Download Week 1 - Mathematics and Computer Studies

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

List of important publications in mathematics wikipedia , lookup

History of logarithms wikipedia , lookup

Location arithmetic wikipedia , lookup

Positional notation wikipedia , lookup

Large numbers wikipedia , lookup

Wiles's proof of Fermat's Last Theorem wikipedia , lookup

Approximations of π wikipedia , lookup

Line (geometry) wikipedia , lookup

Fermat's Last Theorem wikipedia , lookup

Mathematics of radio engineering wikipedia , lookup

Arithmetic wikipedia , lookup

System of polynomial equations wikipedia , lookup

Factorization of polynomials over finite fields wikipedia , lookup

Addition wikipedia , lookup

Number theory wikipedia , lookup

Elementary mathematics wikipedia , lookup

Proofs of Fermat's little theorem wikipedia , lookup

Transcript 
Cryptographic Mathematics (MA6011)
Dr. Bernd Kreussler∗
Autumn 2015
1
Motivation
Confidential message transmission was known at least 2500 years ago. In Ancient
Greece, in particular in Sparta, the following method was used to send secret messages during military campaigns.
A leather (or parchment) strip was wound around a wooden cylinder
(called scytale). The message was then written across on this strip.
The unwound strip did not seem to contain any text that makes sense.
The recipient had a scytale of exactly the same size and could read the
message after winding the strip around it.
More famous is Caesar’s cipher. The Roman statesman, who lived 100–40 BCE,
used the following method to encrypt some of his letters to Cicero:
plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphertext D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
For example, the word help becomes KHOS. This type of encoding is known as an
additive cipher, because each letter is replaced by the one which is three places
ahead. To describe this more mathematically, we number the letters of the English
alphabet from 0 to 25. Then this encryption is obtained by adding 3. Here we
understand that any number above 25 is to be replaced by its remainder on division
by 26. In modern terms we would speak of addition modulo 26.
∗
These notes are based on lecture notes written by Gordon Lessells and on a book of Silverman.
1
2
MA6011
To decrypt the ciphertext one simply has to subtract 3 modulo 26. The secret
key of this encryption scheme is the number 3. Everybody who knows how to
encrypt can easily decrypt as well. This is the first known example of a private
key cryptosystem. With current knowledge and technology it is very easy to
break such a system.
Over the centuries such systems were further developed. The encryption schemes
became quite clever and increasingly complicated. Their security depends on the
safety of the key exchange. In the diplomatic and military sectors keys were traditionally exchanged via direct meeting or with the aid of a trusted courier.
In 1976 cryptography was revolutionised when Diffie and Hellman introduced
public key cryptography. The main idea is to use ’one-way’ or ’trapdoor’ functions for encryption. These are functions that are easy to calculate, but without
extra information (the private key) it is computationally infeasible to invert (i.e. to
reconstruct the plaintext from the ciphertext of) such a function within a reasonable
time.
When such a cryptosystem is used, the public key is known to everybody.
It can be used to encrypt messages. However, only the holder of the private key is
able to decrypt such a ciphertext. Nowadays, internet data security is based on such
cryptographic techniques. Public key cryptography is not only useful for confidential
message transfer, but also for key exchange, authentication and coin flipping.
Most of this course will consist of the description of the core ideas of such cryptosystems including the mathematical background needed to understand them. All
the systems considered will be based on techniques from number theory. Before we
can explain them in detail, we will study a few fundamental concepts from number
theory.
Number theory studies the properties of numbers. Before we start, we ask:
What is a number? In some civilizations, they have words for one, two and many.
Numbers are used to describe quantity. Symbols were often used to represent numbers, such as notches on a piece of wood or knots on a rope. The Babylonians
developed a counting system which is described as base 60 and remains with us in
the way we measure time. Roman numerals are still quite familiar and are used in
dating some television programmes. However, the number system which we now use
is called the Hindu-Arabic system and is described as base 10 or decimal. In this
system the significance of a digit depends on its position in the decimal representation. Computers use a binary system with two symbols 0 and 1 or hexadecimal
which uses symbols 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. Many
other ways have been developed of representing numbers but the decimal system
allows ease of calculation. In early days certain numbers were thought to have a
significance e.g.
square numbers
1, 4, 9, 16, 25, 36, . . .
triangular numbers
1, 3, 6, 10, 15, 21, 28, 36, . . .
perfect numbers
6, 28, 496, . . .
prime numbers
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, . . .
We will see in this course that prime numbers have a significance and usefulness
far beyond what was dreamt of in the past. There are lots of mysteries about prime
numbers which may never be solved.
3
Week 1
2
Pythagorean Triples
The Babylonians discovered what we now call Pythagorean triples i.e. numbers
a, b, c satisfying the relation
a2 + b2 = c2 .
The most common example is (3, 4, 5), but (5, 12, 13), (7, 24, 25), (8, 15, 17) are other
less familiar solutions. There are an infinite number of solutions which can be listed.
Introducing the rational numbers x = a/c and y = b/c, the equation a2 + b2 = c2
translates into the equation of a circle
x2 + y 2 = 1.
Therefore, finding all Pythagorean triples is equivalent to finding all points on this
circle which have rational coordinates i.e. both coordinates are rational numbers.
(The rational numbers denoted Q are numbers of the form m/n where m and n are
integers and n 6= 0.) There are four obvious points on the circle x2 + y 2 = 1:
(0, 1), (0, −1), (1, 0), (−1, 0).
We can use geometrical ideas to find the others.
Let P = (−1, 0) and let m be a rational number (a number of the form p/q
where p and q are integers and q 6= 0). Consider the line through P with slope m.
The equation of this line is
y − 0 = m(x + 1).
This line will intersect the circle at a second point Q. To find the coordinates of Q,
we substitute y = m(x + 1) in the equation x2 + y 2 = 1.
x2 + m2 (x + 1)2 = 1
x2 + m2 x2 + 2m2 x + m2 − 1 = 0
(1 + m2 )x2 + 2m2 x + (m2 − 1) = 0
This is a quadratic equation in x which we can solve using the standard formula.
However, we know that x = −1 is one solution. We can thus factorise as
(x + 1)((1 + m2 )x + m2 − 1) = 0.
Thus the x-coordinate of the point Q is
x=
1 − m2
.
1 + m2
Using this we obtain the y-coordinate of Q
2m
1 − m2
y = m(x + 1) = m
+1 =
.
2
1+m
1 + m2
Thus
Q=
1 − m2 2m
,
1 + m2 1 + m2
.
Since m is rational the coordinates of Q are also rational.
4
MA6011
If we start with a point Q on the circle with rational coordinates then the slope
of the line P Q will be rational. Hence, we have determined all the points on the
circle x2 + y 2 = 1 with rational coordinates. From this we can find all Pythagorean
triples by putting m = v/u with u, v integers. This leads us to the equation
(u2 − v 2 )2 + (2uv)2 = (u2 + v 2 )2
from which we see that
a = u2 − v 2
b = 2uv
c = u2 + v 2
is a Pythagorean triple. By substituting for u and v we can find Pythagorean triples,
as shown in the table below.
u
v
a
b
c
2
1
3
4
5
3 4 4 5 5 6
2 1 3 2 4 1
5 15 7 21 9 35
12 8 24 20 40 12
13 17 25 29 41 37
6 7 7 7 8 8
5 2 4 6 1 3
11 45 33 13 63 55
60 28 56 84 16 48
61 53 65 85 65 73
8
5
49
80
89
The triples (a, b, c) shown in the table have in common that a, b, c don’t have a
common factor. Of course, if (a, b, c) is a Pythagorean triple and k a positive integer,
then (ka, kb, kc) is another Pythagorean triple.
What if we consider higher powers? Fermat’s Last Theorem is the statement
that
an + bn = cn
has no solutions in positive integers if n ≥ 3. Fermat made the conjecture in the
17th century but it was only finally proved in 1994 by Andrew Wiles and Richard
Taylor. Several books and a musical have been written about the proof of Fermat’s
Last Theorem. In his proof, Wiles used the theory of elliptic curves. We will find
later that elliptic curves are important in cryptography.
3
Divisibility
Let m and n be integers with m 6= 0. We say m divides n if n is a multiple of m i.e.
there exists an integer k such that n = km. If m divides n we write m | n. Thus
2 | 60 and 3 | 60 and 5 | 60 and 10 | 60
A number that divides n is called a divisor of n.
As all positive divisors of n are less than or equal to |n| an integer has a finite
number of divisors. Also 1 is a divisor of every integer n. Thus if we take two
integers m and n, the set of integers which are divisors of both m and n is a nonempty finite set and has a largest element which is called the greatest common
divisor of m and n abbreviated to gcd(m, n). If gcd(m, n) = 1 we say m and n are
coprime.
The question then arises: Given m and n how do we calculate gcd(m, n). One
way of doing this is to list all the divisors of m and n and take the largest number
which is in both lists. This is not an efficient way of calculating the greatest common
5
Week 1
divisor. Instead we use the Euclidean algorithm. It involves doing a sequence of
divisions with remainder until the remainder is zero.
Let m = 126 and n = 1812. Divide 126 into 1812.
1812 = 14 × 126 + 48
126 = 2 × 48 + 30
48 = 1 × 30 + 18
30 = 1 × 18 + 12
18 = 1 × 12 + 6
12 = 2 × 6
The Euclidean algorithm tells you that when you find a remainder of 0 then the
greatest common divisor is the remainder in the previous step. Hence
gcd(1812, 126) = 6.
Let m = 87654321 and n = 12345678.
87654321 = 7 × 12345678 + 1234575
12345678 = 9 × 1234575 + 1234503
1234575 = 1 × 1234503 + 72
1234503 = 17145 × 72 + 63
72 = 1 × 63 + 9
63 = 7 × 9
Thus gcd(87654321, 12345678) = 9. Note 87654321 = 9×9739369 and 12345678 =
9 × 1371742.
In practice, to write m = q × n + r we take the integer part of m/n as q and
then calculate r = m − n × q.
Why does the Euclidean algorithm work?
Assume a > b and let the sequence of steps be as follows:
a = q1 × b + r1
b = q2 × r1 + r2
r1 = q3 × r2 + r3
..
.
rn−3 = qn−1 × rn−2 + rn−1
rn−2 = qn × rn−1 + rn
rn−1 = qn+1 × rn + 0
We have b > r1 > r2 > r3 > · · · ≥ 0. Thus for some n, rn+1 = 0. Now rn | rn−1
and working upwards we find rn | rn−2 and then rn | rn−3 . Eventually, we find that
rn | r1 and rn | b. Finally from the first equation we find that rn | a and rn | b i.e.
rn is a common divisor of a and b. But working down now we see that any common
divisor of a and b is a divisor of successively r1 , r2 , r3 , . . . , rn . Thus rn is the greatest
common divisor of a and b.
6
MA6011
We can show that the number of steps in the Euclidean algorithm is at most
seven times the number of digits in b. Thus Euclidean algorithm calculations are
easily done on a computer with numbers having thousands of digits.
There is an improved version of the Euclidean algorithm called the binary GCD
algorithm. It is based on the fact that if m and n are both even then gcd(m, n) =
2 gcd(m/2, n/2) while if m is even and n odd, gcd(m, n) = gcd(m/2, n). In binary,
division by 2 is a simple shift operation.
Using this idea the previous examples become
gcd(1812, 126) = 2 gcd(906, 63)
= 2 gcd(453, 63)
= 2 gcd(7 × 63 + 12, 63)
= 2 gcd(63, 12)
= 2 gcd(63, 6)
= 2 gcd(63, 3)
=2×3=6
gcd(87654321, 12345678) = gcd(87654321, 6172839)
= gcd(14 × 6172839 + 1234575, 6172839)
= gcd(6172839, 1234575)
= gcd(4 × 1234575 + 1234539, 1234575)
= gcd(1234575, 1234539)
= gcd(1235439 + 36, 1234539)
= gcd(1234539, 36)
= gcd(1234539, 18)
= gcd(1234539, 9)
= gcd(9 × 137171, 9) = 9
The property of divisibility has nice properties with respect to our usual arithmetic operations.
1. If m | a and m | b then m | a + b and m | a − b.
2. If m | a then m | ka where k is an integer. Combining with 1) we have if m | a
and m | b then m | ka ± lb for any integers k and l.
3. If a | b and b | c then a | c.
4. If a | b and c | d then ac | bd.
5. If m 6= 0 then a | b ⇐⇒ ma | mb.
6. If d | a and a 6= 0 then |d| ≤ |a|.
7. a | b and b | a if and only if a = ±b
7
Week 1
4
Solving Linear Equations in Integers
Let a and b be integers. One can ask the question: What integers can be written in
the form ax + by with x and y integers? Take a = 24 and b = 66. We can draw up
a table of values of 24x + 66y for small values of x and y
y\x
−4
−3
−2
−1
0
1
2
3
4
−4
−360
−294
−228
−162
−96
−30
36
102
168
−3
−336
−270
−204
−138
−72
−6
60
126
192
−2
−1
0
1
2
3
4
−312 −288 −264 −240 −216 −192 −168
−246 −222 −198 −174 −150 −126 −102
−180 −156 −132 −108 −84 −60 −36
−114 −90 −66 −42 −18
6
30
−48 −24
0
24
48
72
96
18
42
66
90
114
138
162
84
108
132
156
180
204
228
150
174
198
222
246
270
294
216
240
264
288
312
336
360
Notice every entry in the table is a multiple of 6 which is gcd(24, 66) and 6 also
appears in the table as
6 = 3 × 24 − 1 × 66.
Thus the smallest positive value in our table is the gcd(a, b). This is true in general.
Such an expression can be obtained from the Euclidean algorithm calculations to
find the GCD.
66 = 2 × 24 + 18
24 = 1 × 18 + 6
18 = 3 × 6
66 − 2 × 24 = 18
24 − 1 × 18 = 6
18 − 3 × 6 = 0
On the right we have rewritten the equations to have the remainders alone on the
right hand side. Substituting in the second equation for 18 the left hand side of the
first equation, we get
6 = 24 − 1 × 18 = 24 − 1 × (66 − 2 × 24) = 3 × 24 − 1 × 66
One can also work forwards. From the first equation 18 = a − 2b where a = 66 and
b = 24. The second equation becomes b − (a − 2b) = 6 from which we again obtain
6 = 3b − a = 3 × 24 − 1 × 66.
Let us rewrite our calculation for m = 87654321 and n = 12345678 as follows
m − 7n = r1
n − 9r1 = r2
r1 − r2 = r3
r2 − 17145r3 = r4
r3 − r4 = 9 = gcd(m, n),
where the values r1 = 1234575, r2 = 1234503, r3 = 72 and r4 = 63 are irrelevant for
8
MA6011
the calculations that follow. Working forwards we obtain
m − 7n = r1
n − 9(m − 7n) = r2
64n − 9m = r2
(m − 7n) − (64n − 9m) = r3
10m − 71n = r3
(64n − 9m) − 17145(10m − 71n) = r4
1217359n − 171459m = r4
(10m − 71n) − (1217359n − 171459m) = 9
171469m − 1217430n = 9
Working backwards
9 = 72 − 1 × 63
9 = 72 − (1234503 − 17145 × 72)
9 = 17146 × 72 − 1234503
9 = 17146(1234575 − 1 × 1234503) − 1234503
9 = 17146 × 1234575 − 17147 × 1234503
9 = 17146 × 1234575 − 17147(12345678 − 9 × 1234575)
9 = 171469 × 1234575 − 17147 × 12345678
9 = 171469(87654321 − 7 × 12345678) − 17147 × 12345678
9 = 171469 × 87654321 − 1217430 × 12345678
Thus we have seen that the linear equation ax + by = gcd(a, b) has a solution in
integers x and y. In particular, if gcd(a, b) = 1 there are integers x1 and y1 satisfying
ax1 + by1 = 1. We can create other solutions as follows.
ax1 + by1 = 1 ⇒ ax1 + kab + by1 − kab = a(x1 + kb) + b(y1 − ka) = 1
Thus (x1 + kb, y1 − ka) is another solution.
In fact all possible solutions can be obtained by this process. Suppose (x2 , y2 ) is
another solution i.e. ax2 + by2 = 1. Then
x2 − x1 = x2 (ax1 + by1 ) − x1 (ax2 + by2 ) = b(x2 y1 − x1 y2 )
and
y2 − y1 = y2 (ax1 + by1 ) − y1 (ax2 + by2 ) = a(x1 y2 − x2 y1 ) = −a(x2 y1 − x1 y2 )
Thus x2 = x1 + kb and y2 = y1 − ka as claimed where k = x2 y1 − x1 y2 .
We can now deal with the case ax + by = d = gcd(a, b). As d is a divisor of both
a and b we can divide both sides of our equation by d to give
a
b
x+ y =1
d
d
and apply what we have just proved. As result we obtain the following.
9
Week 1
Theorem 4.1. Let a and b be non-zero integers with gcd(a, b) = d. The equation
ax + by = d
has a solution (x1 , y1) in integers which can be found by means of the extended
Euclidean algorithm. Every solution of this equation can be obtained by substituting
integers k into the formula
a
b
.
x1 + k , y1 − k
d
d
Related documents
ECS20 - UC Davis
ECS20 - UC Davis
DiscreteTom2014
DiscreteTom2014
H2
H2
Elementary Number Theory and Cryptography, Michaelmas 2014
Elementary Number Theory and Cryptography, Michaelmas 2014
COT 4100 Homework #5
COT 4100 Homework #5
MT 437 – Cryptography Fall 2014
MT 437 – Cryptography Fall 2014
UNIVERSITY NC STATE
UNIVERSITY NC STATE
Fall 2016 Midterm
Fall 2016 Midterm
Exercise 1 - TCD Maths home
Exercise 1 - TCD Maths home