Cryptography Lecture 14 Arpita Patra © Arpita Patra.

Slides:



Advertisements
Similar presentations
1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Advertisements

Cryptography and Network Security
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
Cryptography Lecture 8 Arpita Patra. Quick Recall and Today’s Roadmap >> Hash Functions- stands in between public and private key world >> Key Agreement.
Number Theory and Cryptography
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Cryptography and Network Security Chapter 4
6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Congruence Classes Z n = {[0] n, [1] n, [2] n, …, [n - 1] n } = the set of congruence classes modulo n.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Mathematics of Cryptography Part I: Modular Arithmetic, Congruence,
Slide 10-1 Copyright © 2005 Pearson Education, Inc. SEVENTH EDITION and EXPANDED SEVENTH EDITION.
Fall 2002CMSC Discrete Structures1 Let us get into… Number Theory.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
Mathematics of Cryptography Part I: Modular Arithmetic, Congruence,
Great Theoretical Ideas in Computer Science.
Mathematics of Cryptography Part I: Modular Arithmetic
Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8
RSA and its Mathematics Behind
Prelude to Public-Key Cryptography Rocky K. C. Chang, February
CompSci 102 Discrete Math for Computer Science February 16, 2012 Prof. Rodger.
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Chapter 4 – Finite Fields
Data Security and Encryption (CSE348) 1. Lecture # 12 2.
RSA and its Mathematics Behind July Topics  Modular Arithmetic  Greatest Common Divisor  Euler’s Identity  RSA algorithm  Security in RSA.
Chinese Remainder Theorem Dec 29 Picture from ………………………
Information Security Lab. Dept. of Computer Engineering 87/121 PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular.
Foundations of Discrete Mathematics Chapter 4 By Dr. Dalia M. Gil, Ph.D.
Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena.
Ryan Henry I 538 /B 609 : Introduction to Cryptography.
MA/CSSE 473 Day 08 Extended Euclid's Algorithm Modular Division Fermat's little theorem.
Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.
Tuesday’s lecture: Today’s lecture: One-way permutations (OWPs)
Great Theoretical Ideas in Computer Science for Some.
Modular Arithmetic and the RSA Cryptosystem Great Theoretical Ideas In Computer Science John LaffertyCS Fall 2005 Lecture 9Sept 27, 2005Carnegie.
Introduction to Number Theory
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.
Chapter 13 Mathematic Structures 13.1 Modular Arithmetic Definition 1 (modulo). Let a be an integer and m be a positive integer. We denoted by a mod m.
Great Theoretical Ideas in Computer Science.
Great Theoretical Ideas In Computer Science COMPSCI 102 Fall 2010 Lecture 16October 27, 2010Duke University Modular Arithmetic and the RSA Cryptosystem.
Divisibility and Modular Arithmetic
Ch04-Number Theory and Cryptography 1. Introduction to Number Theory Number theory is about integers and their properties. We will start with the basic.
Chapter 4 With Question/Answer Animations 1. Chapter Motivation Number theory is the part of mathematics devoted to the study of the integers and their.
Number Theory Lecture 1 Text book: Discrete Mathematics and its Applications, 7 th Edition.
Great Theoretical Ideas in Computer Science.
Modular Arithmetic and the RSA Cryptosystem Great Theoretical Ideas In Computer Science Steven RudichCS Spring 2005 Lecture 8Feb 3, 2005Carnegie.
Number-Theoretic Algorithms
Advanced Algorithms Analysis and Design
Lecture 3.2: Public Key Cryptography II
MATH301- DISCRETE MATHEMATICS Copyright © Nahid Sultana Dr. Nahid Sultana Chapter 4: Number Theory and Cryptography.
Number Theory and Modular Arithmetic
Cryptography Lecture 22.
Lecture 20 Guest lecturer: Neal Gupta
Cryptography Lecture 21.
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
Lecture 3.1: Public Key Cryptography I
Cryptography Lecture 18.
Cryptography Lecture 17.
Cryptography Lecture 20.
Cryptography Lecture 16.
Cryptography Lecture 21.
Cryptography Lecture 19.
Presentation transcript:

Cryptography Lecture 14 Arpita Patra © Arpita Patra

Today’s Goal -OWP (from RSA assumption) from Number Theory o Modular Arithmetic o Groups & Finite Groups & Some Properties

Modular Arithmetic [a mod N] = remainder when a is divided by N Notation: r is denoted as [a mod N] Proposition: Given a and N, there always exist integers q and r such that: a = q N + r, where 0  r < N Definition (Reduction modulo N): The process of mapping an integer a to [a mod N] is called reduction modulo N

Easy way of Modular Reduction  To do reduction modulo N, always imagine a clock with marks 0, 1, …, N-1  Find [a mod N] in the clock notation as follows:  If a is positive: start counting from 0 in the clock in a clock-wise direction and stop after counting a times --- the final mark represents [a mod N]  If a is negative: start counting from 0 in the clock in an anti clock-wise direction and stop after counting a times --- the final mark represents [a mod N]  Ex: N =  [5 mod 4] =  [-7 mod 4] =

Congruence Modulo N  a and b are mapped to the same r Definition (Congruence Modulo N): If [a mod N] = [b mod N], then a is said to be congruent to b modulo N  Notation: a = b mod N;  a = b mod N  N divides (a - b)  Note that a = [b mod N] is different; modulo reduction done on b ONLY 36 = 21 mod 15, but 36 =/= 6 Proposition: Congruence modulo N is an equivalence relation: Reflexive, symmetric & transitive

Standard Rules of Arithmetic for Congruence mod N  Yes, trivially for Addition. Subtraction and Multiplication  If a = a’ mod N and b = b’ mod N then a + b = a’ + b’ mod N  If a = a’ mod N and b = b’ mod N then a – b = a’ - b’ mod N  If a = a’ mod N and b = b’ mod N then a * b = a’ * b’ mod N  Reduce and then add/subtract/multiply  Instead of add/subtract/multiply and then reduce  Example: Compute [ * mod 100]  Option I : first compute * and then reduce mod 100  Option II : first reduce and mod 100 and get 28 and 1 respectively. Then compute 28* 1 and reduce mod 100  Definitely option II is far better than option I

Division for Modular Arithmetic  If b is invertible modulo N (i.e. b -1 exists) then division by b modulo N is defined as: [a/b mod N] = [ab -1 mod N] def  If ab = cb mod N and if b is invertible then a = c mod N  “Dividing” each side by b (which actually means multiplying both sides by b -1 )  Which integers b are invertible modulo a given modulus N ? Proposition: Given integers b and N, with b  1 and N > 1, then b is invertible modulo N if and only if gcd(b, N) = 1 (i.e. b & N are relatively prime). Proof (<=): Inverse finding algorithm (if the number is invertible) --- Extended Euclid (GCD) algorithm  Given any b, N, the Extended Euclid algorithm outputs X and Y such that bX + NY = gcd(b, N)  If gcd(b, N) = 1 then above equation implies that bX + NY = 1  Taking mod N both sides gives bX = 1 mod N  b -1 = [X mod N]

Algorithms for Modular Arithmetic  Let |N| = n --- number of bits to represent N : n =  (log N)

Group Definition(Group): A group is a set G along with a binary operation o satisfying the following axioms :  Closure : for every g, h  G, the value g o h  G  Associativity: for every g 1, g 2, g 3  G, (g 1 o g 2 ) o g 3 = g 1 o (g 2 o g 3 )  Existence of Identity Element: there exists an identity element e  G, such that for all g  G  (e o g) = g = (g o e)  Existence of Inverse: for every g  G, there exists an element h  G, such that  (g o h) = e = (h o g) Definition (Order of a Group:) If G has finite number of elements, then |G| denotes the number of elements in G and is called the order of G Definition(Abelian Group:) If G satisfies the following additional property then it is called a commutative (Abelien) group: For every g, h  G, (g o h) = (h o g) Proposition: There exists only one identity element in a group. Every element in a group has a unique inverse

Group Theory  Closure and associativity holds  The integer 0 is the identity element --- for every integer x, 0 + x = x = x + 0  For every integer x, there exists an integer –x, such that x + (-x) = 0 = (-x) + x  For any two integers x, y, we have x + y = y + x --- commutativity We are interested only in Finite groups

Finite Groups - Closure, commutative and associativity holds --- trivial to verify - Element (N - a) is additive inverse of a modulo N - Will every element have an inverse ?  Element a will have an inverse if and only if gcd(a, N) = 1

Finite Groups  Element 1 is the identity element. Every element is invertible. Associativity holds.  Claim: gcd(N, [ab mod N]) = 1--- element [ab mod N] has multiplicative inverse [b -1 a -1 mod N]

Group Order and Identity Element Theorem: Let (G, o) be a group of order m, with identity element e. Then for every element g  G: g o g o … o g = e m times I.e. Any group element composed with itself m times results in the identity element Proof: Let G = {g 1, …, g m } --- for simplicity assume G to be an Abelian group Let g be an arbitrary element of G  Claim: elements (g o g 1 ), (g o g 2 ), …, (g o g m ) are all distinct  On contrary if for distinct g i, g j, we have (g o g i ) = (g o g j )  (g -1 o g o g i ) = (g -1 o g o g j )  g i = g j  Thus {(g o g 1 ), (g o g 2 ), …, (g o g m )} = G  So g 1 o g 2 o … o g m = (g o g 1 ) o (g o g 2 ) o … o (g o g m ) -- (both side we have all the elements of G) = (g o g o … o g) o (g 1 o g 2 o … o g m ) –- (by associative and commutative property) e = (g o g o … o g) o e -- (multiply by (g 1 o g 2 o … o g m ) -1 both sides) e = (g o g o … o g) -- (a o e = a)

 N is a prime number, say p  N = p.q, where p and q are primes  Which numbers in {1, 2, …, N-1} are not relatively prime to N ?  Numbers which are divisible by p --- q-1 such numbers  Numbers which are divisible by q --- p-1 such numbers  Numbers which are divisible by both p and q such number  How many numbers in {1, 2, …, N-1} are not relatively prime to N ? --- p + q - 2  How many numbers in {1, 2, …, N-1} are relatively prime to N ? --- N -1 - p – q + 2 = (p-1)(q-1)  (N) = order of the above group

o [[[[[a. a mod N]. a mod N]. a mod N]. a mod N]. …. a mod N] = [a  (N) mod N] = 1  (N) times - If N is a prime number, say p, then for any a  {1, 2, …, p-1}, we have : o [a p-1 mod p] = 1 Theorem: Let (G, o) be a group of order m, with identity element e. Then for every element g  G: g o g o … o g = e m times I.e. Any group element composed with itself m times results in the identity element  If N is a composite number, p.q, then for any a we have : o [a ( p-1)(q-1) mod N] = 1

o f d (f e (g)) = f d (g e ) = g ed = g [ed mod m] =g 1 = g RSA OWF: f(N,e,x) = (N, e, x e mod N)

RSA Assumption GenRSA (1 n ): N; product of two n-bit primes e; gcd(e,  (N)) = 1 Experiment RSA-inv (n) A, GenRSA I can break RSA PPT A(1 n ) Let me verify - Run GenRSA to obtain N, e y = x e mod N x Game Output x e = y A won x e  y A lost The RSA problem is hard relative to GenRSA, if for every PPT algorithm A, there is a negligible function negl() : negl(n) Pr RSA-inv (n) A, GenRSA = 1  RSA assumption: the above is true!!

Samp(1 n, I): Uniform element from D I f(1 n, I, x): y - All the above algorithms must be easy (PPT) negl(n) - Pr Invert (n)= 1  f(1 n, I, x): x e mod N

Group Exponentiation in Groups  Exponentiation: applying same operation on the same element a number of times in a group (G, o)  g m = g o g o … o g (m times) def  g -m = (g -1 o g -1 o … o g -1 ) (m times) def  g 0 = e, the group identity element def  mg = g o g o … o g (m times) def  -mg = (-g + -g + … + -g) (m times) def  0g = e, the group identity element def Using Multiplication Notation: Using Addition Notation: