Σημειώσεις κρυπτογραφίας

Panepisthmio Patrwn - Poluteqnikh Sqolh
Tmma Mhqanikn Hlektronikn Upologistn

kai Plhroforikc
Kruptografa
Sumplhrwmatikc shmeiseic
Ptra, Mrtioc 2010

Perieqmena
1 Eisagwg sthn jewra arijmn 3
1.1 Basikc nnoiec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Arijmhtikc prxeic me uploipa . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2 Prwtkolla dhmosou kleidio 28
2.1 Dhmiourga kai antallag kleidin . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.2 To prwtkollo dhmosou kleidio RSA . . . . . . . . . . . . . . . . . . . . . . . . 33
2.3 To prwtkollo dhmosou kleidio tou Rabin . . . . . . . . . . . . . . . . . . . . . 36
2.4 To prwtkollo dhmosou kleidio tou El Gamal . . . . . . . . . . . . . . . . . . . 40
3 Elegqoc prtwn arijmn 43
3.1 Pijanotiko algrijmoi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.2 O nteterministikc algrijmoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4 Efarmogc thc kruptografac 51
4.1 Sqmata diamorashc mustiko kai prwtkolla dsmeushc . . . . . . . . . . . . . . 51
4.2 Eklogc, dhmoprasec kai oikonomikc sunallagc . . . . . . . . . . . . . . . . . . 53

1 Eisagwg sthn jewra arijmn
Sthn enthta aut parousizoume me suntoma kpoiec basikc nnoiec thc stoiqeidouc jew-
rac arijmn, sqetik me to snolo Z = {. . . , 2, 1, 0, 1, 2, . . .} twn akerawn kai to snolo
N = {0, 1, 2, . . .} twn fusikn arijmn. Epiplon, ja perigryoume orismnouc algorjmouc pou
mac epitrpoun na ektelsoume se poluwnumik qrno kpoiec basikc prxeic, pwc h eplush
grammikn exissewn, h eresh tetragwnikn rizn, klp.
1.1 Basikc nnoiec
Diairetthta kai diairtec
Ja xekinsoume parousizontac kpoiouc orismoc sqetik me thn diaresh. To gegonc ti nac
akraioc diaire kpoion llo enai pol shmantik sthn jewra arijmn. Ja sumbolzoume me d|a
to ti a = kd gia kpoion akraio k, en profanc isqei pwc kje akraioc diaire to 0. An
isqei pwc a>0 kai epiplon ti d|a, tte isqei epshc ti |d| |a|. Ja lme ti o akraioc a
enai pollaplsio tou d an isqei ti d|a, en an o d den diaire ton a, tte aut to sumbolzoume
me d - a.
Suneqzontac, lme ti o akraioc d enai diairthc enc akeraou a an isqei ti d|a kai d 0.
Epeid, an d|a tte isqei kai ti d|a, mporome qwrc blbh thc genikthtac na jewrsoume
ti oi diairtec enai mh arnhtiko akraioi, qontac kat nou ti gia kje diairth uprqei nac
arnhtikc arijmc pou epshc diaire ton a. Sthn sunqeia tou keimnou epomnwc, ja asqolhjome
mno me jetikoc diairtec. Isqei loipn pwc nac diairthc tou a enai toulqiston soc me 1
all qi megalteroc ap |a|; gia pardeigma, oi diairtec tou 18 enai oi 1, 2, 3, 6 kai 9.
Kje akraioc a diairetai ap touc tetrimmnouc diairtec 1 kai a, en oi mh-tetrimmnoi
diairtec tou a kalontai kai pargontec tou a. Gia pardeigma, oi pargontec tou 12 enai oi
2, 3, 4 kai 6.
Jerhma thc diareshc, uploipa kai modular isodunamec
An jewrsoume nan akraio n, tte mporome na qwrsoume to snolo twn akerawn se 2 xna
metax touc uposnola.To na apoteletai ap ekenouc touc akeraouc pou enai pollaplsia tou
n kai to detero ap autoc pou den enai pollaplsia tou n. Mporome na epektenoume aut
thn ida kai na diamersoume to detero uposnolo me bsh to uploipo thc diareshc me ton n.
To epmeno jerhma sunoyzei thn parapnw ida.
Jerhma 1. Gia kje akraio a kai kje jetik akraio n , uprqoun monadiko akraioi q kai r ,
ttoioi ste 0r<n kai a = qn + r .
O arijmc q = a/n enai to phlko thc diareshc, en o r = a mod n to uploipo . Isqei
ti n|a an kai mno an a mod n = 0.

Mporome epomnwc na qwrsoume touc akraiouc arijmoc se omdec me bsh to uploipo
thc diareshc touc me to n. H klsh isodunamac modulo n pou orzetai me bsh ton akraio a
enai h [a]n = {a + kn : k Z}. Gia pardeigma, [3]7 = {. . . , 11, 4, 3, 10, 17, . . .}, en h dia
omda mpore na sumboliste kai wc [4]7 [10]7 . Mporome epshc na sumbolsoume to gegonc
pwc a [b]n kai wc a b ( mod n). To snolo lwn autn twn klsewn isodunamac enai to
Zn = {[a]n : 0 a n 1}, en enallaktik mpore na sumboliste wc Zn = {0, 1, 2, . . . , n 1}

me thn katanhsh ti to 0 sumbolzei to [0]n , to 1 sumbolzei to [1]n klp. Geniktera, protimme
na sumbolzoume kje klsh me bsh to mikrtero mh-arnhtik stoiqeo thc, den prpei mwc na
xeqnme pwc kje ttoioc arijmc sumbolzei mia klsh arijmn, oi opooi enai peiroi sto plroc.
'Etsi, mia anafor ston arijm 1 wc mloc tou Zn enai sthn pragmatikthta mia anafor sthn
klsh isodunamac [n 1]n , kajc 1 n 1 ( mod n).
Koino diairtec kai mgistoi koino diairtec
An o akraioc d enai diairthc tou a kai epshc diaire kai ton b, tte lme ti o d enai koinc
diairthc twn a kai b. Gia pardeigma, oi diairtec tou 20 enai oi 1, 2, 4, 5, 10 kai 20, sunepc oi
koino diairtec tou 18 kai tou 20 enai oi 1 kai 2. Isqei geniktera pwc o arijmc 1 enai koinc
diairthc opoioudpote zegouc akerawn.
Mia shmantik idithta enc koino diairth enai ti an d|a kai d|b, tte isqei epshc d|(a + b)
kai d|(a b). Geniktera, isqei h pol shmantik idithta ti an d|a kai d|b, tte
d|(ax + by), (1)
gia opoiousdpote akeraouc x kai y . Me lla lgia, o d diaire opoiondpote grammik sunduasm
twn a kai b. Epshc, an a|b, tte ete |a| |b| b = 0, pou sunepgetai ti an a|b kai b|a, tte
a = b.
O mgistoc koinc diairthc do akerawn a kai b, pou den isontai kai oi do me to mhdn,
enai o megalteroc ap touc koinoc diairtec twn a kai b kai sumbolzetai wc gcd(a, b). Gia
pardeigma, gcd(18, 20) = 2, gcd(11, 13) = 1 kai gcd(0, 19) = 19. An oi a kai b den enai kai
oi do mhdn, tte o gcd(a, b) enai nac akraioc metax tou 1 kai tou min(|a|, |b|). Orzoume ti
gcd(0, 0) = 0, prokeimnou oi akloujec stoiqeideic sqseic na isqoun pntote.
gcd(a, b) = gcd(b, a),
gcd(a, b) = gcd(a, b),
gcd(a, b) = gcd(|a|, |b|),
gcd(a, 0) = |a|,
gcd(a, ka) = |a|, k Z
To akloujo jerhma parqei nan diaforetik orism tou gcd(a, b), kajc ki nan mmeso
trpo eresc tou.
Jerhma 2. Gia opoiousdpote akeraouc a kai b , pou den isontai kai oi do me to mhdn,
o gcd(a, b) enai o elqistoc jetikc akraioc tou sunlou {ax + by : x, y Z} twn grammikn
sunduasmn twn a kai b .
Apdeixh. 'Estw s h tim tou mikrterou jetiko grammiko sunduasmo twn a kai b kai stw
s = ax + by gia kpoia x, y Z. 'Estw epshc q = a/s, to phlko dhlad thc diareshc tou a
me to s. Tte isqei ti
a mod s = a qs
= a q(ax + by)
= a(1 qx) + b(qy),
kai epomnwc o a mod s, o opooc enai akraioc arijmc, enai epshc grammikc sunduasmc twn
a kai b. Epeid mwc a mod s < s, qoume ti a mod s = 0, kajc o s enai o mikrteroc
jetikc grammikc sunduasmc. Sunepc, s|a kai gia ton anlogo lgo isqei ti s|b. Epomnwc,
o s enai koinc diairthc twn a kai b, opte gcd(a, b) s. Ap prohgomenh idithta sunepgetai
ti gcd(a, b)|s, kajc o gcd(a, b) diaire ta a kai b kai o s enai grammikc sunduasmc autn
twn do akerawn. Epeid gcd(a, b)|s kai s > 0, qoume ti gcd(a, b) s. Sunduzontac to ti
gcd(a, b) s kai gcd(a, b) s, prokptei pwc gcd(a, b) = s. Katalgoume loipn ti o s enai o
mgistoc koinc diairthc twn a kai b.
Prisma 3. Gia opoiousdpote akeraouc a kai b , an d|a kai d|b tte d| gcd(a, b) .
Apdeixh. Isqei kajc o gcd(a, b) enai grammikc sunduasmc twn a kai b.
Prisma 4. Gia louc touc akeraouc a, b kai gia kje mh-arnhtik akraio n , isqei ti
gcd(an, bn) = n gcd(a, b).
Apdeixh. An n = 0, tte profanc isqei h sqsh, en an n > 0, tte o gcd(an, bn) enai o
elqistoc jetikc ekprswpoc tou sunlou {anx + bny} kai isotai me n forc ton elqisto
jetik ekprswpo tou sunlou {ax + by}.
Prisma 5. Gia louc touc jetikoc akeraouc n, a kai b , an n|ab kai gcd(a, n) = 1 , tte n|b .
Prtoi kai snjetoi arijmo
Sthn sunqeia ja asqolhjome me touc prtouc arijmoc, stic idithtec twn opown baszontai
arket prwtkolla kruptografac. 'Enac akraioc a>1 lgetai prtoc arijmc ( aplostera,
prtoc) tan oi mnoi diairtec tou enai oi tetrimmnoi diairtec 1 kai a. Shmeinoume pwc o
arijmc 2 enai o mnoc zugc prtoc arijmc, kajc loi oi megalteroi zugo arijmo diairontai
ap autn. 'Enac akraioc megalteroc tou 1 pou den enai prtoc, lgetai snjetoc arijmc. O
arijmc 1 den enai ote prtoc ote snjetoc, pwc epshc o arijmc 0 kajc kai loi oi arnhtiko
arijmo.
Do akraioi a kai b onomzontai sqetik prtoi an o mnoc koinc touc diairthc enai to 1,
dhlad an gcd(a, b) = 1. Gia pardeigma, oi 5 kai 6 enai sqetik prtoi, kajc oi diairtec tou 5
enai oi 1 kai 5, en oi diairtec tou 6 enai oi 1, 2, 3 kai 6. To akloujo jerhma dhlnei ti an
do akraioi enai sqetik prtoi me nan arijm p, tte kai to ginmen touc enai nac akraioc
sqetik prtoc me ton p.
Jerhma 6. Gia opoiousdpote akeraouc a, b kai p , an gcd(a, p) = 1 kai gcd(b, p) = 1 , tte
gcd(ab, p) = 1 .
Apdeixh. Prokptei ap to Jerhma 2 ti uprqoun akraioi x, y, x kai y , ttoioi ste ax+py =

1 kai bx +py = 1. Pollaplasizontac autc tic do sqseic, qoume ti ab(xx )+p(ybx +y ax+
pyy ) = 1. Prokptei loipn ti o arijmc 1 enai jetikc grammikc sunduasmc twn ab kai p,
opte to Jerhma 2 arke gia na oloklhrwje h apdeixh.
Epiplon, ja lme pwc oi akraioi n1 , n2 , . . . , nk enai sqetik prtoi an do an gcd(ni , nj ) = 1

gia i = j .
Monadik paragontopohsh
'Ena apl all shmantik gegonc gia thn diaresh me prtouc enai to akloujo.
Jerhma 7. Gia louc touc prtouc p kai louc touc akeraouc a, b , an p|ab tte p|a p|b (
kai ta do).
Apdeixh. Upojtoume pwc p|ab all p-a kai p - b. Sunepc, gcd(a, p) = 1 kai gcd(b, p) = 1,
kajc oi mnoi diairtec tou p enai to 1 kai o p, kai ap thn upjesh o p den diaire ote ton a
ote ton b. Ap to Jerhma 6 prokptei ti gcd(ab, p) = 1, kti pou enai antjeto me thn upjesh
ti p|ab, afo ap to ti p|ab sunepgetai pwc gcd(ab, p) = 1. Aut h antfash oloklhrnei thn
apdeixh.
Mia shmantik sunpeia tou Jewrmatoc 7 enai to ti kje akraioc mpore na paragontopoi-
hje se prtouc arijmoc me monadik trpo.
Jerhma 8. (Jerhma monadikc paragontopohshc) 'Enac snjetoc arijmc a mpore na grafe
me monadik trpo wc ginmeno thc morfc a= pe11 pe22 . . . perr , pou o pi enai prtoc, p1 < p2 <
. . . < pr kai o ei enai jetikc akraioc.
Mgistoc koinc diairthc Se aut thn enthta, perigrfoume nan poluwnumik algri-
jmo pou prwtoparousisthke ap ton Eukledh gia thn eresh tou mgistou koino diairth do
akerawn. H anlush tou qrnou ektleshc tou algorjmou apokalptei mia endiafrousa sn-
desh me thn akolouja twn arijmn Fibonacci, h opoa apotele to qeirtero stigmitupo pou
mpore na doje wc esodoc.
Sthn sunqeia, ja asqolhjome mno me mh-arnhtikoc akeraouc. Autc o periorismc dikaiolo-
getai, kajc qoume dh diatupsei pwc gcd(a, b) = gcd(|a|, |b|).

Prin proqwrsoume sthn parousash tou algorjmou tou Eukledh, parathrome pwc ma
enallaktik mjodoc gia ton upologism tou mgistot koino diairth gcd(a, b) do akerawn
a kai b baszetai sthn monadik paragontopohsh autn twn akerawn. Ac upojsoume pwc
a = pe11 pe22 . . . perr kai b = pf11 pf22 . . . pfrr , pou qrhsimopoiome kai mhdenikoc ekjtec prokeim-
nou to snolo twn prtwn p1 , p2 , . . . , pr na enai to dio gia ta a kai b. Tte, qoume gcd(a, b) =
min (e1 ,f1 ) min (e2 ,f2 ) min (er ,fr )
p1 p2 . . . pr .
To prblhma me thn parapnw mjodo enai pwc mqri stigmc oi kalteroi algrijmoi gia
thn paragontopohsh den oloklhrnoun thn ektles touc se poluwnumik qrno, sunepc den
uprqei h dunatthta na qrhsimopoihjon gia na dsoun nan apodotik algrijmo gia to prblhma
thc ereshc tou mgistou koino diairth.
O algrijmoc tou Eukledh baszetai sto akloujo jerhma.
Jerhma 9. Gia kje mh-arnhtik akraio a kai kje jetik akraio b ,
gcd(a, b) = gcd(b, a mod b).
Apdeixh. Ja dexoume ti oi gcd(a, b) kai gcd(b, a mod b) diairon o nac ton llon, epomnwc
prpei na isontai (kajc kai oi do enai mh-arnhtiko akraioi).
Prta, ja dexoume pwc gcd(a, b)| gcd(b, a mod b). An orsoume d = gcd(a, b), tte d|a kai
d|b. Isqei (a mod b) = a qb, pou q = a/b. Epeid o (a mod b) enai grammikc sunduasmc
twn a kai b, qoume ti d|(a mod b). Epomnwc, epeid d|b kai d|(a mod b), ap to Prisma 3
prokptei ti d| gcd(b, a mod b), isodnama, ti gcd(a, b)| gcd(b, a mod b).
To na dexoume ti gcd(b, a mod b) gnetai sqedn me ton dio trpo. An orsoume d = gcd(b, a
mod b), tte d|b kai d|(a mod b). Epeid, a = qb + (a mod b), pou q = a/b, qoume ti o a
enai grammikc sunduasmc twn b kai (a mod b). Sumperanoume loipn ti d|a. Epeid d|b kai
d|a, katalgoume ti d| gcd(a, b) (ap to Prisma 3), isodnama, ti gcd(b, a mod b)| gcd(a, b).
Arke na sundusoume to ti gcd(a, b)| gcd(b, a mod b) kai to ti gcd(b, a mod b)| gcd(a, b)
gia na oloklhrwje h apdeixh.
O algrijmoc tou Eukledh
O akloujoc algrijmoc prwtoparousisthke sta Stoiqea (perpou to 300 p.Q.), an kai pijann
na tan gnwstc ap palitera. Mpore na ekfraste wc na anadromik prgramma basismno
apeujeac sto Jerhma 9. Oi arijmo a kai b pou dnontai wc esodoc enai aujaretoi mh-arnhtiko
akraioi.
EUCLID(a, b)
1 an b=0
2 tte epstreye a
3 allic epstreye EUCLID(b, a mod b)
Gia pardeigma, an ektelsoume ton parapnw algrijmo gia na brome ton mgisto koin diairth
tou 30 kai tou 21, qoume
EUCLID(20, 15) = EUCLID(15, 5)
= EUCLID(5, 0)
= 5.
Ston parapnw upologism uprqoun do anadromikc klseic tou algorjmou tou Eukledh
( EUCLID). H orjthta tou algorjmou phgzei ap to Jerhma 9 kai to gegonc ti an o algri-

jmoc epistrfei a sthn gramm 2, tte b = 0, epomnwc gcd(a, b) = gcd(a, 0) = a. O algrijmoc
den kaletai anadromik ep' peiron, kajc to detero risma meinetai se kje anadromik klsh
kai enai pntote mh-arnhtikc akraioc. Sunepc, o algrijmoc tou Eukledh termatzei pntote
me to swst apotlesma.
Qrnoc ektleshc tou algorjmou
Sthn pargrafo aut ja exetsoume poioc enai o qrnoc ektleshc tou algorjmou sthn qeirterh
perptwsh. Ja ton ekfrsoume se sunrthsh me to mgejoc twn a kai b. Upojtoume, qwrc blbh
thc genikthtac, ti a > b 0. Aut h upjesh mpore na aitiologhje ap thn paratrhsh pwc
an b > a 0, tte o EUCLID(a, b) ja knei amswc anadromik klsh ston EUCLID(b, a). Me
lla lgia, an to prto risma enai mikrtero ap to detero, tte h prth anadromik klsh
enallsei thn seir twn orismtwn. Paromowc, an b = a > 0, o algrijmoc termatzei met ap
mia anadromik klsh, afo a mod b = 0.

O sunolikc qrnoc ektleshc enai anlogoc me ton arijm twn anadromikn klsewn kai
dhlnetai sto akloujo Lmma.
Lmma 10. An a>b1 kai h klsh tou algorjmou EUCLID a, b

( ) prokale k1 anadromikc
klseic, tte a Fk+2 kai b Fk+1 .
To akloujo jerhma prokptei wc meso prisma tou parapnw lmmatoc.
Jerhma 11. Gia kje akraio arijm k1 , an a>b1 kai b < Fk+1 , tte o algrijmoc
EUCLID a, b ( ) prokale ligterec ap k anadromikc klseic.

Epeid mporome na proseggsoume ton k -ost ro thc akoloujac Fibonacci Fk wc k / 5,
pou k enai h qrus tom, o arijmc twn anadromikn klsewn enai O(log b). Sunepgetai
ti an o algrijmoc ektelesje me do orsmata twn bits, tte ja qreiaston O() arijmhtikc
prxeic kai O( 3 ) prxeic se bits (upojtoume pwc o pollaplasiasmc kai h diaresh do arijmn
me bits apaiton O( 2 ) prxeic me bits).
O genikeumnoc algrijmoc tou Eukledh Se aut thn enthta ja dome pc mporome
na tropopoisoume ton algrijmo tou Eukledh ste na apokomzoume perissterh plhrofora.
Pio sugkekrimna, tropopoiome ton algrijmo tsi ste na upologzontai oi akraioi x kai y
pou ikanopoion thn sqsh d = gcd(a, b) = ax + by . Shmeinoume ti oi x kai y mpore na enai
kai mh-jetiko akraioi kai ja mac fanon qrsimoi gia ton upologism tou pollaplasiastiko
antistrfou. O algrijmoc EXTENDED-EUCLID dqetai wc risma na zeugri mh-arnhtikn
akerawn kai epistrfei mia trida thc morfc (d, x, y) pou ikanopoie thn sqsh d = gcd(a, b) =
ax + by .
EXTENDED-EUCLID(a, b)
1 an b=0
2 tte epstreye a
3 (d , x , y ) EXTENDED-EUCLID(b, a mod b)
4 (d, x, y) (d , y , x )a/by
5 epstreye (d, x, y)
O parapnw algrijmoc baszetai ston algrijmo tou Eukledh. Arqik, h gramm 1 enai isod-
namh me ton legqo an b = 0 sthn gramm 1 tou EUCLID. An b = 0, tte o EXTENDED-
EUCLID epistrfei qi mno d=a sthn gramm 2, all kai touc suntelestc x=1 kai y = 0,
ste na isqei a = ax + by . An b = 0, o EXTENDED-EUCLID prta upologzei to (d , x , y )
tsi ste d = gcd(b, a mod b) kai
d = bx + (a mod b)y (2)
Ston EUCLID, se aut thn perptwsh qoume ti d = gcd(a, b) = d = gcd(b, a mod ). Gia na
proume x kai y ste d = ax + by , xanagrfoume thn isthta 2 qrhsimopointac to ti d = d.
d = bx + (a a/bb)y
= ay + b(x a/by ).
Sunepc, jtontac x = y kai y = x a/by ikanopoietai h exswsh d = ax+by kai apodeiknetai
h orjthta tou algorjmou EXTENDED-EUCLID.
Epeid o arijmc twn anadromikn klsewn pou gnontai ston EXTENDED-EUCLID enai
soc me ton arijm twn anadromikn klsewn pou gnontai ston EUCLID, o qrnoc ektleshc tou
EXTENDED-EUCLID diafrei ap autn tou EUCLID kat nan stajer pargonta, dhlad,
gia a>b>0 o arijmc twn anadromikn klsewn enai O(log b).
1.2 Arijmhtikc prxeic me uploipa
Sthn sunqeia ja parousisoume orismnouc basikoc algrijmouc pou qrhsimopoiontai sthn
arijmhtik me uploipa. Mpore kanec na jewrsei thn arijmhtik tan douleoume me uploipa wc
thn kanonik arijmhtik me akraiouc arijmoc, mno pou tan douleoume modulo kpoion akraio
arijm n, antikajistome kje apotlesma x me kpoio stoiqeo ap to snolo {0, 1, . . . , n1} pou
enai isodnamo me to x mod n. Aut h anepshmh jerhsh enai arket prokeimnou na perigryei
kanec tic prxeic thc prsjeshc, thc afareshc kai tou pollaplasiasmo. Gia na dsoume nan
pio epshmo orism, prpei prta na perigryoume thn nnoia thc omdac ( group).
Peperasmnec omdec Mia omda (S, ) enai na snolo S sundedemno me nan duadik
telest pou orzetai sto S gia to opoo isqoun oi akloujec idithtec:
1. Kleistthta: Gia kje a, b S , isqei a b S.
2. 'Uparxh oudterou stoiqeou: Uprqei na stoiqeo e S, pou kaletai oudtero stoiqeo
tou sunlou, ttoio ste ae=ea=a gia kje a S.
3. Prosetairistikthta: Gia la ta a, b, c S , isqei (a b) c = a (b c).
4. 'Uparxh antistrfou: Gia kje a S , uprqei na monadik stoiqeo, pou kaletai antstro-
fo tou a, tsi ste a b = b a = e.
Gia pardeigma, mpore kanec na jewrsei thn gnrimh omda (Z, +) twn akerawn Z gia thn
prxh thc prsjeshc: to 0 enai to oudtero stoiqeo kai o antstrofoc tou a enai o a. An mia
omda (S, ) ikanopoie thn idithta thc antimetajetikthtac ab = ba gia la ta a, b S ,

tte kaletai abelian omda , en an gia mia omda (S, ), isqei ti |S| < , tte kaletai
peperasmnh omda.
Omdec pou orzontai ap thn prsjesh kai ton pollaplasiasm me uploipa
Mporome na sqhmatsoume do peperasmnec abelianc omdec qrhsimopointac tic prxeic thc
prsjeshc kai tou pollaplasiasmo modulo n, pou n enai nac jetikc akraioc. Autc oi
omdec baszontai stic klseic isodunamac twn akerawn modulo n, pou orsthkan sto prohgo-
meno keflaio.
Gia na orsoume mia omda sto Zn prpei na qoume katllhlec duadikc prxeic, tic opoec
mporome tic apoktsoume tropopointac katllhla tic sunhjismnec prxeic thc prsjeshc kai
tou pollaplasiasmo. Enai ekolo na orsoume thn prsjesh kai ton pollaplasiasm gia to Zn ,
epeid h klsh isodunamac do akerawn prosdiorzei me monadik trpo thn klsh isodunamac
tou ajrosmatoc tou ginomnou touc. Dhlad, an a a ( mod n) kai b b ( mod n), tte
a + b a + b ( mod n),
ab a b ( mod n).
Sunepc, orzoume thn prsjesh kai ton pollaplasiasm modulo n, me antstoiqouc sumbolismoc
+n kai n , wc exc:
[a]n +n [b]n = [a + b]n , (3)
[a]n n [b]n = [ab]n . (4)
Parathrome pwc h afaresh mpore na oriste me parmoio trpo sto Zn wc [a]n n [b]n =
[a b]n , all h perptwsh thc diareshc enai perisstero perplokh kai ja exetaste argtera.
Ta parapnw dikaiologon thn sunjh praktik na qrhsimopoiome ton mikrtero mh-arnhtik
akraio kje klshc isodunamac wc antiprswp thc tan knoume prxeic sto Zn . Oi prxeic thc
prsjeshc, thc afareshc kai tou pollaplasiasmo gnontai me orsmata touc antiprospouc twn
klsewn isodunamac kai sthn sunqeia kje apotlesma x antikajstatai ap ton antiprswpo
thc klshc (dhlad ap to x mod n).

Qrhsimopointac ton parapnw orism thc prsjeshc modulo n, orzoume thn omda prs-
jeshc modulo n wc (Zn , +n ). To mgejoc thc omdac enai |Zn | = n.
Jerhma 12. H omda (Zn , +n ) enai peperasmnh kai abelian.
Qrhsimopointac ton orism tou pollaplasiasmo modulo n, orzoume thn omda pollaplasi-
asmo modulo n wc (Zn , n ). Ta stoiqea autc thc omdac enai to snolo Zn twn akerawn tou
Zn pou enai sqetik prtoi me to n:
Zn = {[a]n Zn : gcd(a, n) = 1}.
Gia na dome ti to snolo Zn enai kalc orismno, parathrome ti gia 0 a < n, isqei ti
a (a+kn) ( mod n) gia louc touc akeraouc k . Sunepc, ap to ti gcd(a, n) = 1 sunepgetai

pwc gcd(a + kn, n) = 1 gia louc touc akeraouc k. Epeid [a]n = {a + kn : k Z}, to snolo
Zn enai kalc orismno. 'Ena pardeigma ttoiac omdac enai to

Z12 = {1, 5, 7, 11},
pou h prxh tou pollaplasiasmo gnetai modulo 12.
Jerhma 13. H omda (Zn , n ) enai peperasmnh kai abelian.
Wc na pardeigma upologismo pollaplasiastiko antistrfou, upojtoume pwc a=5 kai
n = 11. Tte o EXTENDED-EUCLID(a, n) epistrfei (d, x, y) = (1, 2, 1), tsi ste 1 =

5 (2) + 11 1. Sunepc, to 2 (dhlad to 9 mod 11) enai pollaplasiastikc antstrofoc tou
5 modulo 11.
'Otan douleoume me tic omdec (Zn , +n ) kai (Zn , n ) sthn sunqeia tou keimnou, ja suneqsoume
thn sunjh praktik na qrhsimopoiome ton ekprswpo miac klshc isodunamac gia na sum-
bolsoume thn klsh, kajc kai ta + kai gia na sumbolsoume ta +n kai n . Epiplon, ja
metatrpoume tic isodunamec modulo n se exisseic sto Zn . Gia pardeigma, oi akloujec do
protseic enai isodnamec:
ax b ( mod n)
[a]n n [x]n = [b]n .
Epiplon, merikc forc ja anafermaste sthn omda (S, ) aplc wc S , tan h prxh uponoetai
ap ta sumfrazmena. Epomnwc, ja anafermaste stic omdec (Zn , +n ) kai (Zn , n ) wc Zn kai
Zn antstoiqa.
O pollaplasiastikc antstrofoc enc stoiqeou a sumbolzetai me (a1 mod n). H diaresh
modulo n orzetai ap thn exswsh a/b ab1 ( mod n). Gia pardeigma, sto

Z12 qoume ti
71 7 ( mod 12), afo 7 7 49 1 ( mod 12), kai tsi 2/7 2 7 2 ( mod 12).
Se antjesh me to snolo Zn pou isqei ti |Zn | = n, gia to snolo Zn ta prgmata den
enai tso apl kai qreizetai na orsoume mia na posthta gia na perigryoume to pljoc twn
stoiqewn tou. O arijmc loipn twn akerawn sto Zn sumbolzetai me (n). Aut h sunrthsh,
gnwst kai wc sunrthsh tou Euler, ikanopoie thn sqsh
1
(n) = n (1 ), (5)
p
p|n
pou to p diatrqei louc touc prtouc arijmoc pou diairon to n, en an to n enai prtoc tte
sumperilambnetai kai aut. Diaisjhtik, arqzoume ap mia lsta twn n upolopwn {0, 1, . . . , n
1} kai gia kje prto p pou diaire to n, diagrfoume la ta pollaplsia tou p ap thn lsta.
Gia pardeigma, efson oi prtoi diairtec tou 12 enai to 2 kai to 3
1 1
(12) = 12(1 )(1 )
2 3
1 2
= 12( )( )
2 3
= 4,
to opoo epalhjeetai ap touc prohgomenouc upologismoc mac gia thn sstash tou
.
Z12 An o
p enai prtoc arijmc, tte Zp = {1, 2, . . . , p 1} kai
(p) = p 1, (6)
en an o n enai snjetoc, tte (n) < n 1.
Upoomdec An to (S, ) enai omda, uprqei na snolo S S kai to (S , ) enai epshc
omda, tte to (S , ) kaletai upoomda tou (S, ). Gia pardeigma, oi zugo akraioi arijmo
apotelon upoomda twn akerawn gia thn prxh thc prsjeshc. To akloujo jerhma dhlei
pwc arke na isqei h prxh thc kleistthtac gia na enai na uposnolo upoomda.
Jerhma 14. An to (S, ) enai mia peperasmnh omda kai to S enai opoiodpote mh-ken
uposnolo tou S , ttoio ste a b S gia kje a, b S , tte to (S , ) enai upoomda tou
(S, )
Gia pardeigma, to snolo {0, 2, 4, 6} apotele upoomda tou Z8 , kajc enai mh-ken kai isqei
h idithta thc kleistthtac gia thn prxh thc prsjeshc. To akloujo jerhma perigrfei na
qrsimo periorism gia to mgejoc miac upoomdac.
Jerhma 15. (Jerhma tou Lagrange ) An to (S, ) enai mia peperasmnh omda kai to (S , )
enai upoomda tou (S, ) , tte to |S | enai mh-tetrimmnoc diairthc tou |S| .
Mia upoomda S miac omdac S kaletai kanonik upoomda an S = S . To akloujo prisma
ja fane qrsimo kat thn anlush tou elgqou Miller-Rabin gia to an nac arijmc enai prtoc
qi.
Prisma 16. An to S enai kanonik upoomda miac peperasmnh omdac S , tte |S | |S|/2 .
Upoomdec pou prokptoun ap stoiqeo To jerhma 14 mac dnei nan trpo na
dhmiourgome mia upoomda miac peperasmnh omdac (S, ): dialgoume na stoiqeo a kai epil-
goume la ta stoiqea pou mporon na dhmiourghjon ap to a qrhsimopointac thn prxhc thc
omdac. Pio sugkekrimna, orzoume to a(k) gia k1 wc

a(k) = | a
a {z. . . a} .
1ik
Gia pardeigma, an a=2 gia thn omda Z6 , h akolouja a(1) , a(2) , . . . enai 2, 4, 0, 2, 4, 0, . . ..
Sthn omda Zn , qoume a(k) = ka mod n kai sthn omda Zn qoume a(k) = ak mod n. H
upoomda pou prokptei ap to a sumbolzetai me <a> (< a >, ) kai orzetai wc < a >=
{a(k) : k 1}, en ja lme ti to stoiqeo a dhmiourge thn upoomda < a >.
Efson, to S enai peperasmnh omda, to < a > enai peperasmnh upoomda tou S, pou
pijann na periqei la ta stoiqea tou S. Epeid, ap thn prosetairistikthta tou prokptei
ti a(i) a(j) = a(i+j) , isqei h kleistthta gia to <a> kai ap to jerhma 14, to <a> enai
upoomda tou S. Gia pardeigma, merikc upoomdec sto Z6 enai oi
< 0 > = {0}
< 1 > = {0, 1, 2, 3, 4, 5}
< 2 > = {0, 2, 4}.
Paromowc, gia to Z7 , oi prtec upoomdec enai oi
< 1 > = {1}
< 2 > = {1, 2, 4}
< 3 > = {1, 2, 3, 4, 5, 6}.
H txh tou a (gia thn omda S ) orzetai wc o elqistoc jetikc akraioc gia ton opoo a(t) = e
kai sumbolzetai wc ord(a).
Jerhma 17. Gia kje peperasmnh omda (S, ) kai kje aS , h txh enc stoiqeou isotai
me to mgejoc thc upoomdac pou dhmiourge, allic ord a = | < a > |

( ) .
Prisma 18. H akolouja a(1) , a(2) , . . . enai periodik me perodo t =ord a ( ), dhlad a(i) = a(j)
an kai mno an i j ( mod t) .
Smfwna me to parapnw prisma, mporome na orsoume to a(0) wc e kai to a(i) wc a(i mod t) ,
pou t =ord(a) gia kje akraio i.
Prisma 19. An to (S, ) enai peperasmnh omda me oudtero stoiqeo to e, tte gia kje
aS isqei ti a(|S|) = e .
Eplush grammikn exissewn Se aut thn enthta ja asqolhjome me thn eplush
exissewn thc morfc
ax b ( mod n), (7)
pou a>0 kai n > 0. Uprqoun arketc efarmogc auto tou problmatoc; gia pardeigma ja
to qrhsimopoisoume wc mroc thc diadikasac ereshc kleidin sto prwtkollo RSA. Upoj-
toume ti mac dnoun touc arijmoc a, b kai n kai prpei na brome tic timc tou x modulo n pou
ikanopoion thn exswsh 7. Mpore na uprqoun kama, ma kai perissterec ttoiec lseic.
'Estw <a> h upoomda tou Zn pou dhmiourgetai ap to stoiqeo a. Epeid < a >= {a(x) :
x > 0} = {ax mod n : x > 0}, h exswsh 7 qei lsh an kai mno an b < a >. To jerhma tou
Lagrange mac lei ti to |<a>| prpei na enai diairthc tou n. To akloujo jerhma parqei
nan akrib qarakthrism tou < a >.
Jerhma 20. Gia opoiousdpote jetikoc akeraouc a kai n , an d = gcd(a, n) , tte
< a >=< d >= {0, d, 2d, . . . , ((n/d) 1)d}, (8)
sto Zn kai sunepc | < a > | = n/d .
Apdeixh. Arqzoume apodeiknontac pwc d < a >. Upenjumzoume ti o EXTENDED-EUCLID(a, n)

pargei akeraouc x kai y ttoiouc ste ax + ny = d. Sunepc, ax d ( mod n) opte
d < a >.
Epeid, d < a > petai ti kje pollaplsio tou d ankei sto < a >, miac kai kje
pollaplsio enc pollaplsiou tou a enai me thn seir tou pollaplsio tou a. 'Ara, to <a>
periqei kje stoiqeo ap to snolo {0, d, 2d, . . . , ((n/d) 1)d}. Epomnwc, < d >< a >.
Ja dexoume tra pwc < a >< d >. An m < a >, tte m = ax mod n gia kpoion
akraio x kai sunepc m = ax + ny gia kpoion akraio y. 'Omwc, d|a kai d|n kai epomnwc d|m
ap thn exswsh 1. 'Ara, m < d >.
Sunduzontac ta parapnw apotelsmata, katalgoume ti < a >=< d >. Gia na dexoume
pwc | < a > | = n/d, parathrome ti uprqoun akribc n/d pollaplsia tou d anmesa sto 0
kai to n 1, sumperilambanomnwn twn krwn.
Prisma 21. H exswsh ax b ( mod n) lnetai wc proc to x an kai mno an gcd(a, n)|b .
Prisma 22. H exswsh ax b ( mod n) qei ete d diaforetikc lseic modulo n , pou
d = gcd(a, n) , ete den qei kama lsh.
Apdeixh. An h ax b ( mod n) qei lsh, tte b < a >. Ap to Jerhma 17, ord(a) = | <
a > | kai epomnwc sunepgetai ti h akolouja ai mod n, gia i = 0, 1, . . ., enai periodik me
perodo | < a > | = n/d. An b < a >, tte to b emfanzetai akribc d forc sthn akolouja
ai mod n, gia i = 0, 1, . . . , n 1, afo to block mkouc n/d me timc < a > epanalambnetai
akribc d forc so auxnetai to i ap 0 se n 1. Oi dektec x twn d jsewn gia tic opoec ax

mod n = b enai oi lseic thc exswshc ax b ( mod n).
Jerhma 23. 'Estw d = gcd(a, n) kai d = ax + ny gia kpoiouc akeraouc x kai y (pwc
upologzontai gia pardeigma ap ton EXTENDED-EUCLID ). An d|b , tte h exswsh ax b (

mod n) qei wc ma ap tic lseic tic thn tim x0 , pou
x0 = x (b/d) mod n.
Apdeixh. Isqei ti
ax0 ax (b/d) ( mod n)
d(b/d) ( mod n)
b ( mod n),
kai sunepc to x0 enai lsh gia to ax b ( mod n).

Jerhma 24. 'Estw ti h exswsh ax b ( mod n) epiletai (dhlad d|b , pou d = gcd(a, n) ),
kai pwc to x0 enai mia lsh gia thn exswsh. Tte, h exswsh qei akribc d diaforetikc lseic
modulo n , pou dnontai ap thn sqsh xi = x0 + i(n/d) gia i = 0, 1, . . . , d 1 .
Apdeixh. Afo n/d > 0 kai 0 i(n/d) n gia i = 0, 1, . . . , n 1, oi timc x0 , x1 , . . . , xd1 enai
lec diaforetikc modulo n. Efson to x0 enai lsh thc exswshc ax b ( mod n), qoume
ax0 mod n = b. Sunepc, gia i = 0, 1, . . . , d 1, qoume
axi mod n = a(x0 + in/d) mod n
= (ax0 + ain/d) mod n
= ax0 mod n
= b,
kai epomnwc to xi enai epshc lsh. Ap to prisma 22, uprqoun akribc d lseic, opte autc
enai oi x0 , x1 , . . . , xd1 .
'Wc tra qoume parousisei to aparathto majhmatik upbajro pou qreizetai gia na lsoume
thn exswsh ax b ( mod n); o akloujoc algrijmoc upologzei lec tic lseic gia thn exswsh.
Oi esodoi a kai n enai aujaretoi jetiko akraioi, en to b enai nac aujaretoc akraioc.
MODULAR-LINEAR-EQUATION-SOLVER(a, b, n)
1 (d, x , y ) EXTENDED-EUCLID(a, n)
2 an d|b
3 tte x0 x (b/d) mod n
4 gia i0 mqri d1
5 tpwse (x0 + i(n/d)) mod n
6 allic tpwse den uprqei lsh
Wc na pardeigma thc leitourgac tou parapnw algorjmou, ac exetsoume thn exswsh 6x 3

( mod 21), pou a = 6, b = 3, n = 21. Kalntac ton EXTENDED-EUCLID sthn gramm
1, parnoume (d, x, y) = (3, 3, 1). Epeid 3|3, ektelontai oi grammc 3-5 kai sthn gramm 3
upologzoume to x0 = (3)(1) mod 21 = 18, en o brqoc stic grammc 4-5 tupnei tic do
lseic 4 kai 11.

O MODULAR-LINEAR-EQUATION-SOLVER ektele O(log n+gcd(a, n)) arijmhtikc prx-
eic, kajc o EXTENDED-EUCLID qreizetai O(log n) arijmhtikc prxeic kai kje epanlhyh
tou brqou apaite stajer arijm ap arijmhtikc prxeic.
Ta aklouja porsmata tou Jewrmatoc 24 parousizoun idiatero endiafron.
Prisma 25. Gia kje n>1 , an gcd(a, n) = 1 , tte h exswsh ax b ( mod n) qei monadik
lsh modulo n .
An b = 1, mia sunhjismnh perptwsh me idiatero endiafron, to x pou anazhtme enai pol-
laplasiastikc antstrofoc tou a modulo n.
Prisma 26. Gia kje n>1 , an gcd(a, n) = 1 , tte h exswsh ax 1 ( mod n) qei monadik
lsh modulo n , allic den uprqei lsh.
To prisma 26 mac epitrpei na qrhsimopoisoume ton sumbolism (a1 mod n) gia na anafer-
jome ston pollaplasiastik antstrofo tou a modulo n, tan ta a kai n enai prtoi metax
touc. An gcd(a, n) = 1, tte mia lsh gia thn exswsh ax 1 ( mod n) enai o akraioc x pou
epistrfetai apo ton EXTENDED-EUCLID, kajc h exswsh
gcd(a, n) = 1 = ax + ny
uponoe ti ax 1 ( mod n). Sunepc, mporome na upologsoume to (a1 mod n) apodotik
qrhsimopointac ton EXTENDED-EUCLID.
Kinziko jerhma upolopwn Stouc prtouc ainec m.Q. o Kinzoc majhmatikc Sun Tzu
asqoljhke ki luse to prblhma thc ereshc ekenwn twn akerawn x pou afnoun uploipo 2, 3
kai 2 tan diairejon me to 3, 5 kai to 7 antstoiqa. Mia ttoia lsh enai to x = 23; lec oi lseic
qoun thn morf 23 + 105k gia aujaretouc akeraouc k. To Kinziko jerhma twn upolopwn
parqei mia antistoiqa anmesa se na ssthma exissewn modulo enc sunlou sqetik prtwn
upolopwn (gia pardeigma 3, 5 kai 7) kai miac exswshc modulo to ginmeno touc (gia pardeigma
to 105).
To Kinziko jerhma twn upolopwn qei do shmantikc qrseic. 'Estw nac akraioc n pou
paragontopoietai wc n = n1 n2 . . . nk , pou oi pargontec ni enai ana do prtoi metax touc.
Arqik, to jerhma enai na perigrafik domik jerhma pou perigrfei thn dom tou Zn wc
parmoia me aut tou kartesiano ginomnou Zn1 Zn2 . . .Znk , me prsjesh kai pollaplasiasm
modulo ni gia to i-ost sustatik. Epiplon, aut h perigraf mpore na qrhsimopoihje ste
na sqediaston apodotiko algrijmoi, kajc enai apodotiktero na efarmoston se kajna ap
ta Zni par na efarmoston modulo n.
Jerhma 27. (Kinziko jerhma twn upolopwn) 'Estw n = n1 n2 nk , pou ta ni enai an
do prta metax touc. Jewrome tic antistoiqec
a (a1 , a2 , . . . , ak ), (9)
pou a Zn , ai Zni kai ai = a mod n gia i = 1, 2, . . . , k . Tte, h antistoiqa (9) enai mia `1-1`
antistoiqa anmesa sto Zn kai sto kartesian ginmeno Zn1 Zn2 . . . Znk . Oi leitourgec pou
efarmzontai sta stoiqea tou Zn mporon isodnama na efarmoston stic antstoiqec k -dec me
to na efarmzontai anexrthta se kje antstoiqo ssthma suntetagmnwn. Aut shmanei pwc
an
a (a1 , a2 , . . . , ak )
b (b1 , b2 , . . . , bk ),
tte
(a + b) mod n ((a1 + b1 ) mod n1 , . . . , (ak + bk ) mod nk ),
(a b) mod n ((a1 b1 ) mod n1 , . . . , (ak bk ) mod nk ),
(ab) mod n ((a1 b1 ) mod n1 , . . . , (ak bk ) mod nk ).
Apdeixh. H metbash ap thn ma anaparstash sthn llh enai arket apl. Ap to a sto
(a1 , a2 , . . . , ak ) apaitontai mno k diairseic. O upologismc tou a apo ta (a1 , a2 , . . . , ak ) enai
perisstero polplokoc kai epitugqnetai wc akolojwc. Arqik, orzoume to mi = n/ni gia i=

1, 2, . . . , k; ra to mi enai to ginmeno lwn twn nj pou enai diaforetik ap to ni . Akolojwc,
orzoume to
ci = mi (m1
i mod ni ) (10)
gia i = 1, 2, . . . , k . H exswsh 10 enai pntote kalc orismnh: epeid ta mi kai ni enai prtoi
metax touc (ap to Jerhma 6), to Prisma 26 eggutai ti uprqei to (m1

i mod n). Tloc,
mporome na upologsoume to a wc sunrthsh twn a1 , a2 , . . . , ak wc exc:
a (a1 c1 + a2 c2 + . . . + ak ck ) ( mod n). (11)
Ja dexoume tra ti h exswsh 11 eggutai pwc a ai ( mod ni ) gia i = 1, 2, . . . , k . Parathrome
ti an j = i, tte mj 0 ( mod ni ), to opoo uponoe ti cj mj 0 ( mod ni ). Parathrome
epshc ti ci 1 ( mod ni ), ap thn exswsh 10. 'Eqoume tsi thn qrsimh antistoiqa
ci (0, 0, . . . , 0, 1, 0, . . . , 0)
na dinusma pou qei panto 0 ektc ap thn i-ost suntetagmnh, pou uprqei 1; epomnwc ta
ci sqhmatzoun kat kpoion trpo mia bsh gia thn anaparstash. Gia kje i qoume
a ai ci ( mod ni )
ai mi (m1
i mod ni ) ( mod ni )
ai ( mod ni ),
to opoo enai aut pou jlame na apodexoume. H mjodoc upologismo tou a ap ta ai pargei
na a pou ikanopoie touc periorismoc a ai ( mod ni ) gia i = 1, 2, . . . , k . H antistoiqa enai
`1-1`, afo mporome na metabome kai proc tic do kateujnseic.
Ta epmena porsmata ja qrhsimopoihjon argtera.
Prisma 28. An ta n1 , n2 , . . . , nk enai prtoi metax touc kai n = n1 n2 nk tte gia louc
touc akeraouc a1 , a2 , . . . , ak , to ssthma exissewn x ai ( mod ni ) gia i = 1, 2, . . . , k qei
monadik lsh modulo n gia ton gnwsto x .
Prisma 29. An ta n1 , n2 , . . . , nk enai prtoi metax touc kai n = n1 n2 nk , tte gia louc
touc akeraouc x kai a

,
xa( mod n)
gia i = 1, 2, . . . , k an kai mno an
x a ( mod n).
Wc pardeigma miac efarmogc tou Kinzikou jewrmatoc twn upolopwn, ac upojsoume ti
qoume do exisseic
a 2( mod 5)
a 3( mod 13),
tsi ste a1 = 2, n1 = m2 = 5, a2 = 3 kai n2 = m1 = 13, kai jloume na upologsoume to a
mod 65, miac kai n = 65. Epeid 131 2 ( mod 5) kai 51 8 ( mod 13), qoume
c1 = 13(2 mod 5) = 26,
c2 = 5(8 mod 13) = 40,
kai
a 2 26 + 3 40 ( mod 65)
52 + 120 ( mod 65)
42 ( mod 65).
Sunepc, mporome na douleoume modulo n apeujeac na doulyoume sthn metasqhmatismnh
anaparstash qrhsimopointac bolikoc xeqwristoc upologismoc modulo ni .
'Uywsh enc stoiqeou se dnamh 'Opwc enai logik na exetsoume ta pollaplsia enc
arijmo a modulo n, enai epshc logik na exetsoume thn akolouja twn dunmewn tou a modulo
n, pou a Zn :
a0 , a1 , a2 , a3 , . . . ,
modulo n. Deiktodotntac ap to 0, h mhdenik tim autc thc akoloujac enai a0 mod n, kai
h i-ost tim enai to ai mod n. Gia pardeigma oi dunmeic tou 2 modulo 7 enai
i 0 1 2 3 4 5 6 7 8 9 10 11 ...
2i mod 7 1 2 4 1 2 4 1 2 4 1 2 4 ...
en oi dunmeic tou 3 modulo 7 enai
i 0 1 2 3 4 5 6 7 8 9 10 11 ...
3i mod 7 1 3 2 6 4 5 1 3 2 6 4 5 ...
Se autn thn enthta, stw < a > h upoomda tou Zn pou dhmiourgetai ap to a me
epanalambanmenouc pollaplasiasmoc, kai stw ordn (a) h txh tou a sto Zn . Gia pardeigma,
< 2 >= {1, 2, 4} sto Z7 kai ord7 (2) = 3. Qrhsimopointac to ti h sunrthsh tou Euler
isotai me to mgejoc tou Zn kajc kai to Prisma 19 odhgomaste sta aklouja jewrmata.
Jerhma 30. (Jerhma tou Euler ) Gia louc touc akeraouc n>1 ,
a(n) 1 ( mod n), a Zn .

Jerhma 31. (Jerhma tou Fermat ) An o p enai prtoc arijmc, tte
a(p) 1 ( mod p), a Zp .
Apdeixh. Ap thn exswsh 6, (p) = p 1 an o p enai prtoc.
H teleutaa sqsh isqei gia kje stoiqeo sto Zp ektc ap to 0, efson / Zp .

0 Ap thn
llh, gia kje a Zp , isqei ti ap a ( mod p) an o p enai prtoc.
An ordn (g) = |Zn | tte kje stoiqeo tou Zn enai dnamh tou g modulo n, kai lme ti to
g enai rza ( primitive root) dhmiourgc ( generator) tou Zn . Gia pardeigma, to 3 enai rza
modulo 7 all to 2 den enai rza modulo 7. An to Zn qei rza, tte lme ti h omda Zn enai
kuklik .
Jerhma 32. Oi timc tou n>1 gia tic opoec to Zn enai kuklik omda enai oi 2, 4, pe kai
2pe , gia kje prto p>2 kai louc touc jetikoc akeraouc e
.
An to g enai rza tou Zn kai to a enai stoiqeo tou Zn , tte uprqei na z ttoio ste gz a
( mod n). Aut to z to kalome diakrit logrijmo tou a tan douleoume modulo n gia thn
bsh g.
Jerhma 33. (Jerhma tou diakrito logarjmou) An to g enai rza tou Zn , tte h exswsh
g z g z ( mod n) isqei an kai mno an isqei h exswsh x y ( mod (n)) .
Apdeixh. 'Estw ti x y ( mod (n)). Tte, x = y + k(n) gia kpoion akraio k. Gi' autn
ton lgo
g x g y+k(n) ( mod n)
g y (g (n) )k ( mod n)
g y 1k ( mod n)
g y ( mod n)
Ap thn llh pleur, stw g x g y ( mod n). Epeid h akolouja twn dunmewn tou g dhmiourge
kje stoiqeo tou <g> kai | < g(n) > | = (n), ap to Prisma 18 sunepgetai ti h akolouja
twn dunmewn tou g enai periodik me perodo (n). Sunepc, an g x g y ( mod n) tte prpei
kai x y ( mod n).

'Uywsh se dnamh me epanalambanmeno tetragwnism Mia prxh pou sunanttai
suqn sthn jewra arijmn enai h ywsh enc arijmo se mia dnamh modulo kpoion llo arijm;
mia prxh pou enai gnwst kai wc ywsh parousa upolopou ( modular exponentiation). Gia thn
akrbeia, aut pou anazhtome enai nac apodotikc trpoc na upologsoume to ab mod n, pou
ta a kai b enai mh-arnhtiko akraioi kai to n enai jetikc akraioc. H ywsh parousa upolopou
enai mia shmantik prxh se pollc mejdouc pou elgqoun an nac arijmc enai prtoc qi,
kajc kai sto prwtkollo RSA. H mjodoc tou epanalambanmenou tetragwnismo lnei aut to
prblhma apodotik, qrhsimopointac thn duadik anaparstash tou b.

'Estw < bk , bk1 , . . . , b1 , b0 > h duadik anaparstash tou b. Aut shmanei ti h duadik
anaparstash qei mkoc k + 1 bits, to bk enai to pio shmantik bit, en to b0 enai to ligtero
shmantik bit. O akloujoc algrijmoc upologzei to ac mod n, kajc to c auxnetai me diplasi-

asmoc kai prosjseic ap 0 se b.
MODULAR-EXPONENTIATION(a, b, n)
1 c0
2 d1
3 stw < bk , bk1 , . . . , b1 , b0 > h duadik anaparstash tou b
4 gia ik mqri 0
5 c 2c
6 d (d d) mod n
7 an bi = 1
8 tte cc+1
9 d (d a) mod n
epstreye d
H ywsh sto tetrgwno sthn gramm 6 exhge giat h mjodoc aut onomzetai epanalambanmenoc
tetragwnismc. Gia pardeigma, an a = 7, b = 560 kai n = 561, o algrijmoc upologzei mia
akolouja timn modulo 561, pwc fanontai paraktw. H akolouja twn ekjetn pou qrhsi-
mopoiontai fanetai sthn gramm me dekth c. H metablht c den enai anagkaa gia thn ektlesh
tou algorjmou, all sumperilambnetai giat bohjei sthn katanhsh kai thn anlus tou.
i 9 8 7 6 5 4 3 2 1 0
bi 1 0 0 0 1 1 0 0 0 0
c 1 2 4 8 17 35 70 140 280 560
d 7 49 157 526 160 241 298 166 67 1
O algrijmoc enai sqediasmnoc tsi ste na isqoun ta aklouja:
1. H tim tou c enai dia me to prjema < bk , bk1 , . . . , b1 , b0 > thc duadikc anaparstashc
tou b kai
2. d = ac mod n
An oi esodoi a, b kai n enai arijmo me bits, tte o sunolikc arijmc twn arijmhtikn
prxewn pou apaitontai enai O() kai o sunolikc arijmc twn prxewn se bits enai O( 3 ).
Tetragwnik uploipa kai eresh tetragwnikn rizn Sthn pargrafo aut ja
exetsoume to prblhma thc eplushc thc exswshc
x2 = a ( mod n), (12)
me lla lgia to prblhma thc ereshc tetragwnikn rizn.
Katarqc, tonzoume ti h parapnw exswsh endqetai na mhn qei kan kpoia lsh. Oi akraioi
a gia touc opoouc h exswsh (12) qei kpoia lsh onomzontai tetragwnik uploipa ( quadratic
residues) modulo a, en auto gia touc opoouc den uprqei lsh onomzontai tetragwnik mh-
uploipa ( quadratic non-residues). Sthn sunqeia, diakrnoume do periptseic pou orzontai ap
to an o n enai prtoc snjetoc.
Sthn perptwsh pou enai prtoc, tte, akoloujntac thn smbash na sumbolzoume touc
prtouc arijmoc me p, prokptei h isodunama x2 = a ( mod p). 'Ena basik apotlesma pou
sqetzetai me ta tetragwnik uploipa modulo nan prto arijm enai to kritrio tou Euler.
Jerhma 34. 'Enac akraioc a sto disthma 1ap1 enai tetragwnik uploipo modulo
nan peritt prto arijm p an kai mno an
1
a 2 (p1) = 1 ( mod p).
An sumbolsoume me Qp (antstoiqa, me Qp ) to snolo twn tetragwnikn upolopwn (an-
tstoiqa, twn tetragwnikn mh-upolopwn) tan douleoume modulo nan prto arijm p, tte
isqei ti |Qp | = |Qp | = |Zp | = (p 1)/2, me lla lgia akribc oi miso akraioi sto Zp enai
tetragwnik uploipa modulo p. Gia pardeigma, tan p = 13 tte Q13 = {1, 3, 4, 9, 10, 12} kai
Q13 = {2, 5, 6, 7, 8, 11}, giat 16 = 1 ( mod 13), 26 = 12 ( mod 13) kok.
Sthn perptwsh pou o n enai snjetoc arijmc ttoioc ste n = pq , pou p, q prtoi arijmo,
tte nac akraioc a Zn enai tetragwnik uploipo modulo n an kai mno an enai tetragwnik
uploipo tso modulo p so kai modulo q . Epomnwc, isqei ti |Qn | = |Qp ||Qq | = (p1)(q1)/4
kai |Qq | = 3(p 1)(q 1)/4. Gia pardeigma, an n = 21, tte Q21 = {1, 4, 16} kai Q2 1 =
{2, 5, 8, 10, 11, 13, 17, 19, 20}.
Sthn sunqeia ja asqolhjome me to prblhma thc ereshc thc tetragwnikc rzac enc
tetragwniko upolopou, me lla lgia me ton upologism enc x Zn ttoiou ste x2 = a (

mod n), tan gnwrzoume ti a Qn . Knoume pli thn dikrish sqetik me to an o n enai prtoc
snjetoc.
'Estw loipn ti douleoume modulo nan prto arijm p kai mlista upojtoume ti isqei
p = 3 ( mod 4). Gia thn eresh thc lshc qrhsimopoiome to akloujo lmma.
Lmma 35. An o p enai prtoc arijmc thc morfc 4k 1 kai to a enai tetragwnik uploipo
modulo p , tte oi lseic thc exswshc
x2 = a ( mod p)
dnetai ap thn sqsh
x = ak ( mod p).
Apdeixh. Epeid gnwrzoume pwc to a enai tetragwnik uploipo modulo p, to kritrio tou
Euler dnei
1
a 2 (p1) = 1 ( mod p).
Epeid k = 14 (p + 1), qoume pwc
1 1 1 1
a 4 (p+1) a 4 (p+1) = a 2 (p+1) = a 2 (p1) a
= a ( mod p).
Sthn perptwsh pou douleoume modulo nan snjeto n = pq , pou p, q prtoi arijmo ttoioi
ste p = q = 3 ( mod 4), tte akoloujome ta aklouja bmata.

1. Arqik prpei na brome tic lseic (r, r) thc isodunamac x2 = a ( mod p).
2. Upologzoume antistoqwc tic lseic (s, s) thc isodunamac x2 = a ( mod q).
3. Upologzoume c, d ttoia ste cp + dq = 1. Shmeinoume pwc aut enai efikt qrhsi-
mopointac ton algrijmo EXTENDED-EUCLID afo gcd(p, q) = 1.
4. Upologzoume ta x = rdq + scp ( mod n) kai y = rdq scp ( mod n).
5. Epistrfoume wc lseic touc arijmoc (x, y).
Parathrome ti o parapnw algrijmoc baszetai sthn gnsh thc paragontopohshc tou n.

Geniktera, isqei to isqurtero apotlesma ti to prblhma thc ereshc tetragwnikn rizn
modulo n tan n = pq enai upologistik isodnamo me to prblhma thc paragontopohshc tou n

stouc prtouc pargontec p kai q. An qoume nan poluwnumik algrijmo gia to prblhma thc
paragontopohshc, tte ton qrhsimopoiome gia na brome ta p, q kai sthn sunqeia ektelome ton
parapnw algrijmo gia na brome tic tetragwnikc rzec. Gia thn antjeth katejunsh, stw
ti qoume nan poluwnumik algrijmo A(a, n) pou epistrfei kpoia tetragwnik rza tou a
modulo n. Tte arke na dialxoume na x Zn , na upologsoume to a = x2 ( mod n) kai na
ektelsoume ton A(a, n) kai stw y h epistrefmenh tetragwnik rza. An y = x ( mod n),
tte apotqame kai prpei na dokimsoume pli dialgontac kpoia diaforetik tim gia to x,
allic o gcd(x y, n) enai pargontac tou n, ete o p ete o q.
'Enac arijmc x kaletai mh tetrimmnh tetragwnik rza tou 1, tan douleoume modulo n
an epalhjeei thn exswsh x2 1 ( mod n) all enai diaforetikc ap tic do tetrimmnec
rzec: 1 1 modulo n. Gia pardeigma to 6 enai mh-tetrimmnh tetragwnik rza tou 1 modulo
35. To akloujo prisma ja mac fane qrsimo gia na apodexoume thn orjthta tou elgqou
Miller-Rabin gia to an nac arijmc enai prtoc qi.
Prisma 36. An uprqei mh-tetrimmnh rza tou 1 modulo n , tte o n enai snjetoc arijmc.
2 Prwtkolla dhmosou kleidio
Sthn enthta aut afo orsoume ti enai ta prwtkolla dhmosou kleidio kai knoume mia
sgkrish anmesa sta prwtkolla dhmsiou kai idiwtiko kleidio, sthn sunqeia parousizoume
orismna prwtkolla dhmosou kleidio, dnontac idiaterh mfash sto prwtkollo RSA.
'Ena ssthma dhmosou kleidio mpore na qrhsimopoihje gia na kruptografhjon ta mhnmata
pou do ontthtec jloun na antallxoun kat thn epikoinwna touc. O stqoc enai na mhn
mpore kpoioc pou krufakoei to kanli epikoinwnac na katalbei to perieqmeno tou, en na
ssthma dhmosou kleidio epitrpei epshc ston apostola na episunyei sto mnuma mia yhfiak
upograf pou den gnetai na plastografhje. Mia ttoia upograf mpore na jewrhje wc to
hlektronik antstoiqo thc qeirgrafhc upografc se na kemeno grammno se qart. Mpore
ekola na epalhjeuje ap opoiondpote diabzei to kemeno, all dskola mpore kpoioc na
thn plastografsei, epiplon, an allxei stw ki na bit ap to kemeno, h upograf qnei thn
egkurtht thc. Epomnwc, parqei nan trpo na pistopoietai tso h tautthta tou qrsth-
apostola, so kai to perieqmeno tou mhnmatoc.
Se na ssthma dhmosou kleidio, kje summetqon mroc qei na dhmsio kleid kai na
mustik kleid . Kje kleid periqei na kommti plhroforac. Enai snhjec ta summetqonta
mrh pou epijumon na qrhsimopoisoun kruptografikc mejdouc kat thn epikoinwna touc na
kalontai me ta onmata Alice kai Bob. Sumbolzoume me PA , SA ta kleidi thc Alice kai me PB , SB
ta kleidi tou Bob.
Kje summetqwn dhmiourge to dik tou dhmsio kai mustik kleid kai frontzei tsi ste to
mustik kleid na mhn to mjei kanec lloc, all mpore na anakoinsei to dhmsio se opoiondpote
kai na to dhmosiopoisei se louc. Sthn pragmatikthta, h deterh epilog enai protimterh
kai sunjwc uprqei nac dhmsioc katlogoc pou periqei dhmsia kleidi diafrwn qrhstn,
tsi ste na dieukolnetai h eresh tou dhmsiou kleidio kpoiou qrsth.
To dhmsio kai to mustik kleid kajorzoun kpoiec sunartseic-metasqhmatismoc efar-
mzontai se opoiodpote mnuma. 'Estw D to snolo lwn twn epitreptn mhnumtwn. Gia
pardeigma, to D mpore na enai to snolo lwn twn akoloujin me peperasmno arijm ap bits.
Ston arqik, kai aplostero, orism thc kruptografac dhmosou kleidio, apaitetai to dhmsio
kai to mustik kleid na kajorzoun sunartseic `1-1' ap to D ston eaut tou. H sunrthsh pou
antistoiqe sto dhmsio kleid PA thc Alice sumbolzetai me PA () kai h sunrthsh pou antistoiqe
sto mustik kleid SA me SA (). Oi sunartseic PA () kai SA () enai loipn metajseic tou D. Up-
ojtoume ti oi PA () kai SA () mporon na upologisjon apodotik, dedomnwn twn antstoiqwn
kleidin PA kai SA .
To dhmsio kleid kai to mustik kleid kje qrsth apotelon zeugri up thn nnoia ti
orzoun sunartseic pou h ma enai antstrofh thc llhc, dhlad
M = SA (PA (M )), (13)
M = PA (SA (M )), (14)
gia opoiodpote mnuma m D. An metasqhmatsoume epituqc to M me ta do kleidi PA kai
SA , me opoiadpote seir, ja prpei na katalxoume kai pli sto arqik mnuma M.

Se na ssthma dhmosou kleidio enai shmantik na mhn mpore kanec par mno h Alice
na upologsei thn sunrthsh SA () se kpoio logik qronik disthma. H idiwtikthta thc h-
lektronikc epikoinwnac pou kruptografetai kai stlnetai sthn Alice kai h aujentikthta thc
yhfiakc upografc thc Alice sthrzontai sthn upjesh ti mno h Alice mpore na upologsei
thn SA (). Aut h propjesh exhge giat h Alice prpei na kratsei mustik to SA ; an den to
knei, tte qnei thn monadiktht thc wc qrsthc kai to ssthma dhmosou kleidio den mpore
na thn prostatesei. H upjesh ti mno h Alice mpore na upologsei thn SA () prpei na isqei
akma ki an kajnac gnwrzei to PA kai mpore se logik qronik disthma na upologsei thn PA (),
pou enai antstrofh thc SA (). H meglh duskola ston sqediasm enc praktiko sustmatoc
dhmosou kleidio enai to pc ja dhmiourghje na prwtkollo pou epitrpei thn dhmosiopohsh
thc PA (), qwrc na mpore na breje h antstrofh sunrthsh SA ().

Se na ssthma dhmosou kleidio, h kruptogrfhsh gnetai wc exc: upojtoume ti o Bob
jlei na stelei sthn Alice na mnuma M me ttoio trpo tsi ste opoiosdpote krufakoei to
kanli epikoinwnac na mhn mpore na katalbei ti enai to mnuma. To prwtkollo douleei wc
exc:
O Bob brskei to dhmsio kleid PA thc Alice (ete ap kpoion dhmsio katlogo ete
apeujeac ap thn Alice).
O Bob upologzei to kruptografhmno mnuma C = PA (M ) pou antistoiqe sto mnuma M

kai stlnei to C sthn Alice.
'Otan h Alice lbei to kruptografhmno mnuma C, qrhsimopoie to mustik thc kleid SA
gia na anaktsei to arqik mnuma M = SA (C).
Epeid oi SA () kai PA () enai antstrofec sunartseic, h Alice mpore na upologsei to mnuma

M ap to C. Epeid mno h Alice mpore na upologsei thn SA (), enai tautqrona kai h mnh
pou mpore na upologsei to M ap to C. H kruptogrfhsh tou M me thn PA () prostateei to
perieqmeno tou mhnmatoc kai den epitrpei thn angnws tou, par mno sthn Alice.
Oi yhfiakc upografc enai epshc ekolo na ulopoihjon me autn ton orism tou sustmatoc
dhmosou kleidio. Shmeinoume pwc uprqoun ki llec mjodoi na proseggiste to prblhma
dhmiourgac yhfiakn upografn, all den ja mac apasqolsoun sthn parosa enthta. Upo-
jtoume ti h Alice jlei na apantsei ston Bob me na mnuma M pou qei upografe yhfiak,
opte prokptoun ta aklouja.
H Alice upologzei thn yhfiak thc upograf gia to mnuma M qrhsimopointac to
mustik kleid SA kai thn sqsh = SA (M ).
H Alice stlnei to zegoc mhnmatoc-upografc (M , ) ston Bob.
'Otan o Bob lbei to (M , ), mpore na epibebaisei ti prorqetai ap thn Alice qrhsi-
mopointac to dhmsio kleid thc Alice gia na epalhjesei thn sqsh M = PA (). Up-
ojtoume ti to M periqei to noma thc Alice, ste o Bob na xrei poio dhmsio kleid
na qrhsimopoisei. An h sqsh epalhjeute, tte o Bob mpore na sumpernei ti to m-
numa M periqei ntwc thn yhfiak upograf thc Alice. An den epalhjeute, tte o Bob
mpore na sumpernei ete ti to mnuma ete h yhfiak upograf peirqthkan kat thn
metdosh. Aut mpore na ofeletai se ljoc tou kanalio metdoshc, mpore mwc kai na
gine appeira plastogrfhshc thc upografc appeira tropopohshc tou mhnmatoc.
Epeid h yhfiak upograf prosfrei tautqrona tautopohsh tou apostola pou upogrfei
kai pistopohsh tou perieqomnou tou mhnmatoc, enai anlogh me thn qeirgrafh upograf se
na kemeno pou uprqei sto qart.
Mia shmantik idithta thc yhfiakc upografc enai ti mpore na epibebaiwje ap opoiond-
pote pou qei prsbash sto dhmsio kleid tou apostola. 'Ena upogegrammno mnuma mpore na
epibebaiwje ap nan qrsth kai met na metabibaste se llouc qrstec, oi opooi akolojwc
mporon na epibebaisoun thn upograf. Gia pardeigma, to mnuma mpore na enai mia hlektron-
ik epitag ap thn Alice gia ton Bob. Afo o Bob epalhjesei thn yhfiak upograf thc Alice,
mpore na dsei thn epitag sthn trpez tou, h opoa mpore epshc na epalhjesei thn upograf
thc Alice kai na probe sthn antstoiqh sunallag.
Shmeinoume ti wc tra jewrome ti to mnuma den qei kruptografhje, metaddetai pwc
enai kai den prostateetai ap kpoion pou parakolouje to kanli epikoinwnac. Sunjtontac
to prwtkollo thc kruptogrfhshc me aut thc yhfiakc upografc, mporome na dhmiourg-
soume mhnmata pou enai tautqrona kruptografhmna kai upogegrammna. O apostolac prta
episunptei thn yhfiak upograf sto tloc tou mhnmatoc kai akolojwc kruptografe to zegoc
mhnmatoc-upografc me to dhmsio kleid tou paralpth. O paralpthc, afo lbei to mnuma,
apokruptografe me to mustik tou kleid gia na apoktsei to zegoc mhnmatoc upografc kai
sthn sunqeia epalhjeei thn upograf qrhsimopointac to dhmsio kleid tou apostola. H
antstoiqh diadikasa se ggrafh epikoinwna ja tan na upogryei o apostolac to ggrafo kai
sthn sunqeia na to blei se kleist fkelo pou ja anoiqje mno ap ton paralpth.
Sgkrish me prwtkolla idiwtiko kleidio H basik diafor metax twn prwtokll-
wn dhmosou kleidio kai idiwtiko kleidio enai ti sta prta den uprqei h apathsh to kleid
pou qrhsimopoietai gia thn kruptogrfhsh enc mhnmatoc na enai dio me aut pou qrhsimopoie-
tai gia thn apokruptogrfhsh. To gegonc aut epitrpei thn dhmosiopohsh tou kleidio pou
qrhsimopoietai gia thn kruptogrfhsh, me ton shmantik periorism ti ja prpei na mhn enai
efikt na qrhsimopoihje aut h gnsh ste na prokyei to kleid thc apokruptogrfhshc, to
opoo apokaletai kai mustik .

kleid Antjeta, sta prwtkolla idiwtiko kleidio ta do aut
kleidi tautzontai kai gi' aut prpei na paramenoun mustik.
Ma prth sunpeia enai ti na prwtkollo dhmosou kleidio sto opoo summetqoun N

qrstec apaite N kleidi (sthn pragmatikthta apaite N zegh thc morfc dhmsio kleid -
(n) n(n1)
mustik kleid), en na antstoiqo prwtkollo idiwtiko kleidio apaite
2 = 2 kleidi,
kajc prpei na dhmiourghje na kleid gia kje zegoc qrhstn. Ap thn llh pleur, ta
prwtkolla idiwtiko kleidio enai arket taqtera ap ta antstoiqa dhmosou kleidio.

2.1 Dhmiourga kai antallag kleidin
En sta prwtkolla dhmosou kleidio enai ekolo na brei kanec to kleid me to opoo
prpei na kruptografsei to mnuma proc kpoion sugkekrimno apostola (efson autc to
dhmosiopoie), sta prwtkolla idiwtiko kleidio genntai to erthma tou pc do qrstec ja
sumfwnsoun se na sugkekrimno kleid. H phg tou problmatoc enai ti mqri na oristikopoi-
hje kpoio kleid to kanli epikoinwnac enai anasfalc, epomnwc opoiodpote mnuma metax
autn twn do qrhstn mpore na anagnwsje ap louc soi qoun prsbash sto kanli. Me
lla lgia, antimetwpzoume to prblhma thc dhmiourgac enc asfaloc kleidio me qrsh enc
anasfaloc kanalio epikoinwnac.
Sthn sunqeia, parousizoume me suntoma thn lsh pou protjhke to 1976 ap touc Whiteld
Die kai Martin Hellman gia to sugkekrimno prblhma. Upojtoume ti qoume na snolo
U ap N qrstec ki stw ui o i-ostc qrsthc. Arqik, ja prpei loi auto oi qrstec na
sumfwnsoun se nan meglo prto arijm p (ja prpei na enai pol megalteroc ap to pljoc
twn qrhstn) kajc kai na dhmiourg-stoiqeo g Zp . Epiplon, kje qrsthc ui prpei na
dhmiourgsei tuqaa na stoiqeo ai Zp kai na upologsei to Ai = g ai mod p. An tra do
qrstec ui kai uj jloun na dhmiourgsoun na idiwtik kleid ste na mporon sthn sunqeia
na epikoinwnon, tte arke o ui na stelei to Ai ston uj kai o uj to Aj ston ui . Sthn sunqeia,
o ui upologzei to Aaj i mod p = (g aj mod p)ai mod p = g ai aj mod p kai antstoiqa o uj na
a
upologsei to Ai j mod p = (g ai )aj mod p = g ai aj mod p. Parathrome ti telik oi do
qrstec ui kai uj qoun upologsei thn dia posthta, h opoa apotele kai to idiwtik kleid gia
to sugkekrimno zegoc qrhstn.
To prwtkollo twn Die kai Hellman baszetai sto prblhma tou diakrito logarjmou, me
lla lgia sto ti en enai ekolo dojntwn twn p, g kai ai na upologiste to Ai = g ai mod p,
enai upologistik dskolo na antistrafe aut h prxh kai dojntwn twn p, g kai Ai na breje to
sugkekrimno ai .
Oloklhrnoume aut thn pargrafo me na pardeigma ki stw ti oi qrstec qoun sum-
fwnsei ston prto arijm p = 71 kai sto dhmiourg stoiqeo g = 7. Do qrstec u1 kai
u2 dialgoun tuqaa ap nan arijm ap to

Z71 ki stw a1 = 5 kai a2 = 12. Tte isqei
ti A1 = g a1 mod p = 75 mod 71 = 51 kai A2 = g a2 mod p = 713 mod 71 = 4. Epomn-
wc, afo oi sugkekrimnoi qrstec antallxoun ta parapnw mhnmata, upologzei o u1 to 45

mod 71 = 30 kai o u2 to 5112 mod 71 = 30. Sunepc, to idiwtik kleid pou ja prpei na
qrhsimopoion oi u1 kai u2 gia thn metax touc epikoinwna enai o arijmc 30. Shmeinoume ti
gia ton upologism thc ywshc se dnamh oi qrstec prpei na qrhsimopoisoun ton algrijmo
MODULAR-EXPONENTIATION pou parousisame sthn Enthta 1.2.
2.2 To prwtkollo dhmosou kleidio RSA
To prwtkollo dhmosou kleidio RSA baszetai sthn meglh diafor anmesa sthn eukola
ereshc meglwn prtwn arijmn kai thn duskola paragontopohshc tou ginomnou do meglwn
prtwn arijmn. Sthn enthta 3 perigrfetai mia apodotik diadikasa gia thn eresh meglwn
prtwn arijmn.
Kje qrsthc dhmiourge to dhmsio kai to mustik kleid me thn akloujh diadikasa.
1. Epilgei tuqaa do meglouc prtouc arijmoc p kai q tsi ste p = q . Oi prtoi arijmo
upojtoume ti enai 512 bits o kajnac.
2. Upologzei to n = pq.
3. Epilgei nan mikr peritt akraio e o opooc enai sqetik prtoc me to (n), to opoo
isotai me (p 1)(q 1).
4. Upologzei to d, to opoo enai to pollaplasiastik antstrofo tou e modulo (n). To
Prisma 26 eggutai ti to d uprqei kai enai monadik. Gia na upologsei to d ap ta e kai

(n) mpore na akoloujsei thn mjodo thc enthtac 1.2.
5. Dhmosiopoie to zegoc P = (e, n), to opoo enai to dhmsio RSA kleid tou.
6. Krat mustik to zegoc S = (d, n), to opoo enai to mustik RSA kleid tou.
Se aut thn mjodo, to pedo D enai to snolo Zn . O metasqhmatismc enc mhnmatoc M

pou sqetzetai me to dhmsio kleid P = (e, n) enai o
P (M ) = M e ( mod n). (15)
O metasqhmatismc tou kruptografhmnou mhnmatoc C pou sqetzetai me to mustik kleid S=

(d, n) enai o
S(C) = C d ( mod n). (16)

Autc oi do exisseic efarmzontai kai gia thn kruptogrfhsh kai gia thn upograf. Gia na
upogryei to mnuma, o qrsthc efarmzei to mustik tou kleid sto kajar mnuma, ant gia to
kruptografhmno. Gia na epalhjesei mia upograf, o paralpthc efarmzei to dhmsio kleid
tou apostola sthn upograf, ant gia to mnuma.
Oi prxeic gia thn dhmiourga tou dhmsiou kai tou mustiko kleidio mporon na gnoun qrhsi-
mopointac thn diadikasa MODULAR-EXPONENTIATION pwc aut parousisjhke sthn
enthta 1.2. Gia thn anlush tou qrnou ektleshc twn prxewn autn, upojtoume ti to
dhmsio kleid (e, n) kai to mustik kleid (d, n) ikanopoion tic sqseic log e = O(1), log d
kai log n . Tte, h qrsh enc dhmsiou kleidio apaite O(1) modular pollaplasiasmoc kai
O( 2 ) prxeic se bits. H qrsh enc mustiko kleidio apaite O() modular pollaplasiasmoc
kai O( 3 ) prxeic se bits.
Jerhma 37. Oi exisseic 15 kai 16 orzoun antstrofouc metasqhmatismoc sto Zn pou
ikanopoion tic sqseic 13 kai 14.
Apdeixh. Ap tic exisseic 15 kai 16, qoume ti gia kje M Zn
P (S(M )) = S(P (M )) = M ed ( mod n).
Epeid ta e kai d enai pollaplasiastiko antstrofoi modulo (n) = (p 1)(q 1),
ed = 1 + k(p 1)(q 1)
gia kpoion akraio k. Tte mwc, an M = 0 ( mod p), tte qoume
M ed M (M p1 )k(q1) ( mod p)
M (1)k(q1) ( mod p)
M ( mod p).
Epshc, M ed M ( mod p) an M 0 ( mod p). Sunepc,
M ed M ( mod p)
gia kje M. Paromowc,
M ed M ( mod q)
gia kje M. Opte, ap to Prisma 29 gia to Kinziko jerhma twn upolopwn, qoume
M ed M ( mod n)
gia kje M.
H asfleia tou prwtokllou RSA baszetai se meglo bajm sto ti enai upologistik
dskolh h paragontopohsh meglwn akerawn. An nac antpaloc mpore na paragontopoisei
to n se na dhmsio kleid, tte mpore na apoktsei to mustik kleid ap to dhmsio kleid, qrhsi-
mopointac thn gnsh twn paragntwn p kai q, me ton dio trpo pou o dhmiourgc tou dhmosou
kleidio touc qrhsimopohse. Epomnwc, an enai upologistik ekolh h paragontopohsh meglwn
akerawn, tte enai upologistik ekolo na parabiaste to prwtkollo RSA. H antjeth prtash
den qei apodeiqje, sunepc mia apdeixh ti h paragontopohsh enai upologistik dskolh den
ja apodeknue ti to RSA enai asfalc. Mporome mwc, met ap sqedn 30 qrnia ereunhtikn
prospajein, na pome ti o eukolteroc trpoc na parabiaste h asfleia tou RSA enai msw
thc paragontopohshc meglwn akerawn. Epilgontac tuqaa do arijmoc twn 512 bits kai pol-
laplasizontc touc, mpore kanec na dhmiourgsei na dhmsio kleid pou den mpore na spsei
se logik qrno me bsh thn parosa teqnologik katstash. Katalgontac, an den epljei
kpoia drastik allag kai prodoc sthn jewra arijmn, to prwtkollo RSA enai asfalc,
tan ulopoietai proseqtik.
Epigrammatik, pijano trpoi ste na parabiaste h asfleia tou prwtokllou RSA enai oi
akloujoi:
Msw paragontopohshc tou n: Profanc, an o antpaloc brei ta p kai q gia ta opoa
n = pq , tte mpore na brei to (n) = (p 1)(q 1) kai to mustik kleid d.
Msw upologismo tou (n): An to (n) enai gnwst, tte mpore na upologiste to d.
Enai ekolo mwc na dome pwc h gnsh tou (n) odhge sthn paragontopohsh tou n.
Aut sumbanei lgw twn sqsewn p + q = n (n) + 1, (p 1)2 = (p + q)2 4n kai
q = 21 [(p + q) (p q)].
Gia lgouc eukolac kai taqthtac, arket suqn qrhsimopoietai sthn prxh na ubridik
sqma pou periqei kai grgora prwtkolla pou den baszontai se dhmsia kleidi. Se na t-
toio ubridik ssthma, ta kleidi pou qrhsimopoiontai gia thn kruptogrfhsh kai thn apokrup-
togrfhsh enai dia. An h Alice jlei na stelei na mnuma M ston Bob, epilgei tuqaa na
kleid K kai kruptografe me grgoro trpo to M qrhsimopointac to K, opte qei upologsei
to kruptografhmno mnuma C. To C enai diou megjouc me to M, all to K enai arket
mikr se mgejoc. Sthn sunqeia, kruptografe to K me bsh to dhmsio kleid tou Bob. Epei-
d, to K enai mikr se mgejoc, o upologismc tou PB (K) gnetai grgora (pol grhgortera
ap ti ja qreiaztan gia na upologiste to PB (M )). Akolojwc, metaddei to (C, PB (K)) ston
Bob, o opooc apokruptografe to PB (K) gia na prei to K, to opoo to qrhsimopoie gia na
apokruptografsei to mnuma C gia na prei to arqik mnuma M.

Mia parmoia ubridik prosggish qrhsimopoietai gia thn grgorh dhmiourga yhfiakn up-
ografn. To RSA sunduzetai me mia dhmsia one-way hash function h; mia sunrthsh pou mpore
na upologiste ekola all gia thn opoa enai upologistik adnato na brejon do mhnmata M
kai M ttoia ste h(M ) = h(M ). H tim h(M ) enai na mikr (ac pome 160 bits) apotpwma
tou mhnmatoc M. An h Alice jlei na upogryei to mnuma M, efarmzei prta thn h sto M
gia na prei to h(M ), to opoo upogrfei me to mustik thc kleid. Akolojwc, stlnei ston
Bob to (M, SA (h(M ))). O Bob mpore na epalhjesei thn upograf upologzontac to h(M )
kai epalhjeontac ti an efarmsei to PA sto SA (h(M )) pou labe ja prei to h(M ). Epeid
enai upologistik adnato na dhmiourghjon do mhnmata me to dio apotpwma, enai upolo-
gistik adnato na alloiwje na upogegrammno mnuma kai na paramenei anallowth h yhfiak
upograf.
Tloc, anafroume ti h qrsh pistopoihtikn ( certicates) knei eukolterh thn dianom twn
dhmoswn kleidin. Gia pardeigma, upojtoume ti uprqei mia mpisth arq T, thc opoac to
dhmsio kleid enai gnwst se louc. H Alice mpore na tte na prei na upogegrammno mnuma
(pistopoihtik) ap thn T, to opoo ja lei ti to dhmsio kleid thc Alice enai to PA . Aut
to pistopoihtik pistopoie kat kpoion trpo ton eaut tou, kajc loi xroun to PT . H Alice
mpore na episunyei to pistopoihtik se kje upogegrammno mnum thc, opte o paralpthc
qei sthn dijes tou amswc to dhmsio kleid me to opoo ja epalhjesei thn upograf. Epeid
to kleid thc enai pistopoihmno ap thn T, o paralpthc mpore na enai sgouroc ti qei sthn
dijes tou to pragmatik dhmsio kleid thc Alice.
2.3 To prwtkollo dhmosou kleidio tou Rabin
'Opwc proanaframe sthn suzthsh gia to prwtkollo RSA, gnwrzoume ti mpore na para-
biaste an uprqei kpoioc apodotikc algrijmoc gia to prblhma thc paragontopohshc. Qrhsi-
mopointac rouc upologistikc poluplokthtac, aut mpore na anaparastaje wc
Parabash RSA Paragontopohsh.
Den qei apodeiqje mwc ti to prblhma RSA enai upologistik tso dskolo so to prblhma
thc paragontopohshc.
Mia diaforetik ida, pou epshc baszetai sthn jewra arijmn, protjhke ap ton M. Rabin
to 1979. O Rabin prteine na prwtkollo dhmosou kleidio to opoo enai apodedeigmna tso
dskolo so to prblhma thc paragontopohshc. Kje qrsthc epilgei na zeugri (p, q) ap
diaforetikoc prtouc akeraouc, to opoo kratei mustik. Dialgei epshc nan akraio B <
N = pq .
To dhmsio kleid enai to zegoc (B, N ).
To mustik kleid enai h paragontopohsh (p, q) tou N.
H sunrthsh kruptogrfhshc e enc mhnmatoc M, pou to M (an enai meglo, mporome na
to qwrsoume se tmmata) anaparstatai wc nac akraioc sto disthma {1, . . . , N 1}, enai
e(M ) = M (M + B) ( mod N ).
An sumbolsoume to kruptografhmno mnuma me C , tte to prblhma thc apokruptogrfhshc

enai na breje na M ttoio ste
M2 + MB = C ( mod N ). (17)
H kentrik ida tou prwtokllou enai h akloujh.
Lmma 38. Mia lsh gia thn isodunama
x2 + Bx = C ( mod pq) (18)
mpore na breje an brome tic lseic u kai v gia tic isodunamec
u2 + Bu = C ( mod p),
v 2 + Bv = C ( mod q),
kai akeraouc a kai b ttoiouc ste
a=1 ( mod p), a=0 ( mod q), b=0 ( mod p), b=1 ( mod q). (19)
Tte qoume pwc h sqsh x = au + bv ikanopoie thn isodunama 18.

Apdeixh. Knontac arijmhtikc prxeic kai antikajistntac a = 1 + kp a = lq pou qreizetai.
Suneqzoume thn parousash tou prwtokllou me to akloujo apotlesma.
Lmma 39. Afo oi p kai q enai prtoi arijmo, oi akraioi a kai b pou ikanopoion thn sqsh 19
mporon na brejon qrhsimopointac ton EXTENDED-EUCLID se qrno poluwnumik wc proc
to log pq .
Apdeixh. Ektelome ton algrijmo EXTENDED-EUCLID kai brskoume ton mgisto koin di-
airth twn p kai q . Afo enai prtoi metax touc, katalgoume se mia sqsh san thn 1 = ep + f q .
H apdeixh oloklhrnetai an jsoume a = fq kai b = ep.
Sunepc, h apokruptogrfhsh mpore na gnei ekola an mporome na lsoume thn isodunama
modulo nan prto arijm. To parapnw mwc mpore na gnei wc exc.
Lmma 40. H eplush thc
u2 + Bu = C ( mod p)
enai isodnamh me thn eplush thc
y 2 = C + (41 )p B 2 ( mod p), (20)
pou to (41 )p dhlnei ton pollaplasiastik antstrofo tou 4 modulo p .
Apdeixh. To (41 )p uprqei efson o p enai prtoc arijmc kai h sqsh 20 prokptei an
sumplhrsoume to anptugma tou tetragnou.
Efson o q enai epshc prtoc, to Lmma 40 isqei kai an pou p qoume to q, kai sunepc
qoume angei to prblhma thc apokruptogrfhshc sto prblhma thc ereshc tetragwnikn rizn
modulo kpoion prto arijm.
Sunduzontac ta parapnw apotelsmata, apodeiknoume thn akloujh prtash.
Prisma 41. An oi prtoi arijmo p kai q afnoun kai oi do uploipo 3 modulo 4 , tte h
diadikasa thc apokruptogrfhshc mpore na gnei se poluwnumik qrno.

Apdeixh. O paralpthc, o opooc gnwrzei touc prtouc pargontec p kai q tou n, gnwrzei
epshc pwc to kruptografhmno mnuma prpei na enai tetragwnik uploipo kai mpore na lsei
tic exisseic modulo p kai modulo q kai na qrhsimopoisei ta Lmmata 38 kai 40 gia na bre thn
lsh M thc exswshc 17.
Sthn pragmatikthta, o Rabin apdeixe kti pio isqur ap to prisma 41. Aut pou deixe
enai pwc akma ki an oi arijmo p, q den ankoun se aut thn kathgora (dhlad den afnoun
kai oi do uploipo 3 modulo 4), tte kai pli oi exisseic modulo p kai modulo q mporon na
lujon se poluwnumik qrno, qrhsimopointac nan pijanotik algrijmo. ton opoon den ja
parousisoume ed.
Anakefalainontac, gia opoiousdpote prtouc arijmoc p kai q, h diadikasa thc apokrup-
togrfhshc mpore na gnei (ete msw nteterministiko ete msw pijanotiko algorjmou) se
poluwnumik qrno.
Gia pardeigma, upojtoume ti h Alice qei wc dhmsio kleid to zegoc (B, N ) = (2, 77),
en to mustik thc kleid enai h paragontopohsh (p, q) = (7, 11) tou N. An to mnuma enai to
M = 3, tte
C = M 2 + 2M = 15 ( mod 77).
Gia na apokruptografsei, h Alice ja prpei na lsei tic
u2 + 2u = 15 = 1 ( mod 7)
kai
v 2 + 2v = 15 = 4 ( mod 11).
Autc lnontai, an lsei tic (u + 1)2 = 2 ( mod 7) kai (v + 1)2 = 5 ( mod 11) gia na prei
tic timc u + 1 = 22 = 4 ( mod 7) kai v + 1 = 53 = 4 ( mod 11). Sunepc,
u=3 2, v=3 6.
Akolojwc, qrhsimopointac ton algrijmo EXTENDED-EUCLID parnei tic timc a = 22

kai b = 21, kai h lsh sto
x2 + 2x = 15 ( mod 77)
enai h

2 22 3 21

2 22 6 21
x= ( mod 77).
3 22 3 21

3 22 6 21
Aut shmanei pwc h Alice qei na dialxei anmesa se 4 pijan mhnmata tou apostola,
dhlad M1 = 3, M2 = 17, M3 = 58, M4 = 72.

To parapnw pardeigma parousizei na ap ta meionektmata tou prwtokllou dhmosou
kleidio tou Rabin, dhlad to ti o paralpthc prpei na dialxei anmesa se perisstera pijan
arqik mhnmata. Sunjwc, to prblhma aut lnetai ap thn dia thn fsh tou mhnmatoc
(an dhlad gnwrzoume ti to arqik mnuma tan mia prtash sta ellhnik, tte enai apjano na
uprqoun pnw ap na pijan mhnmata pou na qoun nhma sta ellhnik). Wc na epiplon mtro
asfaleac, mporome na epibloume se louc touc qrstec tou prwtokllou na epanalambnoun
p.q. ta prta 64 bits sto tloc tou mhnmatoc. Tte, o paralpthc ja elgqei kje pijan
mnuma gia to an qei aut thn eidik morf.
Tloc, ja knoume mia sntomh anafor se na ssthma yhfiakn upografn pou qrhsimopoie
to prwtkollo tou Rabin, gia to opoo ja upojsoume ti gia louc touc qrstec isqei pwc
B = 0. An o apostolac jlei na apostelei na mnuma m, tte upologzei thn tetragwnik rza
s tsi ste s2 = m ( mod n) kai stlnei ston paralpth to mnuma (m, s).
O paralpthc me thn seir tou, koitzei to dhmsio kleid n tou apostola kai upologzei to
m = s2 ( mod n). An m = m tte apodqetai ti to sugkekrimno mnuma ntwc to steile o
upotijmenoc apostolac.
'Ena pijan prblhma me to parapnw ssthma yhfiakn upografn, enai pwc nac kakbou-
loc qrsthc mpore na epilxei na s Zn , na upologzei to m = s2 ( mod n) kai akolojwc
na stelei to (s, m), to opoo fusik o paralpthc ja nomzei ti prorqetai ap ton apostola
me dhmsio kleid n. Eutuqc, gia thn asfleia tou prwtokllou, h pijanthta to (tuqao) s na
qei kpoio nhma enai pol mikr.
2.4 To prwtkollo dhmosou kleidio tou El Gamal
To prwtkollo dhmosou kleidio El Gamal protjhke ap ton Taher El Gamal to 1984 kai
baszetai sto prwtkollo twn Die kai Hellman pou perigryame nwrtera.
Oi qrstec pou prkeitai na summetsqoun sto prwtkollo qreizetai na akoloujsoun ta

aklouja bmata gia kje fsh tou prwtokllou.
Dhmiourga kleidio Kje qrsthc epilgei nan meglo prto arijm p, na dhmiourg
stoiqeo g Zp kajc kai na tuqao akraio a ttoion ste 2 a p 2 kai katpin upologzei
to g a mod p. To dhmsio kleid tou qrsth enai h trida (p, g, g a mod p), en to mustik kleid
enai o akraioc a.
Kruptogrfhsh An o qrsthc B jlei na epikoinwnsei me ton qrsth A tte prin ap la
prpei na brei to dhmsio kleid PA tou A ki stw PA = (p, g, g a mod p). Akolojwc, o qrsthc
B metatrpei to mnuma pou jlei na stelei se nan arijm m sto disthma {0, . . . , p 1} kai
epilgei nan tuqao akraio k ttoion ste 2 k p 2. Gia na kruptografsei to mnuma m

qreizetai na upologsei tic posthtec = g k mod p kai = m(g a )k mod p, kai tloc stlnei
ston qrsth A to mnuma c = (, ).
Apokruptogrfhsh O A, afo qei lbei to c, qrhsimopoie to mustik kleid a kai up-
ologzei to p1a mod p, gia to opoo isqei ti p1a = a = g ak . Tloc, anakt to
mnuma m upologzontac to ( a ) mod p, kajc isqei ti a g ak mg ak m ( mod p).
Pardeigma Upojtoume ti o qrsthc A qei dialxei ton prto arijm p = 2357, to
dhmiourg stoiqeo

g = 2 Z2357 kai ton akraio a = 1751. Mpore sunepc na upologsei
to g a mod p = 21751 mod 2357 = 1185 kai to dhmsio kleid tou enai PA = (p = 2357, g = 2, g a
mod p = 1185).
An o qrsthc B jlei na stelei to mnuma m = 2035, epilgei na k = 1520 kai sthn sunqeia
upologzei ta = g k = 21520 mod 2357 = 1430 kai = 2035 11851520 mod 2357 = 697.
Epomnwc, o B stlnei to mnuma c = (1430, 697) ston A.
O teleutaoc upologzei ta p1a = 1430605 mod 2357 = 872 kai m = 872697 mod 2357 =
2035, epomnwc qei katafrei na anaktsei to mnuma m.
Upografc El Gamal Kat' arqc, to stdio thc dhmiourgac tou dhmsiou kleidio PA =
(p, g, g a ) gia ton qrsth A enai dio pwc kai sto prwtkollo kruptogrfhshc. 'Otan o A jlei
na stelei na mnuma m ston B , arqik dialgei nan tuqao akraio k ttoion ste 2 k p2
kai gcd(k, p 1) = 1 kai upologzei ta r = g k mod p, k 1 mod p 1 kai s = k 1 {h(m) ar}
mod p 1. H yhfiak upograf tou A gia to mnuma m enai to zegoc (r, s).
'Otan o paralpthc B prei to mnuma kai thn upograf, arqik brskei to dhmsio kleid
tou apostola kai epibebainei ti 1 r p1 allic aporrptei to mnuma. Sthn sunqeia,
upologzei ta v1 = g ar rs mod p, h(m) kai v2 = g h(m) mod p. An isqei ti v1 = v2 tte dqetai
to mnuma kai thn upograf, allic ta aporrptei.
Gia na apodexoume ti to sugkekrimno prwtkollo yhfiakc upografc enai swst, arke
na jewrsoume thn sqsh s = k 1 {h(m) ar} mod p 1. An pollaplasisoume kai ta 2 mlh
me k tte prokptei ks = {h(m) ar} mod p 1 kai h(m) = ar + ks mod p 1. An uysoume
to dhmiourg stoiqeo g sta do mlh, prokptei ti g h(m) = g ar+ks mod p (ap to Jerhma 33)
kai sunepc g h(m) = (g a )r (g k )s = (g a )r (r)s mod p kai sunepc isqei ti v1 = v2 .

3 Elegqoc prtwn arijmn
Se aut thn enthta, ja asqolhjome me to prblhma thc ereshc meglwn prtwn arijmn.
Arqik ja exetsoume to zthma thc puknthtac twn prtwn arijmn, akolojwc ja exetsoume
mia elogh prosggish sto prblhma tou elgqou gia to an nac megloc arijmc enai prtoc
kai ja parousisoume nan apodotik pijanotik algrijmo elgqou pou anptuxan o Miller kai o
Rabin. Tloc, ja parousisoume ton algrijmo twn Agrawal, Kayal kai Saxena pou to 2002 se
mia pol shmantik ergasa gia thn jewra arijmn parousasan nan nteterministik algrijmo
pou epilei to prblhma tou elgqou se poluwnumik qrno. Ja dsoume megalterh mfash
sthn parousash pijanotikn algorjmwn, kajc enai grhgorteroi kai parousizoun idiatero
endiafron gia didaktikoc lgouc.
Puknthta twn prtwn arijmn Se pollc efarmogc (pwc h kruptografa), qreizetai
na brome meglouc tuqaouc prtouc arijmoc. Eutuqc, oi megloi prtoi den enai pol
spnioi, opte se elogo qronik disthma mporome na elgxoume tuqaouc meglouc arijmoc
mqri na breje kpoioc prtoc. H sunrthsh katanomc (n) prosdiorzei ton arijm twn prtwn
arijmn pou enai mikrteroi soi me to n. Gia pardeigma, (12) = 4 afo uprqoun 5 prtoi
arijmo mikrteroi soi me to 12, oi opooi enai oi 2, 3, 5, 7 kai 11. To jerhma twn prtwn
arijmn parqei mia qrsimh prosggish gia to (n).
Jerhma 42. (Jerhma prtwn arijmn)
(n)
limn n/ ln n = 1.
Mporome na qrhsimopoisoume to jerhma twn prtwn arijmn gia na ektimsoume thn pi-
janthta ti nac tuqaa epilegmnoc akraioc n na enai prtoc wc 1/ ln n. Sunepc, ja prpei
na exetsoume perpou ln n tuqaa epilegmnouc akeraouc kont sto n, tsi ste na brome -
nan prto me dio mgejoc pwc to n. Gia pardeigma, gia na brome nan prto me 512 bits,
mpore na qreiaste na exetsoume perpou ln 2512 355 tuqaouc arijmoc twn 512 bits. Sthn
pragmatikthta, ja prpei na exetsoume touc misoc, an perioristome se perittoc akeraouc.
Sto uploipo autc thc enthtac, ja asqolhjome me to prblhma tou elgqou an nac
megloc perittc akraioc enai prtoc qi. Ja qrhsimopoiome thn bolik upjesh ti o n
paragontopoietai se prtouc pargontec wc
n = pe11 pe22 . . . perr ,

pou r 1, p1 , p2 , . . . , pr enai oi prtoi pargontec tou n kai oi e1 , e2 , . . . , er enai jetiko akraioi.
O n enai prtoc an kai mno an r=1 kai e1 = 1.

Mia apl prosggish sto prblhma tou elgqou enai h exonuqistik diaresh. Dokimzoume

na diairsoume to n me kje akraio 2, 3, . . . , n, exetzontac mno to 2 kai touc perittoc
akeraouc. Enai profanc ti o n enai prtoc an kai mno an kannac ap touc proanafermenouc
akeraouc den diaire to n. Upojtontac ti kje diaresh apaite stajer qrno, o qrnoc ekt-

leshc thc qeirterhc perptwshc enai ( n), o opooc enai ekjetikc wc proc to mkoc tou n.
Upenjumzoume ti an to n anaparstatai sto duadik alfbhto me bits, tte = log(n + 1)

kai epomnwc n = (2/2 ). 'Ara, h dokimastik diaresh douleei kal mno an to n enai mikr
tuqanei na qei kpoion mikr prto pargonta. 'Eqei to pleonkthma pwc den apofanetai mno
gia to an o n enai prtoc, all epistrfei kai nan prto pargonta sthn antjeth perptwsh.
Sthn enthta aut endiafermaste mno na mjoume an nac arijmc n enai prtoc; an o n
enai snjetoc den mac endiafrei na brome thn paragontopohs tou se prtouc pargontec.
Enai mllon endiafron to ti enai eukoltero na apanthje an nac arijmc enai prtoc ap to
na breje h paragontopohs tou an enai snjetoc.
3.1 Pijanotiko algrijmoi
'Elegqoc yeudoprtwn Ja exetsoume tra mia mjodo gia legqo prtwn arijmn pou
sqedn douleei kai enai arket kal stic perissterec periptseic. Argtera, ja ekleptnoume
thn mjodo ste na mhn qei kpoio meionkthma. 'Estw Zn+ to snolo twn mh-mhdenikn stoiqewn
tou Zn :
Zn+ = {1, 2, . . . , n 1}.
An o n enai prtoc, tte Zn+ = Zn .

Lme ti o n enai yeudoprtoc me bsh a an o n enai snjetoc kai
an1 1 ( mod n). (21)
Ap to jerhma tou Fermat (Jerhma 31) sunepgetai ti an o n enai prtoc, tte to n ikanopoie
thn exswsh (21) gia kje a. Sunepc, an mporsoume na brome kpoio a gia to opoo to n den
ikanopoie thn exswsh, tte mporome na apofanjome me bebaithta ti to n enai snjetoc
akraioc. To antjeto isqei sqedn pnta, epomnwc qoume na arket kal kritrio gia to an
nac arijmc enai prtoc qi. Dokimzoume na dome an to n ikanopoie thn exswsh (21) gia
a = 2. An qi, tte lme ti to n enai snjetoc. Allic, upojtoume ti to n enai prtoc (tan
sthn pragmatikthta to mno pou xroume enai pwc to n enai ete prtoc ete yeudoprtoc me
bsh a).
O akloujoc algrijmoc genikeei thn parapnw diadikasa gia na elgxei to n. Qrhsimopoie
ton algrijmo MODULAR-EXPONENTIATION ap thn enthta 1.2. H esodoc n upojtoume
ti enai kpoioc perittc akraioc megalteroc tou 2.
PSEUDOPRIME(n)
1 an MODULAR-EXPONENTIATION(2, n 1, n) = 1 ( mod n)
2 tte epstreye SUNJETOS \\sgoura
3 allic epstreye PRWTOS \\ elpzoume
Autc o algrijmoc mpore na knei ljh, all mno enc edouc. An dhlad pei pwc o n enai
snjetoc, tte enai opwsdpote snjetoc. An mwc pei pwc o n enai prtoc, tte mpore na
knei ljoc an o n enai yeudoprtoc me bsh to a.

Pso suqn mpore na gnei na ttoio ljoc? Eutuqc, kti ttoio sumbanei spnia. Up-
rqoun mno 22 timc tou n mikrterec ap 10, 000 gia tic opoec knei ljoc; oi prtec 4 enai
oi 341, 561, 645 kai 1105. Mpore na apodeiqje ti h pijanthta ti o algrijmoc knei ljoc
gia nan tuqaa epilegmno arijm twn bits tenei sto 0 kajc . Qrhsimopointac
akribsterouc upologismoc, mporome na dexoume ti nac arijmc twn 512 bits, gia ton opoo
o algrijmoc apofaszei ti enai prtoc, qei pijanthta mikrterh ap 1 stic 1020 na enai yeu-
doprtoc bshc 2 kai nac tuqaa epilegmnoc arijmc me 1024 bits, gia ton opoo o algrijmoc
lei ti enai prtoc, qei pijanthta mikrterh ap 1 stic 1041 na enai yeudoprtoc bshc 2.
Epomnwc, an mia efarmog aplc qreizetai nan meglo prto arijm, enai protimtero na
akoloujsoume ton parapnw algrijmo o opooc sthn prxh douleei. An mwc o arijmc pou
exetzoume den enai tuqaa epilegmnoc, tte enai anagkaa mia kalterh prosggish.
Dustuqc, den mporome na glutsoume ap ta ljh, allzontac aplc thn bsh a gia thn
exswsh 21, gia pardeigma stw pwc a = 3, giat uprqoun snjetoi akraioi n pou ikanopoion
thn 21 gia la ta a. Auto oi akraioi enai gnwsto wc arijmo Carmichael. Oi prtoi treic
arijmo Carmichael enai to 561, 1105 kai 1729. Enai arket spnioi; gia pardeigma uprqoun
mno 255 mikrteroi tou 100, 000, 000. Akolojwc, ja dexoume pc mporome na beltisoume ton
algrijmo, tsi ste oi arijmo Carmichael na mhn apotelon prblhma.

'Elegqoc Miller-Rabin gia prtouc O legqoc Miller-Rabin gia to an nac arijmc enai
prtoc qi apofegei ta meionektmata thc prohgomenhc mejdouc me tic akloujec allagc
Dokimzei diforec tuqaa epilegmnec timc gia thn bsh a ant gia mno ma.
Kajc upologzei tic uyseic se dnamh, exetzei an breje mia mh-tetrimmnh tetragwnik
rza tou 1 modulo n. An nai, tte stamatei kai apofanetai pwc o arijmc enai snjetoc.
To prisma 36 exhge giat sumbanei aut.
Sthn sunqeia, parousizoume ton algrijmo pou exetzei an ma sugkekrimnh tim tou a enai
mrturac gia to ti o n enai snjetoc arijmc, kajc kai kpoia sqlia gia thn leitourga tou.
WITNESS(a, n)
1 n 1 = 2t u
2 x0 MODULAR-EXPONENTIATION(a, u, n)
3 gia i1 mqri t
4 xi x2i1 mod n
5 an xi = 1 kai xi1 = 1
6 tte epstreye ALHJES
7 an xi = 1
8 tte epstreye ALHJES
9 epstreye YEUDES
O algrijmoc WITNESS upologzei to an1 mod n upologzontac prta thn tim x0 = au

mod n sthn gramm 2, uynontac met to apotlesma sto tetrgwno t forc sthn seir (grammc
3-6). Me anagwg sto i, h akolouja x0 , x1 , . . . , xt twn timn pou upologzontai ikanopoie thn
sqsh xi a 2i u gia i = 0, 1, . . . , t, opte xt an1 mod n. 'Opote ekteletai h gramm 4, o br-
qoc mpore na termatiste prwra an stic grammc 5-6 anakalufje mia mh-tetrimmnh tetragwnik
rza tou 1. An aut sumbe, o algrijmoc termatzei kai epistrfei ALHJES. Oi grammc 7-8
epistrfoun ALHJES an h tim pou upologsthke gia to xt an1 mod n diafrei ap to
1, gia ton dio lgo pou epistrfei ALHJES kai o algrijmoc PSEUDOPRIME. Tloc, sthn
gramm 9 epistrfetai h tim YEUDES, an o algrijmoc den qei termatsei nwrtera.
Ja dexoume tra pwc an o WITNESS(a, n) epistryei ALHJES, tte o n enai snjetoc.

An o WITNESS epistryei ALHJES sthn gramm 8, tte qei anakalyei ti xt = an1
mod n = 1. An o n tan prtoc, tte ap to jerhma tou Fermat ja prpei na isqei an1 1
mod n gia la ta a Zn+ . Sunepc, o n den mpore na enai prtoc kai h sqsh an1 mod n = 1
enai h apdeixh gi' aut.
An o WITNESS epistryei ALHJES sthn gramm 6, tte qei anakalyei ti to xi1 enai
mh-tetrimmnh tetragwnik rza tou 1 modulo n, afo xi1 = 1( mod n) en xi x2i1 1(

mod n). To prisma 36 dhlnei pwc mno an o n enai snjetoc mpore na uprqei mh-tetrimmnh
tetragwnik rza tou 1 modulo n, epomnwc katalgoume sto ti o n enai snjetoc.
'Etsi, oloklhrnetai h apdeixh gia thn orjthta tou WITNESS. An h klsh WITNESS(a, n)
epistryei ALHJES, tte o n enai sgoura snjetoc, ki aut mpore na apodeiqje gia ta
dedomna a kai n.
Proqwrme tra sthn parousash tou algorjmou MILLER-RABIN pou baszetai sto WIT-
NESS. Upojtoume kai pli ti to n enai perittc akraioc megalteroc ap 2.
MILLER-RABIN(n, s)
1 gia j1 mqri s
2 a RANDOM(1, n 1)
3 an WITNESS(a, n)
4 tte epstreye SUNJETOS \\ elpzoume
5 epstreye PRWTOS \\ sgoura
O algrijmoc MILLER-RABIN enai mia pijanotik anazthsh gia mia apdeixh ti o n enai
snjetoc. O krioc brqoc dialgei s tuqaec timc tou a ap to Zn+ . An kpoio ap ta a

enai mrturac, tte o MILLER-RABIN apofanetai SUNJETOS sthn gramm 4. Mia ttoia
apfash enai pntote swst, ap to gegonc ti o algrijmoc WITNESS enai swstc. An
den breje kannac mrturac se autc tic s dokimc, tte o MILLER-RABIN upojtei pwc aut
sumbanei giat den uprqei kannac mrturac kai sunepc o n enai prtoc. Ja dexoume paraktw
ti aut h apfash enai pijantata swst an to s enai arket meglo, all uprqei mia mikr
pijanthta na maste tuqoi kat thn epilog twn a kai na uprqei kpoioc mrturac.
Gia pardeigma, stw n o arijmc Carmichael 561, tsi ste n1 = 560 = 24 35. Upojtontac
ti epilgoume a = 7, xroume ti o WITNESS upologzei to x0 a35 241 ( mod 561) kai
upologzei thn akolouja X =< 241, 298, 166, 67, 1 >. 'Ara, anakalyame mia mh-tetrimmnh
tetragwnik rza tou 1, afo a280 67 ( mod n) kai a560 1 ( mod n). Epomnwc, to a=7
enai mrturac gia to ti o n enai snjetoc, o WITNESS epistrfei ALHJES kai o MILLER-
RABIN epistrfei SUNJETOS. An o n apoteletai ap bits, o MILLER-RABIN apaite
O(s) arijmhtikc prxeic kai O(s 3 ) prxeic me bits, kajc asumptwtik apaitei sh doulei
qreizetai gia s uyseic se dnamh.
Anlush thc pijanthtac ljouc tou elgqou Miller-Rabin An o MILLER-

RABIN apofanje ti o n enai prtoc, tte uprqei mia mikr pijanthta ti qei knei ljoc.
Se antjesh me ton PSEUDOPRIME, aut h pijanthta ljouc enai anexrthth ap to n; den
uprqoun sqhmec esodoi gia ton algrijmo aut. Exarttai mwc ap to mgejoc tou s kai tic
tuqaec epilogc gia ta difora a. Epiplon, epeid kje legqoc enai austhrteroc ap nan
apl legqo gia an isqei h sqsh (21), mporome na elpzoume ti h pijanthta ljouc enai mikr
gia nan tuqao akraio n. To aklouja jewrmata parqoun thn apnthsh.
Jerhma 43. An to n enai perittc snjetoc akraioc, tte o arijmc twn martrwn gia aut
to gegonc enai toulqiston 3(n 1)/4 .
Jerhma 44. Gia kje peritt akraio n > 2 kai kje jetik akraio s
, h pijanthta ti o
algrijmoc Miller-Rabin(n, s) knei ljoc enai to pol 4s .
Sunepc, an jsoume s = 50 tte qoume na pol ikanopoihtik eppedo asfleiac gia tic
perissterec pijanc efarmogc. An aut pou jloume enai na brome kpoion meglo prto
arijm kai efarmzoume ton algrijmo Miller-Rabin se tuqaa epilegmnouc meglouc akeraouc,
tte akma kai mia mikr tim tou s (stw s = 3) stic perissterec periptseic ja dsei kal
apotelsmata. Aut shmanei pwc gia nan tuqaa epilegmno peritt akraio n, o anamenmenoc
arijmc twn mh-martrwn enai arket mikrteroc tou (n 1)/4.
3.2 O nteterministikc algrijmoc
Tloc, parousizoume ton prto nteterministik algrijmo pou apofanetai gia to an nac
dedomnoc arijmc enai prtoc qi qwrc na sthrzetai se kpoia anapdeikth upjesh (pwc
p.q. h Upjesh tou Riemann).

O algrijmoc baszetai sto akloujo Lmma.
Lmma 45. 'Estw aZ nN, , me n2 kai gcd(a, n) = 1 . Tte o n enai prtoc arijmc an
kai mno an
(X + a)n X n + a ( mod n).

( )
Apdeixh. Gia 0 < i < n, o suntelestc tou xi sthn kfrash ((X + a)n (X n + a)) enai nk ani .
(n)
'Estw ti o n enai ntwc prtoc arijmc. Tte, isqei ti
k = 0 ( mod n) kai sunepc
loi oi suntelestc enai soi me 0.

'Estw ti o n enai snjetoc kai ac jewrsoume nan prto q pou na enai pargontac tou
(n)
n kai stw ti q k |n. Tte, o qk den diaire to
k kai enai sqetik prtoc me to anq kai
epomnwc o suntelestc tou Xq den enai isodnamoc me mhdn ( modulo n). Epomnwc, h kfrash
((X + a)n (X n + a)) den enai pntote isodnamh me mhdn ( modulo Zn ) sto Zn .
To parapnw Lmma enai sthn ousa nac aplc legqoc gia to an nac arijmc n enai prtoc.
Arke na dialxoume nan akraio a kai na elgxoume an isqei h isodunama. To meionkthma
enai ti qreizetai qrnoc (n) giat sthn qeirterh perptwsh qreizetai na upologsoume n
suntelestc sto arister mloc thc isodunamac. Ma apl mjodoc gia na meisoume ton arijm
twn suntelestn enai na brome thn tim kai twn do meln thc isodunamac tan douleoume
modulo na polunumo thc morfc Xr 1 gia mia katllhla epilegmnh mikr tim tou r. Me
lla lgia, arke na elgxoume an isqei h akloujh isodunama
(X + a)n X n + a ( mod X r 1, n). (22)
Ap to Lmma 45 prokptei ti loi oi prtoi arijmo ikanopoion thn isodunama 22 gia lec tic
timc twn a, r. Ap thn llh pleur, parousizetai to prblhma ti uprqoun plon kai snjetoi
arijmo pou ikanopoion thn isodunama 22 gia kpoiec timc twn a, r. Mporome mwc na dexoume
ti an epilxoume na katllhlo r tte an ikanopoietai h 22 gia arket a, tte o n prpei na
enai dnamh kpoiou prtou arijmo. O arijmc twn a kai h h katllhlh tim tou r frssontai
ap pnw ap na polunumo tou log n, opte katalgoume se nan nteterministik algrijmo
poluwnumiko qrnou pou apokrnetai gia to an nac dedomnoc arijmc enai prtoc.
Akolojwc parousizoume ton algrijmo. 'Estw ti sthn esodo qoume nan akraio n gia
ton opoo jloume na apofanjome an enai prtoc qi.
1. Arqik, o algrijmoc elgqei an isqei n = ab gia kpoion akraio aN kai gia b > 1,
opte kai epistrfei thn apnthsh 'SUNJETOS'.
2. Sthn sunqeia brskei ton mikrtero akraio r gia thn opoo isqei ti ordr (n) > log2 n,
pou jumzoume ti me ordr (n) sumbolzoume thn txh thc upoomdac pou orzetai ap to
stoiqeo n tan douleoume modulo r.
3. Elgqei an 1 gcd(a, n) < n gia kpoio a r, opte ki epistrfei thn apnthsh 'SUNJE-
TOS'.
4. Elgqei an isqei nr opte ki epistrfei 'PRWTOS'.

5. Gia tic timc tou a ap 1 wc (r) log n o algrijmoc elgqei an (X + a)n = X n + a (
mod X r 1, n) opte ki epistrfei 'SUNJETOS'.
6. O algrijmoc epistrfei thn apnthsh 'PRWTOS'.
Jerhma 46. O parapnw algrijoc epistrfei 'PRWTOS' an kai mno an o n enai prtoc.
Gia thn apdeixh tou parapnw jewrmatoc, ja qreiaste na apodexoume ti an isqei to na
skloc thc prtashc, tte isqei opwsdpote kai to llo.
Lmma 47. An o n enai prtoc, tte o algrijmoc epistrfei 'PRWTOS'.
Apdeixh. An o n enai prtoc, tte ta bmata 1 kai 3 den ja epistryoun se kama perptwsh
thn apnthsh 'SUNJETOS'. Ap to Lmma 45 o brqoc epshc den ja epistryei 'SUNJETOS'.
Epomnwc, o algrijmoc ja epistryei 'PRWTOS' ete sthn gramm 4 ete sthn gramm 6.
Gia thn oloklrwsh thc apdeixhc tou Jewrmatoc 46 arke na isqei to akloujo Lmma, to
opoo paratjetai qwrc apdeixh.
Lmma 48. An o algrijoc epistryei 'PRWTOS', tte o n enai prtoc.

4 Efarmogc thc kruptografac
Sthn enthta aut ja exetsoume kpoiec perisstero praktikc efarmogc thc kruptografac
kai twn prwtokllwn pou parousisame sta prohgomena keflaia. Ja parousisoume kpoia
prwtkolla pou epitrpoun thn diamorash kpoiou mustiko stouc qrstec me trpo pou den
ja blptei thn idiwtikthta tou mustiko, pwc kai prwtkolla pou epitrpoun thn dsmeush
twn qrhstn se sugkekrimnec apofseic kai ja apotrpoun thn usterboulh allag touc. T-
loc, ja perigryoume kpoiec efarmogc touc se eklogc, dhmoprasec kai mikrosunallagc sto
Diadktuo.
4.1 Sqmata diamorashc mustiko kai prwtkolla dsmeushc
Diamorash mustiko 'Estw ti kpoioc kentrikc qrsthc qei sthn dijes tou mia
mustik plhrofora, thc opoac thn duadik anaparstash thn sumbolzoume me S. O qrsth-
c ja jele na moirsei thn mustik plhrofora se kpoiouc llouc qrstec (stw n to pljoc
touc) me ttoio trpo ste an sunergaston toulqiston k ap autoc na mporon na epanasun-
jsoun thn plhrofora. Sthn antjeth perptwsh, o qrsthc ja jele qi mno na mhn mporon na
broun to S, all kai na mhn qoun mjei kti perisstero gia to S ap ti xeran prin kan gnei h
diamoras tou. Gia pardeigma, stw ti o kentrikc qrsthc qei wc mustik thn lxh ' password'
kai thn moirzei se 4 qrstec dnontac do grmmata ston kajna touc. Tte, an sunergaston kai
oi 4 mporon na anaktsoun to S , an mwc enai ligteroi tte nai men den mporon na anaktsoun
kateujean thn plhrofora, qoun mwc perissterh plhrofora gi' aut kai epomnwc touc enai
eukoltero na to broun dokimzontac lec tic pijanc lseic (upojtoume ti gnwrzoun to mkoc
thc lxhc).
Exetzoume arqik thn perptwsh pou prpei na sunergaston loi oi qrstec prokeimnou na
epanasunjsoun to mustik, me lla lgia tan k = n. O kentrikc qrsthc ektele ta aklouja
bmata.
1. Arqik, dialgei nan meglo prto arijm p, ttoion ste S <p ki epomnwc isqei ti
S Zp .
2. Dialgei tuqaa ai Zp gia i = 1, . . . , n 1 kai dnei to ai ston i-ost qrsth.
n1
3. Upologzei to an = S i=1 ai ( mod n) kai to dnei ston n-ost qrsth.
An ntwc sunergaston kai oi n qrstec, tte arke na ajrosoun ta ai pou katqoun gia
n
na epanasunjsoun to S, afo isqei S = i=1 ai . 'Estw ti sunergzontai n1 qrstec ki
stw ti den dqetai o n-ostc qrsthc na dsei to an . Tte, oi uploipoi qrstec prokeimnou
na broun to S mporon na dokimsoun na mantyoun to an Zp kai na exetsoun to S pou
ja prokyei. Aut mwc enai isodnamo me to na mantyei kpoioc qrsthc ap mnoc tou na
S Zp , epomnwc oi sunergazmenoi qrstec den qoun apoktsei kpoia epiprsjeth plhrofora

ap thn sunergasa.
'Estw tra h perptwsh pou arke na sunergaston k qrstec, me k < n. Enai profanc ti
to prohgomeno sqma den douleei kai qreizetai na skeftome kti perisstero ekleptusmno.
O kentrikc qrsthc ektele ta aklouja bmata.
1. Arqik, dialgei nan meglo prto arijm p, ttoion ste S <p ki epomnwc isqei ti
S Zp .
2. Dialgei tuqaa ai Zp gia i = 1, . . . , k 1.
3. Orzei thn sunrthsh f (x) = S + a1 x + a2 x2 + . . . + ak1 xk1 ( mod p).
4. Tloc, dnei to f (i) ston i-ost qrsth.
Parathrome ti sthn ousa qoume n exisseic me k agnstouc, touc S, a1 , a2 , . . . , ak1 .

An sunergaston toulqiston k qrstec, tte arke na lsoun na ssthma k exissewn me k
agnstouc kai na upologsoun to S. Sthn antjeth perptwsh, prokptei na ssthma k1
exissewn me k agnstouc, opte oi sunergazmenoi qrstec den mporon na upologsoun to S,
ote qoun apokomsei kpoia epiprsjeth plhrofora pou touc dieukolnei ston upologism tou.
Prwtkolla dsmeushc Sthn sunqeia ja asqolhjome me prwtkolla dsmeushc kai
exetzoume to akloujo pardeigma. Ac upojsoume ti h Alice kai o Bob qoun prei diazgio,
mnoun plon se diaforetikc pleic kai yqnoun nan trpo na apofassoun poioc ja prei to
autoknhto. Sumfwnon sto na stryoun na krma, all o Bob den ja jele na dialxei ti
ja rjei 'korna' kai na akosei thn Alice na tou anakoinnei ap to thlfwno ti telik to
apotlesma enai 'grmmata'. Ja jlame loipn na mpore o Bob na dialxei na apotlesma qwrc
na to anakoinsei sthn Alice kai aut na rxei to krma. To epijumht enai to apotlesma pou
dilexe o Bob kai to apotlesma pou tou anakonwse h Alice na mhn mporon na allxoun kat
thn dirkeia ektleshc tou prwtokllou.
Uprqoun arket prwtkolla pou mpore na qrhsimopoisei kanec se ttoiec periptseic, emec
ja arkestome sthn perigraf kpoiwn apln mejdwn. H ma ap autc baszetai sto prblhma
tou diakrito logarjmou kai h llh sto prblhma thc paragontopohshc. Sthn prth, h Alice
kai o Bob sumfwnon se nan meglo prto arijm p kai na dhmiourg stoiqeo g Zp . Sthn
sunqeia, h Alice epilgei tuqaa nan akraio a Zp . Mpore plon na dei kanec to prblhma
wc exc: o Bob kaletai na mantyei an o a enai perittc rtioc arijmc. Shmeinoume ti oi
miso akraioi sto Zp enai peritto kai oi lloi miso enai rtioi. Epomnwc, h Alice upologzei to
b = g a ( mod p) kai to metaddei ston Bob, o opooc stw ti apofaszei ti o a enai perittc.
Tte, h Alice kaletai na apokalyei to a kai an enai perittc tte kerdzei o Bob, en sthn
antjeth perptwsh to autoknhto to parnei h Alice. Parathrome ti h Alice den mpore na pei
ymata gia thn tim tou a pou qei epilxei, kajc mno na a Zp qei thn idithta ti b = ga
( mod p). Epiplon, o Bob den mpore na qrhsimopoisei thn gnsh tou b gia na apofassei se
na logik (poluwnumik) qronik disthma an o a enai perittc qi, kajc aut ja smaine ti
qei kpoion poluwnumik algrijmo gia to prblhma tou diakrito logarjmou.
H deterh mjodoc baszetai, pwc proanaframe, sto prblhma thc paragontopohshc kai
enai h akloujh. Arqik, h Alice epilgei do meglouc prtouc arijmoc p kai q ttoiouc ste
kai oi do na enai isodnamoi ete me 3 modulo 4 ete me 1 modulo 4. Upologzei to n = pq kai
to anakoinnei ston Bob. Shmeinoume ti pwc kai na epilqjhkan oi p kai q, isqei ti n=1
( mod 4). O Bob kaletai plon na apofassei (msa se na sntomo qronik disthma) an oi p
kai q enai isodnamoi me 3 me 1 kai sthn sunqeia h Alice tou anakoinnei ta p kai q. An o Bob
qei epilxei swst tte kerdzei, allic kerdzei h Alice. Shmeinoume pwc h Alice den mpore
na pei ymata, kajc h mnh dunat paragontopohsh tou n enai oi prtoi arijmo p kai q, en o
Bob den mpore na ekmetalleute thn gnsh tou n gia na brei ta p kai q, kajc aut ja smaine
ti uprqei poluwnumikc algrijmoc paragontopohshc.
4.2 Eklogc, dhmoprasec kai oikonomikc sunallagc
Se aut thn enthta parousizoume merikc efarmogc thc kruptografac pou mac epitr-
poun orismnec drasthrithtec thc kajhmerinc, ektc Diadiktou, zwc na mporome na tic
pragmatopoisoume kai sto Diadktuo. Ja parousisoume tic basikc idithtec pou prpei na
ikanopoion ta difora prwtkolla, qwrc mwc na upeisljoume se analutik parousash prw-
tokllwn.
Eklogc - hlektronikc yhfoforec Me ton ro hlektronik yhfofora ennoome thn
skhsh tou eklogiko dikaimatoc me th qrsh hlektronikn mejdwn. Ta jemelidh stoiqea
pou sunjtoun thn idiaterh fsh thc hlektronikc yfou kai th diaforopoion se meglo bajm
ap ta uprqonta sustmata thc eklogikc diadikasac enai h dunatthta skhshc tou eklogiko
dikaimatoc ap apstash, qwrc thn autoprswph parousa tou yhfofrou sto eklogik tmma
kai h qrsh upologistiko sustmatoc kai kat sunpeia automatopoihmnwn mejdwn, gia thn
orgnwsh kai diexagwg thc lhc eklogikc diadikasac. H ryh mac hlektronikc yfou msw
tou Diadiktou prpei na sunodeetai ap eparkec egguseic asfleiac ti h tautthta tou
yhfofrou den ja apokalufje kat th dirkeia thc metaforc kai thc epexergasac thc yfou,
pwc epshc kai ti to perieqmen thc den ja metablhje, lgw mh apotelesmatikc leitourgac
tou sustmatoc exaitac eklogikc lajroqeirac. Me bsh ta parapnw, hlektronik eklogik
ssthma orzetai to ssthma ekeno pou enai proorismno na exuphretsei tic angkec diexagwgc
miac hlektronikc yhfoforac.
Prokeimnou na sqediaste na ssthma hlektronikc yhfoforac to opoo ja qrhsimopoihje
gia eklogc eureac klmakac enai aparathto na plhrontai merikc basikc propojseic:
Dhmokratik: Mno oi yhfofroi pou qoun dikawma yfou mporon na yhfsoun, en
kannac yhfofroc den qei to dikawma na yhfsei pnw apo ma forc
Mustik: lec yfoi paramnoun mustikc kat th dirkeia upobolc yfwn kai kannac
den enai se jsh na sundsei thn tautthta enc yhfofrou me thn ekstote yfo tou
Akribc: kama yfoc den mpore na alloiwje na katametrhje perissterec apo ma
forc. Epshc, kama yfoc den mpore na diagrafe ap tic eklogikc arqc all ote kai
ap opoiousdpote llouc pargontec
Prostateumeno apo katanagkasm: o yhfofroc den katqei ote mpore na dhmiourgsei
mia apdeixh pou na deqnei to perieqmeno thc yfou
Anjektik: kje kakboulh sumperifor apo opoiondpote pargonta mpore na antimetw-
piste
Amerlhpto: kannac den enai se jsh na mjei to apotlesma thc eklogikc diadikasac
prin thn telik katamtrhsh twn yfwn. Sunepc, diasfalzetai ti den ja ephreaston oi
teleutaoi qronik yhfofroi msw thc anakonwshc miac ektmhshc tou apotelsmatoc kai
ti den parqetai na pleonkthma se na sugkekrimno snolo ontottwn
Eukola summetoqc twn yhfofrwn
Oikoumenik epalhjesimo: kje exwterikc parathrhtc mpore na peiste gia thn orjthta
twn eklogikn apotelesmtwn
Dhmoprasec Enai dskolo na kajorsei kanec pte akribc gine h prth dhmoprasa
sto Diadktuo, enai gnwst mwc pwc autc eqan arqsei na diexgontai msw hlektroniko
taqudromeou kai newsgroups dh ap to 1988. Me thn ragdaa anptuxh tou Diadiktou kat
thn dekaeta tou

90, tan anapfeukto na qrhsimopoihje aut h na teqnologa stic dhmoprasec
pou diexgontan online, opte kai prokuye h angkh gia kruptografik asfal prwtkolla
dhmoprasac.
Gia na enai asfal ta prwtkolla pou qrhsimopoiontai gia dhmoprasec sto Diadktuo,
qreizetai na ikanopoiontai orismnec idithtec pou merikc forc enai allhlosugkroumenec,
me apotlesma na mhn uprqei kpoio prwtkollo pou na tic ikanopoie lec tautqrona. Sth
sunqeia anafrontai orismnec ap autc tic idithtec.
Orjthta: An soi summetqoun sth dhmoprasa ferjon dkaia tte h swst nikhtria
tim kai o swstc nikhtc ja anagnwriston kai ja anadeiqjon smfwna pnta me touc
kannec thc dhmoprasac
Dikaiosnh: H dikaiosnh perilambnei ti kannac pleiodthc den qei kami plhrofora
gia tic llec prosforc prin upobllei thn dik tou. H idithta aut perilambnetai epshc
kai sthn empisteutikthta. Epiplon, h dikaiosnh sunepgetai ti afo kpoioc pleiodthc
upobllei thn prosfor tou, tte h prosfor aut den mpore na metablhje kai pwc kannac
pleiodthc den mpore na arnhje thn prosfor tou afo thn qei upobllei. To gegonc
aut kaletai pollc forc kai mh-aprnhsh thc prosforc
Eurwsta: H kakboulh sumperifor opoioudpote summetqei sth dhmoprasa den ja prpei
na jtei se knduno to ssthma na odhge se ljoc apotelsmata. H eurwsta enai

sumplhrwmatik idithta thc orjthtac kai eggutai ti an uprqei kpoio telik apot-
lesma, tte to apotlesma aut enai to swst opoiadpote apotuqa epjesh kai na qei
sumbe sto ssthma
Empisteutikthta: Oi dhmoprtec den ja prpei na gnwrzoun thn axa twn prosforn mqri
th fsh tou anogmatc touc. Gia to lgo ti an den sumbanei aut mporon na gnoun
kpoiec sunergasec me stqo ta proswpik sumfronta kpoiwn (anloga kai me to e-
doc kai touc kannec thc dhmoprasac pou diexgetai) kai thn telik exapthsh twn tmiwn
summeteqntwn
Anwnuma: Oi tautthtec twn pleiodotn pou qoun qsei paramnoun empisteutikc met
thn apokluyh tou teliko nikht, tsi ste na mhn mporon na ekmetalleuton kpoioi thn
mh anwnuma me touc trpouc pou exhgontai sthn epmenh idithta
Mustikthta twn prosforn pou qasan: Oi prosforc pou den krdisan telik th dhmo-
prasa paramnoun mustikc, akmh kai ap ton dio to dhmoprth, met thn apokluyh tou
teliko nikht. Ki aut giat oi pleiodtec pou qasan enai logik na mhn epijumon na
sullgoun lloi tic ektimseic touc gia ta pronta, kti pou mpore na jewrhje parabash
twn dikaiwmtwn touc, kai mpore na touc frnei se meionektikterh jsh se kpoia llh
dhmoprasa. Epiplon kpoioc pwlhtc mpore na apoktsei kpoia pleonektmata tan se
kpoia mellontik dhmoprasa jelsei na poulsei na dio parmoio antikemeno
Dhmsia epaljeush: Prpei loi oi summetqontec sth diadikasa thc dhmoprasac, kajc
epshc kai nac oudteroc parathrhtc, na enai ikano na epibebaisoun thn egkurthta twn
krsimwn diadikasin. Krsimec diadikasec jewrontai autc pou enai ikanc na allxoun
to apotlesma thc dhmoprasac
Eukola - apotelesmatikthta : H dhmoprasa gnetai me allhlepdrash anjrpwn. Oi
kannec tou prwtokllou pou qrhsimopoietai gia th diekperaws thc ja prpei na enai
arket aplo tsi ste soi lambnoun mroc na mporon na touc katanosoun kai na touc
akoloujsoun se logik qrno
Oikonomikc sunallagc Me parmoio trpo pwc kai stic prohgomenec do efarmogc,
ta kruptografik prwtkolla brkan meglh efarmog gia thn ulopohsh mejdwn pou epitrpoun
thn asfal diexagwg oikonomikn sunallagn msw tou Diadiktou.
Sthn sunqeia anafroume orismnec ap tic idithtec pou prpei na plhro na prwtkollo
oikonomikn sunallagn.
Qamhl kstoc sunallagc: to kstoc dienrgeiac miac sunallagc ja prpei na enai so
qamhl gnetai. Eidiktera, se periptseic pou diakinontai mikr pos (mikrosunallagc),
autc o pargontac enai o shmantikteroc, kajc den enai epijumht p.q. gia mia sunallag
tou 1 eur na uprqei prsjeth epibrunsh 0, 5 eur
Asfleia: ta prwtkolla prpei na enai anjektik se epijseic me stqo tso to na dias-
falzetai ti h pistopohsh tou qrsth - apostola so kai h akeraithta tou mhnmatoc.
Epiplon, to prwtkollo prpei na exasfalzei ti na mnuma (pou antistoiqe se hlek-
tronik nmisma) den mpore na qrhsimopoihje pnw ap ma for
Idiwtikthta: prpei na diasfalzetai ti mno oi exousiodothmnoi qrstec qoun prsbash
se plhrofora sqetik me thn tautthta tou agorast. Shmeinoume ti sta perisstera
prwtkolla, oi agorastc summetqoun me yeudnuma. Epiplon, ap thn stigm pou ja
oloklhrwje h sunallag, den prpei na uprqei h dunatthta na sundeje kpoia amoib me
ton agorast (pwc p.q. den jloume na mpore kpoioc qontac na qartonmisma na xrei
poioi lloi to qrhsimopohsan kat to pareljn)
Dunatthta meshc epibebawshc

Anaforc
[1] T.H. Cormen, C.E. Leiserson, R.L. Rivest and C. Stein. Introduction to Algorithms, Second
Edition. MIT Press, 2001
[2] D. Welsh. Codes and Cryptography. Carlendon Press, Oxford. 1995
[3] A.J. Menezes, P.C. van Oorschot and S.A. Vanstone. Handbook of Applied Cryptography.
CRC Press, 2001.

Σημειώσεις κρυπτογραφίας

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Σημειώσεις κρυπτογραφίας

Uploaded by

Copyright:

Available Formats

Panepisthmio Patrwn - Poluteqnikh Sqolh

Tmma Mhqanikn Hlektronikn Upologistn

Ptra, Mrtioc 2010

1.1 Basikc nnoiec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2 Arijmhtikc prxeic me uploipa . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2 Prwtkolla dhmosou kleidio 28

2.1 Dhmiourga kai antallag kleidin . . . . . . . . . . . . . . . . . . . . . . . . . . 32

2.2 To prwtkollo dhmosou kleidio RSA . . . . . . . . . . . . . . . . . . . . . . . . 33

2.3 To prwtkollo dhmosou kleidio tou Rabin . . . . . . . . . . . . . . . . . . . . . 36

2.4 To prwtkollo dhmosou kleidio tou El Gamal . . . . . . . . . . . . . . . . . . . 40

3 Elegqoc prtwn arijmn 43

3.1 Pijanotiko algrijmoi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3.2 O nteterministikc algrijmoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

4 Efarmogc thc kruptografac 51

4.1 Sqmata diamorashc mustiko kai prwtkolla dsmeushc . . . . . . . . . . . . . . 51

4.2 Eklogc, dhmoprasec kai oikonomikc sunallagc . . . . . . . . . . . . . . . . . . 53

rac arijmn, sqetik me to snolo Z = {. . . , 2, 1, 0, 1, 2, . . .} twn akerawn kai to snolo

N = {0, 1, 2, . . .} twn fusikn arijmn. Epiplon, ja perigryoume orismnouc algorjmouc pou

grammikn exissewn, h eresh tetragwnikn rizn, klp.

1.1 Basikc nnoiec

Diairetthta kai diairtec

Ja xekinsoume parousizontac kpoiouc orismoc sqetik me thn diaresh. To gegonc ti nac

Jerhma thc diareshc, uploipa kai modular isodunamec

ttoioi ste 0r<n kai a = qn + r .

O arijmc q = a/n enai to phlko thc diareshc, en o r = a mod n to uploipo . Isqei

ti n|a an kai mno an a mod n = 0.

Zn = {[a]n : 0 a n 1}, en enallaktik mpore na sumboliste wc Zn = {0, 1, 2, . . . , n 1}

klsh isodunamac [n 1]n , kajc 1 n 1 ( mod n).

Koino diairtec kai mgistoi koino diairtec

diairthc opoioudpote zegouc akerawn.

d|(ax + by), (1)

gcd(0, 0) = 0, prokeimnou oi akloujec stoiqeideic sqseic na isqoun pntote.

gcd(a, b) = gcd(b, a),

gcd(a, b) = gcd(a, b),

gcd(a, b) = gcd(|a|, |b|),

gcd(a, ka) = |a|, k Z

trpo eresc tou.

sunduasmn twn a kai b .

= a(1 qx) + b(qy),

gcd(a, b) s kai gcd(a, b) s, prokptei pwc gcd(a, b) = s. Katalgoume loipn ti o s enai o

mgistoc koinc diairthc twn a kai b.

gcd(an, bn) = n gcd(a, b).

jetik ekprswpo tou sunlou {ax + by}.

Prtoi kai snjetoi arijmo

sqetik prtoc me ton p.

Jerhma 6. Gia opoiousdpote akeraouc a, b kai p , an gcd(a, p) = 1 kai gcd(b, p) = 1 , tte

Apdeixh. Prokptei ap to Jerhma 2 ti uprqoun akraioi x, y, x kai y , ttoioi ste ax+py =

Epiplon, ja lme pwc oi akraioi n1 , n2 , . . . , nk enai sqetik prtoi an do an gcd(ni , nj ) = 1

hje se prtouc arijmoc me monadik trpo.

Jerhma 8. (Jerhma monadikc paragontopohshc) 'Enac snjetoc arijmc a mpore na grafe

mpore na doje wc esodoc.

Sthn sunqeia, ja asqolhjome mno me mh-arnhtikoc akeraouc. Autc o periorismc dikaiolo-

getai, kajc qoume dh diatupsei pwc gcd(a, b) = gcd(|a|, |b|).

thc ereshc tou mgistou koino diairth.

O algrijmoc tou Eukledh baszetai sto akloujo jerhma.

Jerhma 9. Gia kje mh-arnhtik akraio a kai kje jetik akraio b ,

gcd(a, b) = gcd(b, a mod b).

prpei na isontai (kajc kai oi do enai mh-arnhtiko akraioi).

O algrijmoc tou Eukledh

na tan gnwstc ap palitera. Mpore na ekfraste wc na anadromik prgramma basismno

tou 30 kai tou 21, qoume

EUCLID(20, 15) = EUCLID(15, 5)

( EUCLID). H orjthta tou algorjmou phgzei ap to Jerhma 9 kai to gegonc ti an o algri-

Qrnoc ektleshc tou algorjmou