factoring integers producing primes and the rsa
play

Factoring integers, Producing primes and the RSA cryptosystem - PowerPoint PPT Presentation

Jul 11, 2023 •126 likes •2.06k views

College of Science for Women 0 Factoring integers,..., RSA Lecture in Number Theory College of Science for Women Baghdad University March 31, 2014 Factoring integers, Producing primes and the RSA cryptosystem Francesco Pappalardi

  1. College of Science for Women 6 Factoring integers,..., RSA History of the “Art of Factoring” ➳ 220 BC Greeks (Eratosthenes of Cyrene ) ➳ 1730 Euler 2 2 5 + 1 = 641 · 6700417 ➳ 1750–1800 Fermat, Gauss (Sieves - Tables) ➳ 1880 Landry & Le Lasseur: 2 2 6 + 1 = 274177 × 67280421310721 ➳ 1919 Pierre and Eug` ene Carissan (Factoring Machine) ➳ 1970 Morrison & Brillhart 2 2 7 + 1 = 59649589127497217 × 5704689200685129054721 ➳ 1982 Quadratic Sieve QS (Pomerance) � Number Fields Sieve NFS Universit` a Roma Tre

  2. College of Science for Women 6 Factoring integers,..., RSA History of the “Art of Factoring” ➳ 220 BC Greeks (Eratosthenes of Cyrene ) ➳ 1730 Euler 2 2 5 + 1 = 641 · 6700417 ➳ 1750–1800 Fermat, Gauss (Sieves - Tables) ➳ 1880 Landry & Le Lasseur: 2 2 6 + 1 = 274177 × 67280421310721 ➳ 1919 Pierre and Eug` ene Carissan (Factoring Machine) ➳ 1970 Morrison & Brillhart 2 2 7 + 1 = 59649589127497217 × 5704689200685129054721 ➳ 1982 Quadratic Sieve QS (Pomerance) � Number Fields Sieve NFS ➳ 1987 Elliptic curves factoring ECF (Lenstra) Universit` a Roma Tre

  3. College of Science for Women 7 Factoring integers,..., RSA History of the “Art of Factoring” 220 BC Greeks (Eratosthenes of Cyrene) Universit` a Roma Tre

  4. College of Science for Women 8 Factoring integers,..., RSA History of the “Art of Factoring” 1730 Euler 2 2 5 + 1 = 641 · 6700417 Universit` a Roma Tre

  5. College of Science for Women 9 Factoring integers,..., RSA How did Euler factor 2 2 5 + 1 ? Universit` a Roma Tre

  6. College of Science for Women 9 Factoring integers,..., RSA How did Euler factor 2 2 5 + 1 ? Proposition Suppose p is a prime factor of b n + 1 . Then 1. p is a divisor of b d + 1 for some proper divisor d of n such that n/d is odd or 2. p − 1 is divisible by 2 n . Universit` a Roma Tre

  7. College of Science for Women 9 Factoring integers,..., RSA How did Euler factor 2 2 5 + 1 ? Proposition Suppose p is a prime factor of b n + 1 . Then 1. p is a divisor of b d + 1 for some proper divisor d of n such that n/d is odd or 2. p − 1 is divisible by 2 n . Application: Let b = 2 and n = 2 5 = 64. Then 2 2 5 + 1 is prime or it is divisible by a prime p such that p − 1 is divisible by 128. Universit` a Roma Tre

  8. College of Science for Women 9 Factoring integers,..., RSA How did Euler factor 2 2 5 + 1 ? Proposition Suppose p is a prime factor of b n + 1 . Then 1. p is a divisor of b d + 1 for some proper divisor d of n such that n/d is odd or 2. p − 1 is divisible by 2 n . Application: Let b = 2 and n = 2 5 = 64. Then 2 2 5 + 1 is prime or it is divisible by a prime p such that p − 1 is divisible by 128. Note that 1 + 1 × 128 = 3 × 43, 1 + 2 × 128 = 257 is prime, 1 + 3 × 128 = 5 × 7 × 11, 1 + 4 × 128 = 3 3 × 19 and 1 + 5 · 128 = 641 is prime. Finally 2 2 5 + 1 = 4294967297 = 6700417 641 641 Universit` a Roma Tre

  9. College of Science for Women 10 Factoring integers,..., RSA History of the “Art of Factoring” 1730 Euler 2 2 5 + 1 = 641 · 6700417 Universit` a Roma Tre

  10. College of Science for Women 11 Factoring integers,..., RSA History of the “Art of Factoring” 1750–1800 Fermat, Gauss (Sieves - Tables) Universit` a Roma Tre

  11. College of Science for Women 12 Factoring integers,..., RSA History of the “Art of Factoring” 1750–1800 Fermat, Gauss (Sieves - Tables) Universit` a Roma Tre

  12. College of Science for Women 12 Factoring integers,..., RSA History of the “Art of Factoring” 1750–1800 Fermat, Gauss (Sieves - Tables) Factoring with sieves N = x 2 − y 2 = ( x − y )( x + y ) Universit` a Roma Tre

  13. College of Science for Women 13 Factoring integers,..., RSA Carissan’s ancient Factoring Machine Universit` a Roma Tre

  14. College of Science for Women 13 Factoring integers,..., RSA Carissan’s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et M´ etiers in Paris Universit` a Roma Tre

  15. College of Science for Women 13 Factoring integers,..., RSA Carissan’s ancient Factoring Machine Figure 1: Conservatoire Nationale des Arts et M´ etiers in Paris http://www.math.uwaterloo.ca/ shallit/Papers/carissan.html Universit` a Roma Tre

  16. College of Science for Women 14 Factoring integers,..., RSA Figure 2: Lieutenant Eug` ene Carissan Universit` a Roma Tre

  17. College of Science for Women 14 Factoring integers,..., RSA Figure 2: Lieutenant Eug` ene Carissan 225058681 = 229 × 982789 2 minutes 3450315521 = 1409 × 2418769 3 minutes 3570537526921 = 841249 × 4244329 18 minutes Universit` a Roma Tre

  18. College of Science for Women 15 Factoring integers,..., RSA State of the “Art of Factoring” 1970 - John Brillhart & Michael A. Morrison 2 2 7 + 1 = 59649589127497217 × 5704689200685129054721 Universit` a Roma Tre

  19. College of Science for Women 16 Factoring integers,..., RSA State of the “Art of Factoring” F n = 2 (2 n ) + 1 is called the n –th Fermat number Universit` a Roma Tre

  20. College of Science for Women 16 Factoring integers,..., RSA State of the “Art of Factoring” F n = 2 (2 n ) + 1 is called the n –th Fermat number Up to today only from F 0 to F 11 are factores. It is not known the factorization of F 12 = 2 2 12 + 1 Universit` a Roma Tre

  21. College of Science for Women 16 Factoring integers,..., RSA State of the “Art of Factoring” F n = 2 (2 n ) + 1 is called the n –th Fermat number Up to today only from F 0 to F 11 are factores. It is not known the factorization of F 12 = 2 2 12 + 1 Universit` a Roma Tre

  22. College of Science for Women 17 Factoring integers,..., RSA State of the “Art of Factoring” 1982 - Carl Pomerance - Quadratic Sieve Universit` a Roma Tre

  23. College of Science for Women 18 Factoring integers,..., RSA State of the “Art of Factoring” 1987 - Hendrik Lenstra - Elliptic curves factoring Universit` a Roma Tre

  24. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring Universit` a Roma Tre

  25. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = 114381625757888867669235779976146612010218296721242362562561842935706 935245733897830597123563958705058989075147599290026879543541 = = 3490529510847650949147849619903898133417764638493387843990820577 × 32769132993266709549961988190834461413177642967992942539798288533 Universit` a Roma Tre

  26. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = 114381625757888867669235779976146612010218296721242362562561842935706 935245733897830597123563958705058989075147599290026879543541 = = 3490529510847650949147849619903898133417764638493387843990820577 × 32769132993266709549961988190834461413177642967992942539798288533 ❷ (February 2 1999), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = 109417386415705274218097073220403576120037329454492059909138421314763499842 88934784717997257891267332497625752899781833797076537244027146743531593354333897 = = 102639592829741105772054196573991675900716567808038066803341933521790711307779 × 106603488380168454820927220360012878679207958575989291522270608237193062808643 Universit` a Roma Tre

  27. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = 114381625757888867669235779976146612010218296721242362562561842935706 935245733897830597123563958705058989075147599290026879543541 = = 3490529510847650949147849619903898133417764638493387843990820577 × 32769132993266709549961988190834461413177642967992942539798288533 ❷ (February 2 1999), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = 109417386415705274218097073220403576120037329454492059909138421314763499842 88934784717997257891267332497625752899781833797076537244027146743531593354333897 = = 102639592829741105772054196573991675900716567808038066803341933521790711307779 × 106603488380168454820927220360012878679207958575989291522270608237193062808643 ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = 1881988129206079638386972394616504398071635633794173827007633564229888597152346 65485319060606504743045317388011303396716199692321205734031879550656996221305168759307650257059 = = 398075086424064937397125500550386491199064362342526708406385189575946388957261768583317 × 472772146107435302536223071973048224632914695302097116459852171130520711256363590397527 Universit` a Roma Tre

  28. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = 114381625757888867669235779976146612010218296721242362562561842935706 935245733897830597123563958705058989075147599290026879543541 = = 3490529510847650949147849619903898133417764638493387843990820577 × 32769132993266709549961988190834461413177642967992942539798288533 ❷ (February 2 1999), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = 109417386415705274218097073220403576120037329454492059909138421314763499842 88934784717997257891267332497625752899781833797076537244027146743531593354333897 = = 102639592829741105772054196573991675900716567808038066803341933521790711307779 × 106603488380168454820927220360012878679207958575989291522270608237193062808643 ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = 1881988129206079638386972394616504398071635633794173827007633564229888597152346 65485319060606504743045317388011303396716199692321205734031879550656996221305168759307650257059 = = 398075086424064937397125500550386491199064362342526708406385189575946388957261768583317 × 472772146107435302536223071973048224632914695302097116459852171130520711256363590397527 ❹ Elliptic curves factoring: introduced by H. Lenstra. suitable to detect small factors (50 digits) Universit` a Roma Tre

  29. College of Science for Women 19 Factoring integers,..., RSA Contemporary Factoring ❶ 1994, Quadratic Sieve (QS): (8 months, 600 volunteers, 20 nations) D.Atkins, M. Graff, A. Lenstra, P. Leyland RSA 129 = 114381625757888867669235779976146612010218296721242362562561842935706 935245733897830597123563958705058989075147599290026879543541 = = 3490529510847650949147849619903898133417764638493387843990820577 × 32769132993266709549961988190834461413177642967992942539798288533 ❷ (February 2 1999), Number Field Sieve (NFS): (160 Sun, 4 months) RSA 155 = 109417386415705274218097073220403576120037329454492059909138421314763499842 88934784717997257891267332497625752899781833797076537244027146743531593354333897 = = 102639592829741105772054196573991675900716567808038066803341933521790711307779 × 106603488380168454820927220360012878679207958575989291522270608237193062808643 ❸ (December 3, 2003) (NFS): J. Franke et al. (174 decimal digits) RSA 576 = 1881988129206079638386972394616504398071635633794173827007633564229888597152346 65485319060606504743045317388011303396716199692321205734031879550656996221305168759307650257059 = = 398075086424064937397125500550386491199064362342526708406385189575946388957261768583317 × 472772146107435302536223071973048224632914695302097116459852171130520711256363590397527 ❹ Elliptic curves factoring: introduced by H. Lenstra. suitable to detect small factors (50 digits) all have ”sub–exponential complexity” Universit` a Roma Tre

  30. College of Science for Women 20 Factoring integers,..., RSA The factorization of RSA 200 RSA 200 = 2799783391122132787082946763872260162107044678695542853756000992932612840010 7609345671052955360856061822351910951365788637105954482006576775098580557613 579098734950144178863178946295187237869221823983 Universit` a Roma Tre

  31. College of Science for Women 20 Factoring integers,..., RSA The factorization of RSA 200 RSA 200 = 2799783391122132787082946763872260162107044678695542853756000992932612840010 7609345671052955360856061822351910951365788637105954482006576775098580557613 579098734950144178863178946295187237869221823983 Date: Mon, 9 May 2005 18:05:10 +0200 (CEST) From: ”Thorsten Kleinjung” Subject: rsa200 We have factored RSA200 by GNFS. The factors are 35324619344027701212726049781984643686711974001976 25023649303468776121253679423200058547956528088349 and 79258699544783330333470858414800596877379758573642 19960734330341455767872818152135381409304740185467 We did lattice sieving for most special q between 3e8 and 11e8 using mainly factor base bounds of 3e8 on the algebraic side and 18e7 on the rational side. The bounds for large primes were 235. This produced 26e8 relations. Together with 5e7 relations from line sieving the total yield was 27e8 relations. After removing duplicates 226e7 relations remained. A filter job produced a matrix with 64e6 rows and columns, having 11e9 non-zero entries. This was solved by Block-Wiedemann. Sieving has been done on a variety of machines. We estimate that lattice sieving would have taken 55 years on a single 2.2 GHz Opteron CPU. Note that this number could have been improved if instead of the PIII- binary which we used for sieving, we had used a version of the lattice-siever optimized for Opteron CPU’s which we developed in the meantime. The matrix step was performed on a cluster of 80 2.2 GHz Opterons connected via a Gigabit network and took about 3 months. We started sieving shortly before Christmas 2003 and continued until October 2004. The matrix step began in December 2004. Line sieving was done by P. Montgomery and H. te Riele at the CWI, by F. Bahr and his family. More details will be given later. F. Bahr, M. Boehm, J. Franke, T. Kleinjung Universit` a Roma Tre

  32. College of Science for Women 21 Factoring integers,..., RSA Factorization of RSA 768 Universit` a Roma Tre

  33. College of Science for Women 22 Factoring integers,..., RSA RSA Adi Shamir, Ron L. Rivest, Leonard Adleman (1978) Universit` a Roma Tre

  34. College of Science for Women 23 Factoring integers,..., RSA RSA Ron L. Rivest, Adi Shamir, Leonard Adleman (2003) Universit` a Roma Tre

  35. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem Universit` a Roma Tre

  36. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Universit` a Roma Tre

  37. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it Universit` a Roma Tre

  38. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) Universit` a Roma Tre

  39. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) ❶ ❷ ❸ ❹ Universit` a Roma Tre

  40. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) ❶ Key generation Bob has to do it ❷ ❸ ❹ Universit` a Roma Tre

  41. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) ❶ Key generation Bob has to do it ❷ Encryption Alice has to do it ❸ ❹ Universit` a Roma Tre

  42. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) ❶ Key generation Bob has to do it ❷ Encryption Alice has to do it ❸ Decryption Bob has to do it ❹ Universit` a Roma Tre

  43. College of Science for Women 24 Factoring integers,..., RSA The RSA cryptosystem 1978 R. L. Rivest, A. Shamir, L. Adleman (Patent expired in 1998) Problem: Alice wants to send the message P to Bob so that Charles cannot read it A ( Alice ) − − − − − − → B ( Bob ) ↑ C ( Charles ) ❶ Key generation Bob has to do it ❷ Encryption Alice has to do it ❸ Decryption Bob has to do it ❹ Attack Charles would like to do it Universit` a Roma Tre

  44. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation Universit` a Roma Tre

  45. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ✍ ✍ ✍ ✍ ✍ Universit` a Roma Tre

  46. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ ✍ ✍ ✍ Universit` a Roma Tre

  47. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ ✍ ✍ Universit` a Roma Tre

  48. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. ✍ ✍ Universit` a Roma Tre

  49. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 ✍ ✍ Universit` a Roma Tre

  50. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 ✍ ✍ Universit` a Roma Tre

  51. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 Experts recommend e = 2 16 + 1 ✍ ✍ Universit` a Roma Tre

  52. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 Experts recommend e = 2 16 + 1 ✍ He computes arithmetic inverse d of e modulo ϕ ( M ) ✍ Universit` a Roma Tre

  53. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 Experts recommend e = 2 16 + 1 ✍ He computes arithmetic inverse d of e modulo ϕ ( M ) (i.e. d ∈ N (unique ≤ ϕ ( M )) s.t. e × d ≡ 1 (mod ϕ ( M ))) ✍ Universit` a Roma Tre

  54. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 Experts recommend e = 2 16 + 1 ✍ He computes arithmetic inverse d of e modulo ϕ ( M ) (i.e. d ∈ N (unique ≤ ϕ ( M )) s.t. e × d ≡ 1 (mod ϕ ( M ))) ✍ Publishes ( M, e ) public key and hides secret key d Universit` a Roma Tre

  55. College of Science for Women 25 Factoring integers,..., RSA Bob: Key generation ( p, q ≈ 10 100 ) ✍ He chooses randomly p and q primes ✍ He computes M = p × q , ϕ ( M ) = ( p − 1) × ( q − 1) ✍ He chooses an integer e s.t. 0 ≤ e ≤ ϕ ( M ) and gcd( e, ϕ ( M )) = 1 Note. One could take e = 3 and p ≡ q ≡ 2 mod 3 Experts recommend e = 2 16 + 1 ✍ He computes arithmetic inverse d of e modulo ϕ ( M ) (i.e. d ∈ N (unique ≤ ϕ ( M )) s.t. e × d ≡ 1 (mod ϕ ( M ))) ✍ Publishes ( M, e ) public key and hides secret key d Problem: How does Bob do all this?- We will go came back to it! Universit` a Roma Tre

  56. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Universit` a Roma Tre

  57. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z Universit` a Roma Tre

  58. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z (for example) A ↔ 1 B ↔ 2 C ↔ 3 . . . Z ↔ 26 AA ↔ 27 . . . Universit` a Roma Tre

  59. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z (for example) A ↔ 1 B ↔ 2 C ↔ 3 . . . Z ↔ 26 AA ↔ 27 . . . Sukumar ↔ 19 · 26 6 + 21 · 26 5 + 11 · 26 4 + 21 · 26 3 + 12 · 26 2 + 1 · 26 + 18 = 6124312628 Note. Better if texts are not too short. Otherwise one performs some padding Universit` a Roma Tre

  60. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z (for example) A ↔ 1 B ↔ 2 C ↔ 3 . . . Z ↔ 26 AA ↔ 27 . . . Sukumar ↔ 19 · 26 6 + 21 · 26 5 + 11 · 26 4 + 21 · 26 3 + 12 · 26 2 + 1 · 26 + 18 = 6124312628 Note. Better if texts are not too short. Otherwise one performs some padding C = E ( P ) = P e (mod M ) Universit` a Roma Tre

  61. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z (for example) A ↔ 1 B ↔ 2 C ↔ 3 . . . Z ↔ 26 AA ↔ 27 . . . Sukumar ↔ 19 · 26 6 + 21 · 26 5 + 11 · 26 4 + 21 · 26 3 + 12 · 26 2 + 1 · 26 + 18 = 6124312628 Note. Better if texts are not too short. Otherwise one performs some padding C = E ( P ) = P e (mod M ) Example: p = 9049465727, q = 8789181607, M = 79537397720925283289, e = 2 16 + 1 = 65537, P = Sukumar : Universit` a Roma Tre

  62. College of Science for Women 26 Factoring integers,..., RSA Alice: Encryption Represent the message P as an element of Z /M Z (for example) A ↔ 1 B ↔ 2 C ↔ 3 . . . Z ↔ 26 AA ↔ 27 . . . Sukumar ↔ 19 · 26 6 + 21 · 26 5 + 11 · 26 4 + 21 · 26 3 + 12 · 26 2 + 1 · 26 + 18 = 6124312628 Note. Better if texts are not too short. Otherwise one performs some padding C = E ( P ) = P e (mod M ) Example: p = 9049465727, q = 8789181607, M = 79537397720925283289, e = 2 16 + 1 = 65537, P = Sukumar : E ( Sukumar ) = 6124312628 65537 (mod79537397720925283289) = 25439695120356558116 = C = JGEBNBAUYTCOFJ Universit` a Roma Tre

  63. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption Universit` a Roma Tre

  64. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption P = D ( C ) = C d (mod M ) Universit` a Roma Tre

  65. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption P = D ( C ) = C d (mod M ) Note. Bob decrypts because he is the only one that knows d . Universit` a Roma Tre

  66. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption P = D ( C ) = C d (mod M ) Note. Bob decrypts because he is the only one that knows d . Theorem. (Euler) If a, m ∈ N , gcd( a, m ) = 1, a ϕ ( m ) ≡ 1 (mod m ) . If n 1 ≡ n 2 mod ϕ ( m ) then a n 1 ≡ a n 2 mod m . Universit` a Roma Tre

  67. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption P = D ( C ) = C d (mod M ) Note. Bob decrypts because he is the only one that knows d . Theorem. (Euler) If a, m ∈ N , gcd( a, m ) = 1, a ϕ ( m ) ≡ 1 (mod m ) . If n 1 ≡ n 2 mod ϕ ( m ) then a n 1 ≡ a n 2 mod m . Therefore ( ed ≡ 1 mod ϕ ( M )) D ( E ( P )) = P ed ≡ P mod M Universit` a Roma Tre

  68. College of Science for Women 27 Factoring integers,..., RSA Bob: Decryption P = D ( C ) = C d (mod M ) Note. Bob decrypts because he is the only one that knows d . Theorem. (Euler) If a, m ∈ N , gcd( a, m ) = 1, a ϕ ( m ) ≡ 1 (mod m ) . If n 1 ≡ n 2 mod ϕ ( m ) then a n 1 ≡ a n 2 mod m . Therefore ( ed ≡ 1 mod ϕ ( M )) D ( E ( P )) = P ed ≡ P mod M Example(cont.): d = 65537 − 1 mod ϕ (9049465727 · 8789181607) = 57173914060643780153 D ( JGEBNBAUYTCOFJ ) = 25439695120356558116 57173914060643780153 (mod79537397720925283289) = Sukumar Universit` a Roma Tre

  69. College of Science for Women 28 Factoring integers,..., RSA RSA at work Universit` a Roma Tre

  70. College of Science for Women 29 Factoring integers,..., RSA Repeated squaring algorithm Universit` a Roma Tre

  71. College of Science for Women 29 Factoring integers,..., RSA Repeated squaring algorithm Problem: How does one compute a b mod c ? Universit` a Roma Tre

  72. College of Science for Women 29 Factoring integers,..., RSA Repeated squaring algorithm Problem: How does one compute a b mod c ? 25439695120356558116 57173914060643780153 (mod79537397720925283289) Universit` a Roma Tre

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Factoring integers and Producing primes Francesco Pappalardi Universit` a Roma Tre Erbil,

Factoring integers and Producing primes Francesco Pappalardi Universit` a Roma Tre Erbil,

Erbil, Kurdistan 0 Factoring integers,..., RSA Lecture in Number Theory College of Sciences Department of Mathematics University of Salahaddin Debember 4, 2014 Factoring integers and Producing primes Francesco Pappalardi Universit` a Roma

749 views • 30 slides
Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

HRI, Allahabad, February, 2005 0 RSA cryptosystem Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 Universit` a Roma Tre HRI, Allahabad, February, 2005 1

1.92k views • 170 slides
Factoring into large primes with P-1, P+1 and ECM Alexander Kruppa LORIA CADO workshop Nancy,

Factoring into large primes with P-1, P+1 and ECM Alexander Kruppa LORIA CADO workshop Nancy,

Factoring into large primes with P-1, P+1 and ECM Alexander Kruppa LORIA CADO workshop Nancy, 9. October 2008 Using P-1, P+1 and ECM in NFS For large factoring projects, memory becomes a limiting resource. Large factor base bound B requires

385 views • 21 slides
Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto

Quantum algorithms for computing short discrete logarithms and factoring RSA integers PQCrypto 2017, 8th International Workshop, Utrecht, June 26-28, 2017 Martin Eker 1 , 2 Johan Hstad 1 1 KTH Royal Institute of Technology, SE-100 44

728 views • 31 slides
Factoring Integers by CVP Algorithms for the Prime Number Lattice Claus P . Schnorr Department

Factoring Integers by CVP Algorithms for the Prime Number Lattice Claus P . Schnorr Department

Factoring Integers by CVP Algorithms for the Prime Number Lattice Claus P . Schnorr Department of Computer Science and Mathematics Goethe-University Frankfurt Main Quantum Cryptanalysis, Schloss Dagstuhl 1.-6. Oct. 2017 The prime number

379 views • 14 slides
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c , then we say that b divides a or is a factor or divisor of a and write b | a . Definition (Prime Number). A prime number is

381 views • 24 slides
Factoring and RSA Nadia Heninger University of Pennsylvania September 18, 2017 *Some slides

Factoring and RSA Nadia Heninger University of Pennsylvania September 18, 2017 *Some slides

Factoring and RSA Nadia Heninger University of Pennsylvania September 18, 2017 *Some slides joint with Dan Bernstein and Tanja Lange Textbook RSA [Rivest Shamir Adleman 1977] Public Key Private Key N = pq modulus p , q primes e encryption

1.39k views • 95 slides
Shors Algorithm for Factoring: Background Quantum Algorithms In 1994, Peter Shor came up with O

Shors Algorithm for Factoring: Background Quantum Algorithms In 1994, Peter Shor came up with O

Shors Algorithm for Factoring: Background Quantum Algorithms In 1994, Peter Shor came up with O ( n 3 ) -time algorithm DPV Chapter 10 for factoring n -bit integers on a quantum algorithm. Why is this a big deal? O ( e n 1/3 ( log n )

712 views • 5 slides
Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Factors 2 12 Factors Factors 3 13 and Unique Unique 14 4 to 10 to 15 Greatest Common

Slide 1 / 128 Slide 2 / 128 Table of Contents Factors and GCF Factoring out GCF's Polynomials Factoring Trinomials x 2 + bx + c Factoring Using Special Patterns Factoring Trinomials ax 2 + bx + c Factoring 4 Term Polynomials

472 views • 22 slides
8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018

8. Factoring polynomials over finite fields CS-E4500 Advanced Course on Algorithms Spring 2018 Peteri Kaski Department of Computer Science Aalto University Lecture schedule Tue 16 Jan: 1. Polynomials and integers Tue 23 Jan: 2. The fast

661 views • 41 slides
RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, (pq))=1 Good news: - primes are fairly common: there are about N/ln N primes N Exercise: If looking for a 512-bit prime, how many randomly generated

358 views • 10 slides
CS 4803 If a, N are integers with N > 0 then there are unique integers r , q such that a = Nq

CS 4803 If a, N are integers with N > 0 then there are unique integers r , q such that a = Nq

Let Z = {. . . , 2, 1, 0, 1, 2, . . .} denote the set of integers. Let Z+ = {1, 2, . . .} denote the set of positive integers and N = {0, 1, 2, . . .} the set of non-negative integers. CS 4803 If a, N are integers with N > 0 then there

166 views • 4 slides
FACTORING WITH JUDGMENTS w w w . g u t i e r r e z g r o u p . c o m . c o What is it about?

FACTORING WITH JUDGMENTS w w w . g u t i e r r e z g r o u p . c o m . c o What is it about?

F A C T O R I N G W I T H J U D G M E N T S FACTORING WITH JUDGMENTS w w w . g u t i e r r e z g r o u p . c o m . c o What is it about? FACTORING It is precisely after the judgment is won by This out-of-the-box product uses the - the

199 views • 7 slides
Public-key cryptography Q sieve Daniel J. Bernstein Sieving small integers i > 0 Tanja Lange

Public-key cryptography Q sieve Daniel J. Bernstein Sieving small integers i > 0 Tanja Lange

1 2 Public-key cryptography Q sieve Daniel J. Bernstein Sieving small integers i > 0 Tanja Lange using primes 2 ; 3 ; 5 ; 7: 1 Part II: 2 2 3 3 Factorization 4 2 2 5 5 6 2 3 15 August 2017 7 7 8 2 2 2 9 3 3 10 2 5 Sage

1.93k views • 161 slides
Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm

1 Number Theory A bit more depth. . . modular arithmetic primes Euclids algorithm Chinese remainder theorem Eulers totient function Eulers theorem 2 Modular Arithmetic m; n integers, n > 0

2.23k views • 15 slides
Generating random primes faster The standard algorithm to generate random primes: D. J.

Generating random primes faster The standard algorithm to generate random primes: D. J.

1 2 Generating random primes faster The standard algorithm to generate random primes: D. J. Bernstein proof.arithmetic(False) while True: pqRSA project team: p = randrange(2^(n-1),2^n) Daniel J. Bernstein p = ZZ(p) Josh Fried if

826 views • 14 slides
The Future of Hadrons Chris Quigg Fermilab Hadron 2011 The Future of Hadrons: The Nexus of

The Future of Hadrons Chris Quigg Fermilab Hadron 2011 The Future of Hadrons: The Nexus of

Hadron 2011 The Future of Hadrons Chris Quigg Fermilab Hadron 2011 The Future of Hadrons: The Nexus of Subatomic Physics Chris Quigg Fermilab Impressions . . . Enormous diversity and reach of experimental programs (insights from

770 views • 61 slides
THE DYNAMIC PRESENT Antony Galton Department of Computer Science University of Exeter, UK

THE DYNAMIC PRESENT Antony Galton Department of Computer Science University of Exeter, UK

THE DYNAMIC PRESENT Antony Galton Department of Computer Science University of Exeter, UK Workshop on Time and Modality Skagen Klitgaarden, Denmark May 30th June 1st 2017 Bio-processism Living organisms are processes, not Aristotelian

726 views • 27 slides
Probability and Information Theory Sargur N. Srihari srihari@cedar.buffalo.edu 1 Deep Learning

Probability and Information Theory Sargur N. Srihari srihari@cedar.buffalo.edu 1 Deep Learning

Deep Learning Srihari Probability and Information Theory Sargur N. Srihari srihari@cedar.buffalo.edu 1 Deep Learning Srihari Topics in Probability and Information Theory Overview 1. Why Probability? 2. Random Variables 3.

547 views • 38 slides
The Higgs Boson & Beyond Tao Han PITT PACC, Univ. of Pittsburgh TsingHua U. / CFHEP, Beijing

The Higgs Boson & Beyond Tao Han PITT PACC, Univ. of Pittsburgh TsingHua U. / CFHEP, Beijing

The Higgs Boson & Beyond Tao Han PITT PACC, Univ. of Pittsburgh TsingHua U. / CFHEP, Beijing Joint Colloquium National Taiwan University, Dec. 8, 2015 Franois Englert and Peter W. Higgs "for the theoretical discovery of a mechanism that

712 views • 42 slides
DRIVING INNOVATION TOWARDS A NEW FUTURE MONDAY, 24 JUNE 2019 | 10.30AM JANE REN CEO, ATOMITON

DRIVING INNOVATION TOWARDS A NEW FUTURE MONDAY, 24 JUNE 2019 | 10.30AM JANE REN CEO, ATOMITON

SESSION 4 DRIVING INNOVATION TOWARDS A NEW FUTURE MONDAY, 24 JUNE 2019 | 10.30AM JANE REN CEO, ATOMITON Overview Introduction The 3 Extraordinary Ideas of Digital Transformation Applications in Oil and Gas Breakthrough

337 views • 12 slides
Accelerators LISHEP Lecture I Oliver Brning CERN http://bruening.home.cern.ch/bruening

Accelerators LISHEP Lecture I Oliver Brning CERN http://bruening.home.cern.ch/bruening

Accelerators LISHEP Lecture I Oliver Brning CERN http://bruening.home.cern.ch/bruening Particle Accelerators Physics of Accelerators: High power RF waves Cryogenics Super conductivity Magnet design + construction Vacuum surface

909 views • 46 slides
Neutrons and neutron production Ulli Kster, ILL What is a neutron ? 1. a subatomic particle

Neutrons and neutron production Ulli Kster, ILL What is a neutron ? 1. a subatomic particle

Neutrons and neutron production Ulli Kster, ILL What is a neutron ? 1. a subatomic particle 2. a matter wave Neutrons are everywhere 13% neutrons Bound neutrons are everywhere Carbon-12 Carbon-13 98.9% 1.1% 6 protons 6 protons 6

1.01k views • 42 slides
Chao-Qiang Geng

Chao-Qiang Geng

Dark Matter, Dark Energy & Neutrino Mass Chao-Qiang Geng 2017 7 3-28

1.14k views • 96 slides

More recommend