Cryptography Lecture 16.

Slides:



Advertisements
Similar presentations
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Advertisements

Number Theory and Cryptography
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
Cryptography and Network Security Chapter 4
6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Mathematics of Cryptography Part I: Modular Arithmetic, Congruence,
Dan Boneh Intro. Number Theory Modular e’th roots Online Cryptography Course Dan Boneh.
CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring
Fall 2002CMSC Discrete Structures1 Let us get into… Number Theory.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
BY MISS FARAH ADIBAH ADNAN IMK
Mathematics of Cryptography Part I: Modular Arithmetic, Congruence,
Integers Number Theory = Properties of Integers

Great Theoretical Ideas in Computer Science.
1 Properties of Integers Objectives At the end of this unit, students should be able to: State the division algorithm Apply the division algorithm Find.
9/2/2015Discrete Structures1 Let us get into… Number Theory.
Mathematics of Cryptography Part I: Modular Arithmetic
MATH 224 – Discrete Mathematics
Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8
Cryptography and Network Security Introduction to Finite Fields.
The Integers. The Division Algorithms A high-school question: Compute 58/17. We can write 58 as 58 = 3 (17) + 7 This forms illustrates the answer: “3.
Chapter 4 – Finite Fields
Data Security and Encryption (CSE348) 1. Lecture # 12 2.
Chinese Remainder Theorem Dec 29 Picture from ………………………
Section 2.2: Affine Ciphers; More Modular Arithmetic Shift ciphers use an additive key. To increase security, we can add a multiplicative parameter. –For.
Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.
Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena.
MA/CSSE 473 Day 08 Extended Euclid's Algorithm Modular Division Fermat's little theorem.
Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.
Cryptography Lecture 14 Arpita Patra © Arpita Patra.
Ch04-Number Theory and Cryptography 1. Introduction to Number Theory Number theory is about integers and their properties. We will start with the basic.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
MA/CSSE 473 Day 05 More induction Factors and Primes Recursive division algorithm.
Chapter 4 With Question/Answer Animations 1. Chapter Motivation Number theory is the part of mathematics devoted to the study of the integers and their.
Number Theory Lecture 1 Text book: Discrete Mathematics and its Applications, 7 th Edition.
Discrete Mathematics Chapter 2 The Fundamentals : Algorithms, the Integers, and Matrices. 大葉大學 資訊工程系 黃鈴玲.
Chapter 3 The Fundamentals: Algorithms, the integers, and matrices Section 3.4: The integers and division Number theory: the part of mathematics involving.
Number Theory. Introduction to Number Theory Number theory is about integers and their properties. We will start with the basic principles of divisibility,
Number-Theoretic Algorithms
Mathematics of Cryptography
MA/CSSE 473 Day 05 Factors and Primes Recursive division algorithm.
MA/CSSE 473 Day 06 Euclid's Algorithm.
Cryptography and Information Security
Lecture 3.2: Public Key Cryptography II
Numerical Algorithms x x-1 Numerical Algorithms
MATH301- DISCRETE MATHEMATICS Copyright © Nahid Sultana Dr. Nahid Sultana Chapter 4: Number Theory and Cryptography.
Number Theory and Modular Arithmetic
Numerical Algorithms x x-1
Number Theory (Chapter 7)
Cryptography Lecture 22.
Computer Security Modular Arithmetic November 12, 2018
Great Theoretical Ideas in Computer Science
Lecture 20 Guest lecturer: Neal Gupta
Cryptography Lecture 21.
Discrete Math for CS CMPSC 360 LECTURE 12 Last time: Stable matching
Lecture 3.1: Public Key Cryptography I
Cryptography Lecture 18.
Cryptography Lecture 17.
Cryptography Lecture 20.
Cryptography Lecture 19.
Cryptography Lecture 18.
Presentation transcript:

Cryptography Lecture 16

Q and A; bring the written answers to TA before the class 1. What is ZN ? What is ℤ*N? Write down and remember them. What is GCD? What’s a prime number? Given some examples. 2. Carefully read Appendix B 1 and B 2.1 and B 2.2. What are Euclidean and Extended Euclidean algorithms? What can they solve, respectively?

(Computational) number theory

Why now? We have not needed any number theory or “advanced math” until now Practical private-key cryptography is based on stream ciphers, block ciphers, and hash functions Lots of non-trivial crypto can be done without any number theory!

Why now? Reason 1: Culmination of “top-down” approach For most cryptography, we ultimately need to assume some problem is hard The “lowest-level” assumptions we can make relate to problems in number theory These problems have often also been studied a long time

Why now? Reason 2: The public-key setting Public-key cryptography requires number theory (in some sense)

Our goal Cover basic number theory quickly! No HWs; one quiz; read and remember the book definitions, examples, and theorems Cover the minimum needed for all the applications we will study Some facts stated without proof Can take entire classes devoted to this material Abstracting some of the ideas makes things easier to understand

Computational number theory We will be interested in the computational difficulty of various problems Different from most of mathematics! Measure running times of algorithms in terms of the input lengths involved ǁxǁ = O(log x); x = 2ǁxǁ

Computational number theory Our goal: classify various problems as either “easy” or “hard” I.e., polynomial-time algorithms known or not We will not focus on optimizations, although these are very important in practice For “easy” problems: speed up cryptographic implementations For “hard” problems: need to understand concrete hardness for concrete security

Representing integers (e.g., in C) Cryptography involves very large numbers! Standard (unsigned) integers in C are small, fixed length (e.g., 16 or 32 bits) For crypto, need to work with integers that are much longer (e.g., 2000 bits) Solution: use an array E.g., “bignum” = array of unsigned chars (bytes) Useful to also maintain a variable indicating the length of the array

Example: addition Now need to define all arithmetic operations on bignums E.g., how to add two bytes? Note that C will discard the overflow, i.e., it does addition modulo 28

Example: addition Note a ≥ 27 iff msb(a)=1 AddWithCarry(char a, char b, char carry) // carry is 0 or 1 If a < 27 and b < 27 res=a+b+carry, carry=0 If a < 27 and b ≥ 27 res=a+(b-27)+carry If res ≥ 27 res=res-27, carry=1 Else res=res+27, carry=0 If a ≥ 27 and b ≥ 27 res=(a-27)+(b-27)+carry, carry=1

Example: addition Add(bignum a, l1, bignum b, l2) Use grade-school addition, using AddWithCarry element-by-element… Running time O(max{l1, l2}) = O(max{ǁaǁ, ǁbǁ}) If ǁaǁ=ǁbǁ=n then O(n) Is it possible to do better? No – must read input (O(n)) and write output (O(n))

Example: multiplication What is the length of the result? ǁabǁ=O(log ab)=O(log a + log b) =O(ǁaǁ+ǁbǁ) Use grade-school multiplication… Running time O(ǁaǁǁbǁ) If ǁaǁ=ǁbǁ=n then O(n2) Can we do better? Surprisingly…yes! But we will not cover here…

Basic arithmetic operations Addition / subtraction / multiplication can all be done efficiently Using grade-school algorithms Division-with-remainder can also be done efficiently Much less obvious!

Modular arithmetic Notation: a = b mod N  [a mod N] = [b mod N] [a mod N] is the remainder of a when divided by N Note 0 ≤ [a mod N] ≤ N-1 a = b mod N  [a mod N] = [b mod N]

Modular arithmetic Note that [a+b mod N] = [[a mod N] + [b mod N] mod N] [a-b mod N] = [[a mod N] - [b mod N] mod N] and [ab mod N] = [[a mod N][b mod N] mod N] I.e., can always work with reduced intermediate values This can be used to speed up computations

Modular arithmetic Not true for division! I.e., [9/3 mod 6] = [3 mod 6] = 3 but [[9 mod 6]/[3 mod 6] mod 6] = 3/3 = 1 We will return to division later…

Modular arithmetic Modular reduction can be done efficiently Use division-with-remainder c = [a mod N] Modular addition / subtraction / multiplication can all be done efficiently We will return to division later

Exponentiation Compute ab ? Instead, look at modular exponentiation ǁabǁ = O(b · ǁaǁ) Just writing down the answer takes exponential time! Instead, look at modular exponentiation I.e., compute [ab mod N] Size of the answer < ǁNǁ How to do it? Computing ab and then reducing modulo N will not work…

Efficient exponentiation Consider the following algorithm: exp(a, b, N) { // assume b  0 ans = 1; for (i=1, i ≤ b; i++) ans = [ans * a mod N]; return ans; } This is an exponential-time algorithm!

Efficient exponentiation Assume b = 2k for simplicity The preceding algorithm roughly corresponds to computing a*a*a*…*a Better: compute (((a2)2)2…)2 2k multiplications vs. k squarings Note k = O(ǁbǁ)

Efficient exponentiation Consider the following algorithm: exp(a, b, N) { // assume b  0 x=a, t=1; while (b>0) { if (b odd) t = [t * x mod N], b = b-1; x = [x2 mod N], b = b/2; } return t; } Why does this work? Invariant: answer is [t xb mod N] Running time is polynomial in ǁaǁ, ǁbǁ, ǁNǁ

Primes and divisibility Assume you have encountered this before… Notation a | b If a | b then a is a divisor of b p>1 is prime if its only divisors are 1 and p p is composite otherwise d = gcd(a, b) if both: d | a and d | b d is the largest integer with that property

Primes and divisibility 1 | 8; 3 | 21; 4 | 9? 1, 2, 3, 5, 7, 11… are primes 2 = gcd(2, 4) 1 = gcd (7, 11)

Computing gcd? Can compute gcd(a, b) by factoring a and b and looking for common prime factors… This is not (known to be) efficient! Can use the Euclidean algorithm to compute gcd(a, b) One of the earliest nontrivial algorithms! See book for details

Proposition Given a, b > 0, there exist integers X, Y such that Xa + Yb = gcd(a, b) See book for proof Can use the extended Euclidean algorithm to compute X, Y

Modular inverses b is invertible modulo N if there exists an integer a such that ab = 1 mod N Let [b-1 mod N] denote the unique such b that lies in the range {0, …, N-1} Division by b modulo N only defined when b is invertible modulo N In that case, [a/b mod N] defined as [a b-1 mod N]

Cancellation “Expected” cancellation rule applies for invertible elements I.e., if ab = cb mod N and b is invertible modulo N, then a = c mod N Proof: multiply both sides by b-1 Note: this is not true if b is not invertible E.g., 3*2 = 15*2 mod 8 but 3  15 mod 8

Invertibility How to determine whether b is invertible modulo N? Thm: b invertible modulo N iff gcd(b, N)=1 To find the inverse, use extended Euclidean algorithm to find X, Y with Xb + YN = 1 Then [X mod N] is b-1 mod N Conclusion: can efficiently test invertibility and compute inverses!