1

Number Theory and Advanced Cryptography 2. Primes and Discrete Logarithms

Chih-Hung Wang

Feb. 2011

Part I: Introduction to Number TheoryPart II: Advanced Cryptography

2

The distribution of primes The natural way of measuring the density of

primes is to count the number of primes up to a bound x, where x is a real number. For a real number x ¸ 0, the function (x) is defined to be the number of primes up to x. Thus, (1) = 0, (2) = 1, (7.5) = 4, and so on.

3

Some values of (x)

4

The Sieve of Eratosthenes This is an algorithm for generating all the primes up

to a given bound k.

5

The prime number theorem

6

The error term in the prime number theory (1)

7

The error term in the prime number theory (2)

8

Sophie Germain primes

9

Probabilistic primality testing Trial Division

10

Trial division

11

The Miller-Rabin test

12

Error parameter (1)

13

Error parameter (2)

14

Carmichael numbers

15

Good Primality testing (1)

16

Good Primality testing (2)

17

Error parameter

18

Generating random primes using the Miller-Rabin Test

19

Sieving up to a small bound

20

Generating a random k-bit prime

21

Perfect power testing (1)

22

Perfect power testing (2)

23

Perfect power testing (3)

24

Deterministic Primality Testing The basic idea

25

AKS algorithm

26

Running time

27

Notes

28

Primality testing in Java Public BigInteger ( int bitLength， int certainty， Random rnd )

Public boolean isProbablePrime (int certainty)

29

Cyclic groups Order of group element

30

Order of group element

31

(Example)Powers of Integers, Modulo 19

32

Cyclic group & Group generator

33

Example of Cyclic Group

34

Theorem of Cyclic Group

35

Prime Order group

36

The Multiplicative Group Zn*

37

The Multiplicative Group Zn*

38

Example of The Multiplicative Group

39

Finding Primitive Root

Page 166

40

Application 1: Diffie-Hellman Key Exchange

Diffie and Hellman 1976 A number of commercial products employ this

key exchange technique This algorithm enables two users to exchange

key securely

41

The Diffie-Hellman Key Exchange Protocol

42

Example of D-H Key Exchange (1)

q=97 =5 XA = 36 XB=58

YA=536=50 mod 97YB=558=44 mod 97

K=(YB)XA mod 97 = 4436 = 75 nod 97K=(YA)XB mod 97 = 5058 = 75 nod 97

43

Example of D-H Key Exchange (2)

44

Hybrid Encryption Diffie-Hellman based hybrid encryption

systemA BYA

YBK=(YB)xA

=(YA)xB

Mod q

SK=h(K)128 – 256 bits

ESK(M)

SK can be a key of the AES symmetric cryptosystem

45

The Man-in-the-Middle Attack (1)

46

The Man-in-the-Middle Attack (2)

47

The DH Problem and DL Problem (1)

48

The DH Problem and DL Problem (2)

Example: a = loggh = log3 5 mod 19 = 4

49

Importance of Arbitrary Instances for Intractability Assumptions

CRT

riai=ri

a (mod qi) = h(p-1)/qi mod pa=kiqi+ai

ri= g(p-1)/qi mod p

50

Chinese Remainder Theorem (1)

51

Chinese Remainder Theorem (2)

52

Chinese Remainder Theorem (3)

53

Example of CRT

9mod8

7mod0

5mod0

4mod3

x

x

x

x

2

3

3

3

1409/1260/

1807/1260/

2525/1260/

3154/1260/

4

3

2

1

4

3

2

1

y

y

y

y

mM

mM

mM

mM

35

1260mod5075

81402018030252333153

)/()/()/()/( 444333222111

cmMycmMycmMycmMyx

54

ElGamal (1)

55

ElGamal (2)

56

Meet-in-the-middle attack & Active attack of ElGamal See Page 277 Example 8.8 Malice select

Malice sends (c1, c2’=rc2) to Alice Alice returns rm to Malice

*pFUr