10 3 numth annotated tủ tài liệu bách khoa
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (287.45 KB, 10 trang )
Online
Cryptography
Course
Dan
Boneh
Intro.
Number
Theory
Modular
e’th
roots
Dan
Boneh
Modular
e’th
roots
We
know
how
to
solve
modular
linear
equaBons:
a⋅x
+
b
=
0
in
ZN
SoluBon:
x
=
−b⋅a-‐1
in
ZN
What
about
higher
degree
polynomials?
Example:
let
p
be
a
prime
and
c∈Zp
.
Can
we
solve:
x2
–
c
=
0
,
y3
–
c
=
0
,
z37
–
c
=
0
in
Zp
Dan
Boneh
Modular
e’th
roots
Let
p
be
a
prime
and
c∈Zp
.
Def:
x∈Zp
s.t.
xe
=
c
in
Zp
is
called
an
e’th
root
of
c
.
Examples:
71/3
=
6
in
31/2
=
5
in
21/2
does
not
exist
in
11/3
=
1
in
Dan
Boneh
The
easy
case
When
does
c1/e
in
Zp
exist?
Can
we
compute
it
efficiently?
The
easy
case:
suppose
gcd(
e
,
p-‐1
)
=
1
Then
for
all
c
in
(Zp)*:
c1/e
exists
in
Zp
and
is
easy
to
find.
Proof:
let
d
=
e-‐1
in
Zp-‐1
.
Then
d⋅e
=
1
in
Zp-‐1
⇒
Dan
Boneh
The
case
e=2:
square
roots
If
p
is
an
odd
prime
then
gcd(
2,
p-‐1)
≠
1
Fact:
in
,
x
⟶
x2
is
a
2-‐to-‐1
funcBon
x
−x
x2
Example:
in
:
1
10
1
2
9
3
8
4
7
5
6
4
9
5
3
Def:
x
in
is
a
quadraAc
residue
(Q.R.)
if
it
has
a
square
root
in
p
odd
prime
⇒
the
#
of
Q.R.
in
is
(p-‐1)/2
+
1
Dan
Boneh
Euler’s
theorem
Thm:
x
in
(Zp)*
is
a
Q.R.
⟺
x(p-‐1)/2
=
1
in
Zp
(p
odd
prime)
Example:
in
:
15,
25,
35,
45,
55,
65,
75,
85,
95,
105
=
1
-‐1
1
1
1,
-‐1,
-‐1,
-‐1,
1,
-‐1
Note:
x≠0
⇒
x(p-‐1)/2
=
1/2
p-‐1
(x ) =
11/2
∈
{
1,
-‐1
}
in
Z
p
Def:
x(p-‐1)/2
is
called
the
Legendre
Symbol
of
x
over
p
(1798)
Dan
Boneh
CompuBng
square
roots
mod
p
Suppose
p
=
3
(mod
4)
Lemma:
if
c∈(Zp)*
is
Q.R.
then
√c
=
c(p+1)/4
in
Zp
Proof:
When
p
=
1
(mod
4),
can
also
be
done
efficiently,
but
a
bit
harder
run
Bme
≈
O(log3
p)
Dan
Boneh
Solving
quadraBc
equaBons
mod
p
Solve:
a⋅x2
+
b⋅x
+
c
=
0
in
Zp
SoluBon:
x
=
(-‐b
±
√b2
–
4⋅a⋅c
)
/
2a
in
Zp
• Find
(2a)-‐1
in
Zp
using
extended
Euclid.
• Find
square
root
of
b2
–
4⋅a⋅c
in
Zp
(if
one
exists)
using
a
square
root
algorithm
Dan
Boneh
CompuBng
e’th
roots
mod
N
??
Let
N
be
a
composite
number
and
e>1
When
does
c1/e
in
ZN
exist?
Can
we
compute
it
efficiently?
Answering
these
quesBons
requires
the
factorizaBon
of
N
(as
far
as
we
know)
Dan
Boneh
End
of
Segment
Dan
Boneh
