1 / 60

CHAPTER 6: NUMBER THEORY Topics : - prime numbers, relative prime numbers, modular arithmetic, discovering primes, fin

CHAPTER 6: NUMBER THEORY Topics : - prime numbers, relative prime numbers, modular arithmetic, discovering primes, finding inverses of large primes, Euclid’s algorithm, Fermat’s theorem, & Euler’s totient function. Motivation: - public key cryptography is based on large

didrika
Télécharger la présentation

CHAPTER 6: NUMBER THEORY Topics : - prime numbers, relative prime numbers, modular arithmetic, discovering primes, fin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 6: NUMBER THEORY Topics: - prime numbers, relative prime numbers, modular arithmetic, discovering primes, finding inverses of large primes, Euclid’s algorithm, Fermat’s theorem, & Euler’s totient function. Motivation: - public key cryptography is based on large primes that have to be generated & tested using modular arithmetic. Fermat & Euler’s work is used to prime or relatively prime numbers. Euclid’s algorithm finds multiplicative inverses that are needed to find appropriate encryption keys in public key cryptography. Chapter 6: Number Theory

  2. Prime Numbers in Cryptography Numbers used - Non-negative integers Prime # - A positive integer > 1 is prime iff it is evenly divisible (zero remainder) by only two other numbers = 1 & itself. Divisor- If a & b are positive integers, and b  0, b is a divisor of a (b divides a) if a = mb for some integer m, such that a/b = m. Divisors of 36: 1, 2, 3, 4, 6, 9, 12, 18, & 36 (not a prime #). Divisors of 17 are: 1 & 17 (i.e., 17 is a prime #). Chapter 6: Number Theory

  3. Properties of Divisors Notation - b|a means b divides a with no remainder, or b is a divisor of a. If a|1, then a = 1 (if a divides 1, a must be 1 - any larger a would produce a non-integer - fractional result). If a|b and b|a, then a = b (if not =, one of the divisions would produce a fraction - 2|4, but 4|2 isn’t true). a|0 for all a  0 (i.e., 0/5 = 0, but 0/0  0). Chapter 6: Number Theory

  4. More Properties of Divisors If a|k and a|l, then a|(mk + nl) for arbitrary m & n That is, since a|k, then k must be of the form k = ak1. If a|l, then l is of the form l = al1, for some integers, k1 and l1. Then: For a|(mk + nl), and substituting for k & l, we have a|(mak1 + nal1) = a|a(mk1 + nl1), so a divides (mk + nl). Example: If a = 6; k = 36; l = 54, m = 2; n = 3 6|36 = 6: 6|54 = 9, and so does 6|(2x36 + 3x54) and = (2x6x6 + 3x6x9) = 6(2x6 + 3x9), 6|(2x36 + 3x54) This is of the form a|(m x k + n x l) Chapter 6: Number Theory

  5. Prime Numbers - Special Cases of Divisors Prime = Integer p > 1 with only divisors being 1 & p. Also means a prime is a whole number that is not the product of 2 smaller integers. Primes < 100 = 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97. Primes < 2000, see Stallings, pg 237. Primes: 1st 10,000, see http://www.utm.edu/research/ primes/lists/small/10000.html. 1 is not considered a prime. Chapter 6: Number Theory

  6. Relatively Prime Numbers Two numbers are relatively prime if their gcd (greatest common divisor) or gcf (greatest common factor) = 1. gcd (a, b) means the greatest common divisor of a & b. If gcd (a, b) = c, then c is a divisor of a & b (i.e., c|a, c|b), and any divisor of c is a divisor of a & b (i.e., d|c means d|a & d|b). Chapter 6: Number Theory

  7. GCD Example Given: The following pairs, find the gcds: gcd (10,100) = 10 gcd (24, 36) = 12 gcd (a, 0) = a, since all pos integers > 0 divide 0 GCD Method: Find factors of each number, then match up their common factors. Chapter 6: Number Theory

  8. Common Factors Method gcd (102, 5292) 102 = 2 x 51 = 2 x 3 x 17= 2 x 3 x 17 = 21 x 31 x 171 5292 = 2 x 2646 = 2 x 2 x 1323 = 2 x 2 x 27 x 49 2 x 2 x 3 x 9 x 7 x 7 = 2 x 2 x 3 x 3 x 3 x 7 x 7 = 22 x 33 x 72 So, 102 = 20 x 21 x 31 x 171 5292 = 20 x 22 x 33 x 72 Common factors are 2, and 3 (7 & 17 are not common) Since gcd(gcf) > 1, the numbers are not relatively prime. Chapter 6: Number Theory

  9. Common Factors The case we are interested in is gcd = 1 Consider gcd (5, 14) Factors of 5 are 1, 5 Factors of 14 are: 1, 2, 7, and 14 They share only the one common factor = 1, thus 5 &14 are relatively prime! Chapter 6: Number Theory

  10. Common Factors – Another Method Step 1: Form 14/5 = 2, remainder 4 Step 2: Form 5/4 = 1, remainder 1 Step 3: Form 4/1 = 4, remainder 0 Last divisor = gcd = 1 This is an iterative method, where the factors are successively removed. Step 1 begins with a division, then the quotient is Discarded, the divisor is brought down to Step 2 and the remainder from the previous step becomes the new divisor. Terminates when the remainder is 0. Chapter 6: Number Theory

  11. Euclid’s Algorithm - greatest common factors For x & y, with x > y: (x, y) and (x - y, y) have same gcd. Example: (100,10) gcf = 10 (100-10,10) = (90,10) gcf = 10 (90-10,10) = (80,10) gcf = 10 ……. (20-10, 10) = (10,10) gcf = 10 (10-10, 10) = (0,10) no gcf terminates with y = gcf This is because if d|x & d|y, then y = kd & x = jd, so x - y = jd - kd = (j - k)d (i.e., differences have same gcd). Chapter 6: Number Theory

  12. Euclid’s Algorithm - greatest common factors The same behavior holds in modulo arithmetic. In modulo arithmetic: gcd(a, b) = gcd(a, a mod b) Example: gcd(100,10) = gcd(100, 100 mod 10) 100 mod 10; 100/10 = 10, R = 0 True because if d = gcd(a, b), then d|a & d|b. If 10 = gcd(100,10), then 10|100 & 10|10. This means d is a divisor of a & b and also a divisor of a mod b. Chapter 6: Number Theory

  13. Euclid’s Algorithm - gcd of X, Y Given X and Y, where X > Y 1 If Y = 0, done with gcd = X R = X mod Y X = Y Y = R GOTO 1 Chapter 6: Number Theory

  14. Euclid’s Algorithm - gcd of X, Y Example: gcd 595, 408 595/408 = 1, R = 187 (x mod y = 187) 408/187 = 2, R = 34 187/34 = 5, R = 17 34/17 = 2, R = 0 17/0 Y is = 0 Stop gcd 595, 408 = 17 Note: Computationally intense for large numbers. Chapter 6: Number Theory

  15. Discovering Primes Many methods, oldest = Sieve of Eratosthenes. Given the first 100 numbers (1-100) 1. Remove 1 since it is not a prime by definition 2. Test 2 to see if it is only divisible by 1 and itself. Keep 2, it passes. 3. Cross out every number divisible by 2 since they are composite numbers with 2 as a factor. 4. Test 3. Keep 3, it passes. 5. Eliminate all multiples of 3 since they contain 3 as a factor 6. Test 5. Keep 5, it passes. (we didn’t do 4 - a factor of 2). Repeat this process for all numbers up to 100. Chapter 6: Number Theory

  16. Example - Sieve of Eratosthenes 1 is eliminated, so starting matrix is: 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Chapter 6: Number Theory

  17. Example - Sieve of Eratosthenes Test 2, retain 2, eliminate all multiples of 2 since they are composite numbers with 2 as a factor. 02 03 05 07 09 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99 Chapter 6: Number Theory

  18. Example - Sieve of Eratosthenes Test 3, retain 3, eliminate multiples of 3. 02 03 05 07 11 13 17 19 23 25 29 31 35 37 41 43 47 49 53 55 59 61 65 67 71 73 77 79 83 85 89 91 95 97 Chapter 6: Number Theory

  19. Example - Sieve of Eratosthenes Test 5, retain 5, eliminate multiples of 5. 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 49 53 59 61 67 71 73 77 79 83 89 91 97 Chapter 6: Number Theory

  20. Example - Sieve of Eratosthenes Test 7, retain 7, eliminate multiples of 7. 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Chapter 6: Number Theory

  21. Example - Sieve of Eratosthenes Test 11, retain 11, eliminate multiples of 11 (there aren’t any). We could go on, but all the remaining # are also primes. 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Chapter 6: Number Theory

  22. Example - Sieve of Eratosthenes We have discovered all the primes less than 100. The sieve computationally intensive (and dull)! 02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Chapter 6: Number Theory

  23. Computing Primes - Some Properties There are infinitely many primes. Why? Suppose you have a finite set of primes. Just multiply them all together and add 1. The result will not be divisible by any of the primes in your set (the remainder will always be one when you divide). It is not in your set and you have a new prime! Example: the set is 2,3,5,7 - all primes 2x3x5x7 = 210 + 1 = 211; is it prime - yep! 2x3x5x7x11 = 2,310 + 1 = 2311; is it prime - yep! Chapter 6: Number Theory

  24. Computing Primes - More Properties Primes thin out for larger primes (result of multiplying). 3 digit primes 25 in 100 (1 out of 4 numbers - 25%) 10 digit primes , 1 in 23 - 4.3% 100 digit primes, 1 in 230 - .43% Going through all of them like the sieve does is too slow. We need 100 - 150 digit primes. If we guess a 150 digit number, we have 1 chance in 230 of it being a prime. This is computationally feasible. Chapter 6: Number Theory

  25. Primes - More Properties This also means you must generate and test candidate Prime numbers. If you test 230 150 digit numbers, the probability it will be a prime is about .63. So, on average you will need to test about 230 numbers before you find a prime. Chapter 6: Number Theory

  26. Modulo Arithmetic Given the positive integers, a & n; a/n = produces a quotient + remainder. Or a = n(q) + r, 0 < r < n; for 5/3 = 1 + 2 or 1, 2. Consider the reals expressed from 0 to some large value (q+1)n: Chapter 6: Number Theory

  27. Modulo Arithmetic a, a positive integer, can appear anywhere on the line. If a is a multiple of n it will appear in the same location as one of the n’s with r = 0. If a is not a multiple of n, it appears between 2 n’s, and the distance between the lower n and a = r, the remainder or residue. Chapter 6: Number Theory

  28. Modulo Arithmetic The same relationship can be expressed in modulo (or modular) arithmetic. That is, a modulo n, or a mod n = the remainder of a/n. If a = 17, n = 7, then a/n = 2 + 3, so 7 mod 17 = 3 17/7 = Q of 2, R or 3 This is clock arithmetic (i.e., 12 hours then repeat with no carry). Chapter 6: Number Theory

  29. Modulo Arithmetic - Properties Congruence: If a mod n = b mod n, a & b are congruent. Notation: a  b mod n (a is congruent to b mod n) a  b mod n if n|(a-b); If n divides a-b a  b mod n implies a mod n = b mod n; as above a  b mod n implies b = a mod n a  b mod n and b  c mod n implies a  mod n Chapter 6: Number Theory

  30. Modulo Arithmetic - Properties Arithmetic operations (normal operations hold) [(a mod n) + (b mod n)] mod n = (a + b) mod n [(a mod n) - (b mod n)] mod n = (a - b) mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n See Stallings, page 111 for worked examples. Chapter 6: Number Theory

  31. Inverses - Preliminaries Observe that if (a + b)  (a + c) mod n, then b  c mod n For a = 5; b = 23; c = 7, n = 8 If (5 + 23)  (5 + 7) mod 8; then 23  7 mod 8. Is this true? Part 1: Is (5 + 23)  (5 + 7) mod 8? (5 + 23) = 28; 28/8 = 3, 4 (i.e., r = 4), and (5 + 7) mod 8 = 12 mod 8 = 12/8 = 1, 4 (i.e., r = 4) OK! Part 2: Is 23  7 mod 8? 23/8 = 2, 7 (i.e., r = 7), and 7 mod 8 = 0, 7 (i.e., r = 7) OK! So, what is the point? Chapter 6: Number Theory

  32. Inverses This is true because there is an additive inverse. It is the number you would have to subtract from the original number to get 0. That is: (a + b) - a  -a + (a + c) mod n, or b  c mod n Chapter 6: Number Theory

  33. Inverses - Key for Asymmetrical Encryption/Decryption Rules for Addition, Modulo 10 0 1 2 3 4 5 6 7 8 9 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 0 2 3 4 5 6 7 8 9 0 1 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1 2 3 5 6 7 8 9 0 1 2 3 4 6 7 8 9 0 1 2 3 4 5 7 8 9 0 1 2 3 4 5 6 8 9 0 1 2 3 4 5 6 7 9 0 1 2 3 4 5 6 7 8 Chapter 6: Number Theory

  34. Inverses in Cryptography We will use one number to encrypt and its inverse to decrypt. Consider an input string to be encrypted = 3692. Add a constant mod 10 to map the string to a new string (character by character). (3 + 6) mod 10 = 9 (6 + 6) mod 10 = 2 (9 + 6) mod 10 = 5 (2 + 6) mod 10 = 8 The encrypted string for 3692 = 9258  Chapter 6: Number Theory

  35. Inverses in Cryptography Now use the additive inverse of 6; it is 6 + x = 0; x = 4 to decrypt (inverse is taken from the table). (9 + 4) mod 10 = 3 (2 + 4) mod 10 = 6 (5 + 4) mod 10 = 9 (8 + 4) mod 10 = 2 The encrypted string is decrypted! This is a simple substitution cipher (e.g., Caesar). The only difference is numbers were used instead of letters. But – easy to break – lets do something harder! Chapter 6: Number Theory

  36. Inverses in Cryptography - Multiplicative 0 1 2 3 4 5 6 7 8 9 x 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 0 0 0 1 2 3 4 5 6 7 8 9 0 2 4 6 8 0 2 4 6 8 0 3 6 9 2 5 8 1 4 7 0 4 8 2 6 0 4 8 2 6 5 0 0 5 0 5 0 5 0 5 0 6 2 8 4 0 6 2 8 4 0 7 4 1 8 5 2 9 6 3 8 0 6 4 2 0 8 6 4 2 0 9 8 7 6 5 4 3 2 1 If this works like addition, we should be able to encrypt and decrypt. Trouble is, it only works part of the time. We can encrypt/decrypt some, but not all, numbers. Chapter 6: Number Theory

  37. Multiplicative Inverses in Cryptography Encrypt the string 8732 using a muliplicative constant of: 5 mod 10 (8 x 5) mod 10 = 0; (40/10 = 4, 0) (7 x 5) mod 10 = 5; (35/10 = 3, 5) (3 x 5) mod 10 = 5; (15/10 = 1, 5) (2 x 5) mod 10 = 0; (10/10 = 1, 0) So the encrypted string would be 0550. Trouble is, half the characters mapped to 0 and half to 5. We might guess this is a problem since results are not unique. Chapter 6: Number Theory

  38. Multiplicative Inverses in Cryptography However, if we use 3 mod 10 we get unique results: (8 x 3) mod 10 = 4; (24/10 = 2, 4) (7 x 3) mod 10 = 1; (21/10 = 2, 1) (3 x 3) mod 10 = 9; (9/10 = 0, 9) (2 x 3) mod 10 = 6; (6/10 = 0, 6) The result is 4196. This looks better, but do inverses work? Can we decrypt? Chapter 6: Number Theory

  39. Multiplicative Inverses in Cryptography The multiplicative inverse of n is m, where (n x m) mod 10 = 1. The multiplicative inverse of 3 is (3 x m) mod 10 = 1; so m = 7. Decrypting 4196 (previous slide) using 7 : (4 x 7) mod 10 = 8 (1 x 7) mod 10 = 7 (9 x 7) mod 10 = 3 (6 x 7) mod 10 = 2; So… the inverse decrypts the cipher! What is the condition that makes 3 work and 5 not work? Chapter 6: Number Theory

  40. Multiplicative Inverses in Cryptography Why 3 works. If (a x b)  (a x c) mod n, then b  c mod n, if and only if (iff) a is relatively prime to n. Because ((a-1) x a x b)  ((a-1) x a x c) mod n = b  c mod n, This is in accordance with Fermat’s theorem. That is, a mod n will not produce a complete & unique set of residues if a & n have any factors in common except 1! Chapter 6: Number Theory

  41. Finding Multiplicative Inverses - Fermat For any prime p and any element a < p; ap mod p = a OR ap-1 mod p = 1 Also… the inverse of a is x where ax mod p = 1 Substituting ax mod p = 1 = ap-1 mod p So x = ap-1 mod p/a mod p = ap-2 mod p The inverse of 3 mod 5 = 3-1 mod 5 = 35-2 mod 5 33 mod 5 = 27 mod 5 = Q = 5, R = 2 And 25-2 mod 5 = 23 mod 5 = 8 mod 5 = 3 Chapter 6: Number Theory

  42. Multiplicative Inverses in Cryptography So what is the implication for cryptography? We use one number to encrypt and a second number, the inverse to decrypt – but only if an inverse exists. A number and its inverse are used as the keys. They are asymmetrical (i.e., public key cryptography). Finding inverses of the simple integer was easy, but how do we find inverses for large keys (56, 90, 128 bits)? Chapter 6: Number Theory

  43. Finding Multiplicative Inverses Use an extended version of Euclid’s gcd algorithm. For the notation GCD (d, f) = 1, d has a multiplicative inverse mod f such that for d < f, there exists a d-1, such that d x d-1 = 1 mod f. This is the same as de = 1 mod (n), Euclid’s gcd algorithm is given in detail by Stallings (page 119). Chapter 6: Number Theory

  44. Multiplicative Inverses by Euclid’s Algorithm Euclid (d, f) 1 (X1,X2,X3)  (1, 0, f); (Y1, Y2, Y3)  (0, 1, d) 2 IF Y3 = 0, RETURN X3 = GCD (d, f); No inverse 3 If Y3 = 1, RETURN Y3 = GCD (d, f); Y2 = d-1 mod f 4 Q = X3/Y3 5 (T1,T2,T3)  (X1 - QY1, X2 - QY2, X3 - QY3) 6 (X1,X2,X3)  (Y1,Y2,Y3) 7 (Y1,Y2,Y3)  (T1,T2,T3) 8 GOTO 2 Relationships that hold during computation: fT1 + dT2 = T3; fX1 + dX2 = X3; fY1 + dY2 = Y3 X3 & Y3 are comparable to X & Y in the original Euclid’s algorithm. Chapter 6: Number Theory

  45. Euler’s Totient Function We need to know how many numbers less than n are relatively prime to n. For n = 10, we know 1, 3, 7, and 9 are relatively prime to 10. Generally, the number of positive integers that are relatively prime to a number n is (n), where  is Euler’s Totient Function. A number less than or equal to and relatively prime to a number is called a totative. The Totient Function, then, is simply the number of totatives of n. Chapter 6: Number Theory

  46. Euler’s Totient Function For example, the totient of 4 is defined as the number of numbers that are relatively prime to 4. Those numbers are 1 and 3. 2 isn’t a totative of 4 since it divides 4. So.. (4) = 2. Similarly: (20) = 1, 3, 7, 9, 11, 13, 17, 19 = 8 (24) = 1, 5, 7, 11, 13, 17, 19, 23 = 8 See Stallings, page 241 for the 1st 30 totatives (i.e., n = 1-30). Chapter 6: Number Theory

  47. Euler’s Totient Function For cryptography we are interested in certain totatives. If n is a prime number then all the integers (1, 2, 3….n-1) are relatively prime to n, so (n) = n-1. The gcd for any prime number n, for any number less than n, is = 1, so all numbers less than n are relatively prime to n. If n is a product of two primes, p and q, such that n = pq, there are (p-1)(q-1) numbers relatively prime to n and (n) = (p-1)(q-1). Chapter 6: Number Theory

  48. Theorems Important in Cryptography Fermat's theorem: an-1 = 1 mod n; if a and n are relatively prime. Also (a)(an-1) = (a)(1 mod n) or simply that an = a mod n, if n & a are relatively prime. Chapter 6: Number Theory

  49. Theorems Important in Cryptography Euler's Theorem: a(n) = 1 mod n; if a and n are relatively prime That is, if n is prime, then (n) = n-1, so (n) can be substituted in Fermat's Theorem and be = 1 mod n. We will use these to test candidate numbers for key generation. Chapter 6: Number Theory

  50. Modulo Exponentiation We would expect modulo exponentiation to operate similar to modulo multiplication since exponentiation is a repeated form of multiplication. That is: 212 = 2x2x2x2x2x2x2x2x2x2x2x2 = 4096, and 212 = 6 mod 10; 4096/10 = Q + R = 409 + 6 Chapter 6: Number Theory

More Related