Number Theory 5 Sem.pptx

Cryptography and Network Security 2
Cryptography and Network Security
Introduction
Xiang-Yang Li

Introduction
The art of war teaches us not on the
likelihood of the enemy’s not coming, but on
our own readiness to receive him; not on the
chance of his not attacking, but rather on the
fact that we have made our position
unassailable.
--The art of War, Sun Tzu

Cryptography
• Cryptography (from Greek kryptós, "hidden", and
gráphein, "to write") is, traditionally, the study of means of
converting information from its normal, comprehensible
form into an incomprehensible format, rendering it
unreadable without secret knowledge — the art of
encryption.
• Past: Cryptography helped ensure secrecy in important
communications, such as those of spies, military leaders,
and diplomats.
• In recent decades, cryptography has expanded its remit in
two ways
• mechanisms for more than just keeping secrets: schemes like
digital signatures and digital cash, for example.
• in widespread use by many civilians, and users are not aware of it.

Crypto-graphy, -analysis, -logy
• The study of how to circumvent the use of cryptography is called
cryptanalysis, or codebreaking.
• Cryptography and cryptanalysis are sometimes grouped together under
the umbrella term cryptology, encompassing the entire subject.
• In practice, "cryptography" is also often used to refer to the field as a
whole; crypto is an informal abbreviation.
• Cryptography is an interdisciplinary subject,
• linguistics
• Mathematics: number theory, information theory, computational
complexity, statistics and combinatorics
• engineering

Close, but different fields
• Steganography
• the study of hiding the very existence of a message, and not
necessarily the contents of the message itself (for example,
microdots, or invisible ink)
• Traffic analysis
• which is the analysis of patterns of communication in order
to learn secret information.

Network Security Model
Trusted Third Party
principal principal
Security
transformation
Security
transformation
attacker

Attacks, Services and Mechanisms
• Security Attacks
• Action compromises the information security
• Security Services
• Enhances the security of data processing and
transferring
• Security mechanism
• Detect, prevent and recover from a security attack

Attacks
• Passive attacks
• Interception
• Release of message contents
• Traffic analysis
• Active attacks
• Interruption, modification, fabrication
• Masquerade
• Replay
• Modification
• Denial of service

Information Transferring

Attack: Interruption
Cut wire lines,
Jam wireless signals,
Drop packets,

Attack: Interception
Wiring, eavesdrop

Attack: Modification
intercept
Replaced info

Attack: Fabrication
Also called impersonation

Important Features of Security
• Confidentiality, also known as secrecy:
• only an authorized recipient should be able to extract the
contents of the message from its encrypted form. Otherwise, it
should not be possible to obtain any significant information
about the message contents.
• Integrity:
• the recipient should be able to determine if the message has
been altered during transmission.
• Authentication:
• the recipient should be able to identify the sender, and verify
that the purported sender actually did send the message.
• Non-repudiation:
• the sender should not be able to deny sending the message.

Cryptography
• Cryptography is the study of
• Secret (crypto-) writing (-graphy)
• Concerned with developing algorithms:
• Conceal the context of some message from all except
the sender and recipient (privacy or secrecy), and/or
• Verify the correctness of a message to the recipient
(authentication)
• Form the basis of many technological solutions to
computer and communications security problems

Basic Concepts
• Cryptography
• encompassing the principles and methods of transforming
an intelligible message into one that is unintelligible, and
then retransforming that message back to its original form
• Plaintext
• The original intelligible message
• Ciphertext
• The transformed message
• Message
• Is treated as a non-negative integer hereafter

Basic Concepts
• Cipher
• An algorithm for transforming an intelligible message
into unintelligible by transposition and/or substitution
• Key
• Some critical information used by the cipher, known
only to the sender & receiver
• Encipher (encode)
• The process of converting plaintext to ciphertext
• Decipher (decode)
• The process of converting ciphertext back into plaintext

Basic Concepts
• cipher
• an algorithm for encryption and decryption. The exact
operation of ciphers is normally controlled by a key — some
secret piece of information that customizes how the
ciphertext is produced
• Protocols
• specify the details of how ciphers (and other cryptographic
primitives) are to be used to achieve specific tasks.
• A suite of protocols, ciphers, key management, user-
prescribed actions implemented together as a system
constitute a cryptosystem;
• this is what an end-user interacts with, e.g. PGP

Encryption and Decryption
Plaintext ciphertext
Encipher C = E(K1)(P)
Decipher P = D(K2)(C)
K1, K2: from keyspace

Security
• Two fundamentally different securities
• Unconditional security
• No matter how much computer power is available, the cipher
cannot be broken
• Using Shannon’s information theory
• Computational security
• Given limited computing resources (e.G time needed for
calculations is greater than age of universe), the cipher cannot
be broken
• Proved by some complexity equivalence approach

Cryptography and Network Security
Elementary Number Theory
Xiang-Yang Li

Number theory
• Elementary number theory
• Main topic of this course
• divisibility, the Euclidean algorithm to compute greatest common divisors,
factorization
• Fermat's little theorem and Euler's theorem, the Chinese remainder theorem
and Euler's φ function are investigated;
• Analytic number theory
• Algebraic number theory
• Geometric number theory
• Computational number theory

GCD
• Greatest common divisor gcd(a,b)
• The largest number that divides both a and b
• Euclid's algorithm
• Find the GCD of two numbers a and b, a<b
• Use fact if a and b have divisor d so does a-b, a-2b
…
d ma nb
d a b
d a b
d a b
d a qb





2
3

Cont.
• GCD (a,b) is given by:
• let g0=b
• g1=a
• gi+1 = gi-1 mod gi
• when gi =0 then gcd(a,b) = gi-1
• The algorithm terminates in O(log b) rounds
• Why?
• Every round, the total number of bits of a and b is decreased by at
least one
What is a more precise
complexity bound?

Properties
• For any two integers a and b
• Exist integers m and n: gcd(a,b) =ma+bn
• Example:
• a=2, b=3; we choose m=-1, n=1 so –2+3=1
• a=6, b=11; we choose m=2, n=-1 so 2*6-11=1
• Simple proof?
• Integer n can be factored as
• n=p1
a1 p2
a2 p3
a3…. pn
an where pi is prime number

Extended Euclidean Algorithm
• input are two integers a and b, computes
• their greatest common divisor (gcd) as well as
• integers x and y such that ax + by = gcd(a, b).
• It later can also be used to compute the inverse of an integer
a n
1
mod

Proof
• Assume we compute gcd(x0,y0), x0>y0
• Let Xi=(xi,yi); 0xi-qi+1yi+1<|yi|
• Then Xi=MiXi-1, where Mi=(0,1; 1,-qi)
• Assume the gcd algorithm terminates in n steps
• We have MnMn-1
…M1X0=(gcd(x0,y0), 0)T
• Assume MnMn-1
…M1=( )
• Then ax0+by0=gcd(x0,y0)
• The above algorithm is to keep track of a,b,c,d, and xi,yi values.
a b
c d

Modular Arithmetic
• Congruence
• a  b mod n says when divided by n that a and b have
the same remainder
• It defines a relationship between all integers
• a  a
• a  b then b  a
• a  b, b  c then a  c

Cont.
• addition
• (a+b) mod n (a mod n) + (b mod n)
• subtraction
• a-b mod n  a+(-b) mod n
• multiplication
• a b mod n
• derived from repeated addition
• Possible: a*b  0 where neither a, b  0 mod n
• Example: 2*3 =0 mod 6

Addition and Multiplication
• Integers modulo n with addition and multiplication
form a commutative ring with the laws of
• Associativity
• (a+b)+c  a+(b+c) mod n
• Commutativity
• a+b  b+a mod n
• Distributivity
• (a+b)*c  (a*c)+(b*c) mod n

Cont.
• Division
• b/a mod n
• multiplied by inverse of a: b/a = b*a-1 mod n
• a-1*a  1 mod n
• 3-1 7 mod 10 because 3*7  1 mod 10
• Inverse does not always exist!
• Only when gcd(a,n)=1

Euclid's Extended GCD Routine
• If (a,n)=1 then the inverse always exists
• Can extend Euclid's algorithm to find inverse by
keeping track of gi = ui.n + vi.a
• Extended Euclid's (or binary GCD) algorithm to find
inverse of a number a mod n (where (a,n)=1) is:

Inverse
• Inverse(a,n) is given by:
• X=(x1,x2,x3)=(1,0,n); Y=(y1,y2,y3)=(0,1,a)
• If y3=0 return x3=gcd(a,n); no inverse
• If y3=1 return y3=gcd(a,n); y2=a-1 mod n
• Q=[x3/y3]
• T=X-Q*Y
• X=Y; Y=T
• Goto 2nd step

When inverse exists
• If gcd(a,n)=1  inverse exists
• We can find x, y such that ax+ny=1
• Then x= a-1 mod n
• If inverse exists gcd(a,n)=1
• Let x be the inverse of a, i.e., ax=1 mod n
• Then x a=1+q n for some integer q
• Let gcd(a,n)=d. Then d | (x a-q n )
• Obviously d=1 since x a-q n =1

Galois Field
• If n is constrained to be a prime number p then
this forms a Galois field modulo p denoted GF(p)
and all the normal laws associated with integer
arithmetic work
• Exponentiation
• b = ae mod p
• Discrete Logarithms
• find x where ax = b mod p

Relative primes
• Two numbers a and n are relative primes if
• gcd(a,n)=1
• Consider all integers 0<a <n
• How many are relative prime to n?
• Equivalently, how many a such that a-1 mod n exists
• Typically
• Zn={0,1,2,….,n-1} : all integers 0<= a < n
• Zn
*={a| 0<= a < n, gcd(a,n)=1}
• All integers in Zn that are co-prime with n
• Also called reduced residue set mod n

Euler Totient Function
• If consider arithmetic modulo n, then a reduced
set of residues is a subset of the complete set of
residues modulo n which are relatively prime to n
• eg for n=10,
• the complete set of residues is {0,1,2,3,4,5,6,7,8,9}
• the reduced set of residues is {1,3,7,9}
• The number of elements in the reduced set of
residues is called the Euler Totient function (n)

cont
• Compute (n)
• If factoring of n is known
• (n)=n (1-1/pi) where pi is its prime factor
• Otherwise
• It is expensive!
• But not proved yet
• computing (n) when knowing fact n =pq but not
the number p and q
• Conjectured to be a hard question
• But not proved yet.
• Equivalent to find p and q

cont
• Equivalency: finding p,q computing (n)
• Proof
• If we found p and q, then (n)=(p-1)(q-1)
• if we found (n), then solve p, q from equations
n p q
n p q
 
  


( ) ( )( )
1 1

Euler's Theorem
• Let gcd(a,n)=1 then
• a(n) mod n = 1
• Proof:
• consider all reduced residues xi in Zn
*={x| 0<= x < n,
gcd(x,n)=1}
• Then axi,1<=i <= (n) also form reduced residues set
• Using  axi =  xi mod n
• Using Zn
* and aZn
* are same sets!
• We have a(n)  xi =  xi mod n
• Thus, a(n) =1 mod n
• Using the fact that  xi has inverse

Fermat's Little Theorem
• Let p be a prime and gcd(a,p)=1 then
• ap-1 mod p = 1
• Proof: similar to the proof of Euler’s theorem
• But consider all integers in Zp
• Generally, for any prime number p
• ap mod p = a (true for any number a)
• Generally, for any number n=pq
• a(n) mod n = a (true for any number a)
• Need to prove for the case gcd(a,n)>1
Do it yourself

Efficient computing of exponential
• Compute ab mod n efficiently when b, n large?
• Example: compute a1024 mod 21024 +1
• Simple approach: repetitively time a 1024 times?
• Efficient computation:
• Write number b in binary format as xkxk-1xk-2….x2x1x0
• Let t1=a mod n. Then compute ti+1= ti * ti mod n for i<k
• Then
 
a n a n
a n
t n
b x x x x x x
x
i k
i
x
i k
k k k
i
i
i
mod mod
[ ] mod
mod
....
( )



 
 
 


1 2 2 1 0
2
0
0
Time complexity?

Chinese Remainder Theorem
• By Qin Jiushao
• Let m1,m2,….mk be pair-wise relative prime numbers
• Assume integer x= ai mod mi for 1<= I <= k
• Then x=  ai ei mod M
• Where M= mi; Mi=M/ mi
• ei= Mi * (Mi
-1 mod mi)
• Proof
• For each i, the integers mi and M/mi are coprime, and using the
extended Euclidean algorithm we can find integers r and s such that r
mi + s M/mi = 1. If we set ei = s M/mi, then we have
• ei =1 mod mi and ei =1 mod mj for j<>i.

General CRT
• Sometimes, the simultaneous congruences can be solved even if the
mi's are not pairwise coprime.
• a solution x exists if and only if ai ≡ aj (mod gcd(ni, nj)) for all i and j.
• All solutions x are congruent modulo the least common multiple of the ni.
• Methods: successive substitution

Example
• consider the simultaneous congruences
 x ≡ 3 (mod 4)
 x ≡ 5 (mod 6)
Can be transformed to
 x ≡ 3 (mod 4)
 x ≡ 5 (mod 2)  x ≡ 1 (mod 2)
 x ≡ 5 (mod 3)
Then transformed to
 x ≡ 3 (mod 4)
 x ≡ 2 (mod 3)
Using CRT
 X=11 (mod 12)

Primality Testing
• To check if exists integer a such that a|n
• Primary school method
• Test a=2,3,4,5,6,….,n-1
• Test a=2,3,4,5,…, n0.5
• Test a=2,3,5,7,11,…., p, where prime number p<=n0.5
• Two slow!
• Check almost n numbers
• Check n0.5 numbers
• At least around (n/ln n)0.5 numbers need be checked
• Example
• Number n~21024, then
• (n/ln n)0.5~(21024 /1024) 0.5 ~ 2507
• Assume 230 numbers per second, takes about 2507-30*16 = 227 days
• Any improvement?

Simple Fact
• Equation x21 mod p has only solutions 1,-1
• If p is prime number
• Simple proof: (x+1)(x-1)  0 mod p
• So if we find another solution, then p can not be
prime number!
• Miller and Rabin 1975,1980
• Randomly chosen integer a
• If a21 mod p then p is not prime number
• Integer a is called the witness
• Otherwise p maybe, or maybe not a prime number

Witness Algorithm
• Witness(a,n)
• Let bkbk-1…b1b0 be the binary code of n-1
• Let d=1
• For i=k downto 0
• x=d; d=d*d mod n
• If d=1 and x1, and x n-1
• return TRUE
• If bi=1 then d=d*a mod n
• Endfor
• If d  1 then return TRUE
• Return FALSE

Facts
• Analysis the result of witness
• If returns TRUE, then n is not prime number
• Find other solutions for x21 mod n
• Otherwise, n maybe prime number
• Given odd n and random a
• Witness fails with probability less than 0.5
• Run witness algorithm s times
• If one time, it is TRUE
• Then n is not prime number
• Otherwise, Pr(n is prime)>1-2-s

Randomized Methods
• Las Vegas Method
• Always produces correct results
• Runs in expected polynomial time
• Monte Carlo Method
• Runs in polynomial time
• May produce incorrect results with bounded probability
• No-Biased Monte Carlo Method
• Answer yes is always correct, but the answer no may be wrong
• Yes-biased Monte Carlo Method
• Answer no is always correct, but the answer yes may be wrong

Witness Algorithm
• Witness Algorithm is based on Monte Carlo
Method
• It actually test compositeness, not primality
• When it reports yes, the number is always composite
• When it reports no, input may be composite, prime
• Probability Result
• Pr(input=composite | ans=composite)= 1
• Pr(ans=no | input=composite)<1/2
• Pr(input=composite | ans=no)  1/4

Time Complexity
• Each round of witness cost O(log n)
• Unit: integer multiplication and modular arithmetic
• So the primality testing cost O(s log n)
• The confidence is 1-2-s if report prime
• The confidence is 1 if report non-prime

Primitive Root
• Order of integer ordn(a)
• The order of a modulo n is the smallest positive k such
that ak1 mod n
• Primitive Root
• Integer a is a primitive root of n if the order of a
modulo n is (n)
• Not all integers have primitive root
• Example n=pq for primes p and q
• Prime p has (p-1) primitive roots

cont
• When primitive root exists
• Number n in format of p, 2p, pk, 2pk for some integer k and prime number p
• Otherwise the primitive root does not exist
• Find a PR for p such that
• Let a=2, i=1
• If i>k, a is a PR, otherwise go to step 3
• If let i=i+1 and go to step 2; otherwise let i=1, and a=a+1
and repeat this step 3.
p q q
a
k
ak
  
1 1
1
....
a p
p qi
( )/
mod


1
1

Some “hard” questions
• Some questions that are assumed to be hard, will be used as bases
for cryptography
• Integer factorization
• Given n, find all its prime factors
• Discrete logarithm
• Given g, y, and p, find x such that gxy mod p
• Square root
• Given b, find x such that x2b mod n. Here n is not a prime number

Integer Factorization
• write an integer as product of prime numbers.
• For example, given the number 45, the prime factorization would be 32·5.
• The factorization is always unique, according to the fundamental theorem of
arithmetic
• Given two large prime numbers, it is easy to multiply them. However, given
their product, it appears to be difficult to find the factors.
• This is relevant for many modern systems in cryptography. If a fast method
were found for solving the integer factorization problem, then several
important cryptographic systems would be broken.
• Although fast factoring is one way to break these systems, there may be
other ways to break them that don't involve factoring. So it is possible that
the integer factorization problem is truly hard, yet these systems can still be
broken quickly.
• A rare exception is the BBS generator. It has been proved to be exactly as
hard as integer factorization: if you can break the generator in polynomial
time then you can factorize integers in polynomial time, and vice versa

Current state of the art
• If a large, n-bit number is the product of two primes that are roughly
the same size,
• no polynomial time factoring algorithm is known
• the best known algorithms are sub-exponential, but super-polynomial:
asymptotic running time by the general number field sieve (GNFS) algorithm,
is
• Polynomial methods known for quantum computer!

Factoring algorithms
• Special purpose
• its running time depends on the properties of unknown factors: size, special form, etc.
• Examples
• Trial division, Pollard's rho algorithm, Pollard's p-1 algorithm, Lenstra elliptic curve factorization,
Congruence of squares, Special number field sieve
• General purpose
• running time depends solely on the size of the integer to be factored. This is the type of
algorithm used to factor RSA numbers. Most general-purpose algorithms are based on the
congruence of squares method.
• Examples:
• Quadratic sieve, General number field sieve

Discrete Logarithms
• Y  gx mod p
• Given y, g, and p, compute x as logg(y)
• Time complexity O(e(ln p)1/3(ln ln p)2/3
)
• Best known until now
• In other words, if p is large, then it is very hard to solve the discrete logarithm
problem
• Several protocols are based on this
• ElGamal discrete log cryptosystem, Diffie-Hellman key exchange and the Digital
Signature Algorithm.
• Current methods:
• the Pohlig-Hellman algorithm if p-1 is a product of small primes,
• so this should be avoided in those applications

Quadratic Residue
• Quadratic Residue
• Integer b is a quadratic residue of modulo integer n if
and only if x2 b mod n has a solution for x
• Number x is called the square root of b
• Otherwise b is called quadratic nonresidue
• Given odd prime p,
• b is quadratic residue, iff b(p-1)/2 1 mod p
• b is quadratic nonresidue, iff b(p-1)/2 -1 mod p
• These facts can be used to test primes with probability

Computing Square root mod p
• Given number a, find number x, x2 =a mod p
• If p=3 mod 4, then x=a(p+1)/4 mod p is a solution.
• If p=5 mod 8, a(p-1)/4 =1 mod p then x= a(p+3)/8 mod p
• If p=5 mod 8, a(p-1)/4 =-1 mod p then x= 2a(4a)(p-5)/8 mod p
• If p=1 mod 8,
x a N
h
sk

1
2
p h
k
 
1 2 Here h is an odd number

Compute square-root mod p
• Find a solution to x2 =a mod p if exists
• Let r=0, s=p-1; while s even, {r=r+1; s=s/2;}
• Choose random n such that
• Let z=ns mod p; x=a(s+1)/2 mod p; b=as mod p;
• If b=1, return x as a solution
• Let m=1, y=b2 mod p; while y<>1 {y= y2 mod p; m=m+1;}
• If r=m then a is Quadratic non-residue; exit;
• Let x=xz2r-m-1
mod p and b=bz2r-m
mod p and z=z2r-m
mod p
• Go to step 4
• The expected running time is O(log4 p)
n
p





  1

Complexity Theory
• The input length of a problem is the number n of symbols
used to characterize it
• Complexity of a method
• Function f(n) is order O(g(n)) if
• f(n)<=c*|g(n)|, for all n>=N0, for some c
• Function f(n) is order (g(n)) if
• f(n)>=c*|g(n)|, for all n>=N0, for some c
• Function f(n) is order  (g(n)) if
• c1*|g(n)|<=f(n)<=c2*|g(n)|, for all n>=N0, for some c1 and c2
• Polynomial time algorithm (P)
• solves any instance of a particular problem with input length n in time
O(p(n)), where p is a polynomial

Cont.
• Non-deterministic polynomial time algorithm (NP)
• is one for which any guess at the solution of an instance of
the problem may be checked for validity in polynomial
time.
• NP-complete problems
• are a subclass of NP problems for which it is known that if
any such problem has a polynomial time solution, then all
NP problems have polynomial solutions.
• Co-NP: the complements of NP problems.

Number Theory 5 Sem.pptx

More Related Content

Similar to Number Theory 5 Sem.pptx (20)

Recently uploaded (20)

Number Theory 5 Sem.pptx