1. No category

+ (a mod n)

Introduction to
Computer Security
Benoit Donnet
Academic Year 2016 - 2017
1
Agenda
Cryptography
•
•
•
•
•
•
Chapter 1: Mathematics for Cryptography
Chapter 2: Concepts
Chapter 3: Symmetric Cryptography
Chapter 4: Asymmetric Cryptography
Chapter 5: Authentication
Chapter 6: Key Distribution
INFO0045 - ULg - 2016/2017 - Benoit Donnet
2
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
Euclidean Algorithms
Euler's Function
Fermat Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
3
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
✓
✓
✓
-
Division
Congruence
n Arithmetic
Euclide Algorithms
Euler's Function
Fermat's Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
4
Division
• Let a ∈ and n ∈
-
a=q×n+r
✓
✓
-
0≤r<n
q = "a/n#
r is the remainder
q is the quotient
Examples
✓
✓
a = 11, n = 7 ⇒ 11 = 1 × 7 + 4 ⇒ r = 4
a = -11, n = 7 ⇒ -11 = -2 × 7 + 3 ⇒ r = 3
• If a, n ∈
-
a mod n refers to the remainder when a is divided by n
✓
-
and n > 0
modulo operator
a = "a/n# + (a mod n)
INFO0045 - ULg - 2016/2017 - Benoit Donnet
5
Division (2)
• Modulo example
-
a = 59; n = 7
✓
59 = 8 × 7 + 3
✦
✦
r = 3, q = 8
59 mod 7 = 3
INFO0045 - ULg - 2016/2017 - Benoit Donnet
6
Division (3)
• Let a, b, and m ∈
-
b (≠ 0) divides a if a = m × b
b is a divisor of a
• Notation: b|a
• Example:
-
divisors of 24 are 1, 2, 3, 4, 6, 8, 12, 24
INFO0045 - ULg - 2016/2017 - Benoit Donnet
7
Division (4)
• Properties
-
if a|1
✓
-
if a|b and b|a
✓
-
then a = ±b
any b ≠ 0 divides 0
if b|g and b|h
✓
-
then a = ±1
then b|(mg + nh), for any m, n
if a = 0 mod n
✓
then n|a
INFO0045 - ULg - 2016/2017 - Benoit Donnet
8
Division (5)
• Divisibility criteria
-
2|n if n ends with 0, 2, 4, 6, 8
3|n if the sum of n's digits is divisible by 3
4|n if last 2 n's digits are divisible by 4
✓
-
5|n if n ends with 0, 5
8|n if last 3 n's digits are divisible by 8
✓
-
example: 256,628
example: 176,072
9|n if the sum of n's digits is divisible by 9
✓
example: 37,521
INFO0045 - ULg - 2016/2017 - Benoit Donnet
9
Congruence
• Two integers, a and b, are said equal modulo n if
n|a-b
• Two integers, a and b, are said congruent modulo
n if a mod n = b mod n
-
Notation
✓
-
a ≡ b mod n
a and b are equivalent in the modulo n class
INFO0045 - ULg - 2016/2017 - Benoit Donnet
10
Congruence (2)
• Congruence examples
-
26 ≡ 12 mod 7
✓
✓
-
26 mod 7 = 5
12 mod 7 = 5
21 ≡ -9 mod 10
✓
✓
21 mod 10 = 1
-9 mod 10 = 1
INFO0045 - ULg - 2016/2017 - Benoit Donnet
11
Congruence (3)
• Properties
-
a ≡ b mod n iff n|a-b
a ≡ b mod n iff c×a ≡ c×b mod (c×n)
a ≡ b mod n iff ac ≡ bc mod n
a ≡ b mod n iff b ≡ a mod n
if a ≡ b mod n
✓
-
if a ≡ b mod n
✓
✓
-
then (a-b) mod n = 0
then b ≡ a mod n
symmetry
if a ≡ b mod n and b ≡ c mod n
✓
✓
then a ≡ c mod n
transitivity
INFO0045 - ULg - 2016/2017 - Benoit Donnet
12
Congruence (4)
• Examples
-
26 ≡ 12 mod 7
(26-12) mod 7 = 14 mod 7 = 0
12 ≡ 26 mod 7 because 12 mod 7 = 26 mod 7
✓
✓
-
26 ≡ 12 mod 7, 12 ≡ 19 mod 7
26 ≡ 19 mod 7
✓
✦
✦
26 mod 7 = 5
19 mod 7 = 5
INFO0045 - ULg - 2016/2017 - Benoit Donnet
13
Congruence (5)
• Properties (cont.)
-
(x+y) mod n = (x mod n + y mod n) mod n
modular addition
examples
(54 + 49) mod 15
✓
‣
‣
‣
‣
(54+49) mod 15 = 103 mod 15 = 13
54 mod 15 = 9
49 mod 15 = 4
(54 mod 15 + 49 mod 15) = 9 + 4 = 13
✦
13 mod 15 = 13
(42 + 52) mod 15
✓
‣
‣
‣
‣
(42+52) mod 15 = 94 mod 15 = 4
42 mod 15 = 12
52 mod 15 = 7
(42 mod 15 + 52 mod 15) = 12 + 7 = 19
✦
19 mod 15 = 4
INFO0045 - ULg - 2016/2017 - Benoit Donnet
14
Congruence (6)
• Properties (cont.)
-
(x × y) mod n = (x mod n × y mod n) mod n
modular multiplication
examples
(49 × 54) mod 15
✓
‣
‣
‣
‣
(49 × 54) mod 15 = 2,646 mod 15 = 6
49 mod 15 = 4
54 mod 15 = 9
(49 mod 15 × 54 mod 15) = 9 × 4 = 36
✦
36 mod 15 = 6
(42 × 52) mod 15
✓
‣
‣
‣
‣
(42 × 52) mod 15 = 2,184 mod 15 = 9
42 mod 15 = 12
52 mod 15 = 7
(42 mod 15 × 52 mod 15) = 12 × 7 = 84
✦
84 mod 15 = 9
INFO0045 - ULg - 2016/2017 - Benoit Donnet
15
Congruence (7)
• Properties (cont.)
-
it is possible to extend the modular multiplication
(a × b × c) mod n
✓
✓
-
(a × b × c × d) mod n
✓
-
= ((a mod n) × (b mod n) × (c mod n)) mod n
= (((a mod n) × (b mod n) mod n) × c mod n)) mod n
= ((a mod n) × (b mod n) × (c mod n) × (d mod n)) mod n
(a × b × c × d × e) mod n
etc.
INFO0045 - ULg - 2016/2017 - Benoit Donnet
16
Congruence (8)
• Example: (42 × 56 × 98 × 108) mod 15
• Brute force approach
-
(42 × 56 × 98 × 108) mod 15 = 234,893,568 mod 15 = 3
• Smart approach, v.1
-
42 mod 15 = 12
56 mod 15 = 11
98 mod 15 = 8
108 mod 15 = 3
}
(12 × 11 × 8 × 3) mod 15 =
3,168 mod 15 = 3
INFO0045 - ULg - 2016/2017 - Benoit Donnet
17
Congruence (9)
• Smart approach, v.2
1. (42 × 56) mod 15
✓
((42 mod 15) × (56 mod 15)) mod 15 = (12 × 11) mod 15 = 12
2. (42 × 56 × 98) mod 15
✓
✓
(12 × 98) mod 15 = ((12 mod 15) × (98 mod 15)) mod 15
(12 × 8) mod 15 = 6
3. (42 × 56 × 98 × 108) mod 15
✓
✓
(6 × 108) mod 15 = ((6 mod 15) × (108 mod 15)) mod 15
(6 × 3) mod 15 = 3
INFO0045 - ULg - 2016/2017 - Benoit Donnet
18
Congruence (10)
• Modular exponentiation
-
how to quickly compute be mod m?
✓
right-to-left binary algorithm
• Right-to-left binary algorithm
-
convert e into binary notation
e=
n
X1
i=0
-
with ai 2 {0, 1}, for 0  i < n
be can also be rewritten
b =b
e
-
ai · 2i
Pn
1
i=0
ai ·2i
=
n
Y1
1 and an
1
=1
i
(b2 )ai
i=0
the solution becomes
n 1
b mod m =
e
Y
i
(b2 )ai mod m
i=0
INFO0045 - ULg - 2016/2017 - Benoit Donnet
19
Congruence (11)
• Example: 541 mod 9
• Brute force approach
-
541 mod 9
45,474,735,088,646,411,895,751,953,125 mod 9 = 2
• Right-to-left binary approach
-
write 41 in binary
✓
✓
-
41 = 32 + 8 + 1 = 101001
541 = 532 × 58 × 51
32 16
1 0
8
1
4
0
2
0
1
1
compute each exponent
✓
✓
51 mod 9 = 5 mod 9 = 5
52 mod 9
✦
✓
(51 × 51) mod 9 = (5 × 5) mod 9 = 25 mod 9 = 7
54 mod 9
✦
✦
(52 × 52) mod 9 = ((52 mod 9) × (52 mod 9)) mod 9
49 mod 9 = 4
INFO0045 - ULg - 2016/2017 - Benoit Donnet
20
Congruence (12)
✓
58 mod 9
✦
✦
✓
516 mod 9
✦
✦
✓
(58 × 58) mod 9 = (58 mod 9 × 58 mod 9) mod 9
(7 × 7) mod 9 = 4
532 mod 9
✦
✦
-
(54 × 54) mod 9 = (54 mod 9 × 54 mod 9) mod 9
(4 × 4) mod 9 = 7
(516 × 516) mod 9 = (516 mod 9 × 516 mod 9) mod 9
(4 × 4) mod 9 = 7
it comes
✓
541 mod 9
✦
✦
✦
✦
✦
(532 × 58 × 51) mod 9
(7 × 7 × 5) mod 9
(49 mod 9 × 5 mod 9) mod 9
(4 × 5) mod 9
2
INFO0045 - ULg - 2016/2017 - Benoit Donnet
21
n Arithmetic
• The “modulo n” operator maps all integers
(negatives and positives) that are congruent modulo
n in the set {0, 1, ..., n-1}
-
residue class modulo n
mathematical notation:
n
• One can label the residue classes (mod n) as [0],
[1], ..., [n-1], where
-
[r] = {a: a ∈ , a ≡ r mod n}
• Examples for n=4
-
[0] = {..., -16, -12, -8, -4, 0, 4, 8, 12, 16, ...}
[1] = {..., -15, -11, -7, -3, 1, 5, 9, 13, 17, ...}
[2] = {..., -14, -10, -6, -2, 2, 6, 10, 14, 18, ...}
[3] = {..., -13, -9, -5, -1, 3, 7, 11, 15, 19, ...}
INFO0045 - ULg - 2016/2017 - Benoit Donnet
22
n Arithmetic
(2)
• Properties of modular arithmetic in
-
commutativity
(w + x) mod n = (x + w) mod n
(w × x) mod n = (x × w) mod n
✓
✓
-
associativity
[(w + x) + y] mod n = [w + (x + y)] mod n
[(w × x) × y] mod n = [w × (x × y)] mod n
✓
✓
-
distributivity
[w × (x + y)] mod n = [(w × x) + (w × y)] mod n
✓
-
identity
(0 + w) mod n = w mod n
(1 × w) mod n = w mod n
✓
✓
-
n
additive inverse (-w)
for each w ∈
✓
n,
∃ z such that w + z ≡ 0 mod n
INFO0045 - ULg - 2016/2017 - Benoit Donnet
n Arithmetic
(2)
• Properties of modular arithmetic in
-
n
(cont.)
addition
(a + b) ≡ (a + c) mod n ⇒ b ≡ c mod n
example: (5 + 23) ≡ (5 + 7) mod 8 ⇒ 23 ≡ 7 mod 8
✓
✓
-
23
multiplication
if a and n relatively prime, then a × b ≡ a × c mod n ⇒ b ≡ c
mod n
the condition must be satisfied otherwise, the property does
not hold
example:
✓
✓
✓
‣
‣
6 × 3 ≡ 6 × 7 mod 8
but 3 ≢7 mod 8
INFO0045 - ULg - 2016/2017 - Benoit Donnet
24
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
Euclidean Algorithms
✓
✓
✓
-
gcd
Extended Euclidean Algorithm
Equation
Euler's Function
Fermat's Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
25
GCD
• Greatest Common Divisor
• Let c ∈ , c = gcd(a, b) if
-
c is a divisor of a and b
any divisor of a and b is a divisor of c
• Equivalent definition
-
gcd(a, b) = max{k, such that k|a and k|b}
• The gcd must be a positive
-
gcd(a, b) = gcd(a, -b) = gcd(-a, b) = gcd(-a, -b)
gcd(a, b) = gcd(|a|, |b|)
INFO0045 - ULg - 2016/2017 - Benoit Donnet
26
GCD (2)
• Interesting use of gcd
-
-
two integers are relatively prime if their only common
factor is 1
let a and c be relatively prime
✓
✓
(a, c) = 1
gcd(a, c) = 1
INFO0045 - ULg - 2016/2017 - Benoit Donnet
27
GCD (3)
• Euclidean algorithm for finding the gcd
gcd(int a, int b){
if(b == 0)
return a;
else
return gcd(b, a mod b);
}//end gcd()
INFO0045 - ULg - 2016/2017 - Benoit Donnet
28
GCD (4)
• Example: gcd(1970, 1066)
Step
a
b
call
1
1066
1970 mod 1066 = 904
gcd(1066, 904)
2
904
1066 mod 904 = 162
gcd(904, 162)
3
162
904 mod 162 = 94
gcd(162, 94)
4
94
162 mod 94 = 68
gcd(94, 68)
a few recursive calls later...
10
2
0
INFO0045 - ULg - 2016/2017 - Benoit Donnet
29
Extended Euclide
• There exists an extension to the Euclidean
algorithm
-
it not only finds the gcd
but also two additional integers, x and y, satisfying
✓
✓
ax + by = gcd(a, b)
Bezout's identity
• When a et b are relatively prime
-
x is the multiplicative inverse of a mod b
y is the multiplicative inverse of b mod a
• Extended Euclidean Algorithm
INFO0045 - ULg - 2016/2017 - Benoit Donnet
30
Extended Euclide (2)
• The algorithm
extended_euclidean(int a, int b){
x = 0; y = 1;
lastx = 1; lasty = 0;
while(b ≠ 0)
quotient = a
(a, b) = (b,
(x, lastx) =
(y, lasty) =
div b;
a mod b);
(lastx-quotient*x, x);
(lasty-quotient*y, y);
return (lastx, lasty);
}//end extended_euclidean()
INFO0045 - ULg - 2016/2017 - Benoit Donnet
31
Extended Euclide (3)
• Example: find x, y such that 53x + 30y = 1
quotient
a
b
x
lastx
y
lasty
/
53
30
0
1
1
0
1
30
23
1
0
-1
1
1
23
7
-1
1
2
-1
3
7
2
4
-1
-7
2
3
2
1
-13
4
23
-7
2
1
0
30
-13
-53
23
INFO0045 - ULg - 2016/2017 - Benoit Donnet
32
Equation
• Euclide allows us to solve equations of the form
-
ax ≡ b mod n
• How to solve?
-
algorithm
last value of 'a'
equation(a, b, n){
(d, x', y') = extended_euclidean(a, n);
if(d|b)
x0 = (x' × (b/d)) mod n
for i=0 until d-1
write (x0 + i × (n/d)) mod n
else
write "no solution"
}//end equation()
INFO0045 - ULg - 2016/2017 - Benoit Donnet
33
Equation (2)
• Example:
-
6x ≡ 9 mod 15
• Solution
-
applying extended Euclide
d = 3, x' = -2, y' = 1
✓
-
3 is a divisor of 9
x0 = (-2 × (9/3)) mod 15 = -6 mod 15 = 9
iteration
✓
✓
‣
‣
‣
i=0, 9 mod 15
i=1, 9 + (15/3) mod 15 => 14 mod 15
i=2, 9 + 2 × (15/3) mod 15 => 19 mod 15
INFO0045 - ULg - 2016/2017 - Benoit Donnet
34
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
Euclidean Algorithms
Euler's Function
Fermat's Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
35
Euler's Function
• Euler's Totient Function
-
φ(n)
number of integers between 0 and n-1 that are prime with
n
• It also corresponds to the number of elements
having an inverse in the class modulo n
• By convention
-
φ(0) = 0
φ(1) = 1
• Example
-
φ(8) = 4
✓
because 1, 3, 5, 7 are prime with 8
INFO0045 - ULg - 2016/2017 - Benoit Donnet
36
Euler's Function (2)
70
60
φ(n)
50
40
30
20
10
0
0
10
20
30
40
50
60
70
n
INFO0045 - ULg - 2016/2017 - Benoit Donnet
37
Euler's Function (3)
• A few theorems about φ(n)
-
an integer p is prime iff
✓
-
if n and m ∈
✓
-
φ(p) = p-1
and relatively prime
then φ(n × m) = φ(n) × φ(m)
if p is prime and n=pk
✓
✓
then φ(n) = pk × (1 - 1/p)=pk - pk-1
example
✦
✦
-
0
n=9
φ(9) = φ(32) = 32 × (1 - 1/3) = 9 × 2/3 = 6
if n = p × q, p and q prime
✓
then φ(n) = (p-1) × (q-1)
INFO0045 - ULg - 2016/2017 - Benoit Donnet
38
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
Euclidean Algorithms
Euler's Function
Fermat's Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
39
Fermat
• Little Fermat's Theorem
-
if m is prime and gcd(a, m) = 1
✓
then am-1 ≡ 1 mod m
• One can generalize Fermat's theorem with Euler's
function
-
if gcd(a, m) = 1
✓
then aφ(m) ≡ 1 mod m
• Application to modular inverse
-
if gcd(a, m) = 1
✓
✓
✓
the multiplicative inverse of a in the modulo class m is
aφ(m)-1
aφ(m)-1 ≡ a-1 mod m
in the particular case in which m is prime
✦
a-1 ≡ am-2 mod m
INFO0045 - ULg - 2016/2017 - Benoit Donnet
40
Agenda
• Chapter 1: Mathematics for Cryptography
-
Modular Arithmetic
Euclidean Algorithms
Euler's Function
Fermat's Theorem
Chinese Remainder Theorem
INFO0045 - ULg - 2016/2017 - Benoit Donnet
41
Chinese Remainder
• Let m1, m2, ..., mr, all positive integers and
relatively prime two by two. Then, the congruence
system:
8
x
>
>
<
x
...
>
>
:
x
⌘
⌘
a1
a2
mod m1
mod m2
⌘
ar
mod mr
gives a unique solution x mod M = m1 ⇥ m2 ⇥ . . . ⇥ mr :
x = a 1 M 1 y 1 + a 2 M2 y 2 + . . . + a r Mr y r
M
and yi Mi ⌘ 1 mod mi
with Mi = m
i
INFO0045 - ULg - 2016/2017 - Benoit Donnet
42
Chinese Remainder (2)
• Example
8
< x
x
:
x
⌘
⌘
⌘
1
2
3
mod 3
mod 5
mod 7
Let M = 3 ⇥ 5 ⇥ 7 = 105. We have
M1 =
M2 =
M3 =
105
3
105
5
105
7
= 35 y1 ⇥ 35 ⌘ 1 mod 3
= 21 y2 ⇥ 21 ⌘ 1 mod 5
= 15 y3 ⇥ 15 ⌘ 1 mod 7
y1 = 2
y2 = 1
y3 = 1
It comes
x ⌘ 1 ⇥ 35 ⇥ 2 + 2 ⇥ 21 ⇥ 1 + 3 ⇥ 15 ⇥ 1 ⌘ 157 ⌘ 52 mod 105
INFO0045 - ULg - 2016/2017 - Benoit Donnet
43

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz