EECS 690 - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

EECS 690

Description:

This is called Euclid's algorithm. Prove that the Euclid's algorithm will finish in O(log_2(a)) rounds. Inverse modular of a number ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 14
Provided by: ITTC1
Category:
Tags: eecs | euclid

less

Transcript and Presenter's Notes

Title: EECS 690


1
EECS 690
  • Weichao Wang

2
  • Number theory and background
  • Modular arithmetic
  • The complete set of residues 0 to n-1
  • Properties of modular arithmetic
  • (ab) mod n ((a mod n) (b mod n)) mod n
  • (ab) mod n ((a mod n) (b mod n)) mod n
  • a(bc) mod n (((ab) mod n) (ac) mod n))
    mod n
  • These features help the cryptographers a lot, for
    example, how to you calculate (a16) mod n
  • What about the number that is not 2x

3
  • Prime numbers
  • We use p(n) to represent the number of prime
    numbers that are lt n
  • First, the mathematicians find that when n --gt
    infinity, p(n) / n goes to 1 / ln(n), so we have
    enough prime numbers

4
  • Greatest Common Divisor (gcd)
  • Two numbers are relatively prime if gcd(a, b) 1
  • If we assume that a gt b,
  • If a is bs multiple, gcd(a, b) b
  • Otherwise gcd (a, b) gcd (b, a b)
  • This is called Euclids algorithm
  • Prove that the Euclids algorithm will finish in
    O(log_2(a)) rounds

5
  • Inverse modular of a number
  • If (ax) mod n 1, then x is called as inverse
    modular to n
  • General problem, if x is as inverse modular to
    n, can we find a number that ay mod n b?
  • Do we have (x mod a) mod b (x mod b) mod a??
  • Usually, if gcd(a, n) 1, there exists a unique
    solution of inverse modular
  • Extended Euclidean algorithm can be used to
    calculate the inverse modular
  • gcd(a, b) min (ax by gt 0)

6
  • Reduced set of residues and Fermats little
    theorem
  • Reduced set of residues the subset of residues
    that is relatively prime to n, for example, n
    12, the reduced set of residues include 1, 5, 7,
    11. Its size is called F(n).
  • If n is a prime, F(n)n-1
  • If n pq and p, q are prime numbers, then F(n)
    (p-1)(q-1)
  • If x mod p 1, and x mod q 1, p and q are two
    different prime numbers, x mod pq ?

7
  • Fermats Little theorem
  • Fermats little theorem if n is a prime number
    and a is not multiple of n, then a(n-1) mod n
    1
  • Eulars generalization of Fermats little
    theorem If gcd(a, n) 1, then a(F(n)) mod n
    1.
  • Using this method, as modular inverse is
    a(F(n)-1). Pay attention to the requirement of
    gcd(a, n) 1
  • An example, what is 5s inverse modular to 7

8
  • Using Fermats little theorem to examine whether
    a number is a prime number
  • For p, select a number a and calculate a(p-1)
    mod p. If it is not 1, we know p is not prime
    number
  • What is for all a, a(p-1) mod p 1?
  • There exists a set of number called Carmichael
    numbers, they satisfy the above test (to the base
    that they are relatively prime), but they are
    pseudo primes

9
  • Chinese remainder theorem
  • If a number n can be factored as the product of a
    group of primes n p1 p2 --- pt, then a
    number x lt n can be uniquely represented by the
    residues mod these prime numbers
  • For example, 22 mod 5 2, 22 mod 7 1, for the
    numbers lt 35, 22 is the only number satisfying
    these conditions. Therefore, 22 can be uniquely
    represented by these residues (2, 1)
  • If p and q are different prime numbers, how can
    we find x lt pq and x mod p a, x mod q b, agt
    b
  • Since p and q must be relatively prime, we can
    find (uq mod p 1)
  • Then x (((a-b) u) mod p) q b

10
  • How to calculate x
  • x mod p1 x1, x mod p2 x2, ---, x mod pt xt
  • x (p2p3---pt)y1x1
  • (p1p3---pt)y2x2 ----
  • (p1p2---p(t-1))ytxt
  • x mod p1 (p2p3---pt)y1x1 mod p1
  • We know that p1 and p2p3---pt are relatively
    prime, so there exists an inverse modular for
    p2p3---pt, let that be y1
  • Then x mod p1 x1
  • Similarly, we can find out y2, y3, ---, yt

11
  • How does RSA works?
  • Select 2 large prime numbers p and q, n pq
  • Now select a public key e where gcd(e,
    (p-1)(q-1)) 1
  • Since e and (p-1)(q-1) are relatively prime, we
    can find out ed mod (p-1)(q-1) 1. d is the
    modular inverse of e. d is the private key, e is
    the public key
  • For a message m, me mod n c, cd mod n m
  • Now we prove m(ed) mod n m
  • Question Why both e and d are odd numbers?

12
  • RSA
  • Make e and n public, so everyone can encrypt
  • What if the plaintext m is multiple of p or q?
    The secret key d will be compromised
  • Avoid such attacks Make m shorter than both p
    and q
  • In RSA, E(m1) E(m2) E(m1 m2)
  • Now we can explain why RSA is not used for
    digital signature?

13
  • Common modulus attack to RSA
  • We assume that two parties choose the same npq,
    but different public keys e1 and e2
  • If we ever encrypt the same message m with both
    public keys and gcd(e1, e2) 1, we are in
    trouble
  • Malicious node can find e1x e2y 1, so
    (me1)x (me2)y m (e1xe2y) mod n m
  • What if xlt0? Calculate the inverse modular
  • Lesson we learn do not share n with among users
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "EECS 690" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!