127_Inside PK Cryptography:Math and Implementation
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (129.29 KB, 49 trang )
Inside PK
Cryptography:
Math and Implementation
Sriram Srinivasan
(“Ram”)
Agenda
Introduction to PK Cryptography
Essential Number Theory
Fundamental Number Theorem
GCD, Euclid’s algorithm
Linear combinations
Modular Arithmetic
Euler’s Totient Function
Java implementation of RSA
Sriram Srinivasan
2/47
Security Issues
Authentication, Authorization, and
Encryption, Non-repudiation
Shared Secrets (e.g passwords, Enigma)
Something shared, something (else)
secret
Concept by Ellis, Cocks and Williams
Popularly attributed to Diffie and Hellman
Algorithm by Rivest, Shamir and Adelman
Used everywhere: https, SSL, email, certificates.
Sriram Srinivasan
3/47
Public Key Cryptography
Consider a pair of magic pens.
You want to send a message to me
Write with one, use the other to decode.
Symmetric: either can be used to encode
You borrow one of my pens and write with it.
I decode it with my other pen.
Avoids problems of shared secrets
Same tools for authentication, encryption
and non-repudiation.
Sriram Srinivasan
4/47
Mathematics
Fundamental Theorem of
Arithmetic
All numbers are expressible as a unique
product of primes
10 = 2 * 5, 60 = 2 * 2 * 3 * 5
Proof in two parts
1. All numbers are expressible as products
of primes
2. There is only one such product sequence
per number
Sriram Srinivasan
6/47
Fundamental Theorem proof
First part of proof
All numbers are products of primes
Let S = {x | x is not expressible as a product of primes
Let c = min{S}.
c cannot be prime
Let c = c1 . c2
c1, c2 < c ⇒ c1, c2 ∉ S (because c is min{S})
∴c1, c2 are products of primes ⇒ c is too
∴S is an empty set
Sriram Srinivasan
7/47
Fundamental Theorem proof
Second part of proof
The product of primes is unique
Let n = p1p2p3p4… = q1q2q3q4…
Cancel common primes. Now unique primes on both si
Now, p1 | p1p2p3p4
⇒ p1 | q1q2q3q4…
⇒ p1 | one of q1, q2, q3, q4…
⇒ p1 = qi which is a contradiction
Sriram Srinivasan
8/47
GCD (Greatest Common
Divisor)
gcd(a,b) = the greatest of the divisors of
a,b
Many ways to compute gcd
Extract common prime factors
Express a, b as products of primes
Extract common prime factors
gcd(18, 66) = gcd(2*3*3, 2*3*11) = 2*3 = 6
Factoring is hard. Not practical
Euclid’s algorithm
Sriram Srinivasan
9/47
Euclid’s algorithm
a
1
b
r=a%b
b
2
r
r
3
r1
r1 = b % r
r % r1 = 0.
∴gcd (a,b) = r1
Sriram Srinivasan
10/47
Euclid’s algorithm proof
Proof that r1 divides a and b
r1 | r
b = r1 + r
a = qb + r
r1 | b
r1 | r
r1 | b
r1 | a
Sriram Srinivasan
11/47
Euclid’s algorithm proof
(contd)
Proof that r1 is the greatest divisor
Say, c | a and c | b
c | qb + r
c|r
c | q’b + r1
c | r1
Sriram Srinivasan
12/47
Linear Combination
ax + by = “linear combination” of a and b
12x + 20y = {…, -12,-8,-4,0,4,8,12, … }
The minimum positive linear combination
of a & b = gcd(a,b)
Proof in two steps:
1. If d = min(ax+by) and d > 0, then d | a, d
|b
2. d is the greatest divisor.
Sriram Srinivasan
13/47
GCD & Linear combination
(contd.)
Let S = {z = ax + by | z > 0 }
Let d = min{S} = ax1 + by1
Let a = qd + r. 0 <= r < d
r = a - qd = a - q(ax1 + by1)
r = a(1 - qx1) + (-qy1)b
If r > 0, r ∈ S
But r < d, which is a contradiction, because d = min{
∴r = 0
⇒ d|a
Sriram Srinivasan
14/47
GCD & Linear combination
(contd.)
Second part of proof
Any other divisor is smaller than d
Let c | a, c | b, c > 0
a = cm, b = cn
d = ax1 + by1 = c(mx1 + ny1)
⇒ c|d
⇒ d is the gcd
Sriram Srinivasan
15/47
Summary 1
All numbers are expressible as unique
products of prime numbers
GCD calculated using Euclid’s algorithm
gcd(a,b) = 1 ⇒ a & b are mutually prime
gcd(a,b) equals the minimum positive
ax+by linear combination
Sriram Srinivasan
16/47
Modular/Clock Arithmetic
1:00 and 13:00 hours are the same
1:00 and 25:00 hours are the same
1 ≡ 13 (mod 12)
a ≡ b (mod n)
n is the modulus
a is “congruent” to b, modulo n
a - b is divisible by n
a%n=b%n
Sriram Srinivasan
17/47
Modular Arithmetic
a ≡ b (mod n), c ≡ d (mod n)
Addition
a - b = jn
c - d = kn
aa++c c- (b
+ k) nn)
≡ +
b d)
+=
d (j(mod
Multiplication
ac ≡ bd (mod n)
Sriram Srinivasan
18/47
Modular Arithmetic (contd.)
Power
a ≡ b (mod n) ⇒ ak ≡ bk (mod n)
Using induction,
If ak ≡ bk (mod n),
a . ak ≡ b . bk (mod n), by multiplication rule
∴ ak+1 ≡ bk+1 (mod n)
Going n times around the clock
a + kn ≡ b (mod n)
Sriram Srinivasan
19/47
Chinese Remainder Theorem
m ≡ a (mod p), m ≡ a (mod q)
⇒ m ≡ a (mod pq) (p,q are primes)
m-a = cp.
Now, m-a is expressible as p1. p2 .p3 . . .
If m - a is divisible by both p and q,
p and q must be one of p1 , p2 , p3
⇒ m - a is divisible by pq
Sriram Srinivasan
20/47
GCD and modulus
If gcd(a,n) = 1, and a = b (mod n),
then gcd(b,n) = 1
a ≡ b (mod n) ⇒ a = b + kn
gcd(a,n) = 1
ax1 + ny1 = 1, for some x1 and y1
(b + kn)x1 + ny1 = 1
bx1 + n(kx1 + y1) = bx1 + ny2 = 1
gcd(b,n) = 1
Sriram Srinivasan
21/47
Multiplicative Inverse
If a, b have no common factors, there
exists ai such that a.ai ≡ 1 (mod b)
ai is called the “multiplicative inverse”
gcd(a,b) = 1 = ax1+ by1, for some x1 and y1
ax1 = 1 – by1
ax1 = 1 + by2
(making y2 = -y1)
ax1 - 1 = by2
ax1 ≡ 1 (mod b) (x1 is the multiplicative inverse)
Sriram Srinivasan
22/47
Summary 2
Modular arithmetic
Addition, multiplication, power, inverse
Chinese Remainder Theorem
If m ≡ a (mod p) and m ≡ a (mod q),
then m ≡ a (mod pq)
Relationship between gcd and modular
arithmetic
gcd(a,b) = 1
⇒ aai ≡ 1 (mod b)
Sriram Srinivasan
23/47
Euler’s Totient function
φ(n) = Totient(n)
= Count of integers ≤ n coprime to n
φ (10) = 4
(1, 3, 7, 9 are coprime to 10)
φ (7) = 6 (1, 2, 3, 4, 5, 6 coprime to 10)
φ(p) = p - 1, if p is a prime
Sriram Srinivasan
24/47
Totient lemma #2: product
φ(pq) = (p - 1)(q - 1) = φ(p) . φ(q)
if p and q are prime
Which numbers ≤ pq share factors with pq?
1.p, 2.p, 3.p, … (q-1)p and
1.q, 2.q, 3.q, … (p-1)q and
pq
The rest are coprime to pq. Count them.
φ(pq) = pq - (p - 1) - (q - 1) - 1 = (p - 1)(q - 1)
Sriram Srinivasan
25/47
