1 / 95

Security in Computing Chapter 12, Cryptography Explained Part 3

Security in Computing Chapter 12, Cryptography Explained Part 3. Summary created by Kirk Scott. This set of overheads corresponds to the third portion of section 12.1 in the book The overheads for Chapter 12 roughly track the topics in the chapter Keep this in mind though:

louvain
Télécharger la présentation

Security in Computing Chapter 12, Cryptography Explained Part 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in ComputingChapter 12, Cryptography ExplainedPart 3 Summary created by Kirk Scott

  2. This set of overheads corresponds to the third portion of section 12.1 in the book • The overheads for Chapter 12 roughly track the topics in the chapter • Keep this in mind though: • On some topics I simply go over the book’s material • On other topics I expand on the book’s material in a significant way • You are responsible not just for what’s in the book, but also what’s in the overheads that’s not in the book

  3. Book Section 12.1, Mathematics for CryptographySubsection Heading: Properties of Arithmetic • This is the sub-subheading covered in this portion of the overheads: • Computing Inverses • This topic will be covered in more detail than in the book

  4. Some Proofs and Fermat’s Little Theorem • This set of overheads falls into three sections: • 1. Preliminary Things Concerning Modular Fields • 2. Fermat’s Little Theorem, Statement and Preliminaries • 3. The Proof of Fermat’s Little Theorem

  5. 1. Preliminary Things Concerning Modular Fields • The claim was made in the previous set of overheads that if n is prime, then modular addition and multiplication form an algebraic field. • Most of the characteristics of a field result fairly clearly from the same characteristics in the integers. • For example: • (2 * 3) mod 5 = (3 * 2) mod 5 (commutativity) • because: • 2 * 3 = 3 * 2

  6. A comprehensive list of the properties of a field will not be repeated here • The fact that these properties hold for modular arithmetic with n prime will not be demonstrated. • However, the most important property of field from the cryptographic point of view is the existence of multiplicative inverses for all elements of the field. • This property does not obviously stem from the properties of regular arithmetic. • It is somewhat more daunting to establish, and that topic will be pursued now.

  7. If you refer back to the multiplication tables at the end of the previous set of overheads, in the examples shown it was clear that if n = 4, not prime, not every integer between 1 and 4 had an inverse. • It is relatively straightforward to show that for n composite, not all elements have inverses. • This is because it is precisely the factors of the composite numbers that do not have inverses.

  8. If n is Composite, Its Factors Don’t Have Inverses • This will be shown using contradiction • We’ll suppose that a factor of a composite has a modular inverse and find a contradiction • If n is composite, then there exist a and cnot equal to 1 such that: • ac = n • Now assume that a has an inverse: • (aa-1) mod n = 1

  9. (aa-1) mod n = 1 • By definition, this implies that there exists some p such that: • aa-1 = pn + 1 • Note that from this point on, we’re not doing modular arithmetic anymore • However, we are still dealing only with the set of integers

  10. Follow this set of transformations: • aa-1 = pn + 1 • aa-1 = p(ac) + 1 (substituting n = ac) • aa-1 = pac + 1 • aa-1 – pac = 1 • aa-1 – apc = 1 • a(a-1 – pc) = 1

  11. a(a-1 – pc) = 1 • This is a non-modular equation that has to hold in the integers • The only possible factorization of 1 in the integers is 1 * 1 • That implies that a, on the left, has to be 1 • However, this is a contradiction, because it was given that a, as a factor of n composite, was not equal to 1 • Therefore, the assumption that a had an inverse in the modular field base n has to be false

  12. If n is Prime, Each Element of the Field Has an Inverse • The next proposition of interest is that for n prime, every a, 0 < a < n, has an inverse. • The contents of the example multiplication table give a hint at how to show this. • Every row of the table is a permutation of the values 0 through n – 1, the only possible values in the field. • If you can show that for an arbitrary a, there can be no duplicates in a row, then one of the row elements has to be 1. • Thus, a has an inverse.

  13. This can be shown by contradiction. • We’re going to assume that there are duplicate entries in a row in the table and show that this leads to a contradiction. • Let n be prime, let a be between 0 and n, and also let there exist b, c, and d between 0 and n, where b is not equal to c. • The idea is that a is the value of the row. • b and c are the column values. • ab and ac are entries in the row.

  14. Assume that ab and ac multiply to the same result, d. • In other words, there are duplicate entries in the row of the multiplication table for value a. • This can be expressed as follows: • (ab) mod n = d and (ac) mod n = d

  15. (ab) mod n = d and (ac) mod n = d • The above statement implies that there exist some p and q such that: • ab = pn + d and ac = qn + d

  16. ab = pn + d and ac = qn + d • Without loss of generality, assume that p > q and subtract the second equality from the first: • ab – ac = (pn + d) – (qn + d) • ab – ac = pn - qn • ab – ac = n(p – q) • a(b – c) = n(p – q)

  17. a(b – c) = n(p – q) • There are contradictions lurking in the statement above. • They can be considered in two cases: • Case 1: (p – q) = 1 • Case 2: (p – q) > 1 • There are no other cases because we are dealing only with the set of non-negative integers, and (p – q) = 0 clearly leads nowhere.

  18. The equation we arrived at: • a(b – c) = n(p – q) • Case 1: (p – q) = 1 • This would mean that n is factorable as • a(b – c) • But n is prime, so this is a contradiction

  19. The equation we arrived at: • a(b – c) = n(p – q) • Case 2: (p – q) > 1 • This means that the expression on the left, a(b – c) is factorable as n(p – q) • Then, since n was chosen to be prime, n is a prime factor of the expression on the left • But a, b, and c were chosen to be smaller than n, and the quantity (b – c) would also be smaller than n • The contradiction is that a quantity can’t have a prime factor that is larger than the quantity itself

  20. The two cases (plus the 0 case) exhaust the possibilities • Both cases lead to contradictions • Therefore, the assumption that there are duplicates in a row in the modular multiplication table is false • Therefore, each row contains a 1 • Therefore, every element of a modular field has an inverse in the field

  21. To repeat, this argument works on the basis of understanding that the valid values in a row range from 0 to n – 1 and there are n entries in a row. • This means that if there are no duplicates there is a 1 in each row.

  22. Another Result: Does r! Have an Inverse in a Modular Field? • Induction came up first in considering the sum of the first n integers • Considering the inverse of the expression r! will also involve induction • The result isn’t earth-shaking and the proof isn’t hard • Getting up to speed with induction is worthwhile because it will be needed for Fermat’s theorem, the result of interest

  23. The question is, for some r, 0 < r < n, n prime, does the expression r! have an inverse in the modular field with n as its base? • To answer this question, it’s necessary to have a formal definition of factorial, ! • Because we’re interested in finding a multiplicative inverse, and 0 doesn’t have one anyway, the definition of factorial can start with 1

  24. Here is an inductive definition of factorial starting with 1: • 1! = 1 • r! = r(r – 1)! • A base case is given • Then the general case is given by defining f(r) in terms of f(r – 1)

  25. The full definition of factorial starts with 0! = 1 • Binomial coefficients will come up again, and when they do, the full definition will be needed.

  26. The task is to show that for some r, r < n, the expression r! has an inverse in the field. • Base case: 1! = 1, and 1 has an inverse in the field, namely itself. • Inductive step: Show that if for r < (n – 1), r! has an inverse in the field, then (r + 1)! also has an inverse in the field.

  27. If r! has an inverse, then there exists some p (its inverse) such that: • r!p ≡n 1 • By definition: • (r + 1)! = (r + 1)r! • But (r + 1) < n, so it has an inverse. • Notice this is just (r+1), not (r + 1)! • Let q ((r + 1)’s inverse) be given such that: • (r + 1)q ≡n 1

  28. We’re trying to show that (r + 1)! = (r + 1)r! has an inverse • Multiply the expression by the inverse of r!, p, and the inverse of (r + 1), q • (r + 1)!pq • = (r + 1)r!pq • = (r + 1)(r!p)q • = (r + 1)1q • = (r + 1)q • = 1

  29. This is not at all surprising • If each of two factors in an expression has an inverse, the inverse of the expression is the product of the inverses • In the substitution, the associative property did all of the work

  30. To recap: • 1! has an inverse. • Assuming an arbitrary factorial expression has an inverse you can show that the expression one larger also has an inverse. • Therefore, the factorial of any valid value in the field has an inverse.

  31. Observe that the foregoing can lead to another train of thought: • Given some r!, essentially what we’re saying is that it is equivalent, mod n, to some element of the field, u, 0 <= u < n • Does reducibility apply for inverses? • In other words, is the inverse of r! = inverse of u? • The answer seems to be yes, and this train of thought will not be pursued further.

  32. 2. Fermat’s Little Theorem, Statement and Preliminaries • Cryptography makes use of a theorem by Fermat, known as Fermat’s Little Theorem. • It has this name to distinguish it from another theorem of Fermat that is known as Fermat’s Last Theorem, or simply Fermat’s theorem. • As I go along in these notes, if I make reference to Fermat’s theorem, it is to be understood that I mean the Little theorem.

  33. For the sake of your liberal education, some information on Fermat’s “Big” Theorem follows. • Here is its statement: • An equation of the form xn + yn = zn does not have non-zero integer solutions for x, y and z when n > 2.

  34. Recall that for n = 2, you can find sets of numbers that are called Pythagorean triples. • Examples are {3, 4, 5}, {5, 12, 13}, and {9, 12, 15}. • The theorem says that you can’t find such triples for any power higher than 2.

  35. Pierre de Fermat died in 1665 and a marginal note he had written in one of his books stated that he had found a proof of this theorem. • A mathematician named Andrew Wiles, born and educated in England, who now lives in the United States, published the first proof in 1995. • It is said that he devoted 7 years of his professional life full time to solving the problem. • God knows how many years of their lives other people wasted unsuccessfully trying to solve this in the 300+ years since it was originally stated.

  36. Statement of Fermat’s Little Theorem • For n prime and a < n: • an ≡n a • In words: a to the nth power is equivalent mod n to a. • Stating this in another way, there exists some value p such that: • an = pn + a

  37. Before trying to demonstrate this, it is worthwhile to see why this result is of interest. • It gives a way of finding a-1. • Recall that because n is prime, a does have an inverse.

  38. an ≡n a • Multiplying both sides of the equivalence by the inverse, a-1, once gives the following: • ana-1≡n aa-1 • an-1a1a-1 ≡n aa-1 • an-11 ≡n aa-1 • an-1 ≡n 1

  39. an-1 ≡n 1 • Multiplying both sides of the equivalence by the inverse, a-1, again gives the following: • an-1a-1 ≡n 1a-1 • an-2 a1 a-1 ≡n 1a-1 • an-2 1≡n 1a-1 • an-2 ≡n a-1

  40. On the left you get an integral power of a. • On the right you get the inverse of a, a-1. • Computationally, you can find the inverse of a by raising it to the (n – 2)nd power and taking the modulus base n.

  41. A thumbnail example will illustrate how this works. • Let a = 3 and n = 5. • This is what the theorem states: • 35 ≡5 3

  42. Multiply both sides by a-1 a.k.a. 3-1 • 35a-1 ≡5 3a-1 • 353-1 ≡5 31*3-1 • 34 ≡5 1 • Check: • 34 = 81 • 81 = 5 * 16 + 1

  43. Multiply both sides again by a-1 a.k.a. 3-1 • 34a-1 ≡5 1a-1 • 343-1 ≡5 1a-1 • 33 ≡5 a-1 • 27 ≡5 a-1 • Find the value: • 27 mod 5 = 2, so a inverse should be 2

  44. Check: • 2 * 3 = 6 mod 5 = 1 • 2 * 3 gives the multiplicative identity, so 2 and 3 are inverses of each other

  45. A Possible Source of Confusion • The presentation of Fermat’s Little Theorem may lead to some confusion • Consider these steps: • 34a-1 ≡5 1a-1 • 343-1 ≡5 1a-1 • 33 ≡5 a-1 • It may “feel like” you’re multiplying by 1/3 on the left

  46. This is not the case • You are working on a modular equivalence, not a regular arithmetic expression. • We know how to shift from a modular expression to one that doesn’t involve modulus

  47. Take this expression for example: • 35 ≡5 3 • This is what it says, without modulus: • 35 = p*5 + 3 • In this expression, if I multiplied by 3-1, I would be multiplying by 1/3

  48. In these expressions, you’re multiplying by the modular inverse—whatever it may be—that you’re trying to find out • 34a-1 ≡5 1a-1 • 343-1 ≡5 1a-1 • 33 ≡5 a-1

  49. Binomial Coefficients • The binomial coefficients turned up earlier when discussing the number of sub-graphs in a graph of n nodes • A result concerning the binomial coefficients will be needed when proving Fermat’s theorem, so they are presented again here. • This is the notation: • In English, this is read “n choose r”.

  50. This is a verbal explanation: • Given a set of n elements, how many different ways are there to choose a subset of r elements • The ordering of the r does not make a difference—in other words, subsets are not considered different if they contain the same elements, even if they are in a different order.

More Related