Professional Documents
Culture Documents
Set of Residues
12/25/2023 2
Inverses
12/25/2023 3
Additive Inverse
Note
Note
Solution
There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers
0, 2, 4, 5, 6, and 8 do not have a multiplicative inverse.
6
Note
12/25/2023 7
Fermat's Theorem
• ap-1 mod p = 1
– where p is prime and gcd(a,p)=1
• also known as Fermat’s Little Theorem
• useful in public key and primality testing
12/25/2023 8
Euler Totient Function ø(n)
• when doing arithmetic modulo n
• complete set of residues is: 0..n-1
• reduced set of residues is those numbers
(residues) which are relatively prime to n
– eg for n=10,
– complete set of residues is {0,1,2,3,4,5,6,7,8,9}
– reduced set of residues is {1,3,7,9}
• number of elements in reduced set of residues
is called the Euler Totient Function ø(n)
12/25/2023 9
Euler Totient Function ø(n)
• to compute ø(n) need to count number of
elements to be excluded
• in general need prime factorization, but
– for p (p prime) ø(p) = p-1
– for p.q (p,q prime) ø(p.q) = (p-1)(q-
1)
• eg.
– ø(37) = 36
– ø(21) = (3–1)×(7–1) = 2×6 = 12
12/25/2023 10
Euler's Theorem
• a generalisation of Fermat's Theorem
• aø(n)mod n = 1
– where gcd(a,n)=1
• eg.
– a=3;n=10; ø(10)=4;
– hence 34 = 81 = 1 mod 10
– a=2;n=11; ø(11)=10;
– hence 210 = 1024 = 1 mod 11
12/25/2023 11
Modular Exponentiation
5350 mod 7
1. 350= 256+64+16+8+4+2
(350)10 =(101011110)2
2. 52 mod 7 = 25 mod 7= 4
54 mod 7 = (52 )2 mod 7 = 16 mod 7 =2
58 mod 7 =(54 )2 mod 7 = 4 mod 7 =4
516 mod 7 = (58 )2 mod 7 = 16 mod 7 =2
564 mod 7 =(516)4 mod 7 = 16 mod 7 =2
5256 mod 7 =(564)4 mod 7 = 16 mod 7 =2
3. 5350 mod 7
=5256+64+16+8+4+2 mod 7
= 2.2.2.4.2.4 mod 7
= 256 mod 7
12/25/2023 12
=4
Public-Key Cryptography
• probably most significant advance in the 3000
year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic
concepts to function
• complements rather than replaces private key
crypto
12/25/2023 13
Security of Public Key Schemes
• like private key schemes brute force exhaustive
search attack is always theoretically possible
• but keys used are too large (>512bits)
• security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
• more generally the hard problem is known, but is
made hard enough to be impractical to break
• requires the use of very large numbers
• hence is slow compared to private key schemes
12/25/2023 14
RSA
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key scheme
• uses large integers (e.g., 1024 bits)
• security due to cost of factoring large numbers
12/25/2023 15
RSA Key Setup
• each user generates a public/private key pair by:
• selecting two large primes at random - p,q
• computing their system modulus n=p.q
-define ø(n)=(p-1)(q-1)
• selecting at random the encryption key e
• where 1<e<ø(n), gcd(e,ø(n))=1
• solve following equation to find decryption key d
– e.d=1 mod ø(n) and 0≤d≤n
• publish their public encryption key: PU={e,n}
• keep secret private decryption key: PR={d,n}
12/25/2023 16
RSA Use
• to encrypt a message M the sender:
– obtains public key of recipient PU={e,n}
– computes: C = Me mod n, where 0≤M<n
• to decrypt the ciphertext C the owner:
– uses their private key PR={d,n}
– computes: M = Cd mod n
• note that the message M must be smaller
than the modulus n
12/25/2023 17
Why RSA Works
• because of Euler's Theorem:
• aø(n)mod N = 1
– where gcd(a,N)=1
• in RSA have:
– N=p.q
– ø(N)=(p-1)(q-1)
– carefully chosen e & d to be inverses mod ø(N)
– hence e.d=1+k.ø(N) for some k
• hence :
Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))k =
M1.(1)k = M1 = M mod N
12/25/2023 18
RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x 10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
12/25/2023 19
RSA Example - En/Decryption
• sample RSA encryption/decryption is:
• given message M = 88
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88
12/25/2023 20
https://www.chiragbhalodia.com/
12/25/2023 2021/09/rsa-algorithm-with-
example.html
Exercise
• P and Q are two prime numbers. P=3, and
Q=11. Take public key e=3. If original message
is 00111011, then what will be cipher text
value and private key value according to RSA
algorithm? Again calculate plain text value
from cipher text.
12/25/2023 22
Efficient Decryption
• decryption uses exponentiation to power d
– this is likely large, insecure if not
• can use the Chinese Remainder Theorem
(CRT) to compute mod p & q separately. then
combine to get desired answer
– approx 4 times faster than doing directly
• only owner of private key who knows values of
p & q can use this technique
12/25/2023 24
RSA Security
• possible approaches to attacking RSA are:
– brute force key search (infeasible given size of
numbers)
– mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n)
– chosen ciphertext attacks (given properties of
RSA)
12/25/2023 25
Diffie-Hellman Key Exchange
Color Mixing Example
The Problem of Key Exchange
• One of the main problems of symmetric key
encryption is it requires a secure & reliable
channel for the shared key exchange.
for every integer a coprime to p, there is an integer k such that gk ≡ a (mod p).
Such k is called the discrete logarithm of a to the base g modulo p. g is the
primitive root.
12/25/2023 36
primitive root modulo p
For a given prime number p, a primitive root g is an integer such that the set of
residues {g1 mod p,g2 mod p ,g3 mod p,…,gp−1 mod p} covers all integers from 1 to
p−1 (excluding p).
12/25/2023 37
• We will rely on the formula below being an
easy problem one direction and hard in
reverse.
• a = gk mod p
– Easy: given g, k, & p, solve for a
– Hard: given a, g, & p, solve for k
Pick g < p
• g must be a primitive root of p. (g <p)
• A primitive root generates the finite field p.
• Every n in {1, 2, …, p-1} can be written as gk mod p
• Example: 2 is a primitive root of 5
20 = 1 21 = 2 22 = 4 23 = 3 (mod 5)
Definition : A field is a nonempty set F of elements with two operations
“+” and “‧” satisfying the following axioms.
– (i) F is closed under + and ‧; i.e., a+b and a‧b are in F.
– (ii) Commutative laws: a+b=b+a, a‧b=b‧a
– (iii) Associative laws: (a+b)+c=a+(b+c) , (a‧b)‧c=a‧(b‧c)
– (iv) Distributive law: a‧(b+c) = a‧b + a‧c
– (v) (vi) Identity: a+0 = a , a‧1 = a for all a F. 0 ‧a = 0.
– (vii) Additive inverse (viii) Multiplicative inverse
12/25/2023 39
Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
xA
– compute their public key: yA = α mod q
• each user makes public that key yA
Diffie-Hellman Calculation
6. Result:
Both Alice and Bob have the same shared secret (2) without exchanging their private keys over the insecure
12/25/2023 43
channel.
• In a public key cryptosystem using RSA,user
uses two prime numbers 5 and 7. He chooses
11 as encryption key, find out decryption key.
What will be the cipher text if plain text is 2?
12/25/2023 44
• Alice and Bob want to establish a shared secret key using Diffie-Hellman
key exchange. They agree on a prime number p = 17 and a primitive root g
= 3. Alice's private key a is 5, and Bob's private key b is 8. Calculate the
shared secret key.
12/25/2023 45