Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular.

Published byMorgan Nichols Modified over 9 years ago

Similar presentations

Presentation on theme: "Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular."— Presentation transcript:

1 Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular arithmetic RSA –factoring is hard RSA –factoring is hard Primality testing Primality testing

2 Addition 53+35=88 53+35=88 Cost? (n – number of bits) Cost? (n – number of bits) O(n) O(n)

3 Multiplication 13x11=143 13x11=143 Cost? Cost? O(n 2 ) O(n 2 )

4 al-Khwārizmī Operations Operations determining parity (even or odd) determining parity (even or odd) addition addition duplation (doubling a number, left shift) duplation (doubling a number, left shift) mediation (halving a number, rounding down, right shift) mediation (halving a number, rounding down, right shift)

5 al-Khwārizmī Cost? Cost? O(n 2 ) O(n 2 ) Can we do better? Can we do better?

6 Division Cost? Cost?

7 Modular arithmetic A system for dealing with restricted ranges of integers A system for dealing with restricted ranges of integers Addition Addition x+y mod N, assuming x, y <N x+y mod N, assuming x, y <N O(n), n - number of bits N has (size of input) O(n), n - number of bits N has (size of input) (x+y mod N = x+y or x+y-N) Multiplication Multiplication x*y mod N x*y mod N ?

8 Modular arithmetic

9 RSA Ron Rivest, Adi Shamir, Leonard Adleman (1977) Ron Rivest, Adi Shamir, Leonard Adleman (1977) Algorithm for public-key cryptography, based on the presumed difficulty of the factoring problem. Algorithm for public-key cryptography, based on the presumed difficulty of the factoring problem. 2002 A.M. Turing Award 2002 A.M. Turing Award 2002 A.M. Turing Award 2002 A.M. Turing Award RSA is one of the most used cryptographic protocols on the net. Your browser uses it to establish a secure session with a site. RSA is one of the most used cryptographic protocols on the net. Your browser uses it to establish a secure session with a site. Needed for implementing RSA: Needed for implementing RSA: FLT (Fermat’s Little Theorem) FLT (Fermat’s Little Theorem) Fast Exponentiation Fast Exponentiation Extended Euclidean Algorithm Extended Euclidean Algorithm Modular inverses Modular inverses CRT (Chinese Remainder Theorem) CRT (Chinese Remainder Theorem)

10 Turing Lecture on Early RSA Days, Ronald L. Rivest

11

12 In April 2012, the factorization of 143 is achieved.

13 RSA public-key cryptosystem In a public-key cryptosystem, everyone has a public key and a secret key. Suppose Alice and Bob are two participants. Alice P A, S A Bob P B, S B The keys specify 1-1 functions from message M to itself: M= S A (P A (M)) M= P A (S A (M)) Communication channel P A (M) encryptdecrypt Encryption: M P A S A M Bob Alice

14 RSA Digital signatures: Communication channel S A (M) Accept =? SASA PAPA MM BobAlice

15 RSA algorithm Select at random 2 large prime numbers p & q; Select at random 2 large prime numbers p & q; ( p & q might be, say, 100 decimal digits each. ) Compute n: n = pq; Compute n: n = pq; Select an odd integer e that is relatively prime to Select an odd integer e that is relatively prime to  (n) = (p-1)(q-1); Compute d as the multiplicative inverse of e, modulo  (n); Compute d as the multiplicative inverse of e, modulo  (n); (de  1 mod  (n)) Publish P = (e, n) as the RSA public key; Publish P = (e, n) as the RSA public key; Keep secret S = (d, n) as the RSA secret key. Keep secret S = (d, n) as the RSA secret key. If M  Z n ={0,1,…,n-1}, P(M) = M e mod n S(C) = C d mod n, C=P(M).

16 RSA example Pick p = 47, q=71. n=pq=3337.  (n) = (p-1)(q-1)=46*70=3220, choose e=79 (at random). d =79 -1 mod 3220 = 1019. P A =(79, 3337). S A =(1019, 3337). Message: M = 6882326879666683 = 688 232 687 966 668 3 = 688 232 687 966 668 3 M1 = 688  688 79 mod 3337 = 1570 =C1 M2 = 232  232 79 mod 3337 = 2756 =C2 … C = 1570 2756 2091 2276 2423 158 C1 = 1570  1570 1019 mod 3337 = 688 =M1 … C2 = 158  158 1019 mod 3337 = 3 =M2

17 Another example n = 4559, e = 13. Smiley Transmits: “Last name Smiley” L A S T N A M E S M I L E Y L A S T N A M E S M I L E Y 1201 1920 0014 0113 0500 1913 0912 0525 1201 1920 0014 0113 0500 1913 0912 0525 1201 13 mod 4559, 1920 13 mod 4559, … 1201 13 mod 4559, 1920 13 mod 4559, … 1074 0116 1478 2150 3906 4256 1445 2462 1074 0116 1478 2150 3906 4256 1445 2462 m e mod n

18 RSA Bob receives the encrypted blocks c = m e mod n. He have a private decryption exponent d which when applied to c recovers the original blocks m : (m e mod n ) d mod n = m For n = 4559, e = 13 the decryptor d = 3397.

19 RSA n = 4559, d = 3397 1074 0116 1478 2150 3906 4256 1445 2462 1074 0116 1478 2150 3906 4256 1445 2462 1074 3397 mod 4559, 0116 3397 mod 4559, … 1074 3397 mod 4559, 0116 3397 mod 4559, … 1201 1920 0014 0113 0500 1913 0912 0525 1201 1920 0014 0113 0500 1913 0912 0525 L A S T N A M E S M I L E Y L A S T N A M E S M I L E Y

20 RSA Technical difficulties: How do we know the algorithm works correctly? How do we know the algorithm works correctly? How to pick large prime numbers? How to pick large prime numbers? Compute pq Compute pq How to choose e How to choose e Compute d Compute d How to compute M e, C d How to compute M e, C d Can any one break the code? Can any one break the code?

21 RSA If I want to encrypt credit card numbers, how big my p and q should be? If I want to encrypt credit card numbers, how big my p and q should be? If I want to encrypt words of four random characters from ASCII set, how big my p and q should be? If I want to encrypt words of four random characters from ASCII set, how big my p and q should be?

22 How to pick large prime numbers ?

23 Primality testing Hard, but much easier than factoring. Hard, but much easier than factoring. Fermat’s Little Theorem(~1640): Fermat’s Little Theorem(~1640): If p is prime, then  a, s.t. 1≤a<p, a p-1  1 (mod p). The numbers make us fail are called The numbers make us fail are called Fermat pseudoprime -extremely rare (ex. 2 340 =1mod341; Carmichael number 561, 2 560 =1mod561) Fermat pseudoprime -extremely rare (ex. 2 340 =1mod341; Carmichael number 561, 2 560 =1mod561) ?

24 Lagrange’s Prime Number Theorem Theorem: The number of prime numbers between 1 and x is “about” x/lnx. Not only are primes easy to detect, but they are also relatively abundant.

25 Carmichael number A number c is a Carmichael number if it is not a prime, and still for all prime divisors d of c it so happens that d-1divides c-1. The smallest Carmichael number is 561 = 3  11  17. If c is a Carmichael number and a is relatively prime to c, then a c-1  1 mod c.

26 Primality testing

27

28 Fermat's Last Theorem Fermat's Last Theorem states that x n + y n = z n has no non-zero integer solutions for x, y and z when n > 2.

29 RSA Technical difficulties: How do we know the algorithm works correctly? How do we know the algorithm works correctly? How to pick large prime numbers? How to pick large prime numbers? Compute pq Compute pq How to choose e How to choose e Compute d Compute d How to compute M e, C d ? How to compute M e, C d ? Can any one break the code? Can any one break the code?

30 How to compute M e, C d ?

31 Modular exponentiation In order to implement RSA, exponentiation relative some modulo needs to be done a lot. So this operation better be doable, and fast. Q: How is it even possible to compute 2853 3397 mod 4559 ? After all, 2853 3397 has approximately 3397·4 digits!

32 Modular exponentiation A: By taking the mod after each multiplication. For example: 23 3 mod 30  -7 3 (mod 30)  (-7) 2 ·(-7) (mod 30)  49 · (-7) (mod 30)  19·(-7) (mod 30)  -133 (mod 30)  17 (mod 30)

33 Modular exponentiation Therefore, 23 3 mod 30 = 17. Q: What if had to figure out 23 16 mod 30. Same way tedious: need to multiply 15 times. Is there a better way?

34 Modular exponentiation A: Better way. Notice that 16 = 2·2·2·2 so that 23 16 = 23 2·2·2·2 = (((23 2 ) 2 ) 2 ) 2 Therefore: 23 16 mod 30  (((-7 2 ) 2 ) 2 ) 2 (mod 30)  (((49) 2 ) 2 ) 2 (mod 30)  (((-11) 2 ) 2 ) 2 (mod 30)  ((121) 2 ) 2 (mod 30)  ((1) 2 ) 2 (mod 30)  (1) 2 (mod 30)  1(mod 30) Which implies that 23 16 mod 30 = 1. Q: How about 23 25 mod 30 ?

35 Modular exponentiation A: The previous method of repeated squaring works for any exponent that’s a power of 2. 25 isn’t. However, we can break 25 down as a sum of such powers: 25 = 16 + 8 + 1. Apply repeated squaring to each part, and multiply the results together. Previous calculation: 23 8 mod 30 = 23 16 mod 30 = 1 Thus: 23 25 mod 30  23 16+8+1 (mod 30) 

36 Modular exponentiation x 25 mod N x 25 mod N Cost? – polynomial time (n=logN) Cost? – polynomial time (n=logN)

37 Modular exponentiation How do we compute x y mod m, m>0? repeated squaring algorithm: mod-exp(x, y, m) if y = 0 then return(1) else z = mod-exp(x, y div 2, m) if y mod 2 = 0 then return(z * z mod m) else return(x * z * z mod m)

38 Compute d ?

39 Modular Inverse

40 GCD Greatest common divisor Greatest common divisor Example: Example:

41 Euclid Algorithm If a,b  Z +, apply division (mod) repeatedly as follows: a = q 1 b + r 1, where 0 < r 1 < b b = q 2 r 1 + r 2,where 0 < r 2 < r 1 r 1 = q 3 r 2 + r 3,where 0 < r 3 < r 2 …… r k-2 = q k r k-1 + r k,where 0 < r k-1 < r k r k-1 = q k+1 r k Then, r k = GCD(a,b). Then, r k = GCD(a,b). Proof: (1) r k |a, r k |b (2) if d|a, d|b, then d| r k.

42 Recursion Theorem  a,b  N, b  0, gcd(a,b) = gcd(b, a mod b). Proof : Let d = gcd(a,b).  d|a, d|b. d|a-qb = a mod b  d|b, d|a mod b  d|gcd(b, a mod b). Let d = gcd(b, a mod b).  d|b, d| a mod b. d|a-qb, d|b  d|a  d|gcd(a,b).  gcd(a,b) = gcd(b, a mod b).

43 Computing GCD Euclid gcd(x,y) { if y = 0 then return(x) else return(gcd(y,x mod y)) }

44 Euclid Algorithm Example: Computing gcd(125, 87) 125 = 1*87 + 38 87 = 2*38 + 11 87 = 2*38 + 11 38 = 3*11 + 5 38 = 3*11 + 5 11 = 2*5 + 1 11 = 2*5 + 1 5 = 5*1 5 = 5*1  gcd(125,87)=1 gcd(125,87) = 1 11  2*5 = 1 11  2*(38  3*11) = 1  2*38 + 7*11 = 1  2*38 + 7*(87  = 1 7*87    1 = 125*(  16) + 87*23 1 = as + bt

45 Extended Euclidean Algorithm  obtain gcd(a,b) and x,y, s.t. gcd(a,b) = ax+by. Extended-Euclid (a,b) Extended-Euclid (a,b) if (b= =0) return (a,1,0); (d’,x’,y’)=Extended-Euclid(b, a mod b); (d,x,y)=(d’, y’, x’-  a/b  y’); return (d,x,y); Ex: 4 1 0 5 4 20 4 0 1 0 4 4 5 -2 2 44 108 4 -7 51 4 -2 -7 4 12 4 -19 2 20 44 1 152 260 1 412 1 108 152 x q d y b a demo

46 Cost? Theorem: The algorithm above correctly computes the gcd of x and y in time O(n), where n is the total number of bits in the input (x; y)

47 Multiplicative Inverse Multiplicative inverse x of a, modulo n: ax = 1 mod n.  ax = kn+1 If gcd(a,n)=1, ax-kn = gcd(a,n).  ax+ny = gcd(a,n). Therefore, x can be found using extended Euclidean algorithm. Is the multiplicative inverse unique?

48 Multiplicative Inverse Theorem:  n>1, if gcd(a,n)=1, then ax=1 (mod n) has a unique positive solution, modulo n. Example: a = 79; n = 3220. x = 1019. ax = 80501 = 25*3220+1. x = -2201. ax = -173879 = -54*3220+1.

49 RSA Technical difficulties: How do we know the algorithm works correctly? How do we know the algorithm works correctly? How to pick large prime numbers? How to pick large prime numbers? Compute pq Compute pq How to choose e How to choose e Compute d Compute d How to compute M e, C d ? How to compute M e, C d ? Can any one break the code? Can any one break the code?

50 How do we know RSA works correctly? Chinese Remainder Theorem (~1700 old)

51 http://en.wikipedia.org/wiki/RSA_Factoring_C hallenge#The_prizes_and_records http://en.wikipedia.org/wiki/RSA_Factoring_C hallenge#The_prizes_and_records http://en.wikipedia.org/wiki/RSA_Factoring_C hallenge#The_prizes_and_records http://en.wikipedia.org/wiki/RSA_Factoring_C hallenge#The_prizes_and_records

Download ppt "Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular."

Similar presentations

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 19 Fall 2002.
MS 101: Algorithms Instructor Neelima Gupta

MS 101: Algorithms Instructor Neelima Gupta
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
Number Theory Presented by Shrividya Shivkumar and George Frederick.

Number Theory Presented by Shrividya Shivkumar and George Frederick.
Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.

Week 3 - Friday.  What did we talk about last time?  AES  Public key cryptography.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
and Factoring Integers (I)

and Factoring Integers (I)
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
and Factoring Integers

and Factoring Integers
Cryptography & Number Theory

Cryptography & Number Theory

Similar presentations

Ads by Google