PDF document - Hans Georg Schaathun

Week 4: More Cryptography and
Modular Arithmetics
Hans Georg Schaathun
12th November 2015
Period 915 September 2015
Reading Stein et al cover this material in Chapter 2.
Programme This document details the programme for the week, including exercises and
pointers to other material. It is available in two versions:
1. as a PDF document.
2. as a web site. This depends on MathML and may require refox/iceweasel to
display correctly.
The web version includes inline video. The pdf version shows a still image from
the video, providing a hyperlink directly to the video on the web site.
1 Wedneday 9 September
This session is devoted to playing around with small numbers, and explore how the
elements of Zn behave for varying values of n. The objective is to learn how to construct
public-key cryptosystems, a problem which we will return to next week when we master
some of the fundamental mathematics. Just to make sure that we do not forget why we do
the math's, let's start with two high-level talks to explain what public-key cryptography
is.
Theory
After a week on Classic Cryptography, it is time to
get on with modern solutions, suitable for practical
applications in our time. This video gives a high-level
perspective of public-key cryptography.
Related reading:
295.
Alice and Bob
OGG
K
Secure Channel
K
MP4
ek (P)
ek (P)
Alice
Bob
ek (P)
Slides
Eve
Stein et al. 9395 or Rosen p.
1
Prof Hans Georg Schaathun
Public Key Cryptography
Crypto PK 1/1
2/5
Theory
Public-key cryptography depends on one-way functions, and there is only a small number of such functions to choose from. This video gives an overview.
One-way Functions
OGG
Alice
KS
Bob
One-way
function
KP
m
???
Broadcast
Decrypt
Prof Hans Georg Schaathun
KP
Encrypt
One-Way functions
Slides
m
Crypto PK 1/2
MP4
3/7
1.1 Factorisation and the highest common factor
Worked Example
A prime number is a natural number which is only
divisible by one and itself. A number which is not
prime is known as a composite number, which can
be written as a product of primes.
Problem 1.1 Factorise 135.
OGG
Factorisation into Primes
Introduction to Number Theory
MP4
Prof Hans Georg Schaathun
Høgskolen i Ålesund
August 27, 2015
Prof Hans Georg Schaathun
Factorisation into Primes
Slides
August 27, 2015
1/5
Exercise 1.1 Factorise the following integers:
1. 12
2. 56
3. 123
4. 1024
5. 1025
How do you nd the answer for each integer? (What are you looking for? Do you have
a systematic approach or do you look for any particular patterns?)
Exercise 1.2 Which are the zero divisors of Z75 ?
Worked Example
Denition 1 The highest common factor (HCF) of
two integers a and b is the largest number q such that
q | a and q | b. We write hcf(a, b) = q or gcd(a, b) =
q.
Problem
MP4
Slides
Prof Hans Georg Schaathun
Problem 1.2 Find hcf(70, 42)
Exercise 1.3 Find
1. hcf(6, 4)
2. hcf(7, 3)
2
OGG
Exercise
Find hcf(70, 42)
Highest Common Factor
28th August 2015
3/3
3. hcf(18, 12)
4. hcf(19, 8)
1.2 Equations
Related reading:
Stein et al. p. 105110 or Rosen p. 272275
Worked Example
Problem 1.3 Solve the following equations for
Z13 :
An Equation to Solve
x∈
OGG
Exercise
Solve the following equations for x ∈ Z13 :
4 + x ≡ 1 (mod 13),
4+x≡1
4·x≡1
(mod 13),
(1)
(mod 13).
(2)
(1)
4 · x ≡ 1 (mod 13).
(2)
MP4
Slides
Prof Hans Georg Schaathun
Modular Equations
28th August 2015
2/5
Exercise 1.4 Solve the following equations
3+x≡1
3·x≡1
4·x+2≡8
Worked Example
(mod 8),
(3)
(mod 8),
(4)
(mod 15).
(5)
Problem 1.4 How many solutions x ∈ Z14 exist for
the following congruence:
4·x≡6
An Equation to Solve
OGG
Exercise
How many solutions x ∈ Z14 exist for the following congruences:
MP4
4 · x ≡ 6 (mod 14).
Give reasons for your answers, either by listing the complete set of
solutions, or otherwise.
(mod 14).
Slides
Give reasons for your answers, either by listing the
complete set of solutions, or otherwise.
Prof Hans Georg Schaathun
Modular Equations with Non-Unique Solution
28th August 2015
2/3
Exercise 1.5 How many solutions x ∈ Z12 exist for each of the following congruences:
3·x≡3
3·x≡5
5·x≡3
5·x≡5
(mod 15),
(6)
(mod 15),
(7)
(mod 15),
(8)
(mod 15).
(9)
Give reasons for your answers, either by listing the complete set of solutions, or otherwise.
Theory
Lemma 1 If
a has a multiplicative inverse a−1 ∈
Zn , then the equation
a·x=b
Modular Equations
OGG
Equations can be formulated over other sets of numbers
a + x ≡ b (mod n),
(2)
a + x mod n = b
(3)
or
MP4
or
in Zn
a+x =b
has the solution x = a−1 · b.
Prof Hans Georg Schaathun
3
in Zn
Modular Equations
(4)
Crypto PK 1/3
3/7
Slides
Exercise 1.6 Given b in
Zn . What general statements can be made about the number
of possible solutions to the equation a · b = 1 in Zn ?
Exercise 1.7 Look at the following congruences:
(mod 29),
(10)
(mod 81),
(11)
(mod 128),
(12)
(mod 128).
(13)
4x ≡ 3
4x ≡ 3
4x ≡ 3
4x ≡ 64
How many solutions does each of these congruences have? How much can you say without
checking every possible value of x? Is there any relationship between the coecient of x
(4 in all cases) and the modulus (29,81,128,128). Discuss this in your group.
2 Thursday 10 September
For this session we introduce two important algorithms to compute the highest common
factor and the multiplicative inverses for large numbers.
Related reading:
Stein et al. 110119 or Rosen p. 263272
Worked Example
For large numbers we need an algorithm to nd the
highest common factor. It is time to demonstrate it.
Numerical Example
OGG
hcf(14215, 13111)
MP4
Problem 2.1 Calculate hcf(44215, 43111).
Slides
Prof Hans Georg Schaathun
Euclid’s Algorithm
August 28, 2015
3/3
Exercise 2.1 Using Euclid's Algorithm, nd
1. hcf(121, 77)
2. hcf(108, 54)
Theory
In this video we show how the Euclidean algorithm is
dened to nd hcf(a, b) for arbitrary numbers a and
b
Related reading:
p. 266-268
The process
Stein et al. p. 114-115 or Rosen
Prof Hans Georg Schaathun
4
OGG
a = nq1 + r1
(1)
n = r1 q2 + r2
(2)
r1 = r2 q3 + r3
(3)
r2 = r3 q4 + r4
..
.
(4)
rn−2 = rn−1 qn + rn
(5)
rn−1 = rn qn+1 + 0
(6)
Euclid’s Algorithm
Crypto PK 2/4
5/6
MP4
Slides
Worked Example
The Euclidean algorithm nds the highest common
factor, and is useful for large numbers. The Extended Euclidean algorithm nds multiplicative inverses
(when they exist).
Numerical Example
OGG
xlast = 0
Exercise
Find the inverse of 7 modulo 81.
ylast = 1
xi = yi+1
MP4
yi = xi+1 − qi · yi+1
i
1
2
3
4
Problem 2.2 Find the inverse of 7 modulo 81.
ni = qi · ai + ri
81 = 11 · 7 + 4
7=1·4+3
4=1·3+1
3=3·1+0
Prof Hans Georg Schaathun
xi
yi
Slides
The Extended Euclidean Algorithm
August 31, 2015
3/3
Exercise 2.2 Find the multiplicative inverses of
1. 12 mod 55.
2. 7 mod 26.
3. 7 mod 29.
Exercise 2.3 Solve the following congruence for x. Use the Extended Euclidean Algorithm to nd the inverses that you need.
1. 4x ≡ 17 (mod 121)
2. 10x + 19 ≡ 0 (mod 171)
Exercise 2.4 Consider the ane cipher
ek1 ,k2 (x) = k1 · x + k2
mod n.
The decryption function can be written on the same form
dk10 ,k20 (y) = k10 · y + k20
mod n,
for suitable choices of (k10 , k20 ). Find the decryption key (k10 , k20 ) for each of the following
encryption keys:
1. (19, 17) mod 26.
2. (19, 17) mod 29.
Theory
It is useful to know how the Extended Euclidean Algorithm is derived and how we can prove that it is
correct.
Related reading:
p. 266-268
Stein et al. p. 114-115 or Rosen
Euclid’s Algorithm
n
n =
a
a
q
r
a · q1 + r1
= r1 · q2 +
r1 = r2 · q3 +
rm−3 = rm−2 · qm−1 + rm−1
rm−1 = rm · qm+1 +
rm
0
a
y
+
·
·
+
·
·
+
·
+
·
..
.
·
OGG
n
·
MP4
ym + (−qm−1 )xm · rm−2 + xm · rm−3
rm = (−qm )rm−1 + 1 · rm−2
Slides
rm−1 = (−qm−1 )rm−2 + 1 · rm−3
Prof Hans Georg Schaathun
5
r3
.
..
rm−4 = rm−3 · qm−2 + rm−2
rm−2 = rm−1 · qm +
x
r2
The Extended Euclidean Algorithm
October 16, 2014
5/6
Exercise Example
If you need another worked example, we can oer
this one, recorded 2014.
Exercise 2.5 What is the inverse of 12
Numeric Example
OGG
Exercise
What is the inverse of 12 mod 55?
n
a q r
55 = 12 · 4 + 7
55 = 12 · 4 + 7
x
a
y
n
23
· 12 + (−5) · 55
3 + (−5)(−4) · 12 + (−5) · 55
1=
12 = 7 · 1 + 5
mod 55?
7 = 5 ·1 + 2
5 = 2 ·2 + 1
(−2) + 3(−1) · 7 +
3 · 12
· 2 +
1 · 5
(−2)
2 = 1 ·2 + 0
Prof Hans Georg Schaathun
MP4
1 + (−1)(−2) · 5 + (−2) · 7
1=
The Extended Euclidean Algorithm
Slides
September 7, 2015
5/5
3 Last lectures of the week
At this stage it is useful to tie up some of the concepts with which we have worked and
introduce two important mathematical objects: the ring and the eld. When you watch
these videos, remember that Zn is a ring; and if p is a prime, then Zp is a eld. If it does
not make complete sense at this stage, don't worry; we will revisit these topics later.
Related reading:
Theory
Stein et al. p. 98-101 or Rosen p. 808+
The sets Zn is an example of a ring. Let's get the denition.
Denition 2 A set R, with operations
ring if the following axioms hold
Definition
A set R, with operations + and · is called a ring if the following
axioms hold
+ and · is called a
1
(x + y ) + z = x + (y + z) (associtativity of addition)
2
x + y = y + x (commutativity of addition)
3
There is an element 0 ∈ R such that x + 0 = x for all x ∈ R
4
5
1. (x + y) + z = x + (y + z) (associtativity of addition)
6
7
8
For any x ∈ R there is an element (−x) ∈ R, such that
x + (−x) = 0.
There is an element 1 such that x · 1 = 1 · x = x for all x ∈ R
(x · y ) · z = x · (y · z) (associtativity of multiplication)
x · y = y · x (commutativity of multiplication)
x · (y + z) = x · y + x · z (distributive law)
Prof Hans Georg Schaathun
2. x + y = y + x (commutativity of addition)
OGG
Rings
Crypto 3/1
MP4
Slides
3. There is an element 0 ∈ R such that x + 0 = x for all
x∈R
4. For any x ∈ R there is an element (−x) ∈ R, such that
x + (−x) = 0.
5. There is an element 1 such that x · 1 = 1 · x = x for all
x∈R
6. (x · y) · z = x · (y · z) (associtativity of multiplication)
7. x · y = y · x (commutativity of multiplication)
8. x · (y + z) = x · y + x · z (distributive law)
Theory
A eld is a ring with the additional property that
every non-zero element has a multiplicative inverse.
A nite eld is a eld with a nite number of elements.
Field
(F , +) is an Abelian group:
associtativity of addition
commutativity of addition
Neutral element (0)
Inverse (−x)
2
MP4
(F \{0}, ·) is an Abelian group:
associtativity of multiplication
commutativity of multiplication
Neutral element (1)
Inverse (x −1 ) for every (non-zero) element x
3
Slides
x · (y + z) = x · y + x · z (distributive law)
Prof Hans Georg Schaathun
6
OGG
A set F , with operations + and · is called a field if the following
axioms hold
1
Finite Fields
Crypto AES 1/4
3/6
3/7
4 Compulsory Assignment (Tuesday 15 September)
Denition 3 The multiplicative inverse of x ∈ Zn is the number x−1 with the property
that xx−1 = x−1 x = 1
Exercise 4.1 Consider the following elements x in their respective rings. Find x−1 for
the following elements:
1. x = 7 ∈ Z26
2. x = 1 ∈ Z2
Denition 4 The negative element (additive inverse) of x ∈ Zn is the number −x with
the property that x + (−x) = (−x) + x = 0
Exercise 4.2 Consider the following elements
the following elements:
x in their respective rings. Find −x for
1. x = 8 ∈ Z26
2. x = 1 ∈ Z2
Exercise 4.3 Using Euclid's Algorithm, nd
1. hcf(63, 14)
2. hcf(963, 312)
Exercise 4.4 Find the multiplicative inverses of
1. 28 mod 81.
2. 52 mod 121.
Denition 5 Exponentiation
factors.
αk is dened as the product α · α · . . . · α with exactly k
Exercise 4.5 Write down all the powers of 2 in Z11 in a table. How many distinct values
do you get before it starts repeating itself?
Exercise 4.6 Write down all the powers of 2 in Z9 in a table. How many distinct values
do you get before it starts repeating itself?
Exercise 4.7 Compare Exercises 4.5 and 4.6. What is the relationship between the num-
ber of distinct values and the modulus n? Does n have any properties which can tell us
how many distinct powers to expect?
7