Download - jithin raj
-
8/10/2019 jithin raj
1/24
Introduction to Modern Cryptography
Lecture 6
1.Testing Primitive elements in Zp2.Primality Testing.
3.Integer Multiplication & Factoringas a One Way Function.
-
8/10/2019 jithin raj
2/24
Testing Primitive Elements mod p
Let pbe a prime number so that the primefactorization of p-1is no!n"
p-1 # $1e1$%e% &$e '$1($%(&($primes)*
Theorem" gZpis a primitive element inZpiff
g(p-1)+$1( g(p-1)+$%(& ( g(p-1)+$ are all 1 mod p
,lgorithm"Efficiently compute allkpowers.Caveat"e$uires factorization of p-1*
-
8/10/2019 jithin raj
3/24
Proof
. Ifgis a primitive mod pthengimod p/ 1 for all 1 0 i0p-%
. Ifgis not a primitive element mod p(let dbe the order ofg* ddivides p-1(let $be a prime divisor of 'p-1)+d(
then. gd# 1 mod p( ddivides 'p-1)+$( and sog'p-1)+$#1 mod p*
-
8/10/2019 jithin raj
4/24
> isprime(!"#"$%
true> p'!"#"$ p ' )6*$)"++,))-,*+,"+,,,)*),6)$)$..6+))6$.$")+$"+".+$..*"*,)$
> a' (p#$%/ ' 0 printing supressed
> +!a mod p 0 na1ve e2ponentiation
3rror4 integer too large in conte2t 0in5easile
> + &! a mod p M7PL3 8as 9no:le
$ 0 t8us + is not a primitive element mod p
> veri5y (6 &! ((p#$%/% mod p 4 $4 e;ual%
5alse> i5actor(p#$4easy% 0 t8e
-
8/10/2019 jithin raj
5/24
> p'!"#"$' 0 4+4.4,-."$4+$,+-" are t8e easy 5actors o5p#$
> veri5y (6 &! ((p#$%/+% mod p 4 $4 e;ual%
true
0 t8us 6 isnota primitive element mod p
> FactorsList'4+4.4,-."$4+$,+-"?'
> g'++"6' 0 a candidate primitive element (@ t8e $. t8I tried%
> 5or ; in FactorsList do
> print(;4veri5y(g &! ((p#$%/;% mod p4$4e;ual%% od
45alse
+45alse
.45alse
,-."$45alse
+$,+-"45alse
Testing Primitive Element 'cont*)
o far( %223%4loos lie a good candidate 'it passed all fivetests it !ent through)* 5o!ever( !e cannot no! for sure!ithout factoring1391408329525731694572885376794002392773810411297233333
*
-
8/10/2019 jithin raj
6/24
http"++!!!*spd*dcu*ie+6ohnbcos+
from 7ohn Cosgrave( Math 8ept(t* Patric9s College(8ublin( IEL,:8*
Primality Testing
, prime number !ith%;;; digit '
-
8/10/2019 jithin raj
7/24
Primality Testing
Input" , positive integer M( %n-1>M>%n
8ecision Problem" Is Ma composite number?
8ecision problem is in :P 'guess ? verify).
earch Problem" @ind prime factors ofM.
@actoring integers deterministically is no!no!n to be tractable
-
8/10/2019 jithin raj
8/24
Primality Testing
Auestion" Is there a better !ay to solve thedecision problem 'test if Mis composite) thanby solving the search problem 'factoring M)?
Basic Idea olovay-trassen( 13DD:To sho! that Mis composite(enough to findevidencethat M doesnotbehave lie a prime.
uch evidence need not include any primefactor of M.
-
8/10/2019 jithin raj
9/24
Primality Testing
Evidence that M isnonprime may come from@ermatFs little theorem:,ny 1> a> Msatisfying aM-1 1 suppliesconcrete evidence that M isnon prime'but nofactorization G )
EHample: >M'*))))))-""*:>769967665& (M#$)mod M;
$-6$".6- M iscomposite
ill J@ermat testK al!aysfind such evidence?
-
8/10/2019 jithin raj
10/24
Primality Testing
There are some M !here@ermat test fails!
EHample: >M'.."++"*"$"'>769967665& (M#$)mod M;
1>3222223664& (M#$)mod M;
1
ell( maybeM isprimeafter all?>gcd(66$"4M%;
66$"
End of story regarding M
-
8/10/2019 jithin raj
11/24
Aarmic8ael Bumers
Composites M !here @ermat test fails
(aM-1=1)for mosta,1(M#$)mod 15442 ; (M-1) mod 6618; (M-1) mod 2206;0
0
0
Theorem" Mis a Carmichael number iff
M#p1p
%p
2&p
' % )( allp
iare distinct primes,
and every pi satisfies pi-1 dividesM-1.
Carmichael numbers" are( still infinitely many.
EHample
-
8/10/2019 jithin raj
12/24
3vidence t8atM isnonprime
, !itness a( 1 > a > M such that either
1* gcd' a (M) >1 implies Mhas nontrivial factors *
2.aM-1 1mod M implies the size of themultiplicative group MNis smaller than M-1.
3.a%#1mod M but a M -1 implies 1has more than t!os$uare rootsin M*.
-
8/10/2019 jithin raj
13/24
Cac9 to our 5avoriteM.."++"*"$"Being a Carmichael number( !e !onFt easily
find a !itness that is either a non trivialfactor or fluns the @ermat test.8enote M-1#%r* o bM-1# 'br)% # 1mod M.
If br M -1 mod M( then a#br is a !itnessof type '2).
>769967665& ((M#$)/2)mod M;
187977462064
>3222223664& ((M#$)/2)mod M;
206734298217
Ootcha!In both casesa% # 1 buta M -1.
-
8/10/2019 jithin raj
14/24
-
8/10/2019 jithin raj
15/24
Let M-1#%
r!here ris odd.Pic 1> b>M.Compute mod M
a;# br
( a1# 'a;)%
( a%# 'a1)%
(&( a# 'a-1)%
.1.If a 1 then M iscomposite.
Let6 be the smallest indeH !itha6 # 1mod M.
2.If ; >6 and a6-1 M-1thenM iscomposite.
3vidence t8atM isAomposite
Call b satisfying'1)or'%) a smart !itness.
-
8/10/2019 jithin raj
16/24
Miller T8eorem ($"**%
Let M#%rQ1!here ris odd.If M is composite thenthereisN a small smart !itness b
(small means b> 'log M)%.
*,ssuming a 'yet) unproven number theoreticstatement" The eHtended iemann hypothesis
-
8/10/2019 jithin raj
17/24
Eain T8eorem ($")-%
Let M#%rQ1!here ris odd.If M is composite thenat least2M+< of allb in the range
1 Mare smart !itnesses.
:o assumption re$uired( and proof employsonly elemetrary tools.
-
8/10/2019 jithin raj
18/24
Miller#Eain Primality Testing
Input" dd integer M'%n-1 > M > %n).epeat 1;; times:Pic bat random '1> b>M).
Chec if b isasmart !itness ' poly'n) time).
If one or more b isasmart !itness( outputMis composite.
ther!ise output JMis prime.
-
8/10/2019 jithin raj
19/24
-
8/10/2019 jithin raj
20/24
Primality Testing
In terms of compleHity classes( this algorithm(and its predecessor( olovay-trassen
algorithm) imply
Composites RP
RP=Random Poly Time one sided error.Easy fact! RP is contained in "P.
-
8/10/2019 jithin raj
21/24
-
8/10/2019 jithin raj
22/24
Crea9ing Be:s' Primes is in P
Manindra 7gra:al4 BeeraG Hayal4 Bitina2ena 4 India Institute o5 Tec8nology4
Hanpur'
-
8/10/2019 jithin raj
23/24
Integer Multiplication & Factoring
as a One Way FunctionJ
p# $=p#
%ard
easy
&.! 'an a pu(lic key system (e (ased
on t%is o(servation?????
-
8/10/2019 jithin raj
24/24
Be2t uGect
,*" , public ey cryptosystem
hamir ,delmanivest