Post on 30-Dec-2015
description
YSL Information Security -- Public-Key Cryptography 1
Prime and Relatively Prime Numbers
• Divisors: We say that b 0 divides a if a = mb for some m, where a, b and m are integers.
• b divides a if there is no remainder on division.
• The notation b|a is commonly used to mean that b divides a.
• If b|a, we say that b is a divisor of a.
YSL Information Security -- Public-Key Cryptography 2
Prime and Relatively Prime Numbers (cont’d)
• If a|1, then a = 1.
• If a|b and b|a, then a = b.
• Any b 0 divides 0.
• If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n.
YSL Information Security -- Public-Key Cryptography 4
Prime and Relatively Prime Numbers (cont’d)
2 3 5 7 11 1 3 1 7 1 9 2 3 2 9 3 1 3 7 4 1 4 3 4 7 5 3 5 9 6 1 6 7 7 1 7 3 7 9 8 3 8 9 9 7
1 0 1 1 0 3 1 0 7 1 0 9 11 3 1 2 7 1 3 1 1 3 7 1 3 9 1 4 9 1 5 1 1 5 7 1 6 3 1 6 7 1 7 3 1 7 9 1 8 1 1 9 1 1 9 3 1 9 7 1 9 9
2 1 1 2 2 3 2 2 7 2 2 9 2 3 3 2 3 9 2 4 1 2 5 1 2 5 7 2 6 3 2 6 9 2 7 1 2 8 1 2 8 3 2 9 3
3 0 7 3 11 3 1 3 3 1 7 3 3 1 3 3 7 3 4 7 3 4 9 4 4 9 4 5 7 4 6 1 4 6 3 4 6 7 4 7 9 4 8 7 4 9 1 4 9 9
4 0 1 4 0 9 4 1 9 4 2 1 4 3 1 4 3 3 4 3 9 4 4 3 4 4 9 4 5 7 4 6 1 4 6 3 4 6 7 4 7 9 4 8 7 4 9 1 4 9 9
5 0 3 5 0 9 5 2 1 5 2 3 5 4 1 5 4 7 5 5 7 5 6 3 5 6 9 5 7 1 5 7 7 5 8 7 5 9 3 5 9 9
6 0 1 6 0 7 6 1 3 6 1 7 6 1 9 6 3 1 6 4 1 6 4 3 6 4 7 6 5 3 6 5 9 6 6 1 6 7 3 6 7 7 6 8 3 6 9 1
7 0 1 7 0 9 7 1 9 7 2 7 7 3 3 7 3 9 7 4 3 7 5 1 7 5 7 7 6 1 7 6 9 7 7 3 7 8 7 7 9 7
8 0 9 8 11 8 2 1 8 2 3 8 2 7 8 2 9 8 3 9 8 5 3 8 5 7 8 5 9 8 6 3 8 7 7 8 8 1 8 8 3 8 8 7
9 0 7 9 11 9 1 9 9 2 9 9 3 7 9 4 1 9 4 7 9 5 3 9 6 7 9 7 1 9 7 7 9 8 3 9 9 1 9 9 7
1 0 0 9 1 0 1 3 1 0 1 9 1 0 2 1 1 0 3 1 1 0 3 3 1 0 3 9 1 0 4 9 1 0 5 1 1 0 6 1 1 0 6 3 1 0 6 9 1 0 8 7 1 0 9 1 1 0 9 3 1 0 9 7
11 0 3 1 1 0 9 1 11 7 11 2 3 11 2 9 1 1 5 1 1 1 5 3 11 6 3 11 7 1 1 1 8 1 1 1 8 7 11 9 3
1 2 0 1 1 2 1 3 1 2 1 7 1 2 2 3 1 2 2 9 1 2 3 1 1 2 3 7 1 2 4 9 1 2 5 9 1 2 7 7 1 2 7 9 1 2 8 3 1 2 8 9 1 2 9 1 1 2 9 7
1 3 0 1 1 3 0 3 1 3 0 7 1 3 1 9 1 3 2 1 1 3 2 7 1 3 6 1 1 3 6 7 1 3 7 3 1 3 8 1 1 3 9 9
1 4 0 9 1 4 2 3 1 4 2 7 1 4 2 9 1 4 3 3 1 4 3 9 1 4 4 7 1 4 5 1 1 4 5 3 1 4 5 9 1 4 7 1 1 4 8 1 1 4 8 3 1 4 8 7 1 4 8 9 1 4 9 3 1 4 9 9
1 5 11 1 5 2 3 1 5 3 1 1 5 4 3 1 5 4 9 1 5 5 3 1 5 5 9 1 5 6 7 1 5 7 1 1 5 7 9 1 5 8 3 1 5 9 7
1 6 0 1 1 6 0 7 1 6 0 9 1 6 1 3 1 6 1 9 1 6 2 1 1 6 2 7 1 6 3 7 1 6 5 7 1 6 6 3 1 6 6 7 1 6 6 9 1 6 9 3 1 6 9 7 1 6 9 9
1 7 0 9 1 7 2 1 1 7 2 3 1 7 3 3 1 7 4 1 1 7 4 7 1 7 5 3 1 7 5 9 1 7 7 7 1 7 8 3 1 7 8 7 1 7 8 9
1 8 0 1 1 8 1 1 1 8 2 3 1 8 3 1 1 8 4 7 1 8 6 1 1 8 6 7 1 8 7 1 1 8 7 3 1 8 7 7 1 8 7 9 1 8 8 91 9 0 1 1 9 0 7 1 9 1 3 1 9 3 1 1 9 3 3 1 9 4 9 1 9 5 1 1 9 7 3 1 9 7 9 1 9 8 7 1 9 9 3 1 9 9 7 1 9 9 9
Table 7.1 Primes under 2000
YSL Information Security -- Public-Key Cryptography 5
Prime and Relatively Prime Numbers (cont’d)
• The above statement is referred to as the prime number theorem, which was proven in 1896 by Hadaward and Poussin.
x (x) x/ln x ((x) ln x)/x103 168 144.8 1.160104 1229 1085.7 1.132105 9592 8685.9 1.104106 78498 74382.4 1.085107 664579 620420.7 1.071108 5761455 5428681.0 1.061109 50847534 48254942.4 1.0541010 455052512 434294481.9 1.048
YSL Information Security -- Public-Key Cryptography 7
Prime and Relatively Prime Numbers (cont’d)
• Whether there exists a simple formula to generate prime numbers?
• An ancient Chinese mathematician conjectured that if n divides 2n - 2 then n is prime. For n = 3, 3 divides 6 and n is prime. However, For n = 341 = 11 31, n dives 2341 - 2.
• Mersenne suggested that if p is prime then Mp = 2p - 1 is prime. This type of primes are referred to as Mersenne primes. Unfortunately, for p = 11, M11 = 211 -1 = 2047 = 23 89.
YSL Information Security -- Public-Key Cryptography 8
Prime and Relatively Prime Numbers (cont’d)
• Fermat conjectured that if Fn = 22n
+ 1, where n is a non-negative integer, then Fn is prime. When n is less than or equal to 4, F0 = 3, F1 = 5, F2 = 17, F3 = 257 and F4 = 65537 are all primes. However, F5 = 4294967297 = 641 6700417 is not a prime bumber.
• n2 - 79n + 1601 is valid only for n < 80.• There are an infinite number of primes of the form
4n + 1 or 4n + 3.• There is no simple way so far to gererate prime nu
mbers.
YSL Information Security -- Public-Key Cryptography 9
Prime and Relatively Prime Numbers (cont’d)
• Factorization of an integer as a product of prime numbers
• Example: 91 = 7 13; 11011 = 7 112 13.
• Useful for checking divisibility and relative primality to be discussed later.
• Factorization is in gereral difficult.
YSL Information Security -- Public-Key Cryptography 10
Prime and Relatively Prime Numbers (cont’d)
• Define notation gcd(a,b) to mean the greatest common divisor of a and b.
• The positive integer c is said to be the gcd of a and b if– c|a and c|b– any divisor of a and b is a dividor of c.
• Equivalently, gcd(a,b) = max[k, such that k|a and k|b]
• gcd(a,b) = gcd(-a,b) = gcd(a,-b) = gcd(-a,-b) =gcd(|a|,|b|)
YSL Information Security -- Public-Key Cryptography 11
Prime and Relatively Prime Numbers (cont’d)
• gcd(a,0) = |a|.• Factorization is one possible but in general in
efficient way to calculate gcd. Whereas, Euclid‘s algorithm (to be discussed later) is more efficient.
• Relative primality– the integers a and b are relatively prime if they ha
ve no prime factors in common– or equivalently, their only common factor is 1– or equivalently, gcd(a,b) = 1
YSL Information Security -- Public-Key Cryptography 13
Modular Arithmetic (cont’d)
• Examples:– a = 11; n = 7; 11 = 1 7 + 4; r = 4.– a = -11; n = 7; -11 = (-2) 7 + 3; r = 3.
• If a is an integer and n is a positive integer, define a mod n to be the remainder when a is divided by n.
• Then, a = a/n n + (a mod n);Example: 11 mod 7 = 4; -11 mod 7 = 3.
YSL Information Security -- Public-Key Cryptography 14
Modular Arithmetic (cont’d)
The modulo operator has the following properties:
1. a≡ b mod n if n|(a-b).2. (a mod n)=(b mod n) implies a≡ b mod n.3. a≡ b mod n implies b≡ a mod n.4. a≡ b mod n and b≡ c mod n imply a≡ c mod n.
23≡ 8 (mod 5) because 23-8=15=5× 3-11≡ 5 (mod 8) because -11-5=-16=8× (-2)81≡ 0 (mod 27) because 81-0=81=27× 3
YSL Information Security -- Public-Key Cryptography 15
Modular Arithmetic (cont’d)
• Properties of modular arithmetic operations
• Proof of Property 1:Define (a mod n) = ra and (b mod n) = rb. Then a = ra + jn and b =
rb + kn for some integers j and k. Then,
(a+b) mod n = (ra + jn + rb + kn) mod n
= (ra + rb + (j + k)n) mod n
= (ra + rb) mod n = [(a mod n) + (b mod n)] mod n
1. [(a mod n)+(b mod n)] mod n=(a+b) mod n2. [(a mod n)-(b mod n)] mod n=(a-b) mod n3. [(a mod n) × (b mod n)] mod n=(a × b) mod n
YSL Information Security -- Public-Key Cryptography 16
Modular Arithmetic (cont’d)
11 mod 8=3; 15 mod 8=7[(11 mod 8)+(15 mod 8)] mod 8=10 mod 8=2(11+15) mod 8=26 mod 8=2[(11 mod 8)-(15 mod 8)] mod 8=-4 mod 8=4(11-15) mod 8=-4 mod 8=4[(11 mod 8)× (15 mod 8)] mod 8=21 mod 8=5(11× 15)mod 8=165 mod 8=5
Examples for the above three properties
YSL Information Security -- Public-Key Cryptography 17
Modular Arithmetic (cont’d)
• Properties of modular arithmetic– Let Zn = {0,1,2,…,(n-1)} be the set of residues
modulo n.Property ExpressionCommunicative laws
Associative laws
Distributive lawIdentities
Additive inverse(-w)
(w+x) mod n = (x+w) mod n(w× x) mod n = (x× w) mod n[(w+x)+y] mod n = [w+(x+y)] mod n[(w× x)× y] mod n = [w× (x× y)] mod n[w× (x+y)] mod n = [(w× x)+(w× y)] mod n(0+w) mod n = w mod n(1× w) mod n = w mod nFor each wZn, there exists a z such that w+z≡ 0 mod n
YSL Information Security -- Public-Key Cryptography 18
Modular Arithmetic (cont’d)
• Properties of modular arithmetic (cont’d)– if (a + b) (a + c) mod n, then b c mod n (due to
the existence of an additive inverse)– if (a b) (a c) mod n, then b c mod n (only if
a is relatively prime to n; due to the possible absence of a multiplicative inverse)
e.g. 6 3 = 18 2 mod 8 and 6 7 = 42 2 mod 8 but 3 7 mod 8 (6 is not relatively prime to 8)– If n is prime then the property of multiplicative
inverse holds (from a ring to a field).
YSL Information Security -- Public-Key Cryptography 19
Modular Arithmetic (cont’d)
• Properties of modular arithmetic (cont’d)Table 7.3 Arithmetic Modulo 7
+ 0 1 2 3 4 5 60 0 1 2 3 4 5 61 1 2 3 4 5 6 02 2 3 4 5 6 0 13 3 4 5 6 0 1 24 4 5 6 0 1 2 35 5 6 0 1 2 3 46 6 0 1 2 3 4 5
(a)Addition modulo7
* 0 1 2 3 4 5 60 0 0 0 0 0 0 01 0 1 2 3 4 5 62 0 2 4 6 1 3 53 0 3 6 2 5 1 44 0 4 1 5 2 6 35 0 5 3 1 6 4 26 0 6 5 4 3 2 1
(b)Multiplication modulo7
w -w w^-10 0 ---1 6 12 5 43 4 54 3 25 2 36 1 6
(c)Additive and multiplicative inverses modulo 7
YSL Information Security -- Public-Key Cryptography 20
Fermat’s and Euler’s Theorems
• Fermat’s theorem
Fermat’s Theorem
Fermat’s theorem states the following: If p is prime and a is a positive integer not
divisible by p,then
a^(p-1)≡ 1 mod p (7.3)
Proof:From our previous discussion, we know that if all the elements of Zp are
multiplied by a, modulo p, the result consists of the elements of Zp in some order.
Furthermore, a*0≡ 0 mod p. Therefore, the (p-1) numbers {a mod p, 2a mod p, …,(p-1)a
mod p}are just the numbers {1,2,…,(p-1)}in some order. Multiply these number together:
a * 2a * … * ((p-1)a) ≡ [(a mod p) * (2a mod p) * … *((p-1)a mod p)]mod p
≡ (p-1)! mod p
But
a * 2a * … *((p-1)a) = (p-1)!a (p-1)
Therefore,
(p-1)!a (p-1) ≡ (p-1)! mod p
We can cancel the (p-1)! term because it is relatively prime to p [see Equation (7.2)]. This
yields Equation (7.3).
a = 7,p = 19
7 2 = 49 ≡ 11 mod 19
7 4 ≡ 121 ≡ 7 mod 19
7 8 ≡ 49 ≡ 11 mod 19
7 16 ≡ 121 ≡ 7 mod 19
a (p-1) = 7 18 = 7 16 * 7 2 ≡ 7*11 ≡ 1 mod 19
YSL Information Security -- Public-Key Cryptography 21
Fermat’s and Euler’s Theorems (cont’d)
• Fermat’s theorem (cont’d)– alternative form
if p is prime and a is any positive integer, then
ap a mod p
example: p = 5, a = 3, 35 = 243 3 mod 5
YSL Information Security -- Public-Key Cryptography 22
Fermat’s and Euler’s Theorems (cont’d)
• Euler’s totient functionTable 7.4 Some Values of Euler’s Totient Function φ( n)
n φ (n)1 12 13 24 25 46 27 68 49 610 4
n φ (n)11 1012 413 1214 615 816 817 1618 619 1820 8
n φ (n)21 1222 1023 2224 825 2026 1227 1828 1229 2830 8
YSL Information Security -- Public-Key Cryptography 24
Fermat’s and Euler’s Theorems (cont’d)
• Euler’s totient function (cont’d)– if n is the product of two primes p and q
φ(n) = pq – [(q – 1)+(p –1) + 1]
= pq – (p + q) + 1
= (p – 1) (q – 1)
= φ (p) φ (q)
YSL Information Security -- Public-Key Cryptography 25
Fermat’s and Euler’s Theorems (cont’d)
• Euler’s theoremE u l e r ’ s t h e o r e m s t a t e s t h a t f o r e v e r y a a n d n t h a t a r e r e l a t i v e l y p r i m e ,
na n mo d1
11mo d11 0 2 42;1 0)11(;11;2
1 0mo d18 13;4)1 0(;1 0;31 0
4
na
na
P r o o f : E q u a t i o n ( 7 . 5 ) i s t r u e i f n i s p r i m e , b e c a u s e i n t h a t c a s e )1()( nn , a n d
F e r m a t ’ s t h e o r e m h o l d s . H o w e v e r , i t a l s o h o l d s f o r a n y i n t e g e r n . R e c a l l t h a t )( n
i s t h e n u m b e r o f p o s i t i v e i n t e g e r s l e s s t h a n n t h a t a r e r e l a t i v e l y p r i m e t o n . C o n s i d e r
t h e s e t o f s u c h i n t e g e r s , l a b e l e d a s f o l l o w s :
},,,{ )(21 nxxxR
N o w m u l t i p l y e a c h e l e m e n t b y a , m o d u l o n :
)}mo d(,),mo d(),mo d{( )(21 na xna xna xS n
( 7 . 5 )
YSL Information Security -- Public-Key Cryptography 26
Fermat’s and Euler’s Theorems (cont’d)
• Euler’s totient function (cont’d)T h i s s e t i s a p e r m u t a t i o n o f R , b y t h e f o l l o w i n g l i n e o f r e a s o n i n g :
1 . B e c a u s e a i s r e l a t i v e l y p r i m e t o n a n d ix i s r e l a t i v e l y p r i m e t o n , iax m u s t a l s o b e r e l a t i v e l y
p r i m e t o n .
2 . T h e r e a r e n o d u p l i c a t e s i n S . R e f e r t o E q u a t i o n ( 7 . 2 ) . I f iax m o d n = jax m o d n , t h e n ji xx .T h e r e f o r e ,
)(mod1
)(mod
)(mod
)mod(
)(
)(
1
)(
1
)(
)(
1
)(
1
)(
1
)(
1
na
nxxa
nxax
xnax
n
n
ii
n
ii
n
n
ii
n
ii
n
ii
n
ii
A n a l t e r n a t i v e f o r m o f t h e t h e o r e m i s a l s o u s e f u l :
)(mod1)( naa n ( 7 . 6 )
YSL Information Security -- Public-Key Cryptography 27
Testing for Primality
• If p is an odd prime, then the equation
x2 1 (mod p) has only two solutions, 1 and -1.x²≡ 1 (mod 7) x²≡ 1 (mod 8)Using Table 7.3b: Using Table 7.2b:1²≡ 1 mod 7 1²≡ 1 mod 86²≡ 36 mod 7≡ 1 mod 7;6≡ -1 mod7
3²≡ 9 mod 8≡ 1 mod 8
Solutions: 1, -1 5²≡ 25 mod 8≡ 1 mod 8;5≡ -3 mod 87²≡ 49 mod 8≡ 1 mod 8;7≡ -1 mod 8Solutions: 1, -1, 3, -3
YSL Information Security -- Public-Key Cryptography 29
Testing for Primality (cont’d)
• Probabilistic primality testWITNESS (a, n)
1. let bkbk-1…b0 be the binary representation of (n-1)
2. d 1
3. for i k downto 0
4. do x d
5. d (d× d) mod n
6. if d=1 and x≠ 1 and x≠ n-1
7. then return TRUE
8. if bi=1
9. then d (d× a) mod n
10. if d≠ 1
11. then return TRUE
12. return FALSE
YSL Information Security -- Public-Key Cryptography 31
Euclid’s Algorithm (cont’d)
EUCLID(d,f)
1. X ← f ; Y← d
2. If Y=0 return X=gcd(d,f)
3. R=X mod Y
4. X← Y
5. Y← R
6. Go to 2
YSL Information Security -- Public-Key Cryptography 34
Extended Euclid’s Algorithm
EXTENDED EUCLID(d,f)
1.(X1,X2,X3) ←(1,0,f);(Y1,Y2,Y3) ←(0,1,d)
2.if Y3=0 return X3=gcd(d,f); no inverse
3.if Y3=1 return Y3=gcd(d,f); Y2=d-1 mod f
4.Q=
3
3
Y
X
5.(T1,T2,T3) ← (X1-QY1,X2-QY2,X3-QY3)
6.(X1,X2,X3) ← (Y1,Y2,Y3)
7.(Y1,Y2,Y3) ← (T1,T2,T3)
8. goto 2
YSL Information Security -- Public-Key Cryptography 37
Discrete Logarithms
Table 7.6 Powers of Integers, Modulo 19
a 2a
3a
4a
5a
6a
7a
8a
9a
10a
11a
12a
13a
14a
15a
16a
17a
18a
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 12 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 13 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 14 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 15 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 16 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 17 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 18 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 19 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 110 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 111 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 112 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 113 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 114 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 115 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 116 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 117 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 118 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1
YSL Information Security -- Public-Key Cryptography 38
Discrete Logarithms (cont’d)
Table 7.7 Tables of Discrete Logarithms, Modulo 19
(a) Discrete logarithms to the base 2, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind2,19(a) 18 1 13 2 16 14 6 3 8 17 12 15 5 7 11 4 10 9
(b) Discrete logarithms to the base 3, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind3,19(a) 18 7 1 14 4 8 6 3 2 11 12 15 17 13 5 10 16 9
(c) Discrete logarithms to the base 10, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind10,19(a) 18 17 5 16 2 4 12 15 10 1 6 3 13 11 7 14 8 9
(d) Discrete logarithms to the base 13, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind13,19(a) 18 11 17 4 14 10 12 15 16 7 6 3 1 5 13 8 2 9
(e) Discrete logarithms to the base 14, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind14,19(a) 18 13 7 8 10 2 6 3 14 5 12 15 11 1 17 16 14 9
(f) Discrete logarithms to the base 15, modulo 19
a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18Ind15,19(a) 18 5 11 10 8 16 12 15 4 13 6 3 7 17 1 2 12 9s