Download CSE20 Lecture Five

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts
no text concepts found
Transcript 
CSE20 Lecture 6: Number Systems
5. Residual Numbers (cont) &
6. Cryptography
CK Cheng
UC San Diego
1
Residual Numbers
(NT-1 and Shaum’s Chapter 11)
•
•
•
•
Introduction
Definition
Operations
Inverse Conversion
2
Inverse Conversion
Number x
Mod Operation
Moduli (m1, m2, …, mk)
Results
Residual number
(x1, x2, …, xk)
+, -, x operations
for each xi under mi
Chinese Remainder Theorem
3
Chinese Remainder Theorem
Given a residual number (r1, r2, …, rk) with
moduli (m1, m2, …, mk), where all mi are
mutually prime, set M= m1×m2× …×mk, and
Mi=M/mi.
1. Find Si that (Mi×Si)%mi = 1 (Si an inverse of Mi
in mod mi)
2. The corresponding number
x = (∑i=1,k(Mi Si ri))%M.
4
Example
Given (m1,m2,m3)=(2,3,7), M=2×3×7=42, we have
M1=m2×m3=3×7=21 (M1S1)%m1=(21S1)%2=1
M2=m1×m3=2×7=14 (M2S2)%m2=(14S2)%3=1
M3=m1×m2=2×3=6
(M3S3)%m3=(6S3)%7=1
Thus, (S1, S2, S3) = (1,2,6)
For a residual number (0,2,1):
x=(M1S1r1 + M2S2r2 + M3S3r3)%M
=(21×1×0 + 14×2×2 + 6×6×1 )%42
= ( 0 + 56 + 36 )%42 = 92%42 = 8
5
Example
For a residual number (1,2,5):
• x=(M1S1r1 + M2S2r2 + M3S3r3)%M
= (21×1×1 + 14×2×2 + 6×6×5)%42
= (21 + 56 + 180)%42
= 257%42 = 5
6
Example: iClicker
Given (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have
M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1
M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1
M3=m1×m2=2×3=6
(M3S3)%m3=(6S3)%5=1
Thus, (S1, S2, S3) is
A. (1, 1, 1)
B. (1, 2, 1)
C. (2, 1, 2)
D. None of the above
7
Example: iClicker
Given (m1,m2,m3)=(2,3,5), M=2×3×5=30, we have
M1=m2×m3=3×5=15 (M1S1)%m1=(15S1)%2=1
M2=m1×m3=2×5=10 (M2S2)%m2=(10S2)%3=1
M3=m1×m2=2×3=6
(M3S3)%m3=(6S3)%5=1
For a residual number (x1,x2,x3)=(1,2,3), the
corresponding number x is
A. 5
B. 19
C. 23
D. None of the above
8
Proof of Chinese Remainder
Theorem
Let A = ∑i=1,k(Mi Si ri), we show that
1. A%mv = rv and 2. x=A%M is unique.
1. A%mv= [∑i=1,k(Mi Si ri) ]% mv
= [Σ(MiSiri) % mv]%mv = (MvSvrv)%mv
= [(MvSv)%mv × rv%mv ]%mv = rv%mv = rv
2. Proof was shown in lecture 5.
9
6. Cryptography
1. Introduction
2. RSA Protocol
3. Remarks
10
6.1 Cryptography: Introduction
•
•
•
•
Application of residual number systems
Number theory (skip)
Show the basic concept and process
Many variations
11
6.2 RSA Protocol
Private
M
P(X)
Public
(e,N), P(M)
Secret
(d,N)
S(X)
M
• Function P(X)=Xe%N is public.
• Function S(X)=Xd%N is secret.
• Message M is private, but P(M) is observed by all.
• Desired feature: S(P(M))=M.
Example: (e,N)=(7,55), (d,N)=(23,55)
M=12 => P(12)=127%55=23 => S(23)=2323%55=12
M=8 => P(8)=87%55=2 => S(2)=223%55=?
12
6.2 RSA Protocol
(d,N)
(e,N)
e
P(X)=X %N
M
S(X)=Xd%N
M
1. N=pq where p & q are primes and kept secret.
2. e is mutually prime to f(N)=(p-1)(q-1)
3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1
Theorem: S(P(M))=P(S(M))=M for 0<=M<N
Note that S(P(M))=Med%N
Theorem: Mf(N)%N=1 for 0<=M<N
Assumption: p & q are hard to find. Consequently, it is
difficult to derive d.
13
6.2 RSA Protocol
(d,N)
(e,N)
e
P(X)=X %N
S(X)=Xd%N
M
M
1. N=pq where p & q are primes and kept secret.
2. e is mutually prime to f(N)=(p-1)(q-1)
3. d is the inverse of e mod f(N), i.e. (ed)%f(N)=1
Example: N=pq=3x11=33, f(N)=(3-1)(11-1)=20
Let e=3, then d=7 (3x7%20=1).
M=9 => P(9)=93%33=3 => S(3)=37%33=?
14
6.3 Remark
• Residual number system is used in
cryptography.
• RSA protocol uses public key for coding P(X)
and secret key to decode S(X).
• Use wide words (>1000 bits) so that the
solution is computationally expensive
without the knowledge of the function S(X).
15
Related documents