1Mathematical Background:Modular ArithmeticECE 646 - Lecture 5 2Review of Lecture 4•Classification of Attacks•Key Management–Key Establishment using KDC–Diffie Hellman key agreement scheme–Man-in-the-middle Attack–Directory of public keys3Review of Lecture 4•Certificates–Contents–Non repudiation using Certificates–Confidentiality using Certificates–PKI–CRLs•PGP 4Motivation:Public-key ciphers5RSA as a trap-door one-way functionMC = f(M) = Me mod NCM = f-1(C) = Cd mod NPUBLIC KEYPRIVATE KEYN = P ⋅ Q P, Q - large prime numberse ⋅ d ≡ 1 mod ((P-1)(Q-1))message ciphertext 6RSA keysPUBLIC KEYPRIVATE KEY{ e, N }{ d, P, Q }N = P ⋅ Qe ⋅ d ≡ 1 mod ((P-1)(Q-1))P, Q - large prime numbersgcd(e, P-1) = 1 and gcd(e, Q-1) = 1d:P, Q:N:e:7Mini-RSA keysPUBLIC KEYPRIVATE KEY{ e, N }{ d, P, Q }N = P ⋅ Q = 553 ⋅ d ≡ 1 mod 40P = 5 Q = 11gcd(e, 5-1) = 1 and gcd(e, 11-1) = 1d:P, Q:N:e: e=3d=27 8Mini-RSA as a trap-door one-way functionM=2C = f(2) = 23 mod 55 = 8C=8M = f-1(C) = 827 mod 55 = 2PUBLIC KEYPRIVATE KEYN = 5 ⋅ 11 5, 11 - prime numbers3 ⋅ 27 ≡ 1 mod ((5-1)(11-1))message ciphertext9Basic definitions 10General NotationZ – integers∀∃- there exists- for all∃!- there exists unique∈ - belongs to∉ - does not belong to11Divisibilitya | b iff ∃ c ∈ Z such that b = c ⋅ a a | b a divides b a is a divisor of ba | b a does not divide b a is not a divisor of b 12True or False?-3 | 18 14 | 7 7 | 63 -13 | 65 14 | 21 14 | 140 | 63 7 | 0 -5 | 0 0 | 013Prime vs. composite numbersAn integer p ≥ 2 is said to be prime if its only positive divisors are 1 and p. Otherwise, p is called composite. 14Prime or composite?1 15 7 2 0 1 -13 103 1117 1239 1427 See “The Prime Pages: prime number research, records, and resources”by Chris Caldwellhttp://www.utm.edu/research/primes/15Greatest common divisorGreatest common divisor of a and b, denoted by gcd(a, b),is the largest positive integer that divides both a and b.d = gcd (a, b) iff 1) d | a and d | b 2) if c | a and c | b then c ≤ d 16gcd (8, 44) =gcd (-15, 65) =gcd (45, 30) =gcd (31, 15) =gcd (0, 40) =gcd (121, 169) =17Relatively prime integersTwo integers a and b are relatively prime or co-primeif gcd(a, b) = 1 18Properties of the greatest common divisorgcd (a, b) = gcd (a-kb, b) for any k ∈ Z19Quotient and remainderGiven integers a and n, n>0∃! q, r ∈ Z such that a = q⋅ n + r and 0 ≤ r < nq – quotientr – remainder (of a divided by n) q = an= a div nr = a - q⋅ n = a – an⋅ n== a mod n 201 mod 5 =-32 mod 5 =21Integers coungruent modulo nTwo integers a and b are congruent modulo n(equivalent modulo n) written a ≡ biff a mod n = b mod nora = b + kn, k ∈ Zorn | a - b 22Laws of modular arithmetic23Rules of addition, subtraction and multiplicationmodulo na + b mod n = ((a mod n) + (b mod n)) mod na - b mod n = ((a mod n) - (b mod n)) mod na ⋅ b mod n = ((a mod n) ⋅ (b mod n)) mod n 249 · 13 mod 5 =25 · 25 mod 26 =25Laws of modular arithmeticModular additionModular multiplicationRegular additionRegular multiplicationa+b = a+ciffb=ca+b ≡ a+c (mod n)iffb ≡ c (mod n)If a ⋅ b = a ⋅ c and a ≠ 0then b = cIf a ⋅ b ≡ a ⋅ c (mod n) and gcd (a, n) = 1then b ≡ c (mod n) 26Modular Multiplication: Example 18 ≡ 42 (mod 8) 6 ⋅ 3 ≡ 6 ⋅ 7 (mod 8) 3 ≡ 7 (mod 8)x6 ⋅ x mod 80 1 2 3 4 5 6 70 6 4 2 0 6 4 2x5 ⋅ x mod 80 1 2 3 4 5 6 70 5 2 7 4 1 6 327The Ring m•Mathematical Structure•Consists of:–The set m = {0, 1 ,2 , ... , m-1}–Two operations “+” and “×” for all a, b m s.t.•a + b c mod m (c m)•a × b d mod m (d m) 28Properties of Rings1. Additive Identity is the element zero “0”a + 0 = a mod m, for any a m2. Additive Inverse “-a” of “a” is s.t. a + (-a) 0 mod m; -a = m – a for any a m3. Addition is closed: for any a, b m, a + b m4. Addition is commutative: for any a, b m, a + b = b + a5. Addition is associative: for any a, b m, (a + b) + c = a + (b + c)29Properties of Rings1. Multiplicative Identity is the element zero “1”a × 1 = a mod m, for any a m2. Multiplicative Inverse “a-1” of “a” is s.t. a × a-1 1 mod m; for any a m; Condition: gcd(a,m)=13. Multiplication is closed: for any a, b m, a × b m4. Multiplication is commutative: for any a, b m, a × b = b × a5. Multiplication is associative: for any a, b m, (a × b)c = a(b × c) 30Algorithms31Euclid's Algorithm•Compute gcd(22,6)6 6 6442222r0r1r2r3gcd(22,6)=gcd(6,4)gcd(6,4)=gcd(4,2)gcd(4,2)=2 32Euclid's Algorithmr0 = q1• r1 + r2r1 = q2• r2 + r3...rm-2 = qm-1• rm-1 + rmrm-1 = qm• rm + 0gcd(r0, r1) = gcd (r1, r2)gcd(r1, r2) = gcd (r2, r3)...gcd(rm-2, rm-1) = gcd (rm-1, rm)gcd(r0, r1) = gcd (rm-1, rm) = rmindex23... mCompute gcd(r0, r1); r0 > r1Termination Criteria33Euclid's Algorithmr0 = q1• r1 + r2r1 = q2• r2 + r3r2 = q3• r3 + r4r3 = q4• r4 + r5973 = 3 • 301 + 70301 = 4 • 70 + 2170 = 3 • 21 + 721 = 3 • 7 + 0index2345Example: Compute gcd(973, 301); r0 > r1Termination Criteriagcd(973, 301)= gcd(21, 7) = 7 34Multiplicative inverse modulo nThe multiplicative inverse of a modulo n is an integer [!!!]x such that a ⋅ x ≡ 1 (mod n)The multiplicative inverse of a modulo n is denoted bya-1 mod n (in some books a or a*).According to this notation: a ⋅ a-1 ≡ 1 (mod n)35Extended Euclidean AlgorithmEuclid's Algorithmr0 = q1• r1 + r2r1 = q2• r2 + r3...ri-2 = qi-1• ri-1 + ri...rm-2 = qm-1• rm-1 + rmrj = sj • r0 + tj • r1r2 = r0-q1•r1 = s2 • r0 + t2 • r1r3 = r1-q2•r2 = r1-q2(r0-q1•r1)= [-q2]r0 + [1+q1•q2]r1= s3 • r0 + t3 • r1...ri = si • r0 + ti • r1...rm=gcd(r0, r1) = sm • r0 + tm • r1index23... i...mGiven r0, r1, there exist s, t such that s • r0+t • r1= gcd(r0, r1); r0 > r1 36Extended Euclidean Algorithm•Recursive Formulae:s0 = 1, t0 = 0s1 = 0, t1 = 1si = si-2 – qi-1 • si-1, ti = ti-2 – qi-1 • ti-1; i=2,3,4,...•If gcd(r0, r1) = 1, then t = r1-1 mod …
View Full Document
Unlocking...