1 / 12

Announcements: Congrats on reaching the halfway point once again! DES graded soon

DTTF/NB479: Dszquphsbqiz Day 21. Announcements: Congrats on reaching the halfway point once again! DES graded soon Short “pop” quiz on Ch 3. (Thursday at earliest) Reminder: pass in worksheet on using RSA today or tomorrow. Term project groups and topics due by Friday. Questions?

kherrera
Télécharger la présentation

Announcements: Congrats on reaching the halfway point once again! DES graded soon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DTTF/NB479: Dszquphsbqiz Day 21 • Announcements: • Congrats on reaching the halfway point once again! • DES graded soon • Short “pop” quiz on Ch 3. (Thursday at earliest) • Reminder: pass in worksheet on using RSA today or tomorrow. • Term project groups and topics due by Friday. • Questions? • This week: • Primality testing, factoring • Discrete Logs

  2. Plus-delta • 5-min

  3. Term projects • Use Ch 10 – 19 as inspiration. • Elliptic curves? • Quantum crypto? • Security protocols? • Deliverables: • A paper demonstrating your understanding of the topic • A 20-min in-class presentation 9th/10th week • Groups of ~3 to bound presentation time.

  4. Pulling 479 back into cache • RSA: public-key system: n, e known • Easy to encrypt • But need factorization of n (pq) to find d to decrypt. • Factorization is a “one-way” function • Builds on lots of ch 3 number theory, like Euclid, Fermat, and Euler. • You used Maple to send messages • You looked at some “implementation mistakes” (for example, using small values for e)

  5. Compositeness testing Oops, did I say primality testing? Today, we discuss three techniques that can guarantee a number is composite, and guess when one is prime. • Square Root Compositeness Theorem + • Fermat’s Theorem = • Miller-Rabin Compositeness Test

  6. Square Root Compositeness Theorem Given integers n, x, and y: Then n is composite, and gcd(x-y, n) is a non-trivial factor Proof: live in class Toy example showing 35 is composite using x=2 and y=12.

  7. Review • Fermat’s little theorem: • If n is prime and doesn’t divide a, then • Contrapositive: • If then n is composite • In practice, • If then n is probably prime • Rare counterexamples (15k our of first 10B ints) called pseudoprimes • Notes • Never gives factors • Compute using powermod

  8. Miller-Rabin Compositeness Test To test whether n is prime or composite Given odd n>1, write n-1=2km, where k >=1. Choose a base a randomly (or just pick a=2) Let b0=am(mod n) If b0=+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute bi=bi-12. If bi=1(mod n), stop. n is composite by SRCT, and gcd(bi-1-1,n) is a factor. If bi=-1(mod n), stop. n is probably prime by Fermat. If bk=1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat.

  9. Miller-Rabin So: k Given odd n>1, write n-1=2km, where k >=1. Choose a base a randomly (or just pick a=2) Let b0=am(mod n) If b0=+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute bi=bi-12. If bi=1(mod n), stop. n is composite by SRCT, and gcd(bi-1-1,n) is a factor. If bi=-1(mod n), stop. n is probably prime by Fermat. If bk=1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat. b0 b1 bk Big picture: Fermat on steroids By doing a little extra work (finding k to change the order of the powermod), we can call some pseudoprimes composite and find some of their factors

  10. Examples of Miller-Rabin • n=189 • n=561 (Fermat says prob prime) Given odd n>1, write n-1=2km, where k >=1. Choose a base a randomly (or just pick a=2) Let b0=am(mod n) If b0=+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute bi=bi-12. If bi=1(mod n), stop. n is composite by SRCT, and gcd(bi-1-1,n) is a factor. If bi=-1(mod n), stop. n is probably prime by Fermat. If bk=1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat. Big picture: Fermat on steroids By doing a little extra work (finding k to change the order of the powermod), we can call some pseudoprimes composite and find some of their factors Those composites that even get by M-R are called strong pseudoprimes (~20% of pseudoprimes < 10B). Why does it work?

  11. Using within a primality testing scheme n Odd? no div by other small primes? no Fermat? yes Prime by Factoring/advanced techn.? yes prime

  12. Using within a primality testing scheme n • Finding large probable primes • #primes < x = Density of primes: ~1/ln(x) For 100-digit numbers, ~1/230. So ~1/115 of odd 100-digit numbers are prime Can start with a random large odd number and iterate, applying M-R to remove composites. We’ll soon find one that is a likely prime. Maple’s nextprime() appears to do this, but also runs the Lucas test: http://www.mathpages.com/home/kmath473.htm Odd? no div by other small primes? no Pass M-R? yes Prime by Factoring/advanced techn.? yes prime

More Related