Number Theory
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Efficient Regular Modular Exponentiation Using
J Cryptogr Eng (2017) 7:245–253 DOI 10.1007/s13389-016-0134-5 SHORT COMMUNICATION Efficient regular modular exponentiation using multiplicative half-size splitting Christophe Negre1,2 · Thomas Plantard3,4 Received: 14 August 2015 / Accepted: 23 June 2016 / Published online: 13 July 2016 © Springer-Verlag Berlin Heidelberg 2016 Abstract In this paper, we consider efficient RSA modular x K mod N where N = pq with p and q prime. The private exponentiations x K mod N which are regular and con- data are the two prime factors of N and the private exponent stant time. We first review the multiplicative splitting of an K used to decrypt or sign a message. In order to insure a integer x modulo N into two half-size integers. We then sufficient security level, N and K are chosen large enough take advantage of this splitting to modify the square-and- to render the factorization of N infeasible: they are typically multiply exponentiation as a regular sequence of squarings 2048-bit integers. The basic approach to efficiently perform always followed by a multiplication by a half-size inte- the modular exponentiation is the square-and-multiply algo- ger. The proposed method requires around 16% less word rithm which scans the bits ki of the exponent K and perform operations compared to Montgomery-ladder, square-always a sequence of squarings followed by a multiplication when and square-and-multiply-always exponentiations. These the- ki is equal to one. oretical results are validated by our implementation results When the cryptographic computations are performed on which show an improvement by more than 12% compared an embedded device, an adversary can monitor power con- approaches which are both regular and constant time. -
Modular Arithmetic
CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range f0;1;:::;N ¡ 1g, and wraps around whenever you try to leave this range — like the hand of a clock (where N = 12) or the days of the week (where N = 7). Example: Calculating the day of the week. Suppose that you have mapped the sequence of days of the week (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday) to the sequence of numbers (0;1;2;3;4;5;6) so that Sunday is 0, Monday is 1, etc. Suppose that today is Thursday (=4), and you want to calculate what day of the week will be 10 days from now. Intuitively, the answer is the remainder of 4 + 10 = 14 when divided by 7, that is, 0 —Sunday. In fact, it makes little sense to add a number like 10 in this context, you should probably find its remainder modulo 7, namely 3, and then add this to 4, to find 7, which is 0. What if we want to continue this in 10 day jumps? After 5 such jumps, we would have day 4 + 3 ¢ 5 = 19; which gives 5 modulo 7 (Friday). This example shows that in certain circumstances it makes sense to do arithmetic within the confines of a particular number (7 in this example), that is, to do arithmetic by always finding the remainder of each number modulo 7, say, and repeating this for the results, and so on. -
Miller-Rabin Primality Test (Java)
Miller-Rabin primality test (Java) Other implementations: C | C, GMP | Clojure | Groovy | Java | Python | Ruby | Scala The Miller-Rabin primality test is a simple probabilistic algorithm for determining whether a number is prime or composite that is easy to implement. It proves compositeness of a number using the following formulas: Suppose 0 < a < n is coprime to n (this is easy to test using the GCD). Write the number n−1 as , where d is odd. Then, provided that all of the following formulas hold, n is composite: for all If a is chosen uniformly at random and n is prime, these formulas hold with probability 1/4. Thus, repeating the test for k random choices of a gives a probability of 1 − 1 / 4k that the number is prime. Moreover, Gerhard Jaeschke showed that any 32-bit number can be deterministically tested for primality by trying only a=2, 7, and 61. [edit] 32-bit integers We begin with a simple implementation for 32-bit integers, which is easier to implement for reasons that will become apparent. First, we'll need a way to perform efficient modular exponentiation on an arbitrary 32-bit integer. We accomplish this using exponentiation by squaring: Source URL: http://www.en.literateprograms.org/Miller-Rabin_primality_test_%28Java%29 Saylor URL: http://www.saylor.org/courses/cs409 ©Spoon! (http://www.en.literateprograms.org/Miller-Rabin_primality_test_%28Java%29) Saylor.org Used by Permission Page 1 of 5 <<32-bit modular exponentiation function>>= private static int modular_exponent_32(int base, int power, int modulus) { long result = 1; for (int i = 31; i >= 0; i--) { result = (result*result) % modulus; if ((power & (1 << i)) != 0) { result = (result*base) % modulus; } } return (int)result; // Will not truncate since modulus is an int } int is a 32-bit integer type and long is a 64-bit integer type. -
Discrete Mathematics
Slides for Part IA CST 2016/17 Discrete Mathematics <www.cl.cam.ac.uk/teaching/1617/DiscMath> Prof Marcelo Fiore [email protected] — 0 — What are we up to ? ◮ Learn to read and write, and also work with, mathematical arguments. ◮ Doing some basic discrete mathematics. ◮ Getting a taste of computer science applications. — 2 — What is Discrete Mathematics ? from Discrete Mathematics (second edition) by N. Biggs Discrete Mathematics is the branch of Mathematics in which we deal with questions involving finite or countably infinite sets. In particular this means that the numbers involved are either integers, or numbers closely related to them, such as fractions or ‘modular’ numbers. — 3 — What is it that we do ? In general: Build mathematical models and apply methods to analyse problems that arise in computer science. In particular: Make and study mathematical constructions by means of definitions and theorems. We aim at understanding their properties and limitations. — 4 — Lecture plan I. Proofs. II. Numbers. III. Sets. IV. Regular languages and finite automata. — 6 — Proofs Objectives ◮ To develop techniques for analysing and understanding mathematical statements. ◮ To be able to present logical arguments that establish mathematical statements in the form of clear proofs. ◮ To prove Fermat’s Little Theorem, a basic result in the theory of numbers that has many applications in computer science. — 16 — Proofs in practice We are interested in examining the following statement: The product of two odd integers is odd. This seems innocuous enough, but it is in fact full of baggage. — 18 — Proofs in practice We are interested in examining the following statement: The product of two odd integers is odd. -
EE 595 (PMP) Advanced Topics in Communication Theory Handout #1
EE 595 (PMP) Advanced Topics in Communication Theory Handout #1 Introduction to Cryptography. Symmetric Encryption.1 Wednesday, January 13, 2016 Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Outline: 1. Review - Security goals 2. Terminology 3. Secure communication { Symmetric vs. asymmetric setting 4. Background: Modular arithmetic 5. Classical cryptosystems { The shift cipher { The substitution cipher 6. Background: The Euclidean Algorithm 7. More classical cryptosystems { The affine cipher { The Vigen´erecipher { The Hill cipher { The permutation cipher 8. Cryptanalysis { The Kerchoff Principle { Types of cryptographic attacks { Cryptanalysis of the shift cipher { Cryptanalysis of the affine cipher { Cryptanalysis of the Vigen´erecipher { Cryptanalysis of the Hill cipher Review - Security goals Last lecture, we introduced the following security goals: 1. Confidentiality - ability to keep information secret from all but authorized users. 2. Data integrity - property ensuring that messages to and from a user have not been corrupted by communication errors or unauthorized entities on their way to a destination. 3. Identity authentication - ability to confirm the unique identity of a user. 4. Message authentication - ability to undeniably confirm message origin. 5. Authorization - ability to check whether a user has permission to conduct some action. 6. Non-repudiation - ability to prevent the denial of previous commitments or actions (think of a con- tract). 7. Certification - endorsement of information by a trusted entity. In the rest of today's lecture, we will focus on three of these goals, namely confidentiality, integrity and authentication (CIA). In doing so, we begin by introducing the necessary terminology. 1 We thank Professors Radha Poovendran and Andrew Clark for the help in preparing this material. -
RSA Power Analysis Obfuscation: a Dynamic FPGA Architecture John W
Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 3-22-2012 RSA Power Analysis Obfuscation: A Dynamic FPGA Architecture John W. Barron Follow this and additional works at: https://scholar.afit.edu/etd Part of the Electrical and Computer Engineering Commons Recommended Citation Barron, John W., "RSA Power Analysis Obfuscation: A Dynamic FPGA Architecture" (2012). Theses and Dissertations. 1078. https://scholar.afit.edu/etd/1078 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. RSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS John W. Barron, Captain, USAF AFIT/GE/ENG/12-02 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. The views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT/GE/ENG/12-02 RSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Science in Electrical Engineering John W. -
Quaternion Algebra and Calculus
Quaternion Algebra and Calculus David Eberly, Geometric Tools, Redmond WA 98052 https://www.geometrictools.com/ This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Created: March 2, 1999 Last Modified: August 18, 2010 Contents 1 Quaternion Algebra 2 2 Relationship of Quaternions to Rotations3 3 Quaternion Calculus 5 4 Spherical Linear Interpolation6 5 Spherical Cubic Interpolation7 6 Spline Interpolation of Quaternions8 1 This document provides a mathematical summary of quaternion algebra and calculus and how they relate to rotations and interpolation of rotations. The ideas are based on the article [1]. 1 Quaternion Algebra A quaternion is given by q = w + xi + yj + zk where w, x, y, and z are real numbers. Define qn = wn + xni + ynj + znk (n = 0; 1). Addition and subtraction of quaternions is defined by q0 ± q1 = (w0 + x0i + y0j + z0k) ± (w1 + x1i + y1j + z1k) (1) = (w0 ± w1) + (x0 ± x1)i + (y0 ± y1)j + (z0 ± z1)k: Multiplication for the primitive elements i, j, and k is defined by i2 = j2 = k2 = −1, ij = −ji = k, jk = −kj = i, and ki = −ik = j. Multiplication of quaternions is defined by q0q1 = (w0 + x0i + y0j + z0k)(w1 + x1i + y1j + z1k) = (w0w1 − x0x1 − y0y1 − z0z1)+ (w0x1 + x0w1 + y0z1 − z0y1)i+ (2) (w0y1 − x0z1 + y0w1 + z0x1)j+ (w0z1 + x0y1 − y0x1 + z0w1)k: Multiplication is not commutative in that the products q0q1 and q1q0 are not necessarily equal. -
THE MILLER–RABIN PRIMALITY TEST 1. Fast Modular
THE MILLER{RABIN PRIMALITY TEST 1. Fast Modular Exponentiation Given positive integers a, e, and n, the following algorithm quickly computes the reduced power ae % n. • (Initialize) Set (x; y; f) = (1; a; e). • (Loop) While f > 1, do as follows: { If f%2 = 0 then replace (x; y; f) by (x; y2 % n; f=2), { otherwise replace (x; y; f) by (xy % n; y; f − 1). • (Terminate) Return x. The algorithm is strikingly efficient both in speed and in space. To see that it works, represent the exponent e in binary, say e = 2f + 2g + 2h; 0 ≤ f < g < h: The algorithm successively computes (1; a; 2f + 2g + 2h) f (1; a2 ; 1 + 2g−f + 2h−f ) f f (a2 ; a2 ; 2g−f + 2h−f ) f g (a2 ; a2 ; 1 + 2h−g) f g g (a2 +2 ; a2 ; 2h−g) f g h (a2 +2 ; a2 ; 1) f g h h (a2 +2 +2 ; a2 ; 0); and then it returns the first entry, which is indeed ae. 2. The Fermat Test and Fermat Pseudoprimes Fermat's Little Theorem states that for any positive integer n, if n is prime then bn mod n = b for b = 1; : : : ; n − 1. In the other direction, all we can say is that if bn mod n = b for b = 1; : : : ; n − 1 then n might be prime. If bn mod n = b where b 2 f1; : : : ; n − 1g then n is called a Fermat pseudoprime base b. There are 669 primes under 5000, but only five values of n (561, 1105, 1729, 2465, and 2821) that are Fermat pseudoprimes base b for b = 2; 3; 5 without being prime. -
WORKSHEET # 7 QUATERNIONS the Set of Quaternions Are the Set Of
WORKSHEET # 7 QUATERNIONS The set of quaternions are the set of all formal R-linear combinations of \symbols" i; j; k a + bi + cj + dk for a; b; c; d 2 R. We give them the following addition rule: (a + bi + cj + dk) + (a0 + b0i + c0j + d0k) = (a + a0) + (b + b0)i + (c + c0)j + (d + d0)k Multiplication is induced by the following rules (λ 2 R) i2 = j2 = k2 = −1 ij = k; jk = i; ki = j ji = −k kj = −i ik = −j λi = iλ λj = jλ λk = kλ combined with the distributive rule. 1. Use the above rules to carefully write down the product (a + bi + cj + dk)(a0 + b0i + c0j + d0k) as an element of the quaternions. Solution: (a + bi + cj + dk)(a0 + b0i + c0j + d0k) = aa0 + ab0i + ac0j + ad0k + ba0i − bb0 + bc0k − bd0j ca0j − cb0k − cc0 + cd0i + da0k + db0j − dc0i − dd0 = (aa0 − bb0 − cc0 − dd0) + (ab0 + a0b + cd0 − dc0)i (ac0 − bd0 + ca0 + db0)j + (ad0 + bc0 − cb0 + da0)k 2. Prove that the quaternions form a ring. Solution: It is obvious that the quaternions form a group under addition. We just showed that they were closed under multiplication. We have defined them to satisfy the distributive property. The only thing left is to show the associative property. I will only prove this for the elements i; j; k (this is sufficient by the distributive property). i(ij) = i(k) = ik = −j = (ii)j i(ik) = i(−j) = −ij = −k = (ii)k i(ji) = i(−k) = −ik = j = ki = (ij)i i(jj) = −i = kj = (ij)j i(jk) = i(i) = (−1) = (k)k = (ij)k i(ki) = ij = k = −ji = (ik)i i(kk) = −i = −jk = (ik)k j(ii) = −j = −ki = (ji)i j(ij) = jk = i = −kj = (ji)j j(ik) = j(−j) = 1 = −kk = (ji)k j(ji) = j(−k) = −jk = −i = (jj)i j(jk) = ji = −k = (jj)k j(ki) = jj = −1 = ii = (jk)i j(kj) = j(−i) = −ji = k = ij = (jk)j j(kk) = −j = ik = (jk)k k(ii) = −k = ji = (ki)i k(ij) = kk = −1 = jj = (ki)j k(ik) = k(−j) = −kj = i = jk = (ki)k k(ji) = k(−k) = 1 = (−i)i = (kj)i k(jj) = k(−1) = −k = −ij = (kj)j k(jk) = ki = j = −ik = (kj)k k(ki) = kj = −i = (kk)i k(kj) = k(−i) = −ki = −j = (kk)j 1 WORKSHEET #7 2 3. -
Modular Exponentiation: Exercises
Modular Exponentiation: Exercises 1. Compute the following using the method of successive squaring: (a) 250 (mod 101) (b) 350 (mod 101) (c) 550 (mod 101). 2. Using an example from this lecture, compute 450 (mod 101) with no effort. How did you do it? 3. Explain how we could have predicted the answer to problem 1(a) with no effort. 4. Compute the following using the method of successive squaring: 50 58 44 (a) (3) in Z=101Z (b) (3) in Z=61Z (c)(4) in Z=51Z. 5000 5. Compute (78) in Z=79Z, and explain why this calculation is so very trivial. 4999 What is (78) in Z=79Z? 60 6. Fermat's Little Theorem says that (3) = 1 in Z=61Z. Use this fact to 58 compute (3) in Z=61Z (see problem 4(b) above) without using successive squaring, but by computing the inverse of (3)2 instead, for instance by the Euclidean algorithm. Explain why this works. 7. We may see later on that the set of all a 2 Z=mZ such that gcd(a; m) = 1 is a group. Let '(m) be the number of elements in this group, which is often × × denoted by (Z=mZ) . It turns out that for each a 2 (Z=mZ) , some power × of a must be equal to 1. The order of any a in the group (Z=mZ) is by definition the smallest positive integer e such that (a)e = 1. × (a) Compute the orders of all the elements of (Z=11Z) . × (b) Compute the orders of all the elements of (Z=17Z) . -
Math 412. §3.2, 3.3: Examples of Rings and Homomorphisms Professors Jack Jeffries and Karen E. Smith
Math 412. x3.2, 3.3: Examples of Rings and Homomorphisms Professors Jack Jeffries and Karen E. Smith DEFINITION:A subring of a ring R (with identity) is a subset S which is itself a ring (with identity) under the operations + and × for R. DEFINITION: An integral domain (or just domain) is a commutative ring R (with identity) satisfying the additional axiom: if xy = 0, then x or y = 0 for all x; y 2 R. φ DEFINITION:A ring homomorphism is a mapping R −! S between two rings (with identity) which satisfies: (1) φ(x + y) = φ(x) + φ(y) for all x; y 2 R. (2) φ(x · y) = φ(x) · φ(y) for all x; y 2 R. (3) φ(1) = 1. DEFINITION:A ring isomorphism is a bijective ring homomorphism. We say that two rings R and S are isomorphic if there is an isomorphism R ! S between them. You should think of a ring isomorphism as a renaming of the elements of a ring, so that two isomorphic rings are “the same ring” if you just change the names of the elements. A. WARM-UP: Which of the following rings is an integral domain? Which is a field? Which is commutative? In each case, be sure you understand what the implied ring structure is: why is each below a ring? What is the identity in each? (1) Z; Q. (2) Zn for n 2 Z. (3) R[x], the ring of polynomials with R-coefficients. (4) M2(Z), the ring of 2 × 2 matrices with Z coefficients. -
Lecture 19 1 Readings 2 Introduction 3 Shor's Order-Finding Algorithm
C/CS/Phys 191 Shor’s order (period) finding algorithm and factoring 11/01/05 Fall 2005 Lecture 19 1 Readings Benenti et al., Ch. 3.12 - 3.14 Stolze and Suter, Quantum Computing, Ch. 8.3 Nielsen and Chuang, Quantum Computation and Quantum Information, Ch. 5.2 - 5.3, 5.4.1 (NC use phase estimation for this, which we present in the next lecture) literature: Ekert and Jozsa, Rev. Mod. Phys. 68, 733 (1996) 2 Introduction With a fast algorithm for the Quantum Fourier Transform in hand, it is clear that many useful applications should be possible. Fourier transforms are typically used to extract the periodic components in functions, so this is an immediate one. One very important example is finding the period of a modular exponential function, which is also known as order-finding. This is a key element of Shor’s algorithm to factor large integers N. In Shor’s algorithm, the quantum algorithm for order-finding is combined with a series of efficient classical computational steps to make an algorithm that is overall polynomial in the input size 2 n = log2N, scaling as O(n lognloglogn). This is better than the best known classical algorithm, the number field sieve, which scales superpolynomially in n, i.e., as exp(O(n1/3(logn)2/3)). In this lecture we shall first present the quantum algorithm for order-finding and then summarize how this is used together with tools from number theory to efficiently factor large numbers. 3 Shor’s order-finding algorithm 3.1 modular exponentiation Recall the exponential function ax.