Prime Numbers

1
Prime Numbers

• The Fundamental Theorem of Arithmetic

2
Prime Numbers and RSA
3
Euclidean algorithm Eudoxus of Cnidus (about 375
BC),

• function gcd(a, b)
• if a 0 return b
• while b ? 0
• if a gt b a a - b
• else b b - a
• return a

4
Euclids algorithm GCD

• The greatest common divisor of M and N is the
  largest whole number that divides evenly into
  both M and N
• GCD (6 , 15 ) 3
• If GCD (M, N) 1 then M and N are called
  relatively prime.
• Euclids algorithm method to find GCD (M,N)

5
Euclids algorithm

• M and N whole numbers.
• Suppose M N. If N is divisible by M then
  GCD(M,N) M.
• Otherwise, subtract from N the biggest multiple
  of M that is smaller than N. Call the remainder
  R.
• NMKR or RMK-N. If Q divides into both M and N
  then Q divides into R. So
• GCD(M,N) GCD (M,R).
• Repeat until R divides into previous.

6
Example GCD (105, 77)

• 77 does not divide 105.
• Subtract 177 from 105. Get R28
• 28 does not divide into 77. Subtract 228 from
  77. Get R77-5621
• Subtract 21 from 28. Get 7.
• 7 divides into 21. Done.
• GCD (105, 77) 7.

7
Example GCD (105, 47)

• 47 does not divide 105.
• Subtract 247 from 105. Get R11
• 11 does not divide into 47. Subtract 411 from
  47. Get R47-443
• 3 does not divide 11. Subtract 33 from 11. R2
• 2 does not divide 3. Subtract 2 from 3. R1
• GCD (105, 47) 1.

8
Exercise find GCD (1234,121)
9
Relatively prime

• Two numbers M and N are called relatively prime
  if GCD(M,N)1.

10
Prime numbers

• A whole number is called prime if it is
  relatively prime to every smaller whole number.

11
Prime factorization theorem

• fundamental theorem of arithmetic
• every natural number gt 1 can be written as a
  unique product of prime numbers.
• Example 69362 x 2 x 2 x 3 x 17 x 17
• 23 x 3 x 172
• No other way of writing 6936 as a product of
  prime powers
• practically proved by Euclid,
• first correct proof in Disquisitiones
  Arithmeticae by Gauss.

12
GCD(6251,1473)

• 1
• 3
• 7
• 11

13
Large prime numbers

• Euclid infinitely many prime numbers
• Proof given a list of prime numbers, multiply
  all of them together and add one.
• Either the new number is prime or there is a
  smaller prime not in the list.

14
Euclids proof

• Consider any finite set of primes. Multiply all
  of them together and add 1 (see Euclid number).
  Call this Q
• Dividing Q by any of these would give a remainder
  of 1.
• So Q is not divisible by any number in this list.
• Any non-prime can be decomposed into a product of
  primes,
• Either Q is prime itself, or there is a prime
  number in the decomposition of Q that is not in
  the original finite set of primes.
• Either way, there is at least one more prime that
  was not in the finite set we started with. This
  argument applies no matter what finite set we
  began with. So there are more primes than any
  given finite number.

15
Infinitude of primes

• 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41,
  43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97
• list of prime numbers

16
Testing for prime numbers

• Is 97 a prime number?
• How about 111?
• How about 12345678987654321?

17
Computers can factor small prime numbers
18
Primality test

• A primality test is an algorithm for determining
  whether an input number is prime.
• As of 2008, factorization is a computationally
  hard problem, whereas primality testing is
  comparatively easy.
• elliptic curve primality test O((log n)6),
• Based on believed, but unproven properties
• 2002 Agrawal, Saxena and Kayal
• AKS primality test, Õ((log n)6)
• slower than probabilistic methods.

19
RSA 200

• RSA-200 2799783391122132787082946763872260162107
  044678695542853756000992932612840010
  76093456710529553608560618223519109513657886371059
  54482006576775098580557613 57909873495014417886317
  8946295187237869221823983
• RSA-200 3532461934402770121272604978198464368671
  197400197625023649303468776121253679
  423200058547956528088349 79258699544783330333470
  85841480059687737975857364219960734330341455767872
  818 152135381409304740185467

20
How long to factor RSA 200?

• If a k-digit number is the product of two primes
• No known algorithm can factor in polynomial time,
  i.e., that can factor it in time O(kp) for some
  constant p.
• There are algorithms faster than O((1e)k) i.e.,
  sub-exponential.
• For a quantum computer, Peter Shor discovered an
  algorithm in 1994 that solves it in polynomial
  time O(N3) and O(N) memory.
• In 2001, the first 7-qubit quantum computer
  became the first to run Shor's algorithm. It
  factored the number 15
• GNFS O(2(N(1/3))

21
Racing Mathematicians

• German Federal Agency for Information Technology
  Security (BSI) team
• record for factorization of semiprimes ( RSA
  Factoring Challenge )
• On May 9, 2005, factored RSA-200, a 663-bit
  number (200 decimal digits), using the general
  number field sieve.
• later RSA-640, a smaller number containing 193
  decimal digits (640 bits), on November 4, 2005.
• Both factorizations required several months of
  computer time using the combined power of 80 AMD
  Opteron CPUs.

22
The number 23571112311 is prime

• True
• False

23
There are lots of primes known to man

• Prime number theorem the number of primes less
  than or equal to N is on the order of N divided
  by log N.
• http//en.wikipedia.org/wiki/Prime_number_theorem

24
Largest known prime

• 243,112,609 - 1.

25
An example

• gcd(1071,1029)
• gcd(1029,42) (42 1071 mod 1029
• gcd(42,21) (21 1029 mod 42)
• gcd(21,0) (0 42 mod 21)
• 21 since b0, we return a

26
Run time of Euclidean (O(N2)).Red fast, blue
slow
27
RSA
28
The RSA encryption algorithm

• NPQ (product of two primes)
• F(N) (P-1)(Q-1)
• Encryption key 1ltEltf(N) such that
• GCD(E , f) 1
• Decryption key D such that
• DE 1 mod (f)
• Mlt f

29
Encryption/Decryption

• CMD mod (N)
• RCE mod (N)
• CLAIM RM (the original message)

30
Short digression modular arithmetic

• A B mod (C)
• Means that B is the remainder when C is divided
  into A
• For example, 13 1 mod (12)
• If it is 330 now then in 13 hours it will be
  430.
• Shorthand Bmod(A,C)
• Arithmetic
• mod (MN, C)mod(mod(M,C) x mod(N,C), C))

31
Laws of exponents
32
Examples

• mod((13)25 ,12)
• mod((mod (13 ,12))25, 12)
• mod(125, 12) mod(1, 12) 1
• mod((14)25 ,12)
• mod((mod (14 ,12))25, 12)
• mod(225, 12) mod(mod(24, 12)6 x mod(2,12), 12)
• mod(mod(4, 12)5 x2, 12)mod(8 , 12)8

33
Proof of RSA

• CME mod (N)
• RCDmod (N) (MD mod (N))E mod (N)
• (MDE mod (N))
• DE 1 mod (N)
• (M1 mod (N)) M (since Mlt N)
• Fermats little theorem aP-1 1 mod (P)

34
Plaintext to numbers
35
Plaintext message

• Kill Bill

numerical version

• Kill Bill 11 09 12 12 00 02 09 12 12
• M110912120002091212
• Note Mltf so may need to send message in pieces,
  e.g. one letter at a time

36
Example

• 11 09 12 12 00 02 09 12 12
• N 5 x 7 35
• F4x624
• E11 then GCD (E, F)1
• D11 then DxE1215x241
• So DxE1 mod 24
• In this case decryption is just the inverse of
  encryption because ED. Generally note true.

37
(No Transcript)
38
EXERCISE

• Use the cipher table above to decrypt the
  following ciphertext into plain text
• 0603012020100230 00 32040303 00 281020 301521 00
  14153222100210 00 182120 00 09151420 00 24201511
  00 200230041422

39
Solution

• Flattery will get you nowhere, but don't stop
  trying

40

• Simple multiply numbers
• Difficult factor numbers.
• example 34537 x 999913453389167 (easy)
• M1459160519 A xB
• Find A and B (difficult)
• Computer check primes up to square-root (roughly
  38000).

41
How long to factor large products?
what if the number to be factored is not ten
digits, but rather 400 digits? square-root 200
digits. lifetime of universe approx. 1018
seconds. If computer could test one trillion
factorizations per second, in the lifetime of the
universe it could check 1030 possibilities.
But there are 10200 possibilities.
42
RSA outline

• find two huge prime numbers, p and q (about 200
  digits) (private key),
• Npq public key.
• Baby prime example
• p23 and q41
• pq (23)(41) 943, the public key.
• E encryption key
• E is relatively prime to (p-1)(q-1) (22)(40)
  880,
• E7 is ok as public key
• To encode the message number M35.
• C Me (mod N) 357 (mod 943) 64339296875
  (mod 943) 545
• The number C545 is the encoding of M that is
  sent.
• D decryption key
• ed 1 mod (p-1)(q-1)
• D503 works, since 7503 3521 4(880) 1

43
Why decoding is easy

• Must calculate CD (mod N) 545503 (mod 943).
  
• 503 256 128 64 32 16 4 2 1 so
• 545503 545256128643216421
• 545256545128 5451.
• (mod 943) all the exponents that are powers of 2.
  
• For example, 5452 ( mod 943) 545545 297025
  (mod 943) 923
• Square again 5454 (mod 943) (5452)2 ( mod
  943)
• 923923 851929 (mod 943) 400, and so on.
• We obtain the following table
• 5451 (mod 943) 545
• 5452 (mod 943) 18
• 545256 (mod 943) 324
• So 545503 (mod 943) 324182157958574009
  23545 (mod 943) 35M !

44
Memory efficient modular exponentiation
Montgomery reduction

• Memory-efficient method
• Makes use of given two integers a and b, the
  following two equations are equivalent
• C ab mod m
• C ( (a mod m)x (bmod m) ) mod
• The algorithm is as follows
• 1. Set c 1, e' 0.
• 2. Increase e' by 1.
• 3. Set c b mod m
• 4. If e' lte, goto step 2. Else, c contains the
  correct solution to c be mod m
• in every pass through step 3, c b(e) mod m
  holds true.
• In summary, this algorithm basically counts up e'
  by ones until e' reaches e, doing a multiply by b
  and the modulo operation each time it adds one

45
The example b 4, e 13, and m 497 is
presented again. The algorithm passes through
step 3 thirteen times e' 1. c (1 4)
mod 497 4 mod 497 4. e' 2. c (4
4) mod 497 16 mod 497 16. e' 3. c
(16 4) mod 497 64 mod 497 64. e' 4.
c (64 4) mod 497 256 mod 497 256.
e' 5. c (256 4) mod 497 1024 mod 497
30. e' 6. c (30 4) mod 497 120 mod
497 120. e' 7. c (120 4) mod 497
480 mod 497 480. e' 8. c (480 4)
mod 497 1920 mod 497 429. e' 9. c
(429 4) mod 497 1716 mod 497 225. e'
10. c (225 4) mod 497 900 mod 497 403.
e' 11. c (403 4) mod 497 1612 mod
497 121. e' 12. c (121 4) mod 497
484 mod 497 484. e' 13. c (484 4)
mod 497 1936 mod 497 445. The final answer
for c is therefore 445 requires O(e)
multiplications to complete. the computation
time decreases by a factor of at least O(e) in
this method.
46
An efficient method the right-to-left binary
algorithm

• third method combines previous method and
  exponentiation by squaring
• convert exponent e to binary notation. That is, e
  can be written as
• e a_0 x 1 a_1 x 21 a_2 x 22 a_N x 2N
• length of e is N bits. a_i 0 or 1
• be (b0)(a_0) x (b1)(a_1) xx (bN)(a_N)
• So
• C (b0)(a_0) x (b1)(a_1) xx (bN)(a_N) mod
  M

47
RSA history

• Algorithm described in 1977 by Ron Rivest, Adi
  Shamir, and Leonard Adleman at MIT
• Clifford Cocks, a British mathematician working
  for the UK intelligence agency GCHQ, described an
  equivalent system in an internal document in
  1973. His discovery, however, was not revealed
  until 1997 due to its top-secret classification,
  and Rivest, Shamir, and Adleman devised RSA
  independently of Cocks' work.
• MIT was granted U.S. Patent 4,405,829 for a
  "Cryptographic communications system and method"
  that used the algorithm in 1983. The patent would
  have expired in 2003, but was released to the
  public domain by RSA on 21 September 2000.

48
Pretty Good Privacy
49
PGP

• Based on public key cryptography
• Binds public key to user name or email address
• Authentication digital signature used to
  verify identity of sender
• integrity checking used to detect whether a
  message has been altered since it was completed
• Encryption based on RSA/DSA
• Decryption based on public key
• Web of trust third party vetting

50
Zimmerman, 1992

• As time goes on
• you accumulate keys from other trusted
  parties.
• Others each choose their own trusted parties.
• everyone gradually accumulates and distributes
  with their key certifying signatures from others
• Expectation anyone receiving it will trust at
  least one or two of the signatures.
• emergence of a decentralized fault-tolerant web
  of confidence for all public keys.

51

• Any agency wanting to read PGP messages would
  probably use easier means than standard
  cryptanalysis,
• e.g. rubber-hose cryptanalysis or black-bag
  cryptanalysis i.e. installing some form of trojan
  horse or keystroke logging software/hardware on
  the target computer to capture encrypted keyrings
  and their passwords.
• The FBI has used this attack against PGP.
• such vulnerabilities apply to any encryption
  software.

52

• Criminal investigation of Zimmerman
• PGP encryption found its way outside the US.
• Cryptosystems using keys gt 40 bits were
  considered munitions by US export regulations
• PGP keys gt 128 bits.
• Feb 1993 Zimmermann targeted by US Govt for
  "munitions export without a license".
• Penalties were substantial.
• Zimmermann challenged these regulations in a
  curious way.
• Published PGP source code as hardback book (MIT
  Press)
• To build buy the 60 book, scan pages using an
  OCR program, GNU C Compiler. PGP would thus be
  available anywhere in the world.
• Export of munitions restricted export of books
  is protected ( First Amendment).
• US export regulations regarding cryptography
  remain in force, but were liberalized
  substantially . PGP can be exported
  internationally except to 7 specific countries
  and a named list of groups and individuals.

53
Mathematical Cryptography

• William S. Jevons, The Principles of Science A
  Treatise on Logic and Scientific Method,
  (1890s)
• observed many situations where 'direct' operation
  is easy, but inverse' operation hard.
• Example encryption is easy decryption is hard.
• Jevons Ch 7 multiplication of integers is easy,
  finding (prime) factors of product is hard.
• Jevons anticipated RSA Algorithm for public key
  cryptography

54
The future of cryptography?

• As of 2005, the largest number factored by a
  general-purpose factoring algorithm was 663 bits
  long (see RSA-200), using a state-of-the-art
  distributed implementation. RSA keys are
  typically 10242048 bits long. Some experts
  believe that 1024-bit keys may become breakable
  in the near term (though this is disputed) few
  see any way that 4096-bit keys could be broken in
  the foreseeable future. Therefore, it is
  generally presumed that RSA is secure if n is
  sufficiently large. If n is 256 bits or shorter,
  it can be factored in a few hours on a personal
  computer, using software already freely
  available. Keys of 512 bits (or less) have been
  shown to be practically breakable in 1999 when
  RSA-155 was factored by using several hundred
  computers. A theoretical hardware device named
  TWIRL and described by Shamir and Tromer in 2003
  called into question the security of 1024 bit
  keys. It is currently recommended that n be at
  least 2048 bits long.

55
Is RSA safe?

• In 1994, Peter Shor published Shor's algorithm,
  showing that a quantum computer could in
  principle perform the factorization in polynomial
  time. However, quantum computation is still in
  the early stages of development and may never
  prove to be practical.