Lecture 3.2: Public Key
Cryptography II
CS 436/636/736
Spring 2012
Nitesh Saxena
Today’s Informative/Fun Bit –
Acoustic Emanations
•
•
http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
anations&btnG=Google+Search
http://tau.ac.il/~tromer/acoustic/
4/13/2015
Public Key Cryptography -- II
2
Course Administration
• HW2 – due at 11am on Feb 06
• Any questions, or help needed?
4/13/2015
Public Key Cryptography -- II
3
Outline of Today’s Lecture
• Number Theory
• Modular Arithmetic
4/13/2015
Public Key Cryptography -- II
4
Modular Arithmetic
• Definition: x is congruent to y mod m, if m
divides (x-y). Equivalently, x and y have the
same remainder when divided by m.
Notation: x  y(modm)
Example: 14  5(mod 9)
• We work in Zm = {0, 1, 2, …, m-1}, the group of
integers modulo m
• Example: Z9 ={0,1,2,3,4,5,6,7,8}
• We abuse notation and often write = instead
of 
4/13/2015
Public Key Cryptography -- II
5
Addition in Zm :
• Addition is well-defined:
if
x  x' (modm)
y  y ' (modm)
then
x  y  x' y ' (modm)
– 3 + 4 = 7 mod 9.
– 3 + 8 = 2 mod 9.
4/13/2015
Public Key Cryptography -- II
6
Additive inverses in Zm
• 0 is the additive identity in Zm
x  0  x(modm)  0  x(modm)
• Additive inverse of a is -a mod m = (m-a)
– Every element has unique additive inverse.
– 4 + 5= 0 mod 9.
– 4 is additive inverse of 5.
4/13/2015
Public Key Cryptography -- II
7
Multiplication in Zm :
• Multiplication is well-defined:
if
x  x' (modm)
y  y ' (modm)
then
x  y  x' y ' (modm)
– 3 * 4 = 3 mod 9.
– 3 * 8 = 6 mod 9.
– 3 * 3 = 0 mod 9.
4/13/2015
Public Key Cryptography -- II
8
Multiplicative inverses in Zm
• 1 is the multiplicative identity in Zm
x 1  x(modm)  1 x(modm)
• Multiplicative inverse (x*x-1=1 mod m)
– SOME, but not ALL elements have unique
multiplicative inverse.
– In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3,
3*5=6, …, so 3 does not have a multiplicative
inverse (mod 9)
– On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2,
4*6=6, 4*7=1, so 4-1=7, (mod 9)
4/13/2015
Public Key Cryptography -- II
9
Which numbers have inverses?
• In Zm, x has a multiplicative inverse if and only
if x and m are relatively prime or gcd(x,m)=1
– E.g., 4 in Z9
4/13/2015
Public Key Cryptography -- II
10
Extended Euclidian: a-1 mod n
• Main Idea: Looking for inverse of a mod n means looking for x
such that x*a – y*n = 1.
• To compute inverse of a mod n, do the following:
– Compute gcd(a, n) using Euclidean algorithm.
– Since a is relatively prime to m (else there will be no inverse) gcd(a, n)
= 1.
– So you can obtain linear combination of rm and rm-1 that yields 1.
– Work backwards getting linear combination of ri and ri-1 that yields 1.
– When you get to linear combination of r0 and r1 you are done as r0=n
and r1= a.
4/13/2015
Public Key Cryptography -- II
11
Example – 15-1 mod 37
• 37 = 2 * 15 + 7
• 15 = 2 * 7 + 1
• 7=7*1+0
Now,
• 15 – 2 * 7 = 1
• 15 – 2 (37 – 2 * 15) = 1
• 5 * 15 – 2 * 37 = 1
So, 15-1 mod 37 is 5.
4/13/2015
Public Key Cryptography -- II
12
Modular Exponentiation:
Square and Multiply method
• Usual approach to computing xc mod n is
inefficient when c is large.
• Instead, represent c as bit string bk-1 … b0 and
use the following algorithm:
z = 1
For i = k-1 downto 0 do
z = z2 mod n
if bi = 1 then z = z* x mod n
4/13/2015
Public Key Cryptography -- II
13
Example: 3037 mod 77
z = z2 mod n
if bi = 1 then z = z* x mod n
i
4/13/2015
b
z
5
1
30
=1*1*30 mod 77
4
0
53
=30*30 mod 77
3
0
37
=53*53 mod 77
2
1
29
=37*37*30 mod 77
1
0
71
=29*29 mod 77
0
1
2
=71*71*30 mod 77
Public Key Cryptography -- II
14
Other Definitions
• An element g in G is said to be a generator of
a group if a = gi for every a in G, for a certain
integer i
– A group which has a generator is called a cyclic
group
• The number of elements in a group is called
the order of the group
• Order of an element a is the lowest i (>0) such
that ai = e
• A subgroup is a subset of a group that itself is
a group
4/13/2015
Public Key Cryptography -- II
15
Lagrange’s Theorem
• Order of an element in a group divides the
order of the group
4/13/2015
Public Key Cryptography -- II
16
Euler’s totient function
• Given positive integer n, Euler’s totient
function  (n) is the number of positive
numbers less than n that are relatively prime
to n
( p )  p  1
• Fact: If p is prime then
– {1,2,3,…,p-1} are relatively prime to p.
4/13/2015
Public Key Cryptography -- II
17
Euler’s totient function
• Fact: If p and q are prime and n=pq then
(n)  ( p  1)(q  1)
• Each number that is not divisible by p or by
q is relatively prime to pq.
– E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,,16,17,18,19,-,-,22,23,24,-,26,27,-,29,,31,32,33,34,-}
– pq-p-(q-1) = (p-1)(q-1)
4/13/2015
Public Key Cryptography -- II
18
Euler’s Theorem and Fermat’s Theorem
• If a is relatively prime to n then
( n)
a
 1modn
• If a is relatively prime to p then
ap-1 = 1 mod p
Proof : follows from Lagrange’s Theorem
4/13/2015
Public Key Cryptography -- II
19
Euler’s Theorem and Fermat’s Theorem
EG: Compute 9100 mod 17:
p =17, so p-1 = 16. 100 = 6·16+4. Therefore,
9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100
 (916)6(9)4 (mod 17)  (1)6(9)4 (mod 17)
 (81)2 (mod 17)  16
4/13/2015
Public Key Cryptography -- II
20
Some questions
• 2-1 mod 4 =?
• What is the complexity of
–
–
–
–
(a+b) mod m
(a*b) mod m
a-1 mod (m)
xc mod (n)
• Order of a group is 5. What can be the order of an element in
this group?
4/13/2015
Public Key Cryptography -- II
21
Further Reading
• Chapter 4 of Stallings
• Chapter 2.4 of HAC
4/13/2015
Public Key Cryptography -- II
22