PRIME SIEVES, SOPHIE GERMAIN PRIMES AND THE
DIFFIE-HELLMAN KEY EXCHANGE
TREVEN WALL
This project is focused on finding primes of a specific type and using them in
a public-key cryptography setting. For a good survey of this material and much
more, see [1].
1. The Sieve of Eratosthenes
One of the oldest methods for listing all prime numbers less than a given number
is due to a Greek mathematician Eratosthenes and is very simple. The so-called
Sieve of Eratosthenes works as follows:
1. Given n, the upper bound, make a list L of all the integers from 2 to n.
2. Make another list (empty for now), P , to hold the primes.
3. Then, repeat the following until L is empty:
a. Put the first number in L (call it p) into P and eliminate it from L.
b. Eliminate all multiples of p from L.
4. The list P now contains all primes less than n.
Imagine simply writing down a list from 2 to n and crossing off all the multiples
of 2, then multiples of 3, then (since 4 is already marked off), all multiples of 5,
etc.
2. Sophie Germain Primes
A Sophie Germain prime number is a prime q such that 2q + 1 is also a prime.
This latter prime (p := 2q +1) is called its complimentary safe prime. These primes
are especially important for pseudorandom number generation and in cryptography.
Their use in cryptography comes from the fact that if q is a Sophie Germain prime,
the multiplicative group based on its safe prime, G := (Z/pZ)∗ , has order 2q.
Therefore, there is a very large subgroup of G of prime order.
3. The Diffie-Hellman Key Exchange
This brings us to cryptography. The Diffie-Hellman key exchange is a simple
algorithm for two people to establish a secret with each other without ever meeting
(and without the need of a secret courier or secure line). It is one of the simplest
examples of so-called public-key cryptography. In practical usage, two people would
use this to exchange a secret key for a private-key cipher with which they would
encrypt the rest of their communication. Regardless, it works as follows:
1. Call the two protagonists Alice and Bob. Alice generates a random integer a
and Bob generates a random integer b. They keep these numbers secret.
2. Alice and Bob publicly agree on a prime p and an element g of G := (Z/pZ)∗ .
3. Alice then computes g a (mod p) and Bob computes g b (mod p).
4. Alice sends g a (mod p) to Bob, and Bob sends g b (mod p) to Alice.
1
2
TREVEN WALL
5. Alice then computes (g b (mod p))a (mod p) and Bob computes
(g a (mod p))b (mod p), both of which are equal to g ab (mod p). This is their shared
secret.
The security of the Diffie-Hellman key exchange is based on the (current) difficulty of the discrete logarithm problem. Imagine an eavesdropper, Eve, listening
in on this exchange. Eve knows p, g, g a (mod p) and g b (mod p). However, there are
no known fast algorithms for finding a or b from all of this information; that is, we
cannot (currently) take the logarithm in the group (Z/pZ)∗ fast enough. There are
other problems that might happen with the D-H key exchange, but those will not
concern us.
The discrete logarithm problem is especially difficult for Eve if the prime chosen
in step 2 is a safe prime p = 2q + 1 corresponding to a Sophie Germain prime
q. Further, the element g chosen in that same step should be a generator for the
subgroup H of G := (Z/pZ)∗ of order q. Also, in practice, these primes are huge,
100 or more digits long, but g is very small, usually g = 2 or g = 5.
4. Implementation
This project is split into four parts. For all of them, you are not allowed to
use any of Maple’s built-in primality or factoring tests, but you may use
the mod and remove functions if you would like. A version of each procedure below
is available so that other parts of the project can continue while the intermediate
procedures are being written and tested (see the course web page for details). Make
speed comparisons with the given version to check that yours is not much slower.
1. Write a procedure called primeSieve which takes as input an integer n and
which returns a list of all the primes between 1 and n. If you come up with
two distinct ways of programming the sieve, feel free to keep both on your
worksheet. [The outline of the algorithm above is a good starting point, but, if
implemented directly, it is quite slow. There are several improvements suggested
in the pseudocode in [3] which may be of use if the prime sieve is trying your
patience.]
2. a. Write a procedure called SophieGermain which takes as input a list (presumably of all primes less than n) and returns a list of all of the Sophie Germain
primes less than n2 . [To test this procedure, compare your results with a list
like [2].]
b. Use primeSieve and SophieGermain to generate a list of all of the Sophie
Germain primes less than 106 . Save this list.
3. a. Write a procedure called KeyGenerator which takes as input an integer g
and a prime p and which outputs a two-element list consisting of a random
number c and g c (mod p).
b. You will notice while doing this that Maple cannot handle very large numbers
(like 2n for n ∼ 108 ). Therefore, you should write an auxiliary procedure
which performs exponentiation mod p (call it primeExp). primeExp should
take as input a base g, an exponent a and a prime p and should return
g a (mod p). Do not use Maple’s built-in “&ˆ” syntax—code this yourself.
4. Pick one of the largest Sophie Germain primes from your list above (or from [2]
if your list is not ready yet), call this q, calculate its safe prime and call it p.
Pick g = 2 or g = 5 depending on which one generates the subgroup of order
q, and use KeyGenerator twice with g and p, once for Alice and once for Bob.
PRIME SIEVES, SOPHIE GERMAIN PRIMES AND THE DIFFIE-HELLMAN KEY EXCHANGE3
Then follow the rest of the key exchange protocol (using primeExp again) to
find their shared secret with your results from KeyGenerator. Use Maple’s mlog
command to “crack” the secret knowing only what Eve would know (recall that
in practical usage, the primes p and q would have over 100 digits, not the paltry
6 ours have). Save these results.
Your report and talk should briefly describe the sieve, how your implementation
of it works, and the key exchange. Your Maple worksheet should be contain all of
your procedures, your list of Sophie Germain primes less than 106 , your pair (or
pairs) of keys from the KeyGenerator, the shared secret(s) computed as a result of
the Diffie-Hellman exchange and the result of “cracking” it with mlog.
References
[1] N. Koblitz
A Course in Number Theory and Cryptography
Second edition. Graduate Texts in Mathematics, 114. Springer-Verlag, New York, 1994.
[2] On-Line Encyclopedia of Integer Sequences entry for Sophie Germain primes
http://www.research.att.com/~njas/sequences/A005384
viewed 12 Nov 2007.
[3] Wikipedia entry on the Sieve of Eratosthenes
http://en.wikipedia.org/wiki/Sieve_of_eratosthenes
version modified 11:27, 18 October 2007.