05/14/22 05/14/22 Vijay Katta Vijay Katta 1 Cryptography and Cryptography and Network Security Network Security Chapter 8 Chapter 8 by William Stallings by William Stallings by B . A . by B . A . Forouzan Forouzan
04/09/2304/09/23 Vijay KattaVijay Katta 11
Cryptography and Network Cryptography and Network SecuritySecurity
Chapter 8Chapter 8
by William Stallingsby William Stallings
by B . A . Forouzanby B . A . Forouzan
04/09/2304/09/23 Vijay KattaVijay Katta 22
Objectives
❏ To introduce prime numbers and their applications in cryptography.
❏ To discuss some primality test algorithms and their efficiencies.
❏ To discuss factorization algorithms and their applications in cryptography.
❏ To describe the Chinese remainder theorem and its application.
❏ To introduce quadratic congruence.
❏ To introduce modular exponentiation and logarithm.
04/09/2304/09/23 Vijay KattaVijay Katta 33
9Definition
Figure Three groups of positive integers
A prime is divisible only by itself and 1.
Note
04/09/2304/09/23 Vijay KattaVijay Katta 44
Prime NumbersPrime Numbers
prime numbers only have divisors of 1 and prime numbers only have divisors of 1 and self self they cannot be written as a product of other they cannot be written as a product of other
numbers numbers note: 1 is prime, but is generally not of interest note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are noteg. 2,3,5,7 are prime, 4,6,8,9,10 are notprime numbers are central to number prime numbers are central to number
theorytheory
04/09/2304/09/23 Vijay KattaVijay Katta 55
Primes Under 2000 Prime Numbers
04/09/2304/09/23 Vijay KattaVijay Katta 66
Cardinality of Primes
Infinite Number of Primes
There is an infinite number of primes.
Note
Number of Primes
04/09/2304/09/23 Vijay KattaVijay Katta 77
Continued
Find the number of primes less than 1,000,000.
Example
SolutionThe approximation gives the range 72,383 to 78,543. The actual number of primes is 78,498.
04/09/2304/09/23 Vijay KattaVijay Katta 88
Given a number n, how can we determine if n is a prime? The answer is that we need to see if the number is divisible by all primes less than
Checking for Primeness
We know that this method is inefficient, but it is a good start.
04/09/2304/09/23 Vijay KattaVijay Katta 99
Continued
Is 97 a prime?
Example
SolutionThe floor of 97 = 9. The primes less than 9 are 2, 3, 5, and 7. We need to see if 97 is divisible by any of these numbers. It is not, so 97 is a prime.
Is 301 a prime?
Example
SolutionThe floor of 301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17. The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore 301 is not a prime.
04/09/2304/09/23 Vijay KattaVijay Katta 1010
Sieve of Eratosthenes
Continued
04/09/2304/09/23 Vijay KattaVijay Katta 1111
Prime FactorisationPrime Factorisation
to to factorfactor a number a number nn is to write it as a is to write it as a product of other numbers: product of other numbers: n=a x b x cn=a x b x c
note that factoring a number is relatively note that factoring a number is relatively hard compared to multiplying the factors hard compared to multiplying the factors together to generate the number together to generate the number
thethe prime factorisation prime factorisation of a number of a number nn is is when its written as a product of primes when its written as a product of primes eg. eg. 91=7x13 ; 3600=291=7x13 ; 3600=244x3x322x5x522
04/09/2304/09/23 Vijay KattaVijay Katta 1212
Relatively Prime Numbers & GCDRelatively Prime Numbers & GCD
two numbers two numbers a, ba, b are are relatively primerelatively prime if have if have no common divisorsno common divisors apart from 1 apart from 1 eg. 8 & 15 are relatively prime since factors of 8 are eg. 8 & 15 are relatively prime since factors of 8 are
1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor common factor
conversely can determine the greatest common conversely can determine the greatest common divisor by comparing their prime factorizations divisor by comparing their prime factorizations and using least powersand using least powers eg. eg. 300300=2=211x3x311x5x522 18=2 18=211x3x322 hencehence GCD(18,300)=2GCD(18,300)=211x3x311x5x500=6=6
04/09/2304/09/23 Vijay KattaVijay Katta 1313
Fermat's TheoremFermat's Theorem
aap-1p-1 = 1 (mod p) = 1 (mod p)where where pp is prime and is prime and gcd(a,p)=1gcd(a,p)=1
also known as Fermat’s Little Theoremalso known as Fermat’s Little Theoremalso also aapp = p (mod p) = p (mod p)useful in public key and primality testinguseful in public key and primality testing
04/09/2304/09/23 Vijay KattaVijay Katta 1414
Fermat’s Little TheoremFermat’s Little Theorem
TheoremTheorem If p is prime and a is a positive integer not divisible by p, If p is prime and a is a positive integer not divisible by p, then then aap-1p-1 1 mod p 1 mod p
ProofProofStart by listing the first p – 1 positive multiples of a:Start by listing the first p – 1 positive multiples of a:
a, 2a, 3a, …, (p-1)aa, 2a, 3a, …, (p-1)aSuppose that Suppose that jja and a and kka are the same modulo p, then we have a are the same modulo p, then we have jj kk mod p, so the p-1 multiples of a above are distinct and mod p, so the p-1 multiples of a above are distinct and nonzero; that is, they must be congruent to 1, 2, 3, …, p-1 in nonzero; that is, they must be congruent to 1, 2, 3, …, p-1 in some order. Multiply all these congruencesome order. Multiply all these congruencess together and we find together and we finda a 2a 2a 3a 3a (p-1)a (p-1)a 1 1 2 2 3 3 (p-1) mod p (p-1) mod por better, aor better, ap-1p-1(p-1)! (p-1)! (p-1)! mod p. Divide both side by (p-1)! to (p-1)! mod p. Divide both side by (p-1)! to complete the proofcomplete the proof. .
CorollaryCorollary If p is prime and a is a positive integer, then If p is prime and a is a positive integer, then aapp a mod p a mod p CorollaryCorollary If p is prime and a is a positive integer not divisible by p, If p is prime and a is a positive integer not divisible by p,
then then aap-2p-2 is an inverse of a modulo p is an inverse of a modulo p
04/09/2304/09/23 Vijay KattaVijay Katta 1515
Euler’s phi-function, (n), which is sometimes called theEuler’s totient function plays a very important role in cryptography. The function finds number of integer that are smaller than n and relativly prime to n.
Euler’s Phi-Function
04/09/2304/09/23 Vijay KattaVijay Katta 1616
Euler Totient Function Euler Totient Function ø(n)ø(n)
when doing arithmetic modulo n when doing arithmetic modulo n complete set of residuescomplete set of residues is: is: 0..n-10..n-1 reduced set of residuesreduced set of residues is those numbers is those numbers
(residues) which are relatively prime to n (residues) which are relatively prime to n eg for n=10, eg for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues is number of elements in reduced set of residues is called the called the Euler Totient Function ø(n)Euler Totient Function ø(n)
04/09/2304/09/23 Vijay KattaVijay Katta 1717
Euler Totient Function Euler Totient Function ø(n)ø(n)
to compute ø(n) need to count number of to compute ø(n) need to count number of residues to be excludedresidues to be excluded
in general need prime factorization, butin general need prime factorization, but for p (p prime) for p (p prime) ø(p) = p-1ø(p) = p-1 for p.q (p,q prime)for p.q (p,q prime) ø(pq) =(p-ø(pq) =(p-1)x(q-1)1)x(q-1)
eg.eg.ø(37) = 36ø(37) = 36ø(21) = (3–1)x(7–1) = 2x6 = 12ø(21) = (3–1)x(7–1) = 2x6 = 12
04/09/2304/09/23 Vijay KattaVijay Katta 1818
We can combine the above four rules to find the value of (n). For example, if n can be factored as n = p1
e1 × p2e2 × … × pk
ek
then we combine the third and the fourth rule to find
Continued
The difficulty of finding (n) depends on the difficulty of finding the factorization of n.
Note
04/09/2304/09/23 Vijay KattaVijay Katta 1919
Continued
What is the value of (13)?
Example
SolutionBecause 13 is a prime, (13) = (13 −1) = 12.
What is the value of (10)?
Example
SolutionWe can use the third rule: (10) = (2) × (5) = 1 × 4 = 4, because 2 and 5 are primes.
04/09/2304/09/23 Vijay KattaVijay Katta 2020
Continued
What is the value of (240)?
Example
Solution
Can we say that (49) = (7) × (7) = 6 × 6 = 36?
Example
Solution
04/09/2304/09/23 Vijay KattaVijay Katta 2121
Continued
What is the value of (240)?
Example
SolutionWe can write 240 = 24 × 31 × 51. Then
(240) = (24 −23) × (31 − 30) × (51 − 50) = 64
Can we say that (49) = (7) × (7) = 6 × 6 = 36?
Example
SolutionNo. The third rule applies when m and n are relatively prime. Here 49 = 72. We need to use the fourth rule: (49) = 72 − 71 = 42.
04/09/2304/09/23 Vijay KattaVijay Katta 2222
Continued
What is the number of elements in Z14*?
Example
SolutionThe answer is (14) = (7) × (2) = 6 × 1 = 6. The members are 1, 3, 5, 9, 11, and 13.
Interesting point: If n > 2, the value of (n) is even.
Note
04/09/2304/09/23 Vijay KattaVijay Katta 2323
Euler's TheoremEuler's Theorem
a generalisation of Fermat's Theorem a generalisation of Fermat's Theorem aaø(n)ø(n) = 1 (mod n) = 1 (mod n)
for any for any a,na,n where where gcd(a,n)=1gcd(a,n)=1 eg.eg.
aa=3;=3;nn=10; ø(10)=4; =10; ø(10)=4; hence 3hence 34 4 = 81 = 1 mod 10= 81 = 1 mod 10
aa=2;=2;nn=11; ø(11)=10;=11; ø(11)=10;hence 2hence 210 10 = 1024 = 1 mod 11= 1024 = 1 mod 11
04/09/2304/09/23 Vijay KattaVijay Katta 2424
Euler’s TheoremEuler’s Theorem Generalization of Fermat’s little theoremGeneralization of Fermat’s little theorem TheoremTheorem For every a and n that are relatively prime, For every a and n that are relatively prime,
aa((n)n) 1 mod n1 mod n ProofProof
The proof is completely analogous to that of the Fermat's Theorem The proof is completely analogous to that of the Fermat's Theorem except that instead of the set of residues {1,2,...,n-1} we now except that instead of the set of residues {1,2,...,n-1} we now consider the set of residues {xconsider the set of residues {x11,x,x22,...,x,...,x((n)n)} which are relatively prime } which are relatively prime
to n. In exactly the same manner as before, multiplication by a to n. In exactly the same manner as before, multiplication by a modulo n results in a permutation of the set {xmodulo n results in a permutation of the set {x11, x, x22, ..., x, ..., x((n)n)}. }.
Therefore, two products are congruent:Therefore, two products are congruent:
xx11xx22 ... x ... x((n)n) (ax(ax11)(ax)(ax22) ... (ax) ... (ax((n)n)) mod n ) mod n
dividing by the left-hand side proves the theorem.dividing by the left-hand side proves the theorem. CorollaryCorollary
(1) a(1) a((n)+1n)+1 a mod na mod n
(2)(2) If gcd(a,n) = 1, then If gcd(a,n) = 1, then aa((n)-1n)-1 is an inverse of a modulo nis an inverse of a modulo n
04/09/2304/09/23 Vijay KattaVijay Katta 2525
Primality TestingPrimality Testing
often need to find large prime numbers often need to find large prime numbers traditionally traditionally sievesieve using using trial divisiontrial division
ie. divide by all numbers (primes) in turn less than the ie. divide by all numbers (primes) in turn less than the square root of the number square root of the number
only works for small numbersonly works for small numbers alternatively can use statistical primality tests alternatively can use statistical primality tests
based on properties of primes based on properties of primes for which all primes numbers satisfy property for which all primes numbers satisfy property but some composite numbers, called pseudo-primes, but some composite numbers, called pseudo-primes,
also satisfy the propertyalso satisfy the property can use a slower deterministic primality testcan use a slower deterministic primality test
04/09/2304/09/23 Vijay KattaVijay Katta 2626
Miller Rabin AlgorithmMiller Rabin Algorithm a test based on Fermat’s Theorem for odd integer a test based on Fermat’s Theorem for odd integer
number p.number p. algorithm is:algorithm is:
TEST (p) is:TEST (p) is:1. Find integers1. Find integers b,c b,c such that such that bb > 0> 0, , cc is odd, so that is odd, so that (p–1)=2(p–1)=2bb*c*c2. Select a random integer 2. Select a random integer aa, , 1<1<aa<p–1<p–13. 3. if if aacc mod pmod p ==r r == ±1±1 then then return (“return (“maybe primemaybe prime");");4. 4. for for j j == 0 0 to to bb– 1– 1 dodo
5. 5. ifif ( (rr2j2j mod pmod p == nn-1-1==-1-1))then then return(" maybe prime ")return(" maybe prime ") elseelse return ("composite")return ("composite")
04/09/2304/09/23 Vijay KattaVijay Katta 2727
Probabilistic ConsiderationsProbabilistic Considerations
if Miller-Rabin returns “composite” the if Miller-Rabin returns “composite” the number is definitely not primenumber is definitely not prime
otherwise is a prime or a pseudo-primeotherwise is a prime or a pseudo-primechance it detects a pseudo-prime is < chance it detects a pseudo-prime is < 11//44
hence if repeat test with different random a hence if repeat test with different random a then chance n is prime after t tests is:then chance n is prime after t tests is:Pr(n prime after t tests) = 1-4Pr(n prime after t tests) = 1-4-t-t
eg. for t=10 this probability is > 0.99999eg. for t=10 this probability is > 0.99999
04/09/2304/09/23 Vijay KattaVijay Katta 2828
Apply the Miller Rabin Test to P=23.Apply the Miller Rabin Test to P=23.Step 1Step 1:- (p-1) =2= 2:- (p-1) =2= 211 * 11 * 11
b=1,c=11.b=1,c=11.Step 2Step 2:- select random number a=15.:- select random number a=15.Step 3Step 3:-compute 15:-compute 151111 mod 23 mod 23 15151111 mod 23 =22 mod 23 =22 ≡ -1mod 23≡ -1mod 23
thus 23 may be a prime number.thus 23 may be a prime number.
Example
04/09/2304/09/23 Vijay KattaVijay Katta 2929
Apply the Miller Rabin Test to P=143.Apply the Miller Rabin Test to P=143. Step 1Step 1:- (p-1) =144= 2:- (p-1) =144= 244 * 9 * 9
b=4,c=9, j=1,2,3.b=4,c=9, j=1,2,3. Step 2Step 2:- select random number a=47.:- select random number a=47. Step 3Step 3:-compute 47:-compute 4799 mod 143 mod 143 474799 mod 143 =125 mod 143 =125 Step 4Step 4:-compute r:-compute r2j 2j mod 143 where r=125,j=1,2,3.mod 143 where r=125,j=1,2,3.
for j =1 , rfor j =1 , r22 mod 143 =125 mod 143 =12522 mod 143 =38≠ -1 mod 143 =38≠ -1
for j =2 , rfor j =2 , r44 mod 143 =38 mod 143 =3822 mod 143 =14≠ -1 mod 143 =14≠ -1
for j =3 , rfor j =3 , r66 mod 143 =14 mod 143 =1422 mod 143 =53≠ -1 mod 143 =53≠ -1
Thus we can say that p is not a prime number definitely Thus we can say that p is not a prime number definitely
Example
04/09/2304/09/23 Vijay KattaVijay Katta 3030
CHINESE REMAINDER THEOREMCHINESE REMAINDER THEOREM
The Chinese remainder theorem (CRT) is used to solve The Chinese remainder theorem (CRT) is used to solve a set of congruent equations with one variable but a set of congruent equations with one variable but different moduli, which are relatively prime, as showndifferent moduli, which are relatively prime, as shownbelow:below:
04/09/2304/09/23 Vijay KattaVijay Katta 3131
ContinuedContinued
The following is an example of a set of equations with different moduli:
Example
The solution to this set of equations is given in the next section; for the moment, note that the answer to this set of equations is x = 23. This value satisfies all equations: 23 ≡ 2 (mod 3), 23 ≡ 3 (mod 5), and 23 ≡ 2 (mod 7).
04/09/2304/09/23 Vijay KattaVijay Katta 3232
ContinuedContinued
Solution To Chinese Remainder Theorem
1. Find M = m1 × m2 × … × mk. This is the common modulus. 2. Find M1 = M/m1, M2 = M/m2, …, Mk = M/mk. 3. Find the multiplicative inverse of M1, M2, …, Mk using the corresponding moduli (m1, m2, …, mk). Call the inverses M1
−1, M2−1, …, Mk −1.
4. The solution to the simultaneous equations is
04/09/2304/09/23 Vijay KattaVijay Katta 3333
ContinuedContinued
Find the solution to the simultaneous equations:
Example
SolutionWe follow the four steps.
1. M = 3 × 5 × 7 = 105
2. M1 = 105 / 3 = 35, M2 = 105 / 5 = 21, M3 = 105 / 7 = 15
3. The inverses are M1−1 = 2, M2
−1 = 1, M3 −1 = 1
4. x = (2 × 35 × 2 + 3 × 21 × 1 + 2 × 15 × 1) mod 105 = 23 mod 105
04/09/2304/09/23 Vijay KattaVijay Katta 3434
ContinuedContinued
Find an integer that has a remainder of 3 when divided by 7 and 13, but is divisible by 12.
Example
SolutionThis is a CRT problem. We can form three equations and solve them to find the value of x.
If we follow the four steps, we find x = 276. We can check that 276 = 3 mod 7, 276 = 3 mod 13 and 276 is divisible by 12 (the quotient is 23 and the remainder is zero).
04/09/2304/09/23 Vijay KattaVijay Katta 3535
Chinese Remainder TheoremChinese Remainder Theorem
used to speed up modulo computations used to speed up modulo computations if working modulo a product of numbers if working modulo a product of numbers
eg. eg. mod M = mmod M = m11mm22..m..mkk
Chinese Remainder theorem lets us work Chinese Remainder theorem lets us work in each moduli min each moduli mi i separately separately
since computational cost is proportional to since computational cost is proportional to size, this is faster than working in the full size, this is faster than working in the full modulus Mmodulus M
04/09/2304/09/23 Vijay KattaVijay Katta 3636
Chinese Remainder TheoremChinese Remainder Theorem
can implement CRT in several wayscan implement CRT in several ways to compute to compute A(mod M)A(mod M)
first compute all first compute all aaii = A mod m = A mod mii separately separately determine constants determine constants ccii below, where below, where MMii = M/m = M/mii
then combine results to get answer using:then combine results to get answer using:
04/09/2304/09/23 Vijay KattaVijay Katta 3737
Chinese Remainder TheoremChinese Remainder Theorem
Chinese Remainder Theorem (CRT)Chinese Remainder Theorem (CRT)
Suppose mSuppose m1 1 ,, … , m… , mkk are pairwise relatively prime are pairwise relatively prime
positive positive integers, and suppose aintegers, and suppose a1 1 ,, … , a… , akk are integers. are integers.
Then the Then the system of k congruences x system of k congruences x a aii (mod m (mod mii) (1 ≤ i ≤ ) (1 ≤ i ≤
k) has a k) has a unique solution modulo M = munique solution modulo M = m1 1 m mkk, ,
which is given bywhich is given by
where cwhere cii = M = Mi i (M(Mii-1-1 mod m mod mii) and M) and Mii = M / m = M / mii , for 1 ≤ i ≤ k. , for 1 ≤ i ≤ k.
Chinese Remainder Theorem
04/09/2304/09/23 Vijay KattaVijay Katta 3838
Chinese Remainder TheoremChinese Remainder TheoremProofProof Let M = mLet M = m1 1 mm2 2 … … m mkk, where m, where mii’s are pairwise relatively prime, i.e., ’s are pairwise relatively prime, i.e.,
gcd(mgcd(mi i , m, mjj) = 1, 1 ≤ i ≠ j ≤ k) = 1, 1 ≤ i ≠ j ≤ k
A A (a (a11, a, a22, … ,a, … ,akk), where A ), where A Z ZMM, a, aii Z Zmmii, and a, and aii = A mod m = A mod mii for 1 ≤ i ≤ k for 1 ≤ i ≤ k
One to one correspondence (bijection) between ZOne to one correspondence (bijection) between ZMM and the Cartesian product and the Cartesian product
ZZmm11 Z Zmm22 … … Z Zmmkk
For every integer A such that 0 ≤ A For every integer A such that 0 ≤ A << M, there is a unique k-tuple (a M, there is a unique k-tuple (a11, a, a22, ,
… ,a… ,akk)) with 0 ≤ awith 0 ≤ ai i << m mii
For every such k-tuple (aFor every such k-tuple (a11, a, a22, … ,a, … ,akk), there is a unique A in Z), there is a unique A in ZM M
Computing A from (aComputing A from (a11, a, a22, … ,a, … ,akk) is done as follows:) is done as follows:
Let MLet Mi i = M/m= M/mii for 1 ≤ i ≤ k, i.e., M for 1 ≤ i ≤ k, i.e., Mii = m = m11 m m22 … … m mi-1i-1 m mi+1i+1 … …
mmkk
Note that MNote that Mii ≡ 0 (mod m ≡ 0 (mod mjj) for all j ≠ i and gcd (M) for all j ≠ i and gcd (Mii, m, mii) = 1) = 1
Let cLet cii = M = Mii x (M x (Mii-1-1 mod m mod mii) for 1 ≤ i ≤ k) for 1 ≤ i ≤ k
Then A ≡ (aThen A ≡ (a11cc11+ a+ a22cc2 2 + + + a + akkcckk) mod M) mod M
aaii = A mod m = A mod mii, since c, since cjj ≡ M ≡ Mjj ≡ 0 (mod m ≡ 0 (mod mii) if j≠ i and c) if j≠ i and cii ≡ 1 (mod m ≡ 1 (mod mii))
Chinese Remainder Theorem
04/09/2304/09/23 Vijay KattaVijay Katta 3939
Chinese Remainder TheoremChinese Remainder Theorem
Operations performed on the elements of ZOperations performed on the elements of ZM M can be equivalently can be equivalently
performed on the corresponding k-tuples by performing the operation performed on the corresponding k-tuples by performing the operation independently in each coordinate positionindependently in each coordinate position ex) A ↔ (aex) A ↔ (a11, a, a22, ... ,a, ... ,akk), B ↔ (b), B ↔ (b11, b, b22, … ,b, … ,bkk))
(A (A B) mod M ↔ ((a B) mod M ↔ ((a11 b b11) mod m) mod m11, … ,(a, … ,(ak k b bkk) mod m) mod mkk))
(A (A B) mod M ↔ ((a B) mod M ↔ ((a11 b b11) mod m) mod m11, … ,(a, … ,(akk b bkk) mod m) mod mkk))
(A (A B) mod M ↔ ((a B) mod M ↔ ((a11 b b11) mod m) mod m11, … ,(a, … ,(akk b bkk) mod m) mod mkk))
CRT provides a way to manipulate (potentially large) numbers mod M in CRT provides a way to manipulate (potentially large) numbers mod M in term of tuples of smaller numbersterm of tuples of smaller numbers
Chinese Remainder Theorem
04/09/2304/09/23 Vijay KattaVijay Katta 4040
Chinese Remainder TheoremChinese Remainder TheoremChinese Remainder Theorem
ExampleExample Let mLet m11 = 37, m = 37, m22 = 49, M = m = 49, M = m11 mm22 = 1813, A = 973 = 1813, A = 973, B = 678, B = 678
MM11 = 49, M = 49, M22 = 37 = 37 Using the extended Euclid’s algUsing the extended Euclid’s algorithmorithm
MM11-1-1 mod m mod m11 = 34, = 34, and Mand M22
-1-1 mod m mod m2 2 = 4= 4 Taking residues modulo 37 and 49Taking residues modulo 37 and 49
973 973 (11, 42), 678 (11, 42), 678 (12, 41) (12, 41) Add the tuples element-wiseAdd the tuples element-wise
(11 + 12 mod 37, 42 + 41 mod 49) = (23, 34)(11 + 12 mod 37, 42 + 41 mod 49) = (23, 34) To verify, we computeTo verify, we compute
(23, 34) (23, 34) (a (a11cc11+ a+ a22cc22) mod M = (a) mod M = (a11MM11MM11-1-1 + a + a22MM22MM22
-1-1 ) mod M ) mod M
= [(23)(49)(34) + (34)(37)(4)] mod 1813 = = [(23)(49)(34) + (34)(37)(4)] mod 1813 = 16511651
which is equal to (678 + 973) mod 1813 = 1651which is equal to (678 + 973) mod 1813 = 1651
04/09/2304/09/23 Vijay KattaVijay Katta 4141
Primitive RootsPrimitive Roots
from Euler’s theorem have from Euler’s theorem have aaø(n)ø(n)mod n=1 mod n=1 consider consider aamm=1 (mod n), GCD(a,n)=1=1 (mod n), GCD(a,n)=1
must exist for must exist for m = m = ø(n)ø(n) but may be smaller but may be smaller once powers reach m, cycle will repeatonce powers reach m, cycle will repeat
if smallest is if smallest is m = m = ø(n)ø(n) then then aa is called a is called a primitive rootprimitive root
if if pp is prime, then successive powers of is prime, then successive powers of aa "generate" the group "generate" the group mod pmod p
these are useful but relatively hard to find these are useful but relatively hard to find
04/09/2304/09/23 Vijay KattaVijay Katta 4242
Powers of Integers, modulo 19Powers of Integers, modulo 19Discrete Logarithms
a : primitive root
04/09/2304/09/23 Vijay KattaVijay Katta 4343
Discrete LogarithmsDiscrete Logarithms
the inverse problem to exponentiation is to find the inverse problem to exponentiation is to find the the discrete logarithmdiscrete logarithm of a number modulo p of a number modulo p
that is to find that is to find xx such that such that y = gy = gxx (mod p) (mod p) this is written as this is written as x = logx = loggg y (mod p) y (mod p) if g is a primitive root then it always exists, if g is a primitive root then it always exists,
otherwise it may not, eg.otherwise it may not, eg.x = logx = log33 4 mod 13 has no answer 4 mod 13 has no answer
x = logx = log22 3 mod 13 = 4 by trying successive powers 3 mod 13 = 4 by trying successive powers whilst exponentiation is relatively easy, finding whilst exponentiation is relatively easy, finding
discrete logarithms is generally a discrete logarithms is generally a hardhard problem problem
04/09/2304/09/23 Vijay KattaVijay Katta 4444
Powers of Integers, modulo 19Powers of Integers, modulo 19Discrete Logarithms
a : primitive root
04/09/2304/09/23 Vijay KattaVijay Katta 4545
SummarySummary
have considered:have considered:prime numbersprime numbersFermat’s and Euler’s Theorems & Fermat’s and Euler’s Theorems & ø(n)ø(n) Primality TestingPrimality TestingChinese Remainder TheoremChinese Remainder TheoremDiscrete LogarithmsDiscrete Logarithms