse of a is -a mod m = (m-a) Every element has unique additive inverse. 4 + 5= 0 mod 9. 4 is additive inverse of 5. 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Multiplication in Zm : Multiplication is well-defined: 3 * 4 = 3 mod 9. 3 * 8 = 6 mod 9. 3 * 3 = 0 mod 9. 6/20/2018 Public Key Cryptography -- II

Multiplicative inverses in Zm 6/20/2018 Multiplicative inverses in Zm 1 is the multiplicative identity in Zm Multiplicative inverse (x*x-1=1 mod m) SOME, but not ALL elements have unique multiplicative inverse. In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4-1=7, (mod 9) 6/20/2018 Public Key Cryptography -- II

Which numbers have inverses? 6/20/2018 Which numbers have inverses? In Zm, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 E.g., 4 in Z9 6/20/2018 Public Key Cryptography -- II

Extended Euclidian: a-1 mod n 6/20/2018 Extended Euclidian: a-1 mod n Main Idea: Looking for inverse of a mod n means looking for x such that x*a – y*n = 1. To compute inverse of a mod n, do the following: Compute gcd(a, n) using Euclidean algorithm. Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. So you can obtain linear combination of rm and rm-1 that yields 1. Work backwards getting linear combination of ri and ri-1 that yields 1. When you get to linear combination of r0 and r1 you are done as r0=n and r1= a. 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Example – 15-1 mod 37 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1 So, 15-1 mod 37 is 5. 6/20/2018 Public Key Cryptography -- II

Modular Exponentiation: Square and Multiply method 6/20/2018 Modular Exponentiation: Square and Multiply method Usual approach to computing xc mod n is inefficient when c is large. Instead, represent c as bit string bk-1 … b0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z2 mod n if bi = 1 then z = z* x mod n Show an example: x^64 will require 6 squarings (or 6 multiplications). 1000000 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Example: 3037 mod 77 z = z2 mod n if bi = 1 then z = z* x mod n i b z 5 1 30 =1*1*30 mod 77 4 53 =30*30 mod 77 3 37 =53*53 mod 77 2 29 =37*37*30 mod 77 71 =29*29 mod 77 2 =71*71*30 mod 77 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Other Definitions An element g in G is said to be a generator of a group if a = gi for every a in G, for a certain integer i A group which has a generator is called a cyclic group The number of elements in a group is called the order of the group Order of an element a is the lowest i (>0) such that ai = e (identity) A subgroup is a subset of a group that itself is a group Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Lagrange’s Theorem Order of an element in a group divides the order of the group 6/20/2018 Public Key Cryptography -- II

Euler’s totient function 6/20/2018 Euler’s totient function Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n Fact: If p is prime then {1,2,3,…,p-1} are relatively prime to p. 6/20/2018 Public Key Cryptography -- II

Euler’s totient function 6/20/2018 Euler’s totient function Fact: If p and q are prime and n=pq then Each number that is not divisible by p or by q is relatively prime to pq. E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} pq-p-(q-1) = (p-1)(q-1) 6/20/2018 Public Key Cryptography -- II

Euler’s Theorem and Fermat’s Theorem 6/20/2018 Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then If a is relatively prime to p then ap-1 = 1 mod p Proof : follows from Lagrange’s Theorem 6/20/2018 Public Key Cryptography -- II

Euler’s Theorem and Fermat’s Theorem 6/20/2018 Euler’s Theorem and Fermat’s Theorem EG: Compute 9100 mod 17: p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100  (916)6(9)4 (mod 17)  (1)6(9)4 (mod 17)  (81)2 (mod 17)  16 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Some questions 2-1 mod 4 =? What is the complexity of (a+b) mod m (a*b) mod m a-1 mod (m) xc mod (n) Order of a group is 5. What can be the order of an element in this group? 6/20/2018 Public Key Cryptography -- II

Public Key Cryptography -- II 6/20/2018 Further Reading Chapter 4 of Stallings Chapter 2.4 of HAC 6/20/2018 Public Key Cryptography -- II