Greatest Common Divisor The Euclidean Algorithm Let a and b be two - - PowerPoint PPT Presentation

greatest common divisor the euclidean algorithm
SMART_READER_LITE
LIVE PREVIEW

Greatest Common Divisor The Euclidean Algorithm Let a and b be two - - PowerPoint PPT Presentation

Sep 20, 2023 144 likes •189 views

Greatest Common Divisor The Euclidean Algorithm Let a and b be two integers such that a > 0 and b > 0. Then the following algorithm computes integers x and y such that Definition gcd( a , b ) = x a + b y Let a , b Z with a =

slide-1
SLIDE 1

Greatest Common Divisor

Definition Let a, b ∈ Z with a = 0 and b = 0. The greatest common divisor for a and b, written gcd(a, b), is the largest positive integer that divides both numbers without remainder.

Eike Ritter Cryptography 2013/14 142

The Euclidean Algorithm

Let a and b be two integers such that a > 0 and b > 0. Then the following algorithm computes integers x and y such that gcd(a, b) = x ∗ a + b ∗ y Calculate ai, bi, xi,1, xi,2, yi,1, yi,2 for i ≤ 0 such that ai = xi,1 ∗ a + xi,2 ∗ b bi = yi,1 ∗ a + yi,2 ∗ b as follows:

Eike Ritter Cryptography 2013/14 143

a0 = a = 1 ∗ a + 0 ∗ b b0 = b = 0 ∗ a + 1 ∗ b Repeatedly do the following calculation:

If ai = 0, then bi is the greatest common divisor, and bi = yi,1 ∗ a + yi,2 ∗ b is the desired equation If bi = 0, then ai is the greatest common divisor, and ai = xi,1 ∗ a + xi,2 ∗ b is the desired equation. If ai > bi, let q = ai div bi ai+1 = ai − q ∗ bi xi+1,1 = xi,1 − q ∗ yi,1 xi+1,2 = xi,2 − q ∗ yi,2 The case ai ≤ bi is symmetric.

Eike Ritter Cryptography 2013/14 144

Theorem Let x ∈ Zn. x has an inverse in Zn if and only if gcd(x, n) = 1.

Eike Ritter Cryptography 2013/14 145

slide-2
SLIDE 2

Definition We call the function φ, which assigns to an integer n the number

  • f invertible elements in Z∗

n Euler’s Totient function.

Examples (p, q prime): φ(p) = p − 1 φ(p ∗ q) = (p − 1) ∗ (q − 1) Theorem Let n ∈ N and a ∈ Z, with gcd(a, n) = 1, then we have aϕ(n) ≡ 1(mod n).

Eike Ritter Cryptography 2013/14 146

Theorem Let m, n ∈ Z with gcd(m, n) = 1. Then for any given a, b ∈ Z there exists and x ∈ Z such that x ≡ a(mod m) and x ≡ b(mod n) Moreover, every solution x is congruent modulo m · n. Or in other words the solution x ∈ Zmn is unique.

Eike Ritter Cryptography 2013/14 147

IND-CPA secure public-key encryption

Several possibilities to achieve IND-CPA secure public-key encryption First possibility: add suitable padding (PKCS) to RSA

msg 01 00· · · 0 rand H G plaintext for encryption X Y Eike Ritter Cryptography 2013/14 148

Second possibility: encrypt random number rather than message (H is hash function) Encryption: choose random r. ciphertext is (EpubKey(r), H(r)⊕m) Decryption: Given (c1, c2), compute message as H(DprivKey(c1))⊕c2 Intuitively: IND-CPA satisfied because attacker cannot decrypt c1, hence second component looks like one-time pad Formal proof surprisingly difficult - requires new ideas

Eike Ritter Cryptography 2013/14 149

slide-3
SLIDE 3

Finding Prime numbers

Usual way: pick number at random and check whether it is prime Several tests for primality of n available First one: Fermat’s test for i := 0 to k − 1 do Pick a ∈ {2, . . . , n − 1} if an−1 ≡ 1 (mod n) then return (“n is a composite”) end return(”n is probably prime”)

Eike Ritter Cryptography 2013/14 150

Fermat’s test yields some false positives Some eliminated by refinement: Miller-Rabin test Let n − 1 = 2r · s for i := 0 to k − 1 do Pick a ∈ {1, . . . , n − 1} if as ≡ 1 (mod n) then for j := 0 to r − 1 do if a(2j·s) ≡ −1 (mod n) then return (“n is a composite”) end end end return(”n is probably prime”)

Eike Ritter Cryptography 2013/14 151