1 / 38

CHAPTER 6: INTRODUCTION TO NUMBER THEORY

CHAPTER 6: INTRODUCTION TO NUMBER THEORY Topics to be covered - prime numbers, relative prime numbers, modular arithmetic, discovering primes, finding inverses of large primes, Euclid’s algorithm, Fermat’s theorem, & Euler’s totient function

adolfo
Download Presentation

CHAPTER 6: INTRODUCTION TO NUMBER THEORY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 6: INTRODUCTION TO NUMBER THEORY Topics to be covered - prime numbers, relative prime numbers, modular arithmetic, discovering primes, finding inverses of large primes, Euclid’s algorithm, Fermat’s theorem, & Euler’s totient function Motivation - public key cryptography is based on large primes that have to be generated & tested using modular arithmetic. Fermat & Eulers work is used to determine whether numbers are prime or relatively prime. Euclid’s algorithm is used to find multiplicative inverses that are needed to find appropriate encryption keys in public key cryptography. Chapter 6: Number Theory

  2. Prime Numbers in Cryptography Numbers used - Non-negative integers Prime # - A positive integer > 1 is prime iff it is evenly divisible (has a zero remainder) by only two other numbers = 1 & itself. Divisor - If a & b are positive integers, and b  0, b is a divisor of a (i.e., b divides a) if a = mb for some integer m, such that a/b = m Notation - b|a means b divides a with no remainder, or b is a divisor of a. Examples: Positive divisors of 36 are: 1, 2, 3, 4, 6, 9, 12, 18, & 36 (i.e., 36 is not a prime number) Positive divisors of 17 are: 1 & 17 (i.e., 17 is a prime number) Chapter 6: Number Theory

  3. Properties of Divisors If a|1, then a = 1 (if a divides 1, then a must be 1 - any larger a would produce a non-integer - fractional result) If a|b and b|a, then a = b (if not =, one of the divisions would produce a fraction - 2|4, but 4|2 isn’t true). a|0 for all a  0 (i.e., 0/5 = 0, but 0/0  0) If a|k and a|l, then a|(mk + nl) for arbitrary m & n That is, since a|k, then k must be of the form k = ak1, and If a|l, then l is of the form l = al1, for some integers, k1 and l1 Then: For a|(mk + nl), and substituting for k & l, we have a|(mak1 + nal1) = a|a(mk1 + nl1), so a divides (mk + nl) If a = 6; k = 36; l = 54, m = 2; n = 3 6|36 = 6 & 6|54 = 9, so does 6|(2x36 + 3x54) and = (2x6x6 + 3x6x9) = 6(2x6 + 3x9), so 6|(2x36 + 3x54) a|(m x k + n x l) Chapter 6: Number Theory

  4. Prime Numbers - Special Cases of Divisors Prime = Integer p > 1 with only divisors being 1 & p. Also means a prime is a whole number that is not the product of 2 smaller integers. Primes < 100 = 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97. Primes < 2000, see Stallings, pg 209. Primes: For the first 10,000, see http://www.utm.edu/research/primes/ lists/small/10000.html The number 1 is not considered a prime - creates problems in the mathematics of primes Chapter 6: Number Theory

  5. Relatively Prime Numbers Two numbers are relatively prime if their gcd (greatest common divisor) or gcf (greatest common factor) = 1. gcd (a, b) means the greatest common divisor of a & b If gcd (a, b) = c, then c is a divisor of a & b (i.e., c|a, c|b), and any divisor of c is a divisor of a & b (i.e., d|c means d|a & d|b) Example: gcd (10,100) = 10 gcd (24, 36) = 12 gcd (a, 0) = a, since all pos integers > 0 divide 0 Method: Find factors of each number, then match up their common factors Chapter 6: Number Theory

  6. Common Factors gcd (102, 5292) Factors of 102 = 2 x 51 = 2 x 3 x 17= 2 x 3 x 17 = 21 x 31 x 171 Factors of 5292 = 2 x 2646 = 2 x 2 x 1323 = 2 x 2 x 27 x 49 = 2 x 2 x 3 x 9 x 7 x 7 = 2 x 2 x 3 x 3 x 3 x 7 x 7 = 22 x 33 x 72 So, 102 = 20 x 21 x 31 x 171 5292 = 20 x 22 x 33 x 72 Common factors (divisors) are 2, and 3 Since gcd(gcf) > 1, these numbers are not relatively prime. Chapter 6: Number Theory

  7. Common Factors The case we are interested in is gcd = 1 Consider gcd (5, 14) Factors of 5 are 1, 5 Factors of 14 are: 1, 2, 7, and 14 They share only the one common factor = 1, thus 5 &14 are relatively prime! Another method: Form 14/5 = 2, remainder 4 Form 5/4 = 1, remainder 1 Form 4/1 = 4, remainder 0 Last divisor = gcd = 1 Chapter 6: Number Theory

  8. Euclid’s Algorithm - greatest common factors Iterative method, by removing factors. That is: For x & y, with x > y: (x, y) and (x - y, y) have the same gcd Example: (100,10) gcf = 10 (100-10,10) = (90,10) gcf = 10 (90-10,10) = (80,10) gcf = 10 ……. (20-10, 10) = (10,10) gcf = 10 (10-10, 10) = (0,10) no gcf terminates with y = gcf This is true because if d|x & d|y, then y = kd & x = jd, so x - y = jd - kd = (j - k)d (i.e., the difference of x & y have same gcd) Chapter 6: Number Theory

  9. Euclid’s Algorithm - greatest common factors The same behavior holds in modulo arithmetic. In modulo arithmetic: gcd(a, b) = gcd(a, a mod b) Example: gcd(100,10) = gcd(100, 100 mod 10) 100 mod 10; 100/10 = 10, R = 0 True because if d = gcd(a, b), then d|a & d|b If 10 = gcd(100,10), then 10|100 & 10|10 This simply means that d is a divisor of a & b and also a divisor of a mod b. This is the basis for Euclid's algorithm Chapter 6: Number Theory

  10. Euclid’s Algorithm - gcd of X, Y 1 If Y = 0, done with gcd = X R = X mod Y X = Y Y = R GOTO 1 Example: gcd 595, 408 595/408 = 1, R = 187 (x mod y = 187) 408/187 = 2, R = 34 187/34 = 5, R = 17 34/17 = 2, R = 0 17/0 Y is = 0 Stop gcd 595, 408 = 17 Note: Straightforward, but computationally intense for large numbers Chapter 6: Number Theory

  11. Discovering Primes Many methods, oldest being the Sieve of Eratosthenes. Given the first 100 numbers (1-100) 1. Remove 1 since it is not a prime by definition 2. Test 2 to see if it is only divisible by 1 and itself. Keep 2, it passes. 3. Cross out every number divisible by 2 since they are composite numbers with 2 as a factor. 4. Test 3. Keep 3, it passes. 5. Eliminate all multiples of 3 since they contain 3 as a factor 6. Test 5. Keep 5, it passes. (we didn’t do 4 - a factor of 2). Repeat this process for all numbers up to 100. Easy to understand, but like Euclid is computationally intense. Chapter 6: Number Theory

  12. Example - Sieve of Eratosthenes 1 is eliminated, so starting matix is: 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Chapter 6: Number Theory

  13. Example - Sieve of Eratosthenes Test 2, it is prime, retain 2, and eliminate all multiples of 2 since they are composite numbers with 2 as a factor 02 03 05 07 09 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99 Chapter 6: Number Theory

  14. Example - Sieve of Eratosthenes Test 3, it is prime, retain 3, and eliminate all multiples of 3 since they are composite numbers with 3 as a factor 02 03 05 07 11 13 17 19 23 25 29 31 35 37 41 43 47 49 53 55 59 61 65 67 71 73 77 79 83 85 89 91 95 97 Chapter 6: Number Theory

  15. Example - Sieve of Eratosthenes Test 5, it is prime, retain 5, and eliminate all multiples of 5 since they are composite numbers with 5 as a factor 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 49 53 59 61 67 71 73 77 79 83 89 91 97 Chapter 6: Number Theory

  16. Example - Sieve of Eratosthenes Test 7, it is prime, retain 7, and eliminate all multiples of 7 since they are composite numbers with 7 as a factor 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Chapter 6: Number Theory

  17. Example - Sieve of Eratosthenes Test 11, it is prime, retain 11, and eliminate all multiples of 11 since they are composite numbers with 11 as a factor (there aren’t any). In fact we have discovered all the primes less than 100 (13, = 26, 39, 52, 65, 78 91) (17 = 34, 51, 68, 85), (19 = 38, 57, 76, 95), (23 = 46, 69, 92), (29 = 58, 87), (31 = 62, 93), (37 = 74), (41 = 82), (43 = 86), (47 = 94) --END 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Chapter 6: Number Theory

  18. Computing Primes - Some Properties The sieve sounds incredibly computationally intensive and dull! So how do we really compute primes? First, there are infinitely many primes. Why? Suppose you have a finite set of primes. Just multiply them all together and add 1. The result will not be divisible by any of the primes in your set (the remainder will always be one when you divide). It is not in your set - you have a new prime! Example: the set is 2,3,5,7 - all primes 2x3x5x7 = 210 + 1 = 211; is it prime - yep! 2x3x5x7x11 = 2,310 + 1 = 2311; is it prime - yep! Chapter 6: Number Theory

  19. Computing Primes - More Properties Primes thin out as the numbers get bigger (result of multiplying). 3 digit primes 25 in 100 (1 out of 4 numbers - 25%) 10 digit primes , 1 in 23 - 4.3% 100 digit primes, 1 in 230 - .43% Going through all of them like the sieve does is too slow. We are interested in about 100 - 150 digit primes. That means if we guess a 150 digit number, we have 1 chance in 230 of it being a prime. Not an infeasible test. If you test 230 150 digit numbers, the probability it will be a prime is about .63. So, on average you will need to test about 230 numbers before you find a prime. Chapter 6: Number Theory

  20. Modulo Arithmetic Given some positive integers, a & n; a/n = q + r (quotient + remainder) Or a = n(q) + r, 0 < r < n; for 5/3 = 1 + 2 or 1, 2. Consider; Chapter 6: Number Theory

  21. Modulo Arithmetic a, a positive integer will appear somewhere on the line. If a is a multiple of n it will appear in the same location as one of the n’s with r = 0. If a is not a multiple of n, it will appear between two n’s, and the distance between the lower n and a = r, the remainder or residue. This relationship can also be expressed in terms of modulo arithmetic. That is, a modulo n, or a mod n = the remainder of a/n If a = 17, n = 7, then a/n = 2x7 + 3, so a mod n = 3 Just like clock arithmetic 12 hours then repeat with no carry. Chapter 6: Number Theory

  22. Modulo Arithmetic - Properties Congruence: If a mod n = b mod n, a & b are congruent; a  b mod n a  b mod n if n|(a-b), n divides a-b a  b mod n implies a mod n = b mod n; as above a  b mod n implies b = a mod n a  b mod n and b  c mod n implies a  mod n Arithmetic operations (normal operations hold) [(a mod n) + (b mod n)] mod n = (a + b) mod n [(a mod n) - (b mod n)] mod n = (a - b) mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n See Stallings, pg 213 for worked examples. Chapter 6: Number Theory

  23. Inverses - Key Basis for Asymmetrical Encryption/Decryption Addition, Modulo 10 0 1 2 3 4 5 6 7 8 9 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 0 2 3 4 5 6 7 8 9 0 1 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1 2 3 5 6 7 8 9 0 1 2 3 4 6 7 8 9 0 1 2 3 4 5 7 8 9 0 1 2 3 4 5 6 8 9 0 1 2 3 4 5 6 7 9 0 1 2 3 4 5 6 7 8 Chapter 6: Number Theory

  24. Inverses Observe that if (a + b)  (a + c) mod n, then b  c mod n For a = 5; b = 23; c = 7, n = 8 If (5 + 23)  (5 + 7) mod 8; then 23  7 mod 8. Is this true? Part 1: Is (5 + 23)  (5 + 7) mod 8? (5 + 23) = 28; 28/8 = 3, 4 (i.e., r = 4), and (5 + 7) mod 8 = 12 mod 8 = 12/8 = 1, 4 (i.e., r = 4) OK! Part 2: Is 23  7 mod 8? 23/8 = 2, 7 (i.e., r = 7), and 7 mod 8 = 0, 7 (I.e., r = 7) OK! So, what is the point? This is true because there is an additive inverse. It is the number you would have to subtract from the original number to get 0. That is: (a + b) - a  -a + (a + c) mod n, or b  c mod n Chapter 6: Number Theory

  25. Inverses in Cryptography Consider an input string to be encrypted = 3692. Add a constant mod 10 to map the string to a new string (char by char) (3 + 6) mod 10 = 9 (6 + 6) mod 10 = 2 (9 + 6) mod 10 = 5 (2 + 6) mod 10 = 8 The string is encrypted 3692 = 9258 Now use the additive inverse of; 6 + ? = 0; ? = 4 (9 + 4) mod 10 = 3 (2 + 4) mod 10 = 6 (5 + 4) mod 10 = 9 (8 + 4) mod 10 = 2 The string is decrypted! This is a simple substitution cipher (e.g., Caesar). The only difference is numbers are used instead of letters.  Chapter 6: Number Theory

  26. Inverses in Cryptography - Multiplicative 0 1 2 3 4 5 6 7 8 9 x 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 0 0 0 1 2 3 4 5 6 7 8 9 0 2 4 6 8 0 2 4 6 8 0 3 6 9 2 5 8 1 4 7 0 4 8 2 6 0 4 8 2 6 5 0 0 5 0 5 0 5 0 5 0 6 2 8 4 0 6 2 8 4 0 7 4 1 8 5 2 9 6 3 8 0 6 4 2 0 8 6 4 2 0 9 8 7 6 5 4 3 2 1 If this works like addition, we should be able to encrypt and decrypt. Trouble is, we can with some numbers, but not all. Chapter 6: Number Theory

  27. Multiplicative Inverses in Cryptography For the string 8732 and a constant = 5 mod 10 (8 x 5) mod 10 = 0; i.e., 40/10 = 4, 0 (7 x 5) mod 10 = 5 (3 x 5) mod 10 = 5 (2 x 5) mod 10 = 0 So half the characters mapped to 0 and half to 5 (no uniqueness). However, if we use 3 mod 10: (8 x 3) mod 10 = 4 (7 x 3) mod 10 = 1 (3 x 3) mod 10 = 9 (2 x 3) mod 10 = 6 Looks better, but do inverses work? Chapter 6: Number Theory

  28. Multiplicative Inverses in Cryptography The multiplicative inverse of n is m, where (n x m) mod 10 = 1 So the inverse should be (3 x m) mod 10 = 1; m = 7. For 4196: (4 x 7) mod 10 = 8 (1 x 7) mod 10 = 7 (9 x 7) mod 10 = 3 (6 x 7) mod 10 = 2; So… the inverse decrypts the cipher! What is the condition that makes 3 work and 5 not work? If (a x b)  (a x c) mod n, the b  c mod n, iff a is relatively prime to n because ((a-1) x a x b)  ((a-1) x a x c) mod n = b  c mod n, OR a mod n will not produce a complete & unique set of residues if a & n have any factors in common except 1! Chapter 6: Number Theory

  29. Multiplicative Inverses in Cryptography So what is the implication for cryptography? We use one number to encrypt and a second number, the inverse to decrypt - as long as an inverse exists. These numbers are the keys and they are asymmetrical (public key cryptography). Finding inverses of the simple integer was easy, but how do we find inverses for large keys (56, 90, 128 bits)? Use an extended version of Euclid’s gcd algorithm. For the notation GCD (d, f) = 1, d has a multiplicative inverse mod f such that for d < f, there exists a d-1, such that d x d-1 = 1 mod f and the algorithm is given in detail by Stallings (page 152). Chapter 6: Number Theory

  30. Multiplicative Inverses by Euclid’s Algorithm Euclid (d, f) 1 (X1,X2,X3)  (1, 0, f); (y1, Y2, Y3)  (0, 1, d) 2 IF Y3 = 0, RETURN X3 = GCD (d, f); No inverse 3 If Y3 = 1, RETURN Y3 = GCD (d, f); Y2 = d-1 mod f 4 Q = X3/Y3 5 (T1,T2,T3)  (X1 - QY1, X2 - QY2, X3 - QY3) 6 (X1,X2,X3)  (Y1,Y2,Y3) 7 (Y1,Y2,Y3)  (T1,T2,T3) 8 GOTO 2 Relationships: fT1 + dT2 = T3; fX1 + dX2 = X3; fY1 + dY2 = Y3 X3 & Y3 are comparable to X & Y in the original Euclid’s algorithm. Chapter 6: Number Theory

  31. Euler’s Totient Function It is useful to know how many numbers less than n are relatively prime to n. In the case of 10, we know 1, 3, 7, and 9 are relatively prime to 10. In the general case, the number of relative primes for some prime number n is (n), where  is Euler’s Totient Function. If n is a prime number (divisible by only 1 and itself), then all the integers (1, 2, 3….n-1) are relatively prime to n, so (n) = n-1. Thus, the gcd for any prime number n, for any number less than n, must be exactly 1, so all numbers less than n are relatively prime to n! If n is a product of two primes, p and q, such that n = pq, there are (p-1)(q-1) numbers relatively prime to n and (n) = (p-1)(q-1). Chapter 6: Number Theory

  32. Fermat’s Theorem Fermat's theorem states: an-1 = 1 mod n; if a and n are relatively prime Also (a)(an-1) = (a)(1 mod n) or simply that an = a mod n, if n & a are relatively prime. Euler's Theorem a(n) = 1 mod n; if a and n are relatively prime true, because if n is prime, then (n) = n-1, so (n) can be substituted in Fermat's Theorem and be = 1 mod n Chapter 6: Number Theory

  33. Modulo Exponentiation We would expect modulo exponentiation to operate similar to modulo multiplication since exponentiation is a repeated form of multiplication. 212 = 4096 = 6 mod 10; 4096/10 = Q + R = 409 + 6 In exponentiation, like multiplication, not all numbers have inverses. We know that numbers without inverses cannot be used to encrypt because they give ambiguous results. The behavior of prime numbers, the characteristics of modular arithmetic as well as the functions and theorems just described form the basis for public key cryptography using algorithms like RSA. Chapter 6: Number Theory

  34. The Rivest, Shamir, and Adelman (RSA) Algorithm RSA is an asymmetrical (public key) algorithm that uses two keys, one public and one private. Keys are variable in length and typically on the order of 512 bits. The basic algorithm is: 1. Generate two large prime numbers, p & q, say 512 bits long. 2. Multiply the prime numbers p & q together; p x q = n 3. Keep p & q secret. 4. Generate a public key A. Choose a number e, relatively prime to (n). Since p & q are known, you know (n) = (p-1)(q-1). B. The public key is [e, n] 5. Generate a private key. Chapter 6: Number Theory

  35. The RSA Algorithm - contd A. Find the multiplicative inverse d = e mod (n) B. the private key is [d, n] 6. To encrypt a message, m < n, use the public key e and compute: me mod n = c 7. To decrypt the encrypted message, compute: m = cd mod n using the private key d RSA derives its capability to encrypt and decrypt from number theory. It derives its strength from the difficulty in factoring large prime numbers n into the factors p & q which is computationally unfeasible for large n. Chapter 6: Number Theory

  36. Selecting p, q, and e We know that we have to pick the primes p & q, and then e. From these we compute (p-1), (q-1), n, (n), and d. We already said we could find q and p by trying some large numbers and we know e must be relatively prime to (p-1)x(q-1). Finally we compute de = 1 mod (n) using euler’s algorithm. What about e? Two options: 1. Pick p & q, choose e at random and test for primality with (p-1)(q-1). If not, select another e. 2. Select e first, then select p-1 & q-1 to be relatively prime to e. In reality we tend to pick e first. Moreover, e is often picked to be 3. Chapter 6: Number Theory

  37. Picking a small e Turns out RSA security is not weakened by either a small e or if e is always the same number. The advantage is that if e, the public key, is small, operations with the public key are fast. Two popular values of e are 3 and 65537 (216 = 1). 3 because it takes 2 multiplies to encrypt 65537 takes 17 multiplies A 512 bit number takes about 768, on average multiplies There are some precautions problems in using 3. Short messages need to be padded (easy) and message encrypted with the same key should not be sent to more than 2 recipients. Chapter 6: Number Theory

  38. The Strength of the RSA Algorithm Only the public key = [e, n] is known, p & q and the private key are kept secret. To find the private key an adversary must find the exponential inverse of e mod n = d Creating the keys is relatively easy since two large primes p & q were used to create n order 512-1024 bits. (n) was also required and easy to compute = (p-1)(q-1). Finding d requires that the adversary find p & q by factoring n. Factoring a 512 bit number was formidable - required on the order of 30,000 MIP-Years in 1995, but is no longer considered secure. 1024 bit numbers are still considered secure. Chapter 6: Number Theory

More Related