Cryptography and Cryptography and Network Security Network Security Chapter 8 Chapter 8 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Lecture slides by Lawrie Brown Brown Modified – Tom Noack Modified – Tom Noack
Cryptography and Network Security Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack.
Dec 14, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cryptography and Cryptography and Network SecurityNetwork Security
Chapter 8Chapter 8
Fourth EditionFourth Editionby William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie BrownModified – Tom NoackModified – Tom Noack
Chapter 8 – Chapter 8 – Introduction to Introduction to Number TheoryNumber Theory
The Devil said to Daniel Webster: "Set me a task I can't carry out, and The Devil said to Daniel Webster: "Set me a task I can't carry out, and I'll give you anything in the world you ask for."I'll give you anything in the world you ask for."
Daniel Webster: "Fair enough. Prove that for n greater than 2, the Daniel Webster: "Fair enough. Prove that for n greater than 2, the equation aequation ann + b + bnn = c = cnn has no non-trivial solution in the integers." has no non-trivial solution in the integers."
They agreed on a three-day period for the labor, and the Devil They agreed on a three-day period for the labor, and the Devil disappeared.disappeared.
At the end of three days, the Devil presented himself, haggard, jumpy, At the end of three days, the Devil presented himself, haggard, jumpy, biting his lip. Daniel Webster said to him, "Well, how did you do at biting his lip. Daniel Webster said to him, "Well, how did you do at my task? Did you prove the theorem?'my task? Did you prove the theorem?'
"Eh? No . . . no, I haven't proved it.""Eh? No . . . no, I haven't proved it.""Then I can have whatever I ask for? Money? The Presidency?'"Then I can have whatever I ask for? Money? The Presidency?'"What? Oh, that—of course. But listen! If we could just prove the "What? Oh, that—of course. But listen! If we could just prove the
following two lemmas—"following two lemmas—"——The Mathematical MagpieThe Mathematical Magpie, Clifton Fadiman, Clifton Fadiman
MotivationMotivation
Easy do – difficult undo – many crypto problems are of Easy do – difficult undo – many crypto problems are of this naturethis nature
EasyEasy DifficultDifficult
Fast exponentiationFast exponentiation Discrete logarithmDiscrete logarithm
Multiplying two large Multiplying two large numbersnumbers
Factoring a huge Factoring a huge productproduct
The basics – and a few minor The basics – and a few minor detailsdetails
Modulo arithmeticModulo arithmetic Addition and additive inverse are easyAddition and additive inverse are easy Multiplicative inverse doesn’t always existMultiplicative inverse doesn’t always exist
Properties of primesProperties of primes A prime is divisible only by itself and oneA prime is divisible only by itself and one Determining primality is not all that easyDetermining primality is not all that easy
Multiword arithmeticMultiword arithmetic Additional method – Chinese remainder theoremAdditional method – Chinese remainder theorem
Finding inverses in finite fieldsFinding inverses in finite fields Modified Euclid’s algorithm applies here alsoModified Euclid’s algorithm applies here also
Useful results of number theoryUseful results of number theory
Private key crypto Private key crypto RSA algorithmRSA algorithm Elliptic curve cryptographyElliptic curve cryptography
Diffie-Hellman algorithmDiffie-Hellman algorithm Generates a shared secret keyGenerates a shared secret key
Chinese remainder theoremChinese remainder theorem Sometimes results in easier multiword arithmetic Sometimes results in easier multiword arithmetic
algorithmsalgorithms Generation and testing of large primesGeneration and testing of large primes
Useful in all the aboveUseful in all the above
The prime factorization theoremThe prime factorization theorem
A prime is a number divisible only by itself A prime is a number divisible only by itself and oneand one
Any number can be factored uniquely into Any number can be factored uniquely into a product of primes to some powera product of primes to some power Example 1100 = 2Example 1100 = 2225522111111
Relatively prime means (a,b)=1Relatively prime means (a,b)=1 (a,b) means gcd(a,b)(a,b) means gcd(a,b) (a,b) is found using Euclid’s algorithm(a,b) is found using Euclid’s algorithm
Useful theorems involving aUseful theorems involving axx mod nmod n
Fermat’sFermat’s aap-1p-1 = 1 mod p, p doesn’t divide a = 1 mod p, p doesn’t divide a
Euler’s phi functionEuler’s phi function (n) = number of numbers <n and relatively prime to n(n) = number of numbers <n and relatively prime to n Easily found if factorization is knownEasily found if factorization is known
Euler’s theoremEuler’s theorem a a (n)(n) = 1 mod n – reduces to Fermat’s for n prime = 1 mod n – reduces to Fermat’s for n prime
Miller-Rabin test Miller-Rabin test Based on inverse of Fermat’s theoremBased on inverse of Fermat’s theorem
n is not prime if an-1 n is not prime if an-1 KK1 mod n1 mod n Fast exponentiation Fast exponentiation
Convert x to binary – for example xConvert x to binary – for example x88 is x squared three times is x squared three times
Prime NumbersPrime Numbers
prime numbers only have divisors of 1 and self prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers they cannot be written as a product of other numbers note: 1 is prime, but is generally not of interest note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are noteg. 2,3,5,7 are prime, 4,6,8,9,10 are not prime numbers are central to number theoryprime numbers are central to number theory list of prime number less than 200 is: list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 131 137 139 149 151 157 163 167 173 179 181 191
193 197 199193 197 199
Prime FactorisationPrime Factorisation
to to factorfactor a number a number nn is to write it as a is to write it as a product of other numbers: product of other numbers: n=a x b x cn=a x b x c
note that factoring a number is relatively note that factoring a number is relatively hard compared to multiplying the factors hard compared to multiplying the factors together to generate the number together to generate the number
thethe prime factorisation prime factorisation of a number of a number nn is is when its written as a product of primes when its written as a product of primes eg. eg. 91=7x13 ; 3600=291=7x13 ; 3600=244x3x322x5x522
Relatively Prime Numbers & GCDRelatively Prime Numbers & GCD
two numbers two numbers a, ba, b are are relatively primerelatively prime if have if have no common divisorsno common divisors apart from 1 apart from 1 eg. 8 & 15 are relatively prime since factors of 8 are eg. 8 & 15 are relatively prime since factors of 8 are
1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor common factor
conversely can determine the greatest common conversely can determine the greatest common divisor by comparing their prime factorizations divisor by comparing their prime factorizations and using least powersand using least powers eg. eg. 300300=2=211x3x311x5x522 18=2 18=211x3x322 hencehence GCD(18,300)=2GCD(18,300)=211x3x311x5x500=6=6
Fermat's TheoremFermat's Theorem
aap-1p-1 = 1 (mod p) = 1 (mod p) where where pp is prime and is prime and gcd(a,p)=1gcd(a,p)=1
also known as Fermat’s Little Theoremalso known as Fermat’s Little Theorem also also aapp = p (mod p) = p (mod p) useful in public key and primality testinguseful in public key and primality testing Also, it is an affirmative, but not negative, Also, it is an affirmative, but not negative,
test for primalitytest for primality
Euler Totient Function Euler Totient Function ø(n)ø(n)
when doing arithmetic modulo n when doing arithmetic modulo n complete set of residuescomplete set of residues is: is: 0..n-10..n-1 reduced set of residuesreduced set of residues is those numbers is those numbers
(residues) which are relatively prime to n (residues) which are relatively prime to n eg for n=10, eg for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues is number of elements in reduced set of residues is called the called the Euler Totient Function ø(n)Euler Totient Function ø(n)
Euler Totient Function Euler Totient Function ø(n)ø(n)
to compute ø(n) need to count number of to compute ø(n) need to count number of residues to be excludedresidues to be excluded
in general need prime factorization, butin general need prime factorization, but for p (p prime) for p (p prime) ø(p) = p-1ø(p) = p-1 for p.q (p,q prime)for p.q (p,q prime) ø(pq) =(p-ø(pq) =(p-1)x(q-1)1)x(q-1)
eg.eg.ø(37) = 36ø(37) = 36ø(21) = (3–1)x(7–1) = 2x6 = 12ø(21) = (3–1)x(7–1) = 2x6 = 12
Euler's TheoremEuler's Theorem
a generalisation of Fermat's Theorem a generalisation of Fermat's Theorem aaø(n)ø(n) = 1 (mod n) = 1 (mod n)
for any for any a,na,n where where gcd(a,n)=1gcd(a,n)=1 eg.eg.
aa=3;=3;nn=10; ø(10)=4; =10; ø(10)=4; hence 3hence 34 4 = 81 = 1 mod 10= 81 = 1 mod 10
aa=2;=2;nn=11; ø(11)=10;=11; ø(11)=10;hence 2hence 210 10 = 1024 = 1 mod 11= 1024 = 1 mod 11
Primality TestingPrimality Testing
often need to find large prime numbers often need to find large prime numbers traditionally traditionally sievesieve using using trial divisiontrial division
ie. divide by all numbers (primes) in turn less than the ie. divide by all numbers (primes) in turn less than the square root of the number square root of the number
only works for small numbersonly works for small numbers alternatively can use statistical primality tests alternatively can use statistical primality tests
based on properties of primes based on properties of primes for which all primes numbers satisfy property for which all primes numbers satisfy property but some composite numbers, called pseudo-primes, but some composite numbers, called pseudo-primes,
also satisfy the propertyalso satisfy the property can use a slower deterministic primality testcan use a slower deterministic primality test
Miller Rabin AlgorithmMiller Rabin Algorithm
a test based on Fermat’s Theorema test based on Fermat’s Theorem algorithm is:algorithm is:
TEST (TEST (nn) is:) is:1. Find integers 1. Find integers kk, , qq, , k k > 0, > 0, q q odd, so that odd, so that ((nn–1)=2–1)=2kkqq2. Select a random integer 2. Select a random integer aa, 1<, 1<aa<<nn–1–13. 3. if if aaqq mod mod n n = 1= 1 then then return (“maybe prime");return (“maybe prime");4. 4. for for j j = 0 = 0 to to k k – 1 – 1 dodo
5. 5. ifif ( (aa22jjqq mod mod n n = = nn-1-1))
then then return(" maybe prime ")return(" maybe prime ")6. return ("composite")6. return ("composite")
Probabilistic ConsiderationsProbabilistic Considerations
if Miller-Rabin returns “composite” the if Miller-Rabin returns “composite” the number is definitely not primenumber is definitely not prime
otherwise is a prime or a pseudo-primeotherwise is a prime or a pseudo-prime chance it detects a pseudo-prime is < chance it detects a pseudo-prime is < 11//44
hence if repeat test with different random a hence if repeat test with different random a then chance n is prime after t tests is:then chance n is prime after t tests is: Pr(n prime after t tests) = 1-4Pr(n prime after t tests) = 1-4-t-t
eg. for t=10 this probability is > 0.99999eg. for t=10 this probability is > 0.99999
Prime DistributionPrime Distribution
prime number theorem states that primes prime number theorem states that primes occur roughly every (occur roughly every (ln nln n) integers) integers
but can immediately ignore evensbut can immediately ignore evens so in practice need only test so in practice need only test 0.5 ln(n)0.5 ln(n)
numbers of size numbers of size nn to locate a prime to locate a prime note this is only the “average”note this is only the “average” sometimes primes are close togethersometimes primes are close together other times are quite far apartother times are quite far apart
Chinese Remainder TheoremChinese Remainder Theorem
used to speed up modulo computations used to speed up modulo computations if working modulo a product of numbers if working modulo a product of numbers
eg. eg. mod M = mmod M = m11mm22..m..mkk
Chinese Remainder theorem lets us work Chinese Remainder theorem lets us work in each moduli min each moduli mi i separately separately
since computational cost is proportional to since computational cost is proportional to size, this is faster than working in the full size, this is faster than working in the full modulus Mmodulus M
Chinese Remainder TheoremChinese Remainder Theorem
can implement CRT in several wayscan implement CRT in several ways to compute to compute A(mod M)A(mod M)
first compute all first compute all aaii = A mod m = A mod mii separately separately determine constants determine constants ccii below, where below, where MMii = M/m = M/mii
then combine results to get answer using:then combine results to get answer using:
Primitive RootsPrimitive Roots
from Euler’s theorem have from Euler’s theorem have aaø(n)ø(n)mod n=1 mod n=1 consider consider aamm=1 (mod n), GCD(a,n)=1=1 (mod n), GCD(a,n)=1
must exist for must exist for m = m = ø(n)ø(n) but may be smaller but may be smaller once powers reach m, cycle will repeatonce powers reach m, cycle will repeat
if smallest is if smallest is m = m = ø(n)ø(n) then then aa is called a is called a primitive rootprimitive root
if if pp is prime, then successive powers of is prime, then successive powers of aa "generate" the group "generate" the group mod pmod p
these are useful but relatively hard to find these are useful but relatively hard to find
Discrete LogarithmsDiscrete Logarithms
the inverse problem to exponentiation is to find the inverse problem to exponentiation is to find the the discrete logarithmdiscrete logarithm of a number modulo p of a number modulo p
that is to find that is to find xx such that such that y = gy = gxx (mod p) (mod p) this is written as this is written as x = logx = loggg y (mod p) y (mod p) if g is a primitive root then it always exists, if g is a primitive root then it always exists,
otherwise it may not, eg.otherwise it may not, eg.x = logx = log33 4 mod 13 has no answer 4 mod 13 has no answer
x = logx = log22 3 mod 13 = 4 by trying successive powers 3 mod 13 = 4 by trying successive powers whilst exponentiation is relatively easy, finding whilst exponentiation is relatively easy, finding
discrete logarithms is generally a discrete logarithms is generally a hardhard problem problem
SummarySummary
have considered:have considered: prime numbersprime numbers Fermat’s and Euler’s Theorems & Fermat’s and Euler’s Theorems & ø(n)ø(n) Primality TestingPrimality Testing Chinese Remainder TheoremChinese Remainder Theorem Discrete LogarithmsDiscrete Logarithms
Related Documents
