전북대학교전자공학부송상섭

Cryptology(W2)

Chapter 2Mathematics of Cryptography

Part I : Modular Arithmetic, Congruence, and Matrices

Euclid Algorithms

2

Catch me if you can…

3

Table of ContentsCryptography and Network Security Chapter 1 Introduction

Part 1 Symmetric-Key EnciphermentChapter 2 Mathematics of Cryptography Chapter 3 Traditional Symmetric-Key Ciphers Chapter 4 Mathematics of Cryptography Chapter 5 Introduction to Modern Symmetric-Key Ciphers Chapter 6 Data Encryption Standard (DES) Chapter 7 Advanced Encryption Standard (AES) Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers

Part 2 Asymmetric-Key EnciphermentChapter 9 Mathematics of CryptographyChapter 10 Asymmetric-Key Cryptography

Part 3 Integrity, Authentication, and Key Management Chapter 11 Message Integrity and Message Authentication Chapter 12 Cryptographic Hash Functions Chapter 13 Digital Signature Chapter 14 Entity Authentication Chapter 15 Key Management

Part 4 Network Security Chapter 16 Security at the Application Layer: PGP and S/MIME Chapter 17 Security at the Transport Layer: SSL and TLS Chapter 18 Security at the Network Layer: IPSec

4

Euclid Algorithm§ GCD (a, b) = the greatest common divisor of integers a and b.

5

Find the greatest common divisor of 2740 and 1760.

We have gcd (2740, 1760) = 20.

Example 2.7

i ri

01234567

27401760980780200180200

gcd (2740, 1760)

6

Find the greatest common divisor of 25 and 60.

We have gcd (25, 60) = 5.

Example 2.8

7

§ Given two integers a and b, we often need to find other two integers, sand t, such that

Extended Euclid Algorithm

The extended Euclidean algorithm can calculate the gcd (a, b) and atthe same time calculate the value of s and t.

Example : gcd (161, 28) = 7, s = −1 and t = 6.

7286161)1( =´+´-

8

Extended Euclidean algorithm

9

Given a = 161 and b = 28, find gcd (a, b) and the values of s and t.

We get gcd (161, 28) = 7, s = −1 and t = 6.

Example 2.9

i ri qi si ti

01234

161282170

513

101

-1

01

-56

10

Linear Diophantine EquationA linear Diophantine equation of two variables is ax + by = c.d = gcd(a, b).When d c, there is no solution. When d |c, there are infinite number of solutions. Divide the equation by d.

21x + 14y = 35 d = gcd(21, 14) = 7, and 7 | 35 infinitely many solutions:3x + 2y = 53s + 2t = 1 s = 1, t = -1

|

1 1 1a x b y c+ =1 1 1a s b t+ =

Particular solution: x0 = (c/d)s and y0 = (c/d)tGeneral solutions: x = x0 + k (b/d) and y = y0 − k(a/d), where k is an integer.

11

For example, imagine we want to cash a $100 check and get some $20and some $5 bills. We have many choices, which we can find by solvingthe corresponding Diophantine equation 20x + 5y = 100. Since d = gcd(20, 5) = 5 and 5 | 100, the equation has an infinite number of solutions,but only a few of them are acceptable in this case.

The general solutions with x and y nonnegative are

(0, 20), (1, 16), (2, 12), (3, 8), (4, 4), (5, 0).

Cashing a Check…

20x + 5y = 100

12

The modulo operation creates a set, which in modular arithmetic is referredto as the set of least residues modulo n, or Zn.

2.2.2 Set of Residues

Figure 2.9 Division algorithm and modulo operator

13

2.2.3 Congruence

Our clock system uses modulo 12 arithmetic. However, instead of a 0 we use the number 12.

14

2.2.4 Binary Operations in Zn

Perform the following operations(the inputs come from either Z or Zn):

a. Add 17 to 27 in Z14.

b. Subtract 43 from 12 in Z13.

c. Multiply 123 by −10 in Z19.

15

2.2.5 Inverses in ZnIn Zn, two numbers a and b are additive inverses of each other if

In Zn, two numbers a and b are the multiplicative inverse of each other if

16

Additive Inverses in ZnIn Zn, two numbers a and b are additive inverses of each other if

Find all additive inverse pairs in Z10.

The six pairs of additive inverses are(0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5, 5).

17

Multiplicative Inverses in ZnIn Zn, two numbers a and b are the multiplicative inverse of each otherif

Find all multiplicative inverses in Z10.

There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers 0, 2, 4, 5, 6,and 8 do not have a multiplicative inverse.

Find all multiplicative inverse pairs in Z11.

We have six pairs: (1, 1), (2, 6), (3, 4), (5, 9), (7, 8), and (10, 10).

The inverse of b exists only if gcd (n, b) = 1 (mod n)

18

How to find the multiplicative inverse of b in Zn ?

The inverse of b exists only if gcd (n, b) = 1 (mod n)

( ) ( ) 1s n t b´ + ´ =1 (mod )t b n´ =1 (mod )t b n-=

19

Using extended Euclidean algorithmFinding Multiplicative Inverses

The extended Euclidean algorithm finds the multiplicative inverses of b in Zn when n and b are given and gcd (n, b) = 1.

The multiplicative inverse of b is the value of t after being mapped to Zn.

Inverse exists only if gcd (n, b) = 1

20

Find the multiplicative inverse of 11 in Z26.

The gcd (26, 11) is 1; the inverse of 11 is -7 or 19.

i ri qi si ti

012345

26114310

2213

101

-23

01

-25

-7

The extended Euclidean algorithm finds the multiplicative inverses of b in Zn when n and b are given and gcd (n, b) = 1.

The multiplicative inverse of b is the value of t after being mapped to Zn.

21

Find the multiplicative inverse of 23 in Z100.

The gcd (100, 23) is 1; the inverse of 23 is -13 or 87.

i ri qi si ti

012345

100238710

4217

101

-23

01

-49

-13

22

2.2.6 Addition and Multiplication Tables

23

2-4 LINEAR CONGRUENCE

Cryptography often involves solving an equation or a set of equations of one or more variables with coefficient in Zn.

2.4.1 Single-Variable Linear Equations2.4.2 Set of Linear Equations

Topics discussed in this section:

24

2.4.1 Single-Variable Linear Equations

Equations of the form ax ≡ b (mod n) might have no solution or a limited number of solutions.

Assume that the gcd (a, n ) = d.

10 1 1 1modx a b n-=

1 1 1moda x b nº

there are d solutions.

1. Reduce the equation by dividing both sides by d.

2. Particular solution.

0

0 1

( / ) for 0,1,...,( 1)x x k n d k dx kn

= + = -= +

3. General solutions

25

Example 2.35Solve the equation 10 x ≡ 2(mod 15).

Solution

First we find the gcd (10, 15) = 5. Since 5 does not divide 2, we have no solution.

Solve the equation 14 x ≡ 12 (mod 18).

Solution

Example 2.36

gcd (14, 18 ) = 2. there are 2 solutions.

26

Example 2.37Solve the equation 3x + 4 ≡ 6 (mod 13).

Solution

First we change the equation to the form ax ≡ b (mod n). We add −4 (the additive inverse of 4) to both sides, which give 3x ≡ 2 (mod 13). Because gcd (3, 13) = 1, the equation has only one solution, which is x0 = (2 × 3−1) mod 13 = 18 mod 13 = 5. We can see that the answer satisfies the original equation: 3 × 5 + 4 ≡ 6 (mod 13).

27

2.4.2 Set of Linear EquationsWe can also solve a set of linear equations with the same modulus ifthe matrix formed from the coefficients of the variables is invertible.

Figure 2.27 Set of linear equations

28

Example 2.38

Solve the set of following three equations:

The result is x ≡ 15 (mod 16), y ≡ 4 (mod 16), and z ≡ 14 (mod 16).We can check the answer by inserting these values into the equations.

Solution

29

Assignment 1 (Due to March 21)§ Programming in C : algorithm for finding the multiplicative inverse.

§ Chapter 2 Exercises 24, 25, 29, 31, 32, 35, 37(b)(d), 40(b).