Software Security Seminar - 1 Chapter 11. Mathematical Background 발표자 : 안병희 Applied Cryptography

Software Security Seminar - 2 Contents 11.1 Information Theory 11.2 Complexity Theory 11.3 Number Theory 11.4 Factoring 11.5 Prime Number Generation 11.6 Discrete Logarithms In a Finite Field

Software Security Seminar - 3 Modular Arithmetic Definition a  b (mod n)  a - b is divisible by n a (mod n) is called “Residue” if 0  a < n. Example (Clock Arithmetic) 13  1 (mod 12) Modular Arithmetic is just like Normal Arithmetic! (a  b) (mod n) = ( a (mod n)  b (mod n) ) (mod n)  = +, -, *, / a^x (mod n) = (a * a * … * a ) (mod n)

Software Security Seminar - 4 Modular Reduction Methods 1.Montgomery’s Method 2.Barret’s Reduction

Software Security Seminar - 5 Prime Numbers Definition P ( > 1 ) is prime if and only if P is an integer whose factors are 1 and itself. Example 2, 3, 5, 7, …

Software Security Seminar - 6 Greatest Common Divisior Definition gcd ( a, b ) = the Greatest Common Divisior of a and b. a and b are relatively prime iff gcd(a,b) = 1. Euclid’s Algorithm gcd ( a, b ) = gcd ( a, b mod a)

Software Security Seminar - 7 Inverses Modulo a Number Objective For given a and n, Find x such that ax (mod n) = 1. Existence & Uniqueness The unique solution exists iff gcd(a, n) = 1. How to find? Use Euclid’s Algorithm r(0) = n, r(1) = a, s(0) = 0, s(1) = 1. r(I) = r(I-2) - q(I-1) r(I-1), where q(I-1) = r(I-2) / r(I-1) s(I) = s(I-2) - q(I-1) s(I-1)

Software Security Seminar - 8 Multiplicative Subgroup in {1, …, n} Fermat’s Little Theorem If n is prime, then a^n = a (mod n) Generalized Fermat’s Theorem Euler Function Phi(n) = The number of integer relatively prime to n Phi(p) = p - 1 for any prime number p n : arbitrary integer a^Phi(n) = a (mod n)

Software Security Seminar - 9 Chinese Remainder Theorem Problem Find a residue class x such that x mod p_I = a_I, where I = 1, 2, …, t and p_I ’s are distinct. Theorem There is a unique solution up to modulo n. Example Find x such that x mod 2 = 1 x mod 5 = 2 x mod 7 = 4

Software Security Seminar - 10 Quadratic Residue and Legendre(Jacobi) Symbol Definition a is quadratic residue mod p iff there exist x whose square is a mod p. L(a, p) is Legendre Symbol defined as L(a, p) = 0 if a is divisible by p L(a, p) = 1 if a is quadratic residue mod p L(a, p) = -1 otherwise. J(a, n) is Jacobi Symbol defined as J(a, p1*p2) = J(a, p1) * J(a, p2) J(a, p) = L(a, p) if p is prime

Software Security Seminar - 11 Contents 11.1 Information Theory 11.2 Complexity Theory 11.3 Number Theory 11.4 Factoring 11.5 Prime Number Generation 11.6 Discrete Logarithms In a Finite Field

Software Security Seminar - 12 Factoring The Factoring Problem is one of the oldest in Number Theory. Simple but Hard. Best Algorithms Number field sieve (NFS) Quadratic sieve (QS) Elliptic curve method (ECM) Monte Carlo algorithm Continued fraction algorithm Trial division Complexity O( exp ((1 + O(1))(ln(n))^(1/2)(ln ln n)^(1/2) )

Software Security Seminar - 13 Contents 11.1 Information Theory 11.2 Complexity Theory 11.3 Number Theory 11.4 Factoring 11.5 Prime Number Generation 11.6 Discrete Logarithms In a Finite Field

Software Security Seminar - 14 Primality Test Deterministic Polynomial time testing has developed by M.Agrawal. Probabilistic testing Solovay-Strassen Lehmann Rabin-Miller Prime Generation Generate Random n-bit number p Set the highest and lowest bit to 1. Primality Test If p fails one of test, restart.

Software Security Seminar - 15 Contents 11.1 Information Theory 11.2 Complexity Theory 11.3 Number Theory 11.4 Factoring 11.5 Prime Number Generation 11.6 Discrete Logarithms In a Finite Field

Software Security Seminar - 16 Discrete Logarithm Problem Discrete Logarithm Problem (DLP) For given a, b and n, Find the exponent x such that a^x = b mod n Example Find x such that 3^x = 15 mod 17 3^1 = 3, 3^2 = 9, 3^3 = 10, 3^4 = 13, 3^5 = 5, 3^6 = 15. x = 6 DLP is essentially the same as the Factoring problem.