Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena

Today’s Informative/Fun Bit – Acoustic Emanations anations&btnG=Google+Search anations&btnG=Google+Search 27/2/2015Public Key Cryptography -- II

Course Administration HW2 – due at 11am on Feb 06 Any questions, or help needed? 37/2/2015Public Key Cryptography -- II

Outline of Today’s Lecture Number Theory Modular Arithmetic 47/2/2015Public Key Cryptography -- II

Modular Arithmetic Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: We work in Z m = {0, 1, 2, …, m-1}, the group of integers modulo m Example: Z 9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write = instead of 57/2/2015Public Key Cryptography -- II

Addition in Z m : Addition is well-defined: – = 7 mod 9. – = 2 mod 9. 67/2/2015Public Key Cryptography -- II

Additive inverses in Z m 0 is the additive identity in Z m Additive inverse of a is -a mod m = (m-a) – Every element has unique additive inverse. – 4 + 5= 0 mod 9. – 4 is additive inverse of 5. 77/2/2015Public Key Cryptography -- II

Multiplication in Z m : Multiplication is well-defined: – 3 * 4 = 3 mod 9. – 3 * 8 = 6 mod 9. – 3 * 3 = 0 mod 9. 87/2/2015Public Key Cryptography -- II

Multiplicative inverses in Z m 1 is the multiplicative identity in Z m Multiplicative inverse (x*x -1 =1 mod m) – SOME, but not ALL elements have unique multiplicative inverse. – In Z 9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) – On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4 -1 =7, (mod 9) 97/2/2015Public Key Cryptography -- II

Which numbers have inverses? In Z m, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 – E.g., 4 in Z 9 107/2/2015Public Key Cryptography -- II

Extended Euclidian: a -1 mod n Main Idea: Looking for inverse of a mod n means looking for x such that x * a – y * n = 1. To compute inverse of a mod n, do the following: – Compute gcd(a, n) using Euclidean algorithm. – Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. – So you can obtain linear combination of r m and r m-1 that yields 1. – Work backwards getting linear combination of r i and r i-1 that yields 1. – When you get to linear combination of r 0 and r 1 you are done as r 0 =n and r 1 = a. 117/2/2015Public Key Cryptography -- II

Example – mod = 2 * = 2 * = 7 * Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1 So, mod 37 is /2/2015Public Key Cryptography -- II

Modular Exponentiation: Square and Multiply method Usual approach to computing x c mod n is inefficient when c is large. Instead, represent c as bit string b k-1 … b 0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z 2 mod n if b i = 1 then z = z* x mod n 137/2/2015Public Key Cryptography -- II

Example: mod z = z 2 mod n if b i = 1 then z = z* x mod n i b z =1*1*30 mod =30*30 mod =53*53 mod =37*37*30 mod =29*29 mod =71*71*30 mod 77 7/2/2015Public Key Cryptography -- II

Other Definitions An element g in G is said to be a generator of a group if a = g i for every a in G, for a certain integer i – A group which has a generator is called a cyclic group The number of elements in a group is called the order of the group Order of an element a is the lowest i (>0) such that a i = e A subgroup is a subset of a group that itself is a group 157/2/2015Public Key Cryptography -- II

Lagrange’s Theorem Order of an element in a group divides the order of the group 167/2/2015Public Key Cryptography -- II

Euler’s totient function Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n Fact: If p is prime then – {1,2,3,…,p-1} are relatively prime to p. 177/2/2015Public Key Cryptography -- II

Euler’s totient function Fact: If p and q are prime and n=pq then Each number that is not divisible by p or by q is relatively prime to pq. – E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} – pq-p-(q-1) = (p-1)(q-1) 187/2/2015Public Key Cryptography -- II

Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then If a is relatively prime to p then a p-1 = 1 mod p Proof : follows from Lagrange’s Theorem 197/2/2015Public Key Cryptography -- II

Euler’s Theorem and Fermat’s Theorem EG: Compute mod 17: p =17, so p-1 = = 6·16+4. Therefore, =9 6·16+4 =(9 16 ) 6 (9) 4. So mod 17 we have  (9 16 ) 6 (9) 4 (mod 17)  (1) 6 (9) 4 (mod 17)  (81) 2 (mod 17)  16 Public Key Cryptography -- II 7/2/201520

Some questions 2 -1 mod 4 =? What is the complexity of – (a+b) mod m – (a*b) mod m – a -1 mod (m) – x c mod (n) Order of a group is 5. What can be the order of an element in this group? 217/2/2015Public Key Cryptography -- II

Further Reading Chapter 4 of Stallings Chapter 2.4 of HAC 227/2/2015Public Key Cryptography -- II