1 cse20 lecture 6: number systems 5. residual numbers (cont) & 6. cryptography ck cheng uc san...
TRANSCRIPT
1
CSE20 Lecture 6: Number Systems5. Residual Numbers (cont) &
6. Cryptography
CK ChengUC San Diego
Residual Numbers(NT-1 and Shaum’s Chapter 11)
• Introduction• Definition• Operations• Inverse Conversion
2
Inverse Conversion
3
Number xResidual number(x1, x2, …, xk)+, -, x operationsfor each xi under mi
Chinese Remainder Theorem
Mod Operation
Moduli (m1, m2, …, mk)
Results
Chinese Remainder TheoremGiven a residual number (r1, r2, …, rk) with
moduli (m1, m2, …, mk), where all mi are mutually prime, set M= m1×m2× …×mk, and Mi=M/mi.
1. Find Si that (Mi×Si)%mi = 1 (Si an inverse of Mi in mod mi)
2. The corresponding number x = (∑i=1,k(Mi Si ri))%M.
4
ExampleGiven (m1,m2,m3)=(2,3,7), M=2×3×7=42, we have
M1=m2×m3=3×7=21 (M1S1)%m1=(21S1)%2=1
M2=m1×m3=2×7=14 (M2S2)%m2=(14S2)%3=1
M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%7=1
Thus, (S1, S2, S3) = (1,2,6)
For a residual number (0,2,1): x=(M1S1r1 + M2S2r2 + M3S3r3)%M
=(21×1×0 + 14×2×2 + 6×6×1 )%42= ( 0 + 56 + 36 )%42 = 92%42 = 8
5
ExampleFor a residual number (1,2,5): • x=(M1S1r1 + M2S2r2 + M3S3r3)%M
= (21×1×1 + 14×2×2 + 6×6×5)%42= (21 + 56 + 180)%42= 257%42 = 5
6
Example: iClickerGiven (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have
M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1
M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1
M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%5=1
Thus, (S1, S2, S3) is
A. (1, 1, 1)B. (1, 2, 1)C. (2, 1, 2)D. None of the above
7
Example: iClickerGiven (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have
M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1
M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1
M3=m1×m2=2×3=6 (M3S3)%m3=(6S3)%5=1
For a residual number (x1,x2,x3)=(1,2,3), the corresponding number x is
A. 5B. 19C. 23D. None of the above
8
Proof of Chinese Remainder Theorem
Let A = ∑i=1,k(Mi Si ri), we show that
1. A%mv = rv and 2. x=A%M is unique.
1. A%mv= [∑i=1,k(Mi Si ri) ]% mv
= [Σ(MiSiri) % mv]%mv = (MvSvrv)%mv
= [(MvSv)%mv × rv%mv ]%mv = rv%mv = rv
2. Proof was shown in lecture 5.
9
6. Cryptography
1. Introduction2. RSA Protocol3. Remarks
10
6.1 Cryptography: Introduction
• Application of residual number systems• Number theory (skip)• Show the basic concept and process• Many variations
11
6.2 RSA Protocol
• Function P(X)=Xe%N is public.• Function S(X)=Xd%N is secret.• Message M is private, but P(M) is observed by all.• Desired feature: S(P(M))=M.Example: (e,N)=(7,55), (d,N)=(23,55) M=12 => P(12)=127%55=23 => S(23)=2323%55=12 M=8 => P(8)=87%55=2 => S(2)=223%55=?
12
P(X) S(X)M
Public (e,N), P(M)
Secret(d,N)Private
M
6.2 RSA Protocol
1. N=pq where p & q are primes and kept secret.2. e is mutually prime to f(N)=(p-1)(q-1)3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1 Theorem: S(P(M))=P(S(M))=M for 0<=M<NNote that S(P(M))=Med%NTheorem: Mf(N)%N=1 for 0<=M<NAssumption: p & q are hard to find. Consequently, it is difficult to
derive d.
13
P(X)=Xe%N S(X)=Xd%NM M
(e,N)(d,N)
6.2 RSA Protocol
1. N=pq where p & q are primes and kept secret.2. e is mutually prime to f(N)=(p-1)(q-1)3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1 Example: N=pq=3x11=33, f(N)=(3-1)(11-1)=20Let e=3, then d=7 (3x7%20=1). M=9 => P(9)=93%33=3 => S(3)=37%33=?
14
P(X)=Xe%N S(X)=Xd%NM M
(e,N)(d,N)
6.3 Remark• Residual number system is used in
cryptography.• RSA protocol uses public key for coding P(X)
and secret key to decode S(X).• Use wide words (>1000 bits) so that the
solution is computationally expensive without the knowledge of the function S(X).
15