objectives
play

Objectives The Pollard p-1 Algorithm The Pollard RHO Algorithm - PDF document

Jun 06, 2023 •172 likes •289 views

The RSA Cryptosystem: Factoring the public modulus Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives The Pollard p-1 Algorithm

  1. The RSA Cryptosystem: Factoring the public modulus Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives • The Pollard p-1 Algorithm • The Pollard RHO Algorithm • Dixon’s Random Squares Algorithm Low Power Ajit Pal IIT Kharagpur 1

  2. Factoring Algorithms • Most obvious way to attack RSA would be to try to factor the public modulus, n • Modern Algorithms: Quadratic Sieve, Elliptic Curve Factoring Sieve, Number field Sieve. • Other well-known algorithms: p-1 algorithm, Pollard’s rho algorithm etc. • Of course we have trial division. Complexity of Trial Division • If n is composite, then n has a prime factor less than √ n. • Good if n is less than 2 40 . • We need to do better than trial division for larger composite numbers • We shall study two algorithms. • Note we are just searching for a non-trivial factor. • If we desire for complete prime factorizations, then we need to test for primality of the obtained factors, and if composite further factorize them Low Power Ajit Pal IIT Kharagpur 2

  3. The Pollard p-1 algorithm • Two inputs: n: odd integer B: Prescribed bound Explanation of the Algorithm • Suppose p is a prime divisor of n. • Consider the prime factors of (p-1) • Suppose for every prime power q|(p-1), q ≤ B Low Power Ajit Pal IIT Kharagpur 3

  4. Prime Facorization of (p-1): − = e e e K ( p 1) q q q 1 2 k 1 2 k < < < ≤ e e K e wlog let q q q B 1 2 k 1 2 k − then, ( p 1) | B ! This is because, all the prime powers exist in the terms of B! at least once. or loop, the algorithm computes: At the end of the f ≡ B! a 2 (mod n). B! Hence, a=kn+2 , where k is an integer. B! Now, n=pq. Thus, a=kpq+2 . ≡ B! Thus, a 2 (mod p). ≡ p-1 Since, we have 2 1(mod p) and (p-1)|B! ⇒ ≡ ≡ B! a 2 1(mod p) Thus, p|(a-1) and p|n, thus p|gcd(a-1,n). Thus we have a non-trivial factor of n, unless a=1. Example • n=15770708441 • Set, B=180 • a=11620221425 • d=gcd(a-1,n)=135979 • 1577078441=135979x115979 Low Power Ajit Pal IIT Kharagpur 4

  5. Finer Points • There are B-1 modular exponentiations each requiring at most 2log 2 B modular multiplications, using square and multiply. • The gcd can be computed in O(log 2 n) 3 using the Extended Euclidean algorithm. • Overall complexity=O(BlogB(log n) 2 +(log n) 3 ). If B=O(log n) I , then we have a polynomial time algorithm. • However, if B increases the success probability increases, but the algorithm becomes as slow as the trial division. • Hence, the modulus n should be such that p-1 does not have all prime powers small. Pollard’s Rho Method • Say, n=7171 – What is p|n? (We know that p ≤ √ n) – A possible method: Start picking up a and b at random (0 ≤ a,b<n). Since, p is small there is a good chance that a ≡ b (mod p). Thus p|(a-b) and we know p|n. – Thus, gcd(a-b,n) gives a non-trivial factor of n. – From Birthday paradox, if the number of elements picked are O( √ p), then we have a large chance of a collision. Low Power Ajit Pal IIT Kharagpur 5

  6. Number of gcd computations too large • Pick a and b: compute gcd(a,b) • Pick up c: compute gcd(a,c), gcd(b,c) • Pick up d: compute gcd(d,a),gcd(d,b),gcd(d,c) • Thus if |X|=O( √ p) is the number of elements chosen, number of gcds is: = = |X| ( ) ( ) C O p O N 2 = ( ) Memory O N = Time O ( N ) Improvement • We wish to compute less gcd’s. • We choose a polynomial f(x)=x 2 +a, to randomly choose the numbers mod n. – note a is not 0 or -2 mod n. Why? ≡ ⇒ ≡ Suppose, (mod p) ( ) ( ) mod x x f x f x p i j i j ≡ ≡ ≡ Q ( ) mod , we have mod [ ( ) mod ]mod ( ) mod x f x n x p f x n p f x p + + i 1 i i 1 i i ≡ ≡ ≡ Similarly, x mod p [ ( f x ) mod ]mod n p f x ( ) mod p x mod p + + j 1 j j i 1 ≡ ≡ ∀ δ ≥ Repeating, if mod , we have mod , 0 x x p x x p + δ + δ i j i j Low Power Ajit Pal IIT Kharagpur 6

  7. Looks like the letter ρ (rho) mod 1387 mod 19 mod 73 Reducing number of gcds • Our goal is to find two terms x i ≡ x j (mod p), i<j. ≡ ∀ δ ≥ mod , 0 x x p + δ + δ i j = − , and is the length of the cycle. l j i l Now in consecutive terms, l x x , ,..., x + − i i 1 j 1 there is one index say ' which is divisible by . i l ⇒ − If | ' | (2 ' ') l i l i i > Thus as ' and (2 '- ') is a multiple of , i i i i l ≡ (mod ) x x p 2 ' i i ' Thus we compute gcd only when the current index is even = and gcd( - , ) gives a non-trivial factor of . d x x n n 2 i i Low Power Ajit Pal IIT Kharagpur 7

  8. • Consider, x’ 3 ,x’ 4 ,x’ 5 in the cycle for mod 19, there is one index namely 3 which is divisible by 3, the cycle length. So, gcd(x 6 - x 3 ,1387)=gcd(1186-8,1387)=19. The Pollard Rho Algorithm Low Power Ajit Pal IIT Kharagpur 8

  9. Example × = + = 2 Suppose n=7171=71 101, ( ) f x x 1, x 1 1 The sequence of x s ' begins as follows: i 1 2 5 26 677 6557 4105 6347 4903 2218 219 4936 4210 4560 4872 375 4377 4389 2016 5471 88 574 The above values when reduced modulo 71 are: 1 2 5 26 38 25 58 28 4 17 6 37 21 16 44 20 46 58 28 4 17 The first collision in the above list is: = = x mod71 x mod71 58 7 18 Since, (18-7)=11, therefore the algorithm computes − = − at some stage gcd( ,71) gcd(574 219,7171) x x 11 22 = 71 Complexity • You have to compute gcd j number of times. • From Birthday Paradox, maximum value of j is O( √ p)=O(n 1/4 ) Low Power Ajit Pal IIT Kharagpur 9

  10. Dixon’s Random Squares Algorithm • Simple Idea ≠ = 2 2 Suppose we can find, (mod ), . (mod ). x y n st x y n − + Then, | ( )( ). n x y x y But neither (x-y), nor (x+y) is divisible by n. Hence, gcd(x+y,n) is a non-trivial factor of n. So, is gcd(x-y,n). Consider, n=77. Choose 10 and 32, as ≡ ≠ 2 2 10 32 (mod77), but 10 32(mod 77). Computing gcd(10+32,77)=7 gives us one factor of n=77. Dixon’s Random Squares Algorithm Suppose, n=1829. Consider a factor base, B={-1,2,3,5,7,11,13} = Compute, {42.77,60.48,74.07,85.53}. kn We take, z={42,43,61,74,85,86}. Consider the following congruences modulo n, ≡ ≡ − = − 2 2 z 42 65 ( 1)(5)(13) 1 ≡ ≡ = 2 2 2 z 43 20 (2) (5) 2 ≡ ≡ = 2 2 2 61 63 (3) (7) z 3 ≡ ≡ − = − 2 2 74 11 ( 1)(11) z 4 ≡ ≡ − = − 2 2 85 91 ( 1)(7)(13) z 5 ≡ ≡ = 2 2 4 86 80 (2) (5) z 6 Considering the congruence, × × × ≡ × × × × ⇒ 2 2 (42 43 61 85) (2 3 5 7 13) (mod1829) ⇒ ≡ ⇒ + = 2 2 1459 901 gcd(1459 901,1829) 59 Low Power Ajit Pal IIT Kharagpur 10

  11. References • D. Stinson, Cryptography: Theory and Practice, Chapman & Hall/CRC Next Days Topic • Some Comments on the Security of RSA Low Power Ajit Pal IIT Kharagpur 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Objectives Objectives Objectives Objectives Learning Learning Learning Learning

Objectives Objectives Objectives Objectives Learning Learning Learning Learning

11/14/2016 Is Starting a Nonprofit Right for You? Objectives Objectives Objectives Objectives Learning Learning Learning Learning Understand what a Nonprofit Organization is and the Objectives Objectives Objectives Objectives

382 views • 11 slides
Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives

Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives

Changes to the policing model Tuesday 1 st September 2015 Welcome Programme &amp; strategic objectives Programme objectives Strategic objectives Police the county as one Keep people safe from harm Foster doing things once

403 views • 16 slides
1. WE Objectives Overall Objectives : Contribute to reducing unemployment and poverty by enhancing

1. WE Objectives Overall Objectives : Contribute to reducing unemployment and poverty by enhancing

Enhancement of the Business Environment in the Southern Mediterranean (EBSEM) Women's Entrepreneurship &amp; SME Development in MED Countries A project funded by the European Union 1. WE Objectives Overall Objectives : Contribute to

689 views • 23 slides
Rounding out of objectives Aim To look at the draft objectives in a number of different

Rounding out of objectives Aim To look at the draft objectives in a number of different

Rounding out of objectives Aim To look at the draft objectives in a number of different ways to: Identify any inconsistencies/contradictions Identify any risks to the objectives being met from uncertainties in the modelling

389 views • 10 slides
Objectives The key objectives of this development work are to Have a contact cleaner which

Objectives The key objectives of this development work are to Have a contact cleaner which

Objectives The key objectives of this development work are to Have a contact cleaner which meets the requirements of ANSI ESD 20.20 Does not compromise of the cleaning effectiveness of the equipment Slide 1 Existing Technology Slide

440 views • 13 slides
Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr.

Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr.

Objectives Examples Objectives Examples Objectives You should be able to ... Lambda Calculus Examples Here are some examples! Dr. Mattox Beckman Perform a beta-reduction. Detect -capture and use -renaming to avoid it.

518 views • 6 slides
Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike; satellite components ) Minimizing volume ( mobile phone; minidisk player ) Objectives Minimizing environmental impact ( packaging, cars ) Maximizing

450 views • 24 slides
STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the

STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the

STAC P Workgroup Objectives Primary Objectives: To gain an in depth understanding of how the 1. CBP watershed model currently simulates phosphorus loads from cropland and whether the current simulation approach is consistent with the latest

251 views • 4 slides
Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management

Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management

Dr Martin Barnes President, APM The triangle is about OBJECTIVES Because Project Management is all about achieving objectives Time, Cost and Quality are always the main objectives with different relative emphasis The plan for

792 views • 23 slides
1 Program Objectives Program Objectives Cont. Research: Explores new methods to grow and

1 Program Objectives Program Objectives Cont. Research: Explores new methods to grow and

The Why and What The Specialty Crop Program Objectives and Guidelines The Nevada Department of Agriculture opens a competitive solicitation process to award funds for Katie Jameson projects that enhance the competitiveness of Program Manager

426 views • 10 slides
Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

Steven Graff-Radford, DDS Co-Director, the Pain Center Cedars-Sinai Medical Center Clinical Professor USC School of Dentistry Los Angeles, CA Trigeminal Autonomic Cephalalgias Learning Objectives Learning Objectives At the conclusion

373 views • 23 slides
Objectives Objectives Define symptoms and risk factors for ovarian cancer Review the

Objectives Objectives Define symptoms and risk factors for ovarian cancer Review the

Ovarian Cancer Ovarian Cancer Valerie Waddell, MD Assistant Professor, Clinical General Division of Obstetrics and Gynecology The Ohio State University Wexner Medical Center Objectives Objectives Define symptoms and risk factors for

579 views • 23 slides
PO1 Smart Growth specific objectives In accordance with the policy objectives, the ERDF shall

PO1 Smart Growth specific objectives In accordance with the policy objectives, the ERDF shall

EU Budget for the future I nternational cooperation in future smart specialization Marek Przeor DG Regional and Urban Policy #CohesionPolicy #EUinmyRegion PO1 Smart Growth specific objectives In accordance with the policy objectives, the

359 views • 12 slides
Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives

Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives

The Birmingham Hand Centre Wrist Instability and Fusion course Learning Objectives Slides Dorsal Approach Objectives Midline incision over 4 th EC 1. 2. Elevate ER over EC3+4 3. Retract tendons, dissect onto dorsal ligs 4. Open proximal

235 views • 6 slides
Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality

Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality

Creating our Equality Objectives Introduction Structure of the Day: 1. Why do we have Equality Objectives? 2. What have North West London (NWL) residents already told us? 3. What do our current Equality Objectives look like? 4. What do our

223 views • 11 slides
EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives

EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives

EURORAI Objectives and activities Page 1 EURORAI 1. What is EURORAI? 2. Main objectives 3. Members 4. Activities 5. Seminars 6. Working groups 7. Publications 8. Resolutions and statements 7. Financial

348 views • 18 slides
Advances in Logical Grammar: Course Overview Carl Pollard Department of Linguistics Ohio State

Advances in Logical Grammar: Course Overview Carl Pollard Department of Linguistics Ohio State

Advances in Logical Grammar: Course Overview Carl Pollard Department of Linguistics Ohio State University June 6, 2012 Carl Pollard Advances in Logical Grammar: Course Overview What this Course is About (1/2) Using mathematical logic to

218 views • 7 slides
Discrete logarithm algorithms in pairing-relevant finite fields Gabrielle De Micheli Joint work

Discrete logarithm algorithms in pairing-relevant finite fields Gabrielle De Micheli Joint work

Discrete logarithm algorithms in pairing-relevant finite fields Gabrielle De Micheli Joint work with Pierrick Gaudry and C ecile Pierrot Universit e de Lorraine, Inria Nancy, France Crypto 2020 Virtual Conference 1/29 The discrete

338 views • 29 slides
Beyond Removing Impediments: Scrum Master as Team Coach Image by Pictofigo Allison Pollard

Beyond Removing Impediments: Scrum Master as Team Coach Image by Pictofigo Allison Pollard

Beyond Removing Impediments: Scrum Master as Team Coach Image by Pictofigo Allison Pollard Agile Coach and Consultant Certified Professional Co-Active Coach Help people discover and develop their agile instincts DFW Scrum user group

174 views • 15 slides
Introduction to Higher Order Logic Carl Pollard Department of Linguistics Ohio State University

Introduction to Higher Order Logic Carl Pollard Department of Linguistics Ohio State University

Introduction to Higher Order Logic Carl Pollard Department of Linguistics Ohio State University November 29, 2011 Carl Pollard Introduction to Higher Order Logic Extending TLC to HOL (Church 1940) Start with a TLC. Add a type t for truth

464 views • 18 slides
Joint Subcommittee Studying Development and Land Use Tools (SJR70/HJR178) September 11, 2008

Joint Subcommittee Studying Development and Land Use Tools (SJR70/HJR178) September 11, 2008

Joint Subcommittee Studying Development and Land Use Tools (SJR70/HJR178) September 11, 2008 Slides to Accompany Presentation and Case Studies Provided By: Virginia League of Conservation Voters Piedmont Environmental Council

598 views • 14 slides
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018

Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography AES k ( m ) * Toy

935 views • 50 slides
Wynne Harlen Four issues: The disconnect between the aims, goals and values of 1. education and

Wynne Harlen Four issues: The disconnect between the aims, goals and values of 1. education and

SMEC/SAILS conference, Dublin, June 2014 Wynne Harlen Four issues: The disconnect between the aims, goals and values of 1. education and what is currently assessed. The disconnect between the aspirations of using 2. assessment formatively

524 views • 24 slides
Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster Erich Wenger and

Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster Erich Wenger and

Solving the Discrete Logarithm of a 113-bit Koblitz Curve with an FPGA Cluster Erich Wenger and Paul Wolfger Graz University of Technology WECC 2014, Chennai, India We solved the discrete logarithm of a 113-bit Koblitz Curve.

572 views • 34 slides

More recommend