Cryptography and Network Security - Number Theory | CS 549, Exams of Cryptography and System Security

Material Type: Exam; Professor: Li; Class: Cryptography and Network Security; Subject: Computer Science; University: Illinois Institute of Technology; Term: Unknown 1989;

Typology: Exams

Pre 2010

Uploaded on 08/16/2009

koofers-user-q89
koofers-user-q89 🇺🇸

9 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CS595-Cryptography and Network Security
Cryptography and Network Security
Number Theory
Xiang-Yang Li
CS595-Cryptography and Network Security
Introduction to Number Theory
Divisors
b|a if a=mb for an integer m
b|a and c|b then c|a
b|g and b|h then b|(mg+nh) for any int. m,n
Prime number
P has only positive divisors 1 and p
Relatively prime numbers
No common divisors for p and q except 1
CS595-Cryptography and Network Security
GCD
Greatest common divisor gcd(a,b)
The largest number that divides both a and b
Euclid's algorithm
Find the GCD of two numbers a and b, a<b
Use fact if a and b have divisor d so does a-
b, a-2b …
CS595-Cryptography and Network Security
Cont.
GCD (a,b) is given by:
let g0=b
g1=a
gi+1 =g
i-1 mod gi
when gi=0 then gcd(a,b) = gi-1
The algorithm terminates in O(log b) rounds
Why?
CS595-Cryptography and Network Security
Properties
For any two integers aand b
Exist integers mand n: gcd(a,b) =ma+bn
Example:
a=2, b=3; we choose m=-1, n=1 so –2+3=1
a=6, b=11; we choose m=2, n=-1 so 2*6-11=1
Simple proof?
Integer a can be factored as
a=p1a1 p2a2 p3a3…. pnan where piis prime number
CS595-Cryptography and Network Security
Modular Arithmetic
Congruence
a b mod n says when divided by nthat a and
b have the same remainder
It defines a relationship between all integers
a a
a b then b a
a b, b c then a c
pf3
pf4
pf5

Partial preview of the text

Download Cryptography and Network Security - Number Theory | CS 549 and more Exams Cryptography and System Security in PDF only on Docsity!

CS595-Cryptography and Network Security

Cryptography and Network Security

Number Theory

Xiang-Yang Li

CS595-Cryptography and Network Security

Introduction to Number Theory

 Divisors

 b|a if a=mb for an integer m  b|a and c|b then c|a  b|g and b|h then b|(mg+nh) for any int. m,n

 Prime number

 P has only positive divisors 1 and p

 Relatively prime numbers

 No common divisors for p and q except 1

CS595-Cryptography and Network Security

GCD

 Greatest common divisor gcd(a,b)

 The largest number that divides both a and b

 Euclid's algorithm

 Find the GCD of two numbers a and b, a<b

 Use fact if a and b have divisor d so does a-

b, a-2b …

CS595-Cryptography and Network Security

Cont.

 GCD (a,b) is given by:

 let g 0 =b  g 1 =a  gi+1 = gi-1 mod gi  when g (^) i =0 then gcd(a,b) = gi-

 The algorithm terminates in O( log b) rounds

 Why?

CS595-Cryptography and Network Security

Properties

 For any two integers a and b

 Exist integers m and n : gcd(a,b) = ma + bn  Example:  a=2, b=3; we choose m=-1, n=1 so –2+3=  a=6, b=11; we choose m=2, n=-1 so 2*6-11=  Simple proof?

 Integer a can be factored as

 a = p 1 a 1 p2a 2 p 3 a3…. pn an where p (^) i is prime number CS595-Cryptography and Network Security

Modular Arithmetic

 Congruence

 a ≡ b mod n says when divided by n that a and b have the same remainder  It defines a relationship between all integers  a ≡ a  a ≡ b then b ≡ a  a ≡ b, b ≡ c then a ≡ c

CS595-Cryptography and Network Security

Cont.

 addition

 (a+b) mod n ≡(a mod n) + (b mod n)

 subtraction

 a-b mod n ≡ a+(-b) mod n

 multiplication

 ab mod n  derived from repeated addition  Possible: ab ≡ 0 where neither a, b ≡ 0 mod n CS595-Cryptography and Network Security

Cont.

 Division

 a/b mod n  multiplied by inverse of b: a/b = ab -1^ mod n  b-1b ≡ 1 mod n  3 -1^ ≡7 mod 10 because 3*7 ≡ 1 mod 10  Inverse does not always exist!  Only when gcd(b,n)=

CS595-Cryptography and Network Security

Addition and Multiplication

 Integers modulo n with addition and

multiplication form a commutative ring

with the laws of

 Associativity  (a+b)+c ≡ a+(b+c) mod n  Commutativity  a+b ≡ b+a mod n  Distributivity  (a+b)c ≡ (ac)+(b*c) mod n

CS595-Cryptography and Network Security

Galois Field

 If n is constrained to be a prime number p

then this forms a Galois field modulo p

denoted GF(p) and all the normal laws

associated with integer arithmetic work

 Exponentiation

 b = a e^ mod p

 Discrete Logarithms

 find x where ax^ = b mod p

CS595-Cryptography and Network Security

Inverses and Euclid's Extended

GCD Routine

 If (a,n)=1 then the inverse always exists

 Can extend Euclid's algorithm to find

inverse by keeping track of gi = u i.n + vi.a

 Extended Euclid's (or binary GCD)

algorithm to find inverse of a number a mod

n (where (a,n)=1) is:

CS595-Cryptography and Network Security

Inverse

 Inverse(a,n) is given by:

 X=(x1,x2,x3)=(1,0,n); Y=(y1,y2,y3)=(0,1,a)  If y3=0 return x3=gcd(a,n); no inverse  If y3=1 return y3=gcd(a,n); y2=a -1^ mod n  Q=[x3/y3]  T=X-Q*Y  X=Y; Y=T  Goto 2 nd^ step

CS595-Cryptography and Network Security

Simple Fact

 Equation x^2 ≡ 1 mod p has only solutions 1,-

 If p is prime number  Simple proof: (x+1)(x-1)0 mod p  So if we find another solution, then p can not be prime number!  Miller and Rabin 1975,  Randomly chosen integer a  If a 21 mod p then p is not prime number  Integer a is called the witness  Otherwise p maybe, or maybe not a prime number CS595-Cryptography and Network Security

Witness Algorithm

 Witness(a,n)  Let b (^) kb (^) k-1…b 1 b 0 be the binary code of n-  Let d=  For i=k downto 0  x=d; d=d*d mod n  If d=1 and x1, and xn-  return TRUE  If b (^) i =1 then d=d*a mod n  Endfor  If d1 then return TRUE  Return FALSE

CS595-Cryptography and Network Security

Facts

 Analysis the result of witness  If returns TRUE, then n is not prime number  Find other solutions for x 21 mod n  Otherwise, n maybe prime number  Given odd n and random a  Witness fails with probability less than 0.  Run witness algorithm s times  If one time, it is TRUE  Then n is not prime number  Otherwise, Pr( n is prime)>1-2 -s CS595-Cryptography and Network Security

Randomized Methods

 Las Vegas Method  Always produces correct results  Runs in expected polynomial time  Monte Carlo Method  Runs in polynomial time  May produce incorrect results with bounded probability  No-Biased Monte Carlo Method  Answer yes is always correct, but the answer no may be wrong  Yes-biased Monte Carlo Method  Answer no is always correct, but the answer yes may be wrong

CS595-Cryptography and Network Security

Witness Algorithm

 Witness Algorithm is based on Monte Carlo

Method

 It actually test compositeness, not primality  When it reports yes, the number is always composite  When it reports no, input may be composite, prime  Probability Result  Pr(input=composite | ans=composite)= 1  Pr(ans=no | input=composite)<1/  Pr(input=composite | ans=no) ≤ 1/ CS595-Cryptography and Network Security

Time Complexity

 Each round of witness cost O(log n )

 Unit: integer multiplication and modular arithmetic

 So the primality testing cost O( s log n )

 The confidence is 1-2 -s^ if report prime  The confidence is 1 if report non-prime

CS595-Cryptography and Network Security

Primitive Root

 Order of integer

 The order of a modulo n is the smallest positive k such that a k≡1 mod n

 Primitive Root

 Integer a is a primitive root of n if the order of a modulo n is φ(n)  Not all integers have primitive root  Example n=pq for primes p and q  Prime p has φ(p-1) primitive roots CS595-Cryptography and Network Security

Discrete Logarithms

 Y ≡ gx^ mod p

 Compute x  Time complexity O(e(ln p)1/3(ln ln p)2/3)

CS595-Cryptography and Network Security

Quadratic Residue

 Quadratic Residue

 Integer b is a quadratic residue of integer n if

and only if x^2 ≡ b mod n has a solution for x

 Otherwise b is called quadratic nonresidue

 Given odd prime p,

 b is quadratic residue, iff b (p-1)/2 ≡ 1 mod n

 b is quadratic nonresidue, iff b (p-1)/2 ≡ -1 mod n

CS595-Cryptography and Network Security

Complexity Theory

 The input length of a problem is the

number n of symbols used to characterize it

 Function f(n) is order O(g(n)) if

 f(n)<=c*|g(n)|, for all n>=N 0 , for some c

 Polynomial time algorithm ( P )

 solves any instance of a particular problem with input length n in time O(p(n)), where p is a polynomial

CS595-Cryptography and Network Security

Cont.

 N on-deterministic polynomial time algorithm ( NP ) - is one for which any guess at the solution of an instance of the problem may be checked for validity in polynomial time.

 NP-complete problems - are a subclass of NP problems for which it is known that if any such problem has a polynomial time solution, then all NP problems have polynomial solutions.

 Co-NP : the complements of NP problems.