RSA Algorithm and Modular Arithmetic - Prof. Krzysztof Gaj, Study notes of Cryptography and System Security

An introduction to the rsa algorithm, a public-key cryptosystem based on modular arithmetic. It covers the mathematical background of rsa, the concept of a trap-door one-way function, and the generation and use of rsa keys. The document also includes definitions and properties of the greatest common divisor, quotient and remainder, and congruent integers, as well as laws of modular arithmetic.

Typology: Study notes

Pre 2010

Uploaded on 02/10/2009

koofers-user-mj8
koofers-user-mj8 🇺🇸

10 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Mathematical Background:
Modular Arithmetic
ECE 646 - Lecture 5
Motivation:
Public-key ciphers
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download RSA Algorithm and Modular Arithmetic - Prof. Krzysztof Gaj and more Study notes Cryptography and System Security in PDF only on Docsity!

Mathematical Background:

Modular Arithmetic

ECE 646 - Lecture 5

Motivation:

Public-key ciphers

RSA as a trap-door one-way function

M C = f(M) = Me^ mod N C

M = f-1(C) = Cd^ mod N

PUBLIC KEY
PRIVATE KEY

N = P ⋅ Q P, Q - large prime numbers

e ⋅ d ≡ 1 mod ((P-1)(Q-1))

message ciphertext

RSA keys

PUBLIC KEY (^) PRIVATE KEY

{ e, N } { d, P, Q }

N = P ⋅ Q

e ⋅ d ≡ 1 mod ((P-1)(Q-1))

P, Q - large prime numbers

gcd(e, P-1) = 1 and gcd(e, Q-1) = 1

d:

P, Q:
N:

e:

Basic definitions

General Notation

Z – integers

∃ - there exists

  • for all

∃! - there exists unique

∈ - belongs to (^) ∉ - does not belong to

Divisibility

a | b iff ∃ c ∈ Z such that b = c ⋅ a

a | b a divides b a is a divisor of b

a | b a does not divide b a is not a divisor of b

True or False?

Greatest common divisor

Greatest common divisor of a and b , denoted by gcd( a , b ) ,

is the largest positive integer that divides both a and b.

d = gcd ( a , b ) iff 1) d | a and d | b

  1. if c | a and c | b then cd

gcd (8, 44) =

gcd (-15, 65) =

gcd (45, 30) =

gcd (31, 15) =

gcd (0, 40) =

gcd (121, 169) =

Relatively prime integers

Two integers a and b are relatively prime or co-prime

if gcd( a , b ) = 1

Properties of the greatest common divisor

gcd ( a , b ) = gcd ( a - kb , b ) for any k ∈∈∈∈ Z

Integers coungruent modulo n

Two integers a and b are congruent modulo n ( equivalent modulo n )

written a ≡≡≡≡ b iff

a mod n = b mod n or a = b + kn , k ∈∈∈∈ Z or

n | a - b

Laws of modular arithmetic

Rules of addition, subtraction and multiplication

modulo n

a + b mod n = (( a mod n ) + ( b mod n )) mod n

a - b mod n = (( a mod n ) - ( b mod n )) mod n

ab mod n = (( a mod n ) ⋅ ( b mod n )) mod n

9 · 13 mod 5 =

25 · 25 mod 26 =

Algorithms

Euclid’s Algorithm

for computing gcd(a,b)

i

  • 0 1

t - t

ri

r -2 = max (a, b) r -1 = min (a, b) r 0 r 1

rt-1 = gcd(a, b) rt =

qi

q - q 0 q 1

qt-

qi = ri - ri ri +1 = ri -1 - qi ⋅⋅⋅⋅ ri

ri +1 = ri -1 mod ri

Euclid’s Algorithm

Example: gcd(36, 126)

i

  • 0 1

ri

r -2 = max (a, b) = r -1 = min (a, b) = r 0 = 18 = gcd(36, 126) r 1 = 0

qi

q -1 = 3 q 0 = 2 q 1 qi = ri - ri ri +1 = ri -1 - qi ⋅⋅⋅⋅ ri

ri +1 = ri -1 mod ri

Multiplicative inverse modulo n

The multiplicative inverse of a modulo n is an integer [!!!]

x such that

a ⋅⋅⋅⋅ x ≡≡≡≡ 1 (mod n )

The multiplicative inverse of a modulo n is denoted by a -1^ mod n (in some books a or a*).

According to this notation: a ⋅⋅⋅⋅ a -1^ ≡≡≡≡ 1 (mod n )

Extended Euclid’s Algorithm

for computing z = a -1^ mod n

i

  • 0 1

t - t

ri

r -2 = n r -1 = a r 0 r 1

rt-1 = 1 rt =

xi

x -2= x -1= x 0 x 1

xt -1 = a -1^ mod n xt = ± n

qi

q -1 =

n/a  q 0 q 1

qt-

qi = ri - ri ri +1 = ri -1 - qi ⋅⋅⋅⋅ ri xi +1 = xi -1 - qi ⋅⋅⋅⋅ xi

Note: If rt -1 ≠≠≠≠ 1 the inverse does not exist

Extended Euclid’s Algorithm

Example z = 20-1^ mod 117

i

  • 0 1 2 3 4

ri

r -2 = 117 r -1 = 20 r 0 = 17 r 1 = 3 r 2 = 2 r 3 = 1 r 4 = 0

xi

x -2= 0 x -1= 1 x 0 =- x 1 = 6 x 2 = - x 3 = 41 = 20-1^ mod 117 x 4 = -

qi

q -1 = 5 q 0 = 1 q 1 = 5 q 2 = 1 q 3 = 2

qi = ri - ri ri +1 = ri -1 - qi ⋅⋅⋅⋅ ri xi +1 = xi -1 - qi ⋅⋅⋅⋅ xi

Check: (^20) ⋅ 41 mod 117 = 1

Motivation

Breaking ciphers

Historical ciphers

Affine Cipher

ci = f(mi) = k 1 ⋅ mi + k 2 mod 26

mi = f-1(ci) = k 1 -1^ ⋅ (ci - k 2 ) mod 26

Key = (k 1 , k 2 ) k 1 , k 2 ∈ [0, 25], gcd (k 1 , 26)=

Encryption transformation:

Decryption transformation:

Key:

Historical ciphers

Affine Cipher – Example (2)

N
S
A

encryption

13

3 ⋅ 13 + 11 mod 26 = 24

coding decoding

Y

3 ⋅ 18 + 11 mod 26 = 13 N

3 ⋅ 0 + 11 mod 26 = 11 L

Historical ciphers

Affine Cipher – Example (3)

Y
N
L

decryption

24

9 ⋅ (24 – 11) mod 26 = 13

coding decoding

N

9 ⋅ (13 – 11) mod 26 = 18 S

9 ⋅ (11 – 11) mod 26 = 0 A

Ciphertext:

FMXVE DKAPH FERBN DKRXR SREFM ORUDS DKDVS HVUFE DKAPR KDLYE VLRHH RH

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

R - 8 D - 7 E, H, K - 5

Breaking the affine cipher (1)

Step 1: Establish a relative frequency of letters in the ciphertext

Most frequent single letters

Average frequency in a long English text: E — 13% T, N, R, I, O, A, S — 6%-9% D, H, L — 3.5%-4.5% C, F, P, U, M, Y, G, W, V — 1.5%-3% B, X, K, Q, J, Z — < 1%

Average frequency in a random string of letters: 1 26