Embed Size (px)
Citation preview
Announcements:Announcements:1.1. CongratsCongrats on reaching the halfway point once again! on reaching the halfway point once again!2.2. Reminder: Reminder: HW5 due tomorrow, HW5 due tomorrow,
HW6 due Tuesday after breakHW6 due Tuesday after break3.3. Term project groups and topics due by Friday. Term project groups and topics due by Friday.
Questions? Questions?
This week:This week: Primality testing, factoringPrimality testing, factoring Discrete LogsDiscrete Logs
DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 21Day 21
Use Ch 10 – 19 as inspiration.Use Ch 10 – 19 as inspiration. Elliptic curves?Elliptic curves? Quantum crypto?Quantum crypto? Security protocols?Security protocols?
Deliverables:Deliverables: A paper demonstrating your understanding of A paper demonstrating your understanding of
the topicthe topic A 20-min in-class presentation 9A 20-min in-class presentation 9thth/10/10thth week week
Groups of 4 to bound presentation time.Groups of 4 to bound presentation time. Preliminary details postedPreliminary details posted
Term projectsTerm projects
Plus-deltaPlus-delta
Please give me 5 minutes of your time for Please give me 5 minutes of your time for feedback on the course so farfeedback on the course so far
Pulling 479 back into cachePulling 479 back into cache
RSA: public-key system: RSA: public-key system: nn, , ee known known Easy to encryptEasy to encrypt But need factorization of n (pq) to find d to decrypt.But need factorization of n (pq) to find d to decrypt. Factorization is a “one-way” functionFactorization is a “one-way” function Builds on lots of ch 3 number theory, like Euclid, Fermat, and Builds on lots of ch 3 number theory, like Euclid, Fermat, and
Euler.Euler. Relationship between RSA and AES in Relationship between RSA and AES in
http://www.grc.com/securitynow.htm#183, starting at 51:57 , starting at 51:57 (Thanks to Matthew Jacobs for reference)(Thanks to Matthew Jacobs for reference)
You used Maple to send messagesYou used Maple to send messages
You looked at some “implementation mistakes” (for You looked at some “implementation mistakes” (for example, using small values for e)example, using small values for e)
CompositenessCompositeness testing testing
Oops, did I say primality testing?Oops, did I say primality testing?Today, we discuss three techniques Today, we discuss three techniques
that can guarantee a number is that can guarantee a number is composite, and guess when one is composite, and guess when one is prime.prime.
1.1. Square Root Compositeness TheoremSquare Root Compositeness Theorem++
2.2. Fermat’s TheoremFermat’s Theorem==
3.3. Miller-Rabin Compositeness TestMiller-Rabin Compositeness Test
The Square Root Compositeness Theorem gives a The Square Root Compositeness Theorem gives a way to factor certain composite numbersway to factor certain composite numbers
Given integers n, x, and y:Given integers n, x, and y:
Then n is composite, and gcd(x-y, n) is a Then n is composite, and gcd(x-y, n) is a non-trivial factornon-trivial factor
Proof: on boardProof: on board
Toy example showing 21 is composite Toy example showing 21 is composite using x=2 and y=16. using x=2 and y=16.
)(mod),(mod22 nyxbutnyxIf
1
Review: Fermat can be used to test for Review: Fermat can be used to test for compositeness, but doesn’t give factorscompositeness, but doesn’t give factors
Fermat’s little theorem:Fermat’s little theorem: If n is prime and doesn’t divide a, thenIf n is prime and doesn’t divide a, then
Contrapositive:Contrapositive: If If then n is compositethen n is composite
In practice, In practice, If If then n is probably primethen n is probably prime
Rare counterexamples (15k of first 10B pos integers) called Rare counterexamples (15k of first 10B pos integers) called pseudoprimespseudoprimes
NotesNotes Never gives factorsNever gives factors Compute using powermodCompute using powermod
A is…A is… \ a \ an-1n-1 =1=1 ≠≠11
PrimePrime Usually trueUsually true NoneNone
CompositeComposite Rare pseudoprimeRare pseudoprime AllAll
)(mod11 nan
)(mod11 nan
)(mod11 nan
2
1)(mod2?
1 nn
Even?
div by other small primes?
Prime by Factoring/advanced techn.?
n
no
no
yes
yes
prime
)(mod12?
1 nn
Review: Primality testing schemes typically use the Review: Primality testing schemes typically use the contrapositive of Fermatcontrapositive of Fermat
The Miller-Rabin Compositeness Test just reorders The Miller-Rabin Compositeness Test just reorders the Fermat test’s powermod to catch pseudoprimesthe Fermat test’s powermod to catch pseudoprimes
Observe: n is odd and n>1 Observe: n is odd and n>1 Trick: write n-1=2Trick: write n-1=2kkm, where k >=1m, where k >=1
b0
)(mod12...21 naa mn
?
)(mod11 nan ?
We’ll compute powers from inside out, checking if the We’ll compute powers from inside out, checking if the result is +1 or -1 at each stepresult is +1 or -1 at each step
It uses the Square Root Compositeness Theorem to It uses the Square Root Compositeness Theorem to catch most pseudoprimescatch most pseudoprimes
Given odd n>1, write n-1=2Given odd n>1, write n-1=2kkm, where k >=1. m, where k >=1.
Choose a base a randomly (or just pick a=2)Choose a base a randomly (or just pick a=2)
Let bLet b00=a=amm(mod n)(mod n)If bIf b00=+/-1, stop. n is probably prime by =+/-1, stop. n is probably prime by
FermatFermatFor i = 1..k-1For i = 1..k-1
Compute Compute bbii=b=bi-1i-122..
If bIf bii=1(mod n), stop. n is composite by =1(mod n), stop. n is composite by SRCT, and gcd(bSRCT, and gcd(bi-1i-1-1,n) is a factor.-1,n) is a factor.If bIf bii=-1(mod n), stop. n is probably =-1(mod n), stop. n is probably prime by Fermat.prime by Fermat.
If bIf bkk=1 (mod n), stop. n is composite by =1 (mod n), stop. n is composite by SRCTSRCT
Else n is composite by Fermat.Else n is composite by Fermat.
k
b0
b1
bk
2...21
mn aa
b0
