Lect 7 RSA support (1)

(1)

Cryptography and Security

Mechanisms

Nazar Abbas Saqib

[email protected]

(2)

2

Agenda

Prime Numbers

(3)

•

An integer p > 1 is a prime number if its only divisors are ±1 and ±p

Primes Under 2000

(4)

(5)

(6)

(7)

(8)

Primality Testing

(9)

Primality Testing

(10)

Primality Testing

(11)

Fundamental Theorem of Arithmetic

Every integer

n

≥ 2 has a factorization as a product of

prime powers:

Where the

p

_i

are distinct primes, and the

e

_i

are positive

integers. Furthermore, the factorization is unique up to

the rearrangement of factors.

,

2 1

2

1

k

e

k

e

p

(12)

Factorization Prime Number

Trial division method

(13)

Factorization Prime Number

Trial division method

(14)

Determining GCD

GCD of any positive integers can be easily determined if

they are written as a product of prime powers:

(15)

15

RSA Factoring Challenge

Numbers are designated “RSA-XXXX”, where XXXX is the number’s length in bits

Challenge Number Prize ($US) Status

RSA-576 (174 Digits) $10,000 Factored (Dec 2003) RSA-640 (193 Digits) $20,000 Factored (Nov 2005) RSA-704 (212 Digits) $30,000 Not Factored

RSA-768 (232 Digits) $50,000 Not Factored RSA-896 (270 Digits) $75,000 Not Factored RSA-1024 (309 Digits) $100,000 Not Factored RSA-1536 (463 Digits) $150,000 Not Factored RSA-2048 (617 Digits) $200,000 Not Factored

RSA-704

Decimal Digits: 212

(16)

(17)

17

Relatively Prime Numbers

Two integers are relatively prime if there only common

positive integer factor is 1

(18)

Fermat’s Little Theorem (FLT)

Fermat’s Little theorem:

If p is prime and a is a positive integer not divisible by p, then

ap-1 ≡ 1 mod p

a=7, p=19

72 _{= 49} _≡ _{11 (mod 19)}

74 _{= 121}_≡ _{7 (mod 19)}

78 _{= 49}_≡ _{11 (mod 19)}

716 _{= 121}_≡ _{7 (mod 19)}

ap-1 _{= 7}18 _{= 7}16_x72 _≡ _7x11_≡_{1 (mod 19}

)

719 _{(mod 19) ?}

720 _{(mod 19) ?}

721 _{(mod 19) ?}

(19)

Fermat’s Little Theorem

• Alternative Form

If p is prime and a is a positive integer, then

a

p

≡

a mod

p

Example 1:

a=3, p=5 ap₌₃5 _{= 243}_≡ _{3 (mod 5)= a (mod p)}

Example 2:

a=10, p=5 ap₌₁₀5 _{= 100000}_≡ _{10 (mod 5)}_≡ _{0 (mod 5)}_≡ _a

(mod p)

(20)

Fermat’s Little Theorem-Application

8-1 mod 17=817-2 mod 17=815 mod 17=15 mod 17

(21)

Euler’s Phi-Function

Definition: Euler’s phi-function φ(n) is defined to be the

number of positive integers less than n (including 1) that are relatively prime to n

Example 1: Because 37 is prime, all positive integers from

1 through 36 are relatively prime. Thus _Ф(37)=36

Example 2: Ф(35)=24 ?

To determine _Ф(35), we list all of the positive integers less than 35 that are relatively prime to n

(22)

22

Euler’s Phi-Function

For two prime numbers p & q, with p≠q,

n=pq

Ф(n)= Ф(pq)= Ф(p) × Ф(q)= (p -1)×(q-1)

_Example:_Ф₍₂₁₎₌_Ф₍₃₎× _Ф₍₇₎₌_Ф_(3-1)× _Ф_(7-1)=2×₆₌₁₂

Where the 12 integers are

(23)

23

Euler Theorem

Euler’s theorem states that for every a and n that are relatively prime:

aФ(n)_≡ _{1 mod n}

_{Example 1: a=3,n=10;} _Ф₍₁₀₎₌₄ _aФ(n) _{= 3}4 ₌₈₁_≡ _{1 (mod 10) = 1}

(mod n)

_{Example 2: a=2,n=11;} _Ф_(11)=10 _aФ(n)_{= 2}10₌₁₀₂₄ _≡ _{1 (mod 11) = 1}

(mod n)

An alternative form of the theorem is:

aФ(n) +1 _≡ _{a mod n}

(24)

24

(25)

Modular Exponentiation

M

15

How many multiplications are needed??

Naïve Answer (requires 14 multiplications):

M

→

M

2

→

M

3

→

M

4

→

M

5

→

…

→

M

15

Binary Method (requires 6 multiplications):

(26)

Modular Exponentiation: Binary Method

Let k be the number of bits of e, i.e.,

Input: M, e, n.

Output: C := Me _{mod n}

1. If e_k-1 = 1 then C := M else C := 1; 2. For i = k-2 downto 0

3. C := C2 mod n

4. If e_i = 1 then C := C x M mod n

3. Return C;





(

)

(27)

Modular Exponentiation: Binary Method

Example: e = 250 = (11111010), thus k = 8

Initially, C = M since e

_k-1

= e

₇

= 1

i e_i _{Step 2a} _{Step 2b}

7 1 M M

6 1 (M₎2 _{= M}2 _M2

⋅M = M3

5 1 (M3₎2 _{= M}6 _M6

⋅M = M7

4 1 (M7₎2 _{= M}14 _M14

⋅M = M15

3 1 (M15₎2 _{= M}30 _M30

⋅M = M31

2 0 (M31₎2 _{= M}62 _M62

1 1 (M62₎2 _{= M}124 _M124

⋅M = M125

(28)

Discrete Logarithmic Problem

Many tools based on discrete logarithm problem

ax _{= y modulo n}

given x „easy“ to find y given y „hard“ to find x

Example?

102₌₁₀₀

Log₁₀100 = 2

Guess the values of ‘x’ when

5x_{=7 mod 19}

(29)

(30)

(31)

Chinese Remainder Theorem

1

mod

i i i

M

m

−

=

1 1 1 1 1

mod

M

m

− −





=









1 1 1

3 5 7

mod 3

3

M

− −



× ×



=









Solution: Four steps

1 1

1

35

2 mod 3

M

−

=

−

≡

1 1

2

21

1mod 5

M

−

=

−

≡

1 1

3

15

1mod 7