1

CSE20 Lecture 6: Number Systems5. Residual Numbers (cont) &

6. Cryptography

CK ChengUC San Diego

Residual Numbers(NT-1 and Shaum’s Chapter 11)

• Introduction• Definition• Operations• Inverse Conversion

2

Inverse Conversion

3

Number xResidual number(x1, x2, …, xk)+, -, x operationsfor each xi under mi

Chinese Remainder Theorem

Mod Operation

Moduli (m1, m2, …, mk)

Results

Chinese Remainder TheoremGiven a residual number (r1, r2, …, rk) with

moduli (m1, m2, …, mk), where all mi are mutually prime, set M= m1×m2× …×mk, and Mi=M/mi.

1. Find Si that (Mi×Si)%mi = 1 (Si an inverse of Mi in mod mi)

2. The corresponding number x = (∑i=1,k(Mi Si ri))%M.

4

ExampleGiven (m1,m2,m3)=(2,3,7), M=2×3×7=42, we have

M1=m2×m3=3×7=21 (M1S1)%m1=(21S1)%2=1

M2=m1×m3=2×7=14 (M2S2)%m2=(14S2)%3=1

M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%7=1

Thus, (S1, S2, S3) = (1,2,6)

For a residual number (0,2,1): x=(M1S1r1 + M2S2r2 + M3S3r3)%M

=(21×1×0 + 14×2×2 + 6×6×1 )%42= ( 0 + 56 + 36 )%42 = 92%42 = 8

5

ExampleFor a residual number (1,2,5): • x=(M1S1r1 + M2S2r2 + M3S3r3)%M

= (21×1×1 + 14×2×2 + 6×6×5)%42= (21 + 56 + 180)%42= 257%42 = 5

6

Example: iClickerGiven (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have

M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1

M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1

M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%5=1

Thus, (S1, S2, S3) is

A. (1, 1, 1)B. (1, 2, 1)C. (2, 1, 2)D. None of the above

7

Example: iClickerGiven (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have

M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1

M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1

M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%5=1

For a residual number (x1,x2,x3)=(1,2,3), the corresponding number x is

A. 5B. 19C. 23D. None of the above

8

Proof of Chinese Remainder Theorem

Let A = ∑i=1,k(Mi Si ri), we show that

1. A%mv = rv and 2. x=A%M is unique.

1. A%mv= [∑i=1,k(Mi Si ri) ]% mv

= [Σ(MiSiri) % mv]%mv = (MvSvrv)%mv

= [(MvSv)%mv × rv%mv ]%mv = rv%mv = rv

2. Proof was shown in lecture 5.

9

6. Cryptography

1. Introduction2. RSA Protocol3. Remarks

10

6.1 Cryptography: Introduction

• Application of residual number systems• Number theory (skip)• Show the basic concept and process• Many variations

11

6.2 RSA Protocol

• Function P(X)=Xe%N is public.• Function S(X)=Xd%N is secret.• Message M is private, but P(M) is observed by all.• Desired feature: S(P(M))=M.Example: (e,N)=(7,55), (d,N)=(23,55) M=12 => P(12)=127%55=23 => S(23)=2323%55=12 M=8 => P(8)=87%55=2 => S(2)=223%55=?

12

P(X) S(X)M

Public (e,N), P(M)

Secret(d,N)Private

M

6.2 RSA Protocol

1. N=pq where p & q are primes and kept secret.2. e is mutually prime to f(N)=(p-1)(q-1)3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1 Theorem: S(P(M))=P(S(M))=M for 0<=M<NNote that S(P(M))=Med%NTheorem: Mf(N)%N=1 for 0<=M<NAssumption: p & q are hard to find. Consequently, it is difficult to

derive d.

13

P(X)=Xe%N S(X)=Xd%NM M

(e,N)(d,N)

6.2 RSA Protocol

1. N=pq where p & q are primes and kept secret.2. e is mutually prime to f(N)=(p-1)(q-1)3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1 Example: N=pq=3x11=33, f(N)=(3-1)(11-1)=20Let e=3, then d=7 (3x7%20=1). M=9 => P(9)=93%33=3 => S(3)=37%33=?

14

P(X)=Xe%N S(X)=Xd%NM M

(e,N)(d,N)

6.3 Remark• Residual number system is used in

cryptography.• RSA protocol uses public key for coding P(X)

and secret key to decode S(X).• Use wide words (>1000 bits) so that the

solution is computationally expensive without the knowledge of the function S(X).

15