power point slides chapter 09
TRANSCRIPT
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 1/48
6.1
Primes and Related
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 2/48
9.2
99--1 PRIMES1 PRIMES
Asymmetric Asymmetric--keykey cryptographycryptography usesuses primes primes extensivelyextensively. .
TheThe topictopic of of primes primes isis aa largelarge part part of of anyany book book onon
number number theorytheory. .
9.1.1 Definition
9.1.2 Cardinality of Primes
9.1.3 Checking for Primeness
9.1.4 Euler¶s Phi-Function
9.1.5 Fermat¶s Little Theorem
9.1.6 Euler¶s Theorem
9.1.7 Generating Primes
Topics discussed in this section:Topics discussed in this section:
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 3/48
9.3
9 .1.1 Definition
Figure 9.1 Three groups of positive integers
A prime is divisible only by itself and 1.
Note
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 4/48
9.4
9 .1.1 Continued
Many public-key cryptographic algorithms require selectingone or more large prime integers.
So an important concern in public-key cryptography is to
test a randomly selected integer for its primality.
An integer is prime if it has exactly two distinct divisors,
the integer 1 and itself.
We will also be very interested in two integers beingrelatively prime to each other. Such integers are also called
coprimes. Two integers m and n are coprimes if and only if
gcd(m, n) = 1. Therefore, whereas 4 and 9 are coprimes,
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 5/48
9.5
9 .1.1 Continued
What is the smallest prime?Example 9.1
Solution
The smallest prime is 2, which is divisible by 2 (itself) and 1.
List the primes smaller than 10.
Example 9.2
Solution
There are four primes less than 10: 2, 3, 5, and 7. It is interestingto note that the percentage of primes in the range 1 to 10 is 40%.
The percentage decreases as the range increases.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 6/48
9.6
9 .1.2 Cardinality of Primes
Infinite Number of Primes
There is an infinite number of primes.
Note
Number of Primes
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 7/48
9.7
9 .1.2 Continued
Find the number of primes less than 1,000,000.
Example 9.4
Solution
The approximation gives the range 72,383 to 78,543. The actual
number of primes is 78,498.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 8/48
9.8
G iven a number n, how can we determine if n is a prime?The answer is that we need to see if the number is
divisible by all primes less than
9 .1.3 Checking for Primeness
We know that this method is inefficient, but it is a good
start.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 9/48
9.9
9 .1.3 Continued
Is 97 a prime?
Example 9.5
Solution
The floor of 97 = 9. The primes less than 9 are 2, 3, 5, and 7.Weneed to see if 97 is divisible by any of these numbers. It is not, so
97 is a prime.
Is 301 a prime?
Example 9.6
Solution
The floor of 301 = 17.We need to check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore
301 is not a prime.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 10/48
9.10
9 .1.3 Continued
Prime numbers only have divisors of 1 and self * they cannot be written as a product of other numbers
* note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79
83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163
167 173 179 181 191 193 197 199
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 11/48
9.11
9 .1.3 Prime Factorisation
To factor a number n is to write it as a product of other numbers:
n=a × b × c
Any integer a > 1 can be factored in a unique way as
where p1 < p2 < ... < pt are prime numbers and where each is a
positive integer.
91 = 7 x 13
3600 = 24 x 32 x 52
11011 = 7 x 112 x 13
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 12/48
9.12
9 .1.3 Prime Factorisation
If P is the set of all prime numbers, then any positive integer a can
be written uniquely in the following form:
The prime factorisation of a number n is when its written as aproduct of primes .
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 13/48
9.13
9 .1.3 Relatively Prime Numbers &G CD
Two numbers a, b are relatively prime if have no common divisorsapart from 1
eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 andof 15 are 1,3,5,15 and 1 is the only common factor
Conversely can determine the greatest common divisor bycomparing their prime factorizations and using least powers
eg. 300=21×31×52
18=21×32 .
Hence GCD(18,300)=21×31×50=6
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 14/48
9.14
9 .1.5 Fermat¶s Little Theorem
First Version
a p a mod p
a p í 1 1 mod p
Second Version
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 15/48
9.15
9 .1.3 Fermat¶s Little Theorem
a p-1
mod p = 1
where p is prime and gcd(a, p)=1
Also known as Fermat¶s Little Theorem
Useful in public key and primality testing
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 16/48
9.16
9 .1.3 Proof.
Consider the set of positive integers less than p:{1,2,..., p-1}
and multiply each element by a modulo p, to get the set
X = {a mod p, 2a mod p, . . . (p-1)a mod p}.
None of the elements of X is equal to zero because p does not
divide a.
Therefore, the (p-1) numbers are just the numbers {1,2,..., p-1} in
some order.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 17/48
9.17
9 .1.3 Proof.
Multiplying the number in both sets and taking the result mod p«
a x 2a x ... x ((p-1)a) [(a mod p) x (2a mod p) x...x ((p-1)a)mod p]
[1 x 2 x 3 x . . . x (p-1)] mod p
(p-1)! mod p
a x 2a x ... x ((p-1)a) = (p-1)! ap-1
Therefore
(p-1)! ap-1 (p-1)! mod p
We can cancel the (p-1)! Because it is relatively prime to p.
So a p-1
1 mod p
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 18/48
9.18
9 .1.3 Alternate Approach
If p is prime and a is any positive integer, then
a p a mod p
Proof: If a and p are coprime, we multiply both side of the
congurence using the result of the previous theorem.
If p | a, then ap a 0 (mod p)
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 19/48
9.19
9 .1.5 Continued
Find the result of 610 mod 11.
Example 9.12
Solution
We have 610 mod 11 = 1. This is the first version of Fermat¶s little
theorem where p = 11.
Find the result of 312 mod 11.
Example 9.13
Solution
Here the exponent (12) and the modulus (11) are not the same.With substitution this can be solved using Fermat¶s little theorem.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 20/48
9.20
M ultiplicative Inverses
9 .1.5 Continued
aí1 mod p = a p í 2 mod p
The answers to multiplicative inverses modulo a prime can be
found without using the extended Euclidean algorithm:
Example 9.14
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 21/48
9.21
E uler¶s phi-function, J ( n), which is sometimes called the
E uler¶s totient function plays a very important role in
cryptography.
9 .1.4 E uler¶s Phi-Function/ Totient Function
E uler¶s phi-function, J ( n), where J ( n) is the number of
positive integers less than n and relatively prime to n.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 22/48
9.22
Determine J ( 37) and J ( 35).
Because 37 is prime, all of the positive integers from 1
through 36 are relatively prime to 37. Thus J ( 37) = 36.
To determine J ( 35),
1, 2, 3, 4, 6, 8, 9 , 11, 12, 13, 16, 17, 18,
19 , 22, 23, 24, 26, 27, 29 , 31, 32, 33, 34.
There are 24 numbers on the list, so J ( 35) = 24.
9 .1.4 E uler¶s Phi-Function/ Totient Function
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 23/48
9.23
9 .1.4 E uler¶s Totient Function
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 24/48
9.24
It should be clear that for a prime number p,
J( p) = p-1
Now suppose that we have two prime numbers p and q,
with pq . Then we can show that for n = pq,
J ( n) = J( pq) = J( p) x J( q) = ( p-1) x ( q-1)
J ( n) = J ( p) x J ( q), consider that the set of positive
integers less that n is the set {1,..., ( pq-1)}.
The integers in this set that are not relatively prime to n
are the set {p,2 p,..., ( q-1)p} and the set {q,2q,..., ( p-1)q}
and 0, Accordingly.
9 .1.4 E uler¶s Phi-Function/ Totient Function
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 25/48
9.25
J( 21) = J( 3) x J( 7) = ( 3-1) x ( 7-1) = 2 x 6 = 12
where the 12 integers are {1,2,4,5,8,10,11,13,16,17,19 ,20}
9 .1.4 E uler¶s Phi-Function/ Totient Function
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 26/48
9.26
We can combine the above four rules to find the value of J ( n). For example, if n can be factored as
n = p1e
1 × p2e2 × « × pk
ek
then we combine the third and the fourth rule to find
9 .1.4 Continued
The difficulty of finding J(n) depends on the
difficulty of finding the factorization of n.
Note
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 27/48
9.27
9 .1.4 Continued
What is the value of J(13)?
Example 9.7
Solution
Because 13 is a prime, J(13) = (13 í1) = 12.
What is the value of J(10)?
Example 9.8
Solution
We can use the third rule: J(10) = J(2) × J(5) = 1 × 4 = 4, because 2
and 5 are primes.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 28/48
9.28
9 .1.4 Continued
What is the value of J(240)?
Example 9.9
Solution
We can write 240 = 24 × 31 × 51. Then
J(240) = (24 í23) × ( 31 í 30) × ( 51 í 50) = 6 4
Can we say that J(49) = J(7) × J( 7 ) = 6 × 6 = 3 6 ?
Example 9.10
Solution
No. The third rule applies when m and n are relatively prime.
Here 49 = 72.We need to use the fourth rule: J(49) = 72 í 71 = 42.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 29/48
9.29
9 .1.4 Continued
What is the number of elements in Z14*?
Example 9.11
Solution
The answer is J(14) = J(7) × J(2) = 6 × 1 = 6. The members are 1,
3, 5, 9, 11, and 13.
Interesting point: If n > 2, the value of J(n) is even.
Note
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 30/48
9.30
9 .1.6 E uler¶s Theorem
First Version
aJ ( n) 1 ( mod n)
Second Version
a k × J ( n) + 1 a ( mod n)
The second version of Euler¶s theorem is used in the
RSA cryptosystem.
Note
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 31/48
9.31
9 .1.5 Continued
Find the result of 624 mod 35.
Example 9.15
Solution
We have 624
mod 35 = 6J(35)
mod 35 = 1.
Find the result of 2062 mod 77.
Example 9.16
Solution
If we let k = 1 on the second version, we have
2062 mod 77 = (20 mod 77) (20J(77) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 32/48
9.32
M ultiplicative Inverses E uler¶s theorem can be used to find multiplicative
inverses modulo a composite.
9 .1.6 Continued
aí1 mod n = aJ ( n)í1 mod n
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 33/48
9.33
9 .1.5 Continued
The answers to multiplicative inverses modulo a composite can be
found without using the extended Euclidean algorithm if we know
the factorization of the composite:
Example 9.17
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 34/48
9.34
9 .1.7 G enerating Primes
M ersenne Primes
A number in the form M p = 2 p í 1 is called a
Mersenne number and may or may not be a prime.
Note
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 35/48
9.35
Fermat Primes
9 .1.7 Continued
F 0 = 3 F 1 = 5 F 2 = 17 F 3 = 257 F 4 = 65537 F 5 = 4294967297 = 641 × 6700417 Not a prime
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 36/48
9.36
99--4 CHINESE REMAINDER THEOREM4 CHINESE REMAINDER THEOREM
TheThe ChineseChinese remainder remainder theoremtheorem ( CRT)( CRT) isis used used toto solvesolve
aa set set of of congruent congruent equationsequations withwith oneone variablevariable but but
different different moduli moduli, , whichwhich areare relativelyrelatively prime, prime, asas shownshown
belowbelow::
Above Above equationequation havehave thethe uniqueunique solutionsolution if if thethe moduli moduli
areare relativelyrelatively prime prime
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 37/48
9.37
99--4 Continued4 Continued
The following is an example of a set of equations with different
moduli:
Example 9.35
The solution to this set of equations is given in the next section; for
the moment, note that the answer to this set of equations is x = 23.This value satisfies all equations: 23 2 (mod 3), 23 3 (mod 5),
and 23 2 (mod 7).
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 38/48
9.38
99--4 Continued4 Continued
Solution To Chinese Remainder Theorem
1. Find M = m1 × m2 × « × mk . This is the common modulus.
2. Find M1
= M/m1
, M2
= M/m2
, «, Mk
= M/mk
.
3. Find the multiplicative inverse of M1, M2, «, Mk using the
corresponding moduli (m1, m2, «, mk ). Call the inverses
M1í1, M2
í1, « , Mk í1.
4. The solution to the simultaneous equations is
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 39/48
9.39
99--4 Continued4 Continued
Find the solution to the simultaneous equations:
Example 9.36
Solution
W
e follow the four steps.
1. M = 3 × 5 × 7 = 105
2. M1 = 1 0 5 / 3 = 3 5 , M2 = 1 0 5 / 5 = 2 1 , M3 = 1 0 5 / 7 = 1 5
3. The inverses are M1í1 = 2 , M2
í1 = 1 , M3í1 = 1
4 . x = ( 2 × 3 5 × 2 + 3 × 2 1 × 1 + 2 × 1 5 × 1 ) m o d 1 0 5 = 2 3 m o d 1 0 5
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 40/48
9.40
99--4 Continued4 Continued
Find an integer that has a remainder of 3 when divided by 7 and
13, but is divisible by 12.
Example 9.37
Solution
This is a CRT problem.W
e can form three equations and solvethem to find the value of x.
If we follow the four steps, we find x = 276. We can check that
276 = 3 mod 7, 276 = 3 mod 13 and 276 is divisible by 12 (the
quotient is 23 and the remainder is zero).
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 41/48
9.41
99--4 Continued4 Continued
Assume we need to calculate z = x + y where x = 123 and y = 334,but our system accepts only numbers less than 100. These
numbers can be represented as follows:
Example 9.38
Adding each congruence in x with the corresponding congruence
in y gives
Now three equations can be solved using the Chinese remainder
theorem to find z. One of the acceptable answers is z = 457.
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 42/48
9.42
99--6 EXPONENTIATION AND LOGARITHM6 EXPONENTIATION AND LOGARITHM
9.6.1 Discrete Logarithmic
Topics discussed in this section:Topics discussed in this section:
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 43/48
9.43
First let¶s define what is meant by a primitive root moduloa positive number N.
You already know that when p is a prime, the set of
remainders, Z p , is a finite field .
We can show similarly that for any positive integer N, the
set of all integers i < N that are coprime to N form a
group with modulo N multiplication as the groupoperator.
9 .6.2 Logarithm
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 44/48
9.44
For example, when N = 8, the set of coprimes is {1, 3, 5,7}. This set forms a group with modulo N multiplication
as the group operator.
What that implies immediately is that the result of multiplying modulo N any two elements of the set is
contained in the set.
For example, 3×7 mod 8 = 5..
The identity element for the group operator is, of course,
1.
9 .6.2 Logarithm
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 45/48
9.45
And every element has its inverse with respect to theidentity element within the set.
For example, the inverse of 3 is 3 itself since 3 × 3 mod 8
= 1. ( By the way, each element of {1, 3, 5, 7} is its owninverse in the group.)
For any positive integer N, the set of all coprimes modulo
N is denoted ( Z/NZ)× or Z
N . Obviously, when N = p is a prime, we can also just use the notation Z p .
9 .6.2 Logarithm
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 46/48
9.46
For some values of N, the set ( Z/NZ)×
contains anelement whose various powers, when computed modulo
N, are all distinct and span the entire set ( Z/NZ)× .
Such an element is called the primitive element of the set ( Z/NZ)× or primitive root modulo N.
9 .6.2 Logarithm
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 47/48
9.47
Consider, for example, N = 9 . We have
Z 9 = {0, 1, 2, 3, 4, 5, 6, 7, 8}
( Z/ 9 Z)× = {1, 2, 4, 5, 7, 8}
Now we will show that 2 is a primitive element of the
group ( Z/ 9 Z)× , which is the same as primitive root mod 9 .
Consider:
7 is a primitive element of mod 19
A primitive root can serve as the base of what is known as
a discrete logarithm.
9 .6.2 Logarithm
8/8/2019 Power Point Slides Chapter 09
http://slidepdf.com/reader/full/power-point-slides-chapter-09 48/48
9 48
20
= 1, 21
= 222 = 4, 23 = 8
24 7 ( mod 9 )
25 5 ( mod 9 )
26
1 ( mod 9 )27 2 ( mod 9 )
28 4 ( mod 9 )
...
It is clear that for the group ( Z/ 9 Z)× , as we raise the
element 2 to all possible powers of the elements of Z 9 , we
recover all the elements of ( Z/ 9 Z)× . That makes 2 a
primitive root mod 9
9 .6.2 Logarithm