Module I CSAS_105152.pdf

Course Code Course Title L T P C
CSI3022 Cyber Security and
Application Security
3 0 2 4
Pre-requisite Syllabus version
Nil 1.0
Tuesday, January 10, 2023 Instructor: Dr. Kovendan AKP 1

Prerequisites
• you should have a basic knowledge prior to Computer
Architecture, basic functional units of a computer system
• Some familiarity with Digital Electronics
• Some familiarity with Microprocessor
• If you do not have a standard undergraduate
computer science background, talk to me first.

Course overview
• Course Objectives
– To learn the concepts of number theory, Information and Network Security
– To learn the basics of cryptography and cryptographic techniques.
– To familiarize with various cyber threats, attacks, vulnerabilities, defensive
mechanisms, security policies, practices
– To learn how to implement application level security
• Course Outcomes
At the end of the course the student will be able to
– Know the fundamental mathematical concepts related to security
– Know the basic concepts of information and network security
– Understand and implement the cryptographic techniques and know the real time
applications of various cryptographic techniques.
– Know fundamentals of cybercrimes and the cyber offenses.
– Understand the cyber threats, attacks, vulnerabilities and its defensive mechanisms
– Design suitable security policies and know about the industry practices

Basic information
• Text Book(s)
• – Cryptography and Network security, William Stallings, Pearson Education,
7th Edition, 2016
• Network Security Essentials Applications and Standards, William Stallings,
Pearson Education, 6th Edition, 2018
• Cyber Security, Understanding cyber crimes, computer forensics and legal
perspectives, Nina Godbole,Sunit Belapure, Wiley Publications, Reprint 2016
• Instructor: Dr. Kovendan AKP, AP-SG, SCOPE, VIT- Vellore
• Total Modules: 8
• Recommended by Board of Studies on 11-02-
2021
• Approved by Academic Council: No. 61, Date 18- 02-2021

Course Contents
• Module:1 – Number Theory Basics
• Module:2 – Information and Network Security
• Module:3 – Cryptography Basics and Techniques
• Module:4 – Cybercrimes and Cyber offenses
• Module:5 – CyberThreats, Attacks and Prevention
• Module:6 – Cybersecurity Policies and Practices
• Module:7 – Application Security
• Module:8 – Recent Trends

• Module:1 – Number Theory Basics
– Finite Fields and Number Theory: Algebraic
Structures(Groups)-Modular arithmetic – GCD
using Euclidian Algorithm – Primality Testing –
Fermat’s and Euler’s theorem –Chinese Reminder
theorem – Discrete Logarithms

Number Theory and Finite Fields
Instructor: Dr. Kovendan AKP 7
• Divisibility and The Division Algorithm
• The Euclidean Algorithm
• Modular Arithmetic
• Groups, Rings, and Fields
• Finite Fields of the Form GF(p)
• Polynomial Arithmetic
• Finite Fields of the Form GF(2n)
Tuesday, January 10, 2023

INTEGER ARITHMETIC
• In integer arithmetic, we use a set and a few
operations.
• You are familiar with this set and the corresponding
operations, but they are reviewed here to create a
background for modular arithmetic.
Topics discussed in this section:
• Set of Integers
• Binary Operations
• Integer Division
• Divisibility
• Euclidean Algorithm

Set of Integers
• The set of integers, denoted by Z, contains all
integral numbers (with no fraction) from
negative infinity to positive infinity.

Binary Operations
• In cryptography, we are interested in three binary operations
applied to the set of integers.
• A binary operation takes two inputs and creates one output.
Three binary operations for the set of integers

Binary Operations
• The following shows the results of the three
binary operations on two integers.
• Because each input can be either positive or
negative, we can have four cases for each
operation.

Integer Division
• In integer arithmetic, if we divide a by n, we
can get q and r.
• The relationship between these four integers
can be shown as
a = q × n + r

Integer Division
• Assume that a = 255 and n = 11.
• We can find q = 23 and r = 2 using the division
algorithm.

Integer Division
• Division algorithm for integers

Integer Division
• When we use a computer or a calculator, r and
q are negative when a is negative.
• How can we apply the restriction that r needs to be positive?
• The solution is simple, we decrement the value of q by 1 and we
add the value of n to r to make it positive.

Integer Division
• Graph of division algorithm

Divisibility
• If a is not zero and we let r = 0 in the division
relation, we get
• If the remainder is zero,
• If the remainder is not zero,
a = q × n

Divisibility
• The integer 4 divides the integer 32 because 32 = 8 × 4.
• We show this as
• The number 8 does not divide the number 42 because
42 = 5 × 8 + 2.
• There is a remainder, the number 2, in the equation.
• We show this as

Divisibility

Divisibility
Fact 1: The integer 1 has only one divisor, itself.
Fact 2: Any positive integer has at least two divisors, 1
and itself (but it can have more).

Common divisors of two integers
Greatest Common Divisor (GCD)

Common divisors of two integers
• The greatest common divisor of two positive
integers is the largest integer that can divide
both integers.
• GCD (a,b) of a and b is the largest integer that divides evenly into
both a and b
eg GCD(60,24) = 12
• Define gcd(0, 0) = 0
• often want no common factors (except 1) define such numbers as
relatively prime
• eg GCD(8,15) = 1
• hence 8 & 15 are relatively prime

• Euclidean Algorithm
Fact 1: gcd (a, 0) = a
Fact 2: gcd (a, b) = gcd (b, r), where r is
the remainder of dividing a by b

Euclidean Algorithm
When gcd (a, b) = 1, we say that a and b are
relatively prime.

Euclidean Algorithm: (GCD)
• Find the greatest common divisor of 25 and
60.
• Solution: We have gcd (25, 60) = 5.

• Find the greatest common divisor of 2740 and
1760.
• Solution: We have gcd (2740, 1760) = 20.

GCD(1160718174, 316258250)
• Dividend Divisor Quotient Remainder
• a = 1160718174 b = 316258250 q1 = 3 r1 =
211943424
• b = 316258250 r1 = 211943424 q2 = 1 r2 = 104314826
• r1 = 211943424 r2 = 104314826 q3 = 2 r3 =
3313772
• r2 = 104314826 r3 = 3313772 q4 = 31 r4 =
1587894
• r3 = 3313772 r4 = 1587894 q5 = 2 r5 = 137984
• r4 = 1587894 r5 = 137984 q6 = 11 r6 = 70070
• r5 = 137984 r6 = 70070 q7 = 1 r7 = 67914
• r6 = 70070 r7 = 67914 q8 = 1 r8 = 2156
• r7 = 67914 r8 = 2156 q9 = 31 r9 = 1078
• r8 = 2156 r9 = 1078 q10 = 2 r10 = 0

Example GCD(1970,1066)
• 1970 = 1 x 1066 + 904 gcd(1066, 904)
• 1066 = 1 x 904 + 162 gcd(904, 162)
• 904 = 5 x 162 + 94 gcd(162, 94)
• 162 = 1 x 94 + 68 gcd(94, 68)
• 94 = 1 x 68 + 26 gcd(68, 26)
• 68 = 2 x 26 + 16 gcd(26, 16)
• 26 = 1 x 16 + 10 gcd(16, 10)
• 16 = 1 x 10 + 6 gcd(10, 6)
• 10 = 1 x 6 + 4 gcd(6, 4)
• 6 = 1 x 4 + 2 gcd(4, 2)
• 4 = 2 x 2 + 0 gcd(2, 0)

Extended Euclidean Algorithm
• Given two integers a and b, we often need to find
other two integers, s and t, such that
• The extended Euclidean algorithm can calculate
the gcd (a, b) and at the same time calculate the
value of s and t.

• Given a = 161 and b = 28, find gcd (a, b) and the values of s and
t.
• Solution: We get gcd (161, 28) = 7, s = −1 and t = 6.

• Given a = 17 and b = 0, find gcd (a, b) and the
values of s
and t.
• Solution: We get gcd (17, 0) = 17, s = 1, and t
= 0.

• Given a = 0 and b = 45, find gcd (a, b) and the
values of s
and t.
• Solution: We get gcd (0, 45) = 45, s = 0, and t
= 1.

MODULAR ARITHMETIC
• The division relationship (a = q × n + r) discussed in the previous
section has two inputs (a and n) and two outputs (q and r).
• In modular arithmetic, we are interested in only one of the outputs,
the remainder r.
• Modular Operator
• Set of Residues
• Congruence
• Operations in Zn
• Addition and Multiplication Tables
• Different Sets

Modulo Operator
• The modulo operator is shown as mod.
• The second input (n) is called the modulus.
• The output r is called the residue.
Division algorithm and modulo operator

Modulo Operator
Find the result of the following operations:
a. 27 mod 5 b. 36 mod 12
c. −18 mod 14 d. −7 mod 10
a. Dividing 27 by 5 results in r = 2
b. Dividing 36 by 12 results in r = 0.
c. Dividing −18 by 14 results in r = −4. After adding the modulus
r = 10
d. Dividing −7 by 10 results in r = −7. After adding the modulus
to −7, r = 3.
Solution

Set of Residues
• The modulo operation creates a set, which in
modular arithmetic is referred to as the set of
least residues modulo n, or Zn.
Some Zn sets

Congruence
• To show that two integers are congruent, we
use the congruence operator ( ≡ ).
• For example, we write:

Congruence

Operation in Zn
• The three binary operations that we discussed
for the set Z can also be defined for the set Zn.
• The result may need to be mapped to Zn using
the mod operator.

Operation in Zn
Perform the following operations (the inputs
come from Zn):
• Add 7 to 14 in Z15
• Subtract 11 from 7 in Z13
• Multiply 11 by 7 in Z20
• Solution:

Operation in Zn
• Properties
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
2. [(a mod n) – (b mod n)] mod n = (a – b) mod n
3. [(a mod n) x (b mod n)] mod n = (a x b) mod n
Example
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 ; (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 ; (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 ; (11 x 15) mod 8 = 165 mod 8 = 5

Operation in Zn

Operation in Zn
• The following shows the application of the above
properties:
• (1,723,345 + 2,124,945) mod 11 = (8 + 9) mod 11 = 6
• (1,723,345 − 2,124,945) mod 16 = (8 − 9) mod 11 = 10
• (1,723,345 × 2,124,945) mod 16 = (8 × 9) mod 11 = 6

Operation in Zn
• In arithmetic, we often need to find the
remainder of powers of 10 when divided by an
integer.

Inverses
• When we are working in modular arithmetic, we
often need to find the inverse of a number
relative to an operation.
We are normally looking for
• An additive inverse (relative to an addition
operation) or
• A multiplicative inverse (relative to a
multiplication operation).

Inverses: Additive
• In Zn, two numbers a and b are additive
inverses of each other if
In modular arithmetic, each integer has an additive inverse.
The sum of an integer and its additive inverse is congruent to
0 modulo n.

Inverses: Additive
• Find all additive inverse pairs in Z10.
Solution:
• Z10 = {0,1,2,3,4,5,6,7,8,9}
• Consider ‘0’ the additive inverse is itself ‘0’ [0+0]
≡ 0 mod 10
• ‘1’ additive inverse is ‘9’, [1+9] ≡ 0 mod 10
• The six pairs of additive inverses are
(0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5, 5).

Inverses: Multiplicative
• In Zn, two numbers a and b are the
multiplicative inverse of each other if
In modular arithmetic, an integer may or may not
have a multiplicative inverse.
When it does, the product of the integer and its
multiplicative inverse is congruent to
1 modulo n.

• Find all multiplicative inverses in Z10.
Solution
• There are only three pairs: (1, 1), (3, 7) and (9, 9).
• The numbers 0, 2, 4, 5, 6, and 8 do not have a
multiplicative inverse.
• Find the multiplicative inverse of 8 in Z10.
Solution
• There is no multiplicative inverse because gcd (10, 8) = 2 ≠ 1.
• In other words, we cannot find any number between 0 and 9 such that
when multiplied by 8, the result is congruent to 1.

The extended Euclidean algorithm finds the
multiplicative inverses of b in Zn when n and b are
given and
gcd (n, b) = 1.
The multiplicative inverse of b is the value of t after
being mapped to Zn.

• Using extended Euclidean algorithm to find
multiplicative inverse

• Solution
• The gcd (26, 11) is 1; the inverse of 11 is -7 or 19

• Solution
• The gcd (100, 23) is 1; the inverse of 23 is -13 or 87.

• Find the inverse of 12 in Z26.
• Solution
• The gcd (26, 12) is 2; the inverse does not exist.

Addition and Multiplication Tables

Different Sets
We need to use Zn when additive inverses are
needed;
we need to use Zn
* when multiplicative inverses are
needed.

ALGEBRAIC STRUCTURES
• Cryptography requires sets of integers and
specific operations that are defined for those
sets.
• The combination of the set and the operations
that are applied to the elements of the set is
called an algebraic structure.
• In this section, we will define three common
algebraic structures:
– Groups,
– Rings,
– Fields.

ALGEBRAIC STRUCTURES

Groups
• A group (G) is a set of elements with a binary
operation (•) that satisfies four properties (or
axioms).
1. Closure : if a, b are in G, then a•b in G
2. Associativity : if a, b, c are in G, then (a•b) •c = a• (b•c)
3. Commutativity : For all a and b in G, a•b = b•a (Abelian G)
4. Existence of identity: For all a in G, there is an identity element
(e), such that e•a = a•e = a
5. Existence of inverse: For each a in G, there is an element a’
called inverse of a, such that a•a’= a’•a = e
• A commutative group (Abelian Group) satisfies an
extra property, commutativity.

Groups

Groups: Application
• Although a group involves a single operation, the
properties imposed on the operation allow the use of a
pair of operations as long as they are inverses of each
other.
Example:1
• The set of residue integers with the addition operator,
G = < Zn , +>
• is a commutative group.
• We can perform addition and subtraction on the
elements of this set without moving out of the set.

Groups: Application
Example:2
• The set Zn
* with the multiplication operator, G
= <Zn
*, ×>, is also an abelian group.
• Let us define a set G = < {a, b, c, d}, •> and the
operation as shown in Table below.

Groups: Sub Group
• Is the group H = <Z10, +> a subgroup of the
group G = <Z12, +>?
Solution:
• The answer is no.
• Although H is a subset of G, the operations
defined for these two groups are different.
• The operation in H is addition modulo 10; the
operation in G is addition modulo 12.

Groups: Cyclic Subgroups
• If a subgroup of a group can be generated
using the power of an element, the subgroup
is called the cyclic subgroup.

• Four cyclic subgroups can be made from the group G = <Z6, +>.
• They are H1 = <{0}, +>, H2 = <{0, 2, 4}, +>, H3 = <{0, 3}, +>, and H4 =
G.

• Three cyclic subgroups can be made from the group
G = <Z*
10, X>.
• G has only four elements: 1, 3, 7, and 9.
• The cyclic subgroups are H1 = <{1}, ×>, H2 = <{1, 9}, ×>, and H3 = G.

Ring
• A set of “numbers” with two operations (addition
and multiplication) which form:
• An abelian group with addition operation and
multiplication:
– has closure
– is associative
– distributive over addition: a(b+c) = ab + ac
• If multiplication operation is commutative, it
forms a commutative ring
• If multiplication operation has an identity and no
zero divisors, it forms an integral domain

Ring
• The set Z with two operations, addition and
multiplication, is a commutative ring.
• We show it by R = <Z, +, ×>.
• Addition satisfies all of the five properties
• Multiplication satisfies only three properties.

Ring
• A ring, R = <{…}, •, >, is an algebraic structure
with two operations.

Field
• A set of numbers
• with two operations which form:
– abelian group for addition
– abelian group for multiplication (ignoring 0)
– ring
• have hierarchy with more axioms/laws
• Group -> Ring -> Field

Field
• A field, denoted by F = <{…}, •, > is a
commutative ring in which the second
operation satisfies all five properties defined
for the first operation except that the identity
of the first operation has no inverse.

Group, Ring, Field

Finite (Galois) Fields
• Galois showed that for a field to be finite, the
number of elements should be pn, where p is
a prime and n is a positive integer.
• Denoted as GF(pn)
• In particular often use the fields:
– GF(p)
– GF(2n)
A Galois field, GF(pn), is a finite field with pn
elements.

Finite (Galois) Fields
• GF(p) is the set of integers {0,1, … , p-1} with
arithmetic operations modulo prime p
• These form a finite field
– Since they have multiplicative inverses
– Inverse can be found with Extended Euclidean
algorithm
• Hence arithmetic is “well-behaved” and can do
addition, subtraction, multiplication, and division
without leaving the field GF(p)

Finite (Galois) Fields: GF(p) Fields
• When n = 1, we have GF(p) field.
• This field can be the set Zp, {0, 1, …, p − 1},
with two arithmetic operations.
Example:
• A very common field in this category is GF(2) with the set {0, 1} and
two operations, addition and multiplication.

Example:
• We can define GF(5) on the set Z5 (5 is a prime) with addition and
multiplication operators

Summary

GF(2n) FIELDS
• In cryptography, we often need to use four operations
(addition, subtraction, multiplication, and division).
• In other words, we need to use fields.
• We can work in GF(2n) and uses a set of 2n elements.
• The elements in this set are n-bit words.
• Polynomials (Polynomial Arithmetic)
• Using a Generator

GF(2n) FIELDS : Polynomial Arithmetic
• Let us define a GF(22) field in which the set
has four 2-bit words: {00, 01, 10, 11}.
• We can redefine addition and multiplication
for this field in such a way that all properties
of these operations are satisfied

• It can be computed using polynomials
• A polynomial of degree n − 1 is an expression of the
form
• where xi is called the ith term and ai is called coefficient
of the ith term.
Several alternatives available:
• ordinary polynomial arithmetic
• poly arithmetic with coefs mod p
• poly arithmetic with coefs mod p and polynomials mod
m(x)

• we can represent the 8-bit word (10011001)
using a polynomials.

• To find the 8-bit word related to the polynomial
x5 + x2 + x, we first supply the omitted terms.
• Since n = 8, it means the polynomial is of degree
7.
• The expanded polynomial is
• This is related to the 8-bit word 00100110.

Polynomial Arithmetic Operations
• It involves two operations:
– Operation on Coefficients
– Operation on two Polynomials
• I.e we have to define two Fields, one for
coefficients and one for the polynomial
• Since Coefficients are made of 0 or 1 we use
GF(2) field
• For the Polynomials we use GF(2n) field
Polynomials representing n-bit words use two
fields: GF(2) and GF(2n).

Ordinary Polynomial Arithmetic
• Add or subtract corresponding coefficients
• multiply all terms by each other
• Example:
– let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1
– f(x) + g(x) = x3 + 2x2 – x + 3
– f(x) – g(x) = x3 + x + 1
– f(x) x g(x) = x5 + 3x2 – 2x + 2

Polynomial Arithmetic : Modulus
• Addition of two polynomials doesn’t create a polynomial out of a
set.
• But, in multiplication of two polynomials it may create a polynomial
out of a set with degree more than n-1.
• For the sets of polynomials in GF(2n), a group of polynomials of
degree n is defined as the modulus.
• The modulus in this case act as a prime polynomial
• Such polynomials are referred to as irreducible polynomials.

Polynomial Arithmetic : Modulus
• List of irreducible polynomials:

Polynomial Arithmetic : Addition
Addition and subtraction operations on
polynomials are the same operation.

• Let us do (x5 + x2 + x)  (x3 + x2 + 1) in GF(28).
• We use the symbol  to show that we mean
polynomial addition.
• The following shows the procedure:

• There is also another short cut. Because the
addition in GF(2) means the exclusive-or (XOR)
operation.
• So we can exclusive-or the two words, bits by
bits, to get the result.
• In the previous example,
– x5 + x2 + x is 00100110
– x3 + x2 + 1 is 00001101.
• The result is 00101011 or
– in polynomial notation x5 + x3 + x + 1.

Polynomial Arithmetic : Multiplication
1. The coefficient multiplication is done in GF(2).
2. Multiplying xi by xj results in xi+j.
3. The multiplication may create terms with degree
more than n − 1, which means the result needs
to be reduced using a modulus polynomial.

• Find the result of (x5 + x2 + x) ⊗ (x7 + x4 + x3 + x2 + x) in GF(28) with
irreducible polynomial (x8 + x4 + x3 + x + 1).
• Note that we use the symbol ⊗ to show the multiplication of two
polynomials.
• Solution:
• To find the final result, divide the polynomial of degree 12 by the
polynomial of degree 8 (the modulus) and keep only the remainder.

• Polynomial division with coefficients in GF(2)

• Example:
• In GF (24), find the inverse of (x2 + 1) modulo (x4 + x +
1).
Solution
• The answer is (x3 + x + 1) as shown in
[(x2 + 1) ⊗ (x3 + x + 1)] mod (x4 + x + 1)=1
Euclidean algorithm

• Example:
• In GF(28), find the inverse of (x5) modulo (x8 +
x4 + x3 + x + 1).
Solution
• The answer is (x5 + x4 + x3 + x) as shown in
Euclidean algorithm
[(x5) ⊗ (x5 + x4 + x3 + x)] mod (x8 + x4 + x3 + x + 1)=1

Summary
• The finite field GF(2n) can be used to define
four operations of addition, subtraction,
multiplication and division over n-bit words.
• The only restriction is that division by zero is
not defined.

PRIMES
• Asymmetric-key cryptography uses primes
extensively.
• Definition
• Checking for Primes
• Fermat’s Little Theorem
• Euler’s Phi-Function
• Euler’s Theorem

PRIMES: Definition
• Three groups of Positive Integers
A prime is divisible only by itself and 1.

PRIMES: Definition
• What is the smallest prime?
Solution
• The smallest prime is 2, which is divisible by 2 (itself) and 1.
• List the primes smaller than 10.
Solution
• There are four primes less than 10: 2, 3, 5, and 7.
• It is interesting to note that the percentage of primes in the range 1
to 10 is 40%.
• The percentage decreases as the range increases.

PRIMES: Checking for Primes
• Given a number n, how can we determine if n is a
prime?
• The answer is that we need to see if the number
is divisible by all primes less than
• We know that this method is inefficient, but it is a
good start.

• Is 97 a prime?
Solution
• The floor of √97 = 9. The primes less than 9 are 2, 3, 5, and 7. We
need to see if 97 is divisible by any of these numbers. It is not, so 97
is a prime.
• Is 301 a prime?
Solution
• The floor of √301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore
301 is not a prime.

• Sieve of Eratosthenes

Fermat’s (Little) Theorem
• First Version
• Second Version
• where p is prime and gcd(a,p)=1
ap − 1 ≡ 1 mod p
ap ≡ a mod p

• Find the result of 610 mod 11.
Solution
• We have 610 mod 11 = 1.
• This is the first version of Fermat’s little theorem where p = 11.
Solution
• Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermat’s little theorem.

• Multiplicative Inverses
• The answers to multiplicative inverses modulo
a prime can be found without using the
extended Euclidean algorithm:
a−1 mod p = a p − 2 mod p

Euler’s Phi-Function
• Euler’s phi-function, f(n), which is sometimes
called the Euler’s totient function plays a very
important role in cryptography.

• We can combine the above four rules to find the
value of f(n).
• For example, if n can be factored as
n = p1
e1 × p2
e2 × … × pk
ek
• we combine the third and the fourth rule to find
f(n)
The difficulty of finding f(n) depends on the difficulty
of finding the factorization of n.

• What is the value of f(13)?
Solution
• Because 13 is a prime, f(13) = (13 −1) = 12.
Solution
• We can use the third rule: f(10) = f(2) × f(5) = 1 ×
4 = 4, because 2 and 5 are primes.

Solution
• We can write 240 = 24 × 31 × 51. Then
• f (240) = (24 −23) × (31 − 30) × (51 − 50) = 64
• Can we say that f(49) = f(7) × f(7) = 6 × 6 = 36?
Solution
• No. The third rule applies when m and n are relatively prime. Here 49 = 72.
• We need to use the fourth rule: f(49) = 72 − 71 = 42.

• What is the number of elements in Z14*?
Solution
• The answer is f(14) = f(7) × f(2) = 6 × 1 = 6.
The members are 1, 3, 5, 9, 11, and 13.
Interesting point: If n > 2, the value of f(n) is even.

Euler’s Theorem
• First Version
• Second Version
af(n) ≡ 1 (mod n)
a k × f(n) + 1 ≡ a (mod n)
The second version of Euler’s theorem is used in the
RSA cryptosystem

Euler’s Theorem
Solution
• We have 624 mod 35 = 6f(35) mod 35 = 1.
Solution
• If we let k = 1 on the second version, we have
2062 mod 77 = (20 mod 77) (20f(77) + 1 mod 77)
mod 77 = (20)(20) mod 77 = 15.

Euler’s Theorem
Multiplicative Inverses:
• Euler’s theorem can be used to find
multiplicative inverses modulo a composite.
a−1 mod n = af(n)−1 mod n

Euler’s Theorem
• The answers to multiplicative inverses modulo
a composite can be found without using the
extended Euclidean algorithm if we know the
factorization of the composite:

Chinese Remainder Theorem
• The Chinese remainder theorem (CRT) is used
to solve a set of congruent equations with one
variable but different moduli, which are
relatively prime, as shown below:

• It is used to speed up modulo computations
• if working modulo a product of numbers
– eg. mod M = m1m2..mk
• Chinese Remainder theorem lets us work in each
moduli mi separately
• Since computational cost is proportional to size,
this is faster than working in the full modulus M

Example:
• The following is an example of a set of equations
with different mod:
• Find x?
• the answer to this set of equations is x = 23.
• This value satisfies all equations: 23 ≡ 2 (mod 3),
23 ≡ 3 (mod 5), and 23 ≡ 2 (mod 7).

Solution using Chinese Remainder Theorem:
(steps)
1. Find M = m1 × m2 × … × mk. This is the common modulus.
2. Find M1 = M/m1, M2 = M/m2, …, Mk = M/mk.
3. Find the multiplicative inverse of M1, M2, …, Mk using the
corresponding moduli (m1, m2, …, mk). Call the inverses M1
−1, M2
−1,
…, Mk
−1.
4. The solution to the simultaneous equations is

Solution: Follow the four steps
1. M = 3 × 5 × 7 = 105
2. M1 = 105 / 3 = 35, M2 = 105 / 5 = 21, M3 = 105 /
7 = 15
3. The inverses are M1
−1 = 2, M2
−1 = 1, M3
−1 = 1
4. x = (2 × 35 × 2 + 3 × 21 × 1 + 2 × 15 × 1) mod 105
= 23 mod 105

Example:
• Find an integer that has a remainder of 3 when divided by 7 and 13,
but is divisible by 12.
Solution:
• This is a CRT problem. We can form three equations and solve them
to find the value of x.
• we find x = 276.
• We can check that 276 = 3 mod 7, 276 = 3 mod 13 and 276 is
divisible by 12 (the quotient is 23 and the remainder is zero).

Example:
• Assume we need to calculate z = x + y where x = 123 and y = 334,
but our system accepts only numbers less than 100.
Solution:
• Adding each congruence in x with the corresponding congruence in
y gives
• z = 457.

Quadratic Congruence
• In cryptography, we also need to discuss quadratic congruence, that
is, equations of the form a2x2 + a1x + a0 ≡ 0 (mod n).
• We limit our discussion to quadratic equations in which a2 = 1 and
a1 = 0, that is equations of the form
x2 ≡ a (mod n).

Quadratic Congruence Modulo a Prime
Example 1:
• The equation x2 ≡ 3 (mod 11) has two solutions, x ≡ 5 (mod 11) and
x ≡ −5 (mod 11).
• But note that −5 ≡ 6 (mod 11), so the solutions are actually 5 and 6.
Also note that these two solutions are incongruent.
Example 2:
• The equation x2 ≡ 2 (mod 11) has no solution. No integer x can be
found such that its square is 2 mod 11.

Quadratic Residues and Nonresidue
• In the equation x2 ≡ a (mod p), a is called a
quadratic residue (QR) if the equation has two
solutions;
• a is called quadratic nonresidue (QNR) if the
equation has no solutions.

Example:
• There are 10 elements in Z11*.
• Exactly five of them are quadratic residues and five of them are
nonresidues.
• In other words, Z11* is divided into two separate sets, QR and QNR,

Euler’s Criterion
• If a(p−1)/2 ≡ 1 (mod p), a is a quadratic residue modulo p.
• If a(p−1)/2 ≡ −1 (mod p), a is a quadratic nonresidue modulo p.
Example
• To find out if 14 or 16 is a QR in Z23*, we calculate:
14 (23−1)/2 mod 23 → 22 mod 23 → −1 mod 23 nonresidue
16 (23−1)/2 mod 23 → 1611 mod 23→ 1 mod 23 residue

• Solve the following quadratic equations:
Solutions
a) x ≡ ± 16 (mod 23) √3 ≡ ± 16 (mod 23).
b) b. There is no solution for √2 in Z11.
c) c. x ≡ ± 11 (mod 19). √7 ≡ ± 11 (mod 19).

Exponentiation and Logarithm
• Exponentiation
• Logarithm
– Discrete Logarithm

Exponentiation
• Can use the Square and Multiply Algorithm
• A fast, efficient algorithm for exponentiation
• Concept is based on repeatedly squaring base
and multiplying in the ones that are needed to
compute the result
• Look at binary representation of exponent
• Only takes O(log2 n) multiples for number n
– eg. 75 = 74.71 = 3.7 = 10 mod 11
– eg. 3129 = 3128.31 = 5.3 = 4 mod 11

Fast Exponentiation

Fast Exponentiation
• Figure shows the process for calculating y = ax
using the fast exponentiation algorithm(for
simplicity, the modulus is not shown). In this
case, x = 22 = (10110)2 in binary. The exponent
has five bits.

Fast Exponentiation
How about 2124 mod 8?

Logarithm
• In cryptography, we also need to discuss modular
logarithm.
• If exponentiation is used for encryption or decryption,
the attacker can use logarithm to attack.
• We need to know hard it is to reverse the
exponentiation.
First Approach: Exhaustive search
• To solve : x = logay(mod n)
• Solution is : y = ax mod n

Logarithm
First Approach: Exhaustive search
• To solve : x = logay(mod n)
• Solution is : y = ax mod n

Discrete Logarithm
• Second Approach: Discrete Logarithm
• To understand the concept of Discrete
Logarithm we should understand certain
properties of multiplicative groups.
– Finite Multiplicative Group
– Order of the Group
– Order of an Element

Discrete Logarithm
Finite Multiplicative Group:
• G = <Zn
*, X> , is the Finite Multiplicative Group.
• Zn
*: has integers from 1 to n-1 that are relatively
prime to n
• If the modulus of the Group is prime, then G =
<Zp
*, X>

Discrete Logarithm
Order of the Group:
• Order of a Finite Group is, G
• G , to be the number of elements in the Group G
• G = <Zn
*, X>, the order of the group will be f(n)
Example:
• What is the order of group G = <Z21
*, X>? |G| = f(21) = f(3) × f(7) = 2 × 6
=12.
• There are 12 elements in this group: 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and
20.
• All are relatively prime with 21.

Discrete Logarithm
Order of an Element:
• Order of an Element a is, ord (a)
• ord (a), is the smallest integer ‘i’ such that 𝒂𝒊
≡
e (mod n)
– where , e is the identity element

Discrete Logarithm
Order of an Element:
Example:
• Find the order of all elements in G = <Z10
*, ×>.
• This group has only f(10) = 4 elements: 1, 3, 7, 9.
• We can find the order of each element by trial and error.
• 11 ≡ 1 mod (10) → ord(1) = 1.
• 34 ≡ 1 mod (10) → ord(3) = 4.
• 74 ≡ 1 mod (10) → ord(7) = 4.
• 92 ≡ 1 mod (10) → ord(9) = 2.

Discrete Logarithm
Euler’s Theorem:
• If ‘a’ is the member of G = <Zn
*, X>, then af(n)≡
1 (mod n)
• The relationship 𝑎𝑖
≡ e (mod n) holds when i =
f(n).
Example:
• The result of 𝑎𝑖
≡ x (mod 8) for the group G = <Z8
*, X>
• f(8) = 4, i.e., (1,3,5,7)

Discrete Logarithm
The table reveals two points:
• The shaded area: when i = f(8), the result is x=1 fore every ‘a’.
• The value of x can be 1 for may values of i.
• The first time when x = 1, the value of i gives the order of the
element.

Discrete Logarithm
Primitive Roots
• In the group G = <Zn
*, ×>, when the order of an element is the same
as f(n), that element is called the primitive root of the group.
• Example:
• The table shows that there are no primitive roots in G = <Z8
*, ×>
because no element has the order equal to f(8) = 4.
• The order of elements are all smaller than 4.

Discrete Logarithm
Primitive Roots
• The result of ai ≡ x (mod 7) for the group
G = <Z7
*, ×> is shown below. In this group, f(7)
= 6.

Discrete Logarithm
• Primitive Roots
Example
• For which value of n, does the group G = <Zn
*, ×> have
primitive roots: 17, 20, 38, and 50?
Solution
• G = <Z17∗, ×> has primitive roots, 17 is a prime.
• G = <Z20∗, ×> has no primitive roots.
• G = <Z38∗, ×> has primitive roots, 38 = 2 × 19 prime.
• G = <Z50∗, ×> has primitive roots, 50 = 2 × 52 and 5 is a prime.
The group G = <Zn*, ×> has primitive roots only if n is
2, 4, pt, or 2pt.

Discrete Logarithm
Primitive Roots
If the group G = <Zn*, ×> has any primitive root,
the number of primitive roots is f(f(n)).

Discrete Logarithm
Cyclic Group
• If g is a primitive root in the group, we can generate the set Zn* as
Zn∗ = {g1, g2, g3, …, gf(n)}.
Example:
• The group G = <Z10*, ×> has two primitive roots because f(10) = 4 and
f(f(10)) = 2.
• It can be found that the primitive roots are 3 and 7.
• The following shows how we can create the whole set Z10* using each
primitive root.

Discrete Logarithm
Cyclic Group

Discrete Logarithm
• The idea of Discrete Logarithm
• Properties of G = <Zp*, ×> :
1. Its elements include all integers from 1 to p − 1.
2. It always has primitive roots.
3. It is cyclic. The elements can be created using gx
where
x is an integer from 1 to f(n) = p − 1.
4. The primitive roots can be thought as the base of
logarithm.

Module I CSAS_105152.pdf

More Related Content

What's hot (9)

Similar to Module I CSAS_105152.pdf (20)

Recently uploaded (20)

Module I CSAS_105152.pdf