CYG Chapter 6 Number-Theoretic Reference Problems
Questions about the lecture 'Cryptography' of the RWTH Aachen Chapter 6 Number-Theoretic Reference Problems
Questions about the lecture 'Cryptography' of the RWTH Aachen Chapter 6 Number-Theoretic Reference Problems
Kartei Details
| Karten | 60 |
|---|---|
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 21.03.2017 / 23.08.2017 |
| Weblink |
https://card2brain.ch/box/20170321_cyg_chapter_6_numbertheoretic_reference_problems
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20170321_cyg_chapter_6_numbertheoretic_reference_problems/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is the characteristic?
[motivation.number]
Basics about number theory // Useful for cryptography
What are the characteristics of ring of equivalence classes Zn?
[Zn.number, 5]
1. Zn = Z/nZ
2. Equivalence relation s~t or s equiv t (mod n) ↔ n|(s-t)
3. (Zn,+,*) forms a commutative ring
4. Multiplicative group
5. Euler phi-function
What is the definition?
[multiplicativegroup.Zn.number]
Zn* := {a in Zn| gcd(a,n)=1}
What holds?
[multiplicativegroup.Zn.number]
If Zn* is multiplicative abelian group then gcd(a,n)=1 iff ex inverse s of a with a*s equiv 1 (mod n)
What is the definition?
[eulerphifunction.Zn.number]
Phi(n) = |Zn*|
What is the characteristic?
[eulerphifunction.Zn.number]
Phi(p)=p-1 for any prime p
What is the definition?
[theorem62.Zn.number, 2]
1. If a in Zn* then aphi(n) equiv 1 (mod n)
2. If p is prime and (a,p)=1 then ap-1 equiv 1 (mod p) // Fermat’s little theorem
What are the characteristics?
[notation.Zn.number, 2]
1. (a,n) for gcd(a,n)
2. If (a,n)=1 then a and n are called relatively prime or coprime
What is the idea?
[primalitytesting.number]
Test if a given number 2<=n in N is prime
What is the definition?
[composite.primalitytesting.number]
If p not prime then we call n composite
List them!
[primalitytesting.number, 4]
1. FTP
2. Miller-Rabin
3. Deterministic
4. Finding large prime numbers
What is the characteristic?
[FTP.primalitytesting.number]
Use Fermat’s little theorem for a probabilistic primality test
What are the characteristics?
[carmichaelnumbers.FTP.primalitytesting.number, 3]
1. n is composite but an-1 equiv 1 (mod n) for all a in Zn*
2. 561,1105, 1729, 2465, 2821, 6601, 29341, 172081, 278545…
3. Infinitely many proved by Alford et al.
What holds?
[FTP.primalitytesting.number, 3]
1. P(FPT states “n composite” | n composite) >= 1/2
2. P(FPT states “n prime” | n composite) <= 1/2
3. P(FPT states “n prime” | n prime) = 1
What are the steps?
[FTP.primalitytesting.number, 3]
1. Select a in {2,…,n-1} random
2. If an-1 equiv 1 (mod n) then n prime otherwise n composite
3. If sufficiently many a indicate a composite p then high success probability can be achieved by independent repetition of the test
What is the characteristic?
[lemma.FTP.primalitytesting.number]
Consider cardinality of the set of all a indicating composite p
What is the definition?
[lemma.FTP.primalitytesting.number]
If n is composite and a in Zn/Zn* then an-1 notequiv 1 (mod n)
What is the proof?
[lemma.FTP.primalitytesting.number, 3]
1. Suppose an-1 equiv 1 (mod n)
2. a-1 = an-2 exists
3. a in Zn* // Contradiction to assumption that a in Zn/Zn*
What is the definition?
[proposition63.FTP.primalitytesting.number]
If n composite, odd, no Carmichael number then |{a in Zn\{0}| an-1 notequiv 1 (mod n)}| >= n/2
What is the proof?
[proposition63 .FTP.primalitytesting.number, 6]
1. Consider set Kn-1 := {a in Zn| an-1 equiv 1 (mod n)}
2. Kn-1 subseteq Zn* as all a in Kn-1 have multiplicative inverses
3. Futhermore Kn-1 is a subgroup of Zn*
4. It holds that |Kn-1| divides |Zn*| // Lagrange’s theorem
5. |Kn-1|<=1/2|Zn*|<=(n-2)/2
6. |Zn\{0}\Kn-1|>=n-1-(n-2)/2 = n/2
What holds for Kn-1 as subgroup of Zn*?
[proof.proposition63 .FTP.primalitytesting.number, 5]
1. Closed under multiplication
2. Multiplication is associative
3. 1 in Kn-1
4. Inverse of a is an-2 in Kn-1 as (an-2)n-1 = (an-1)n-2 equiv 1 (mod n)
5. a in Zn* with a notin Kn-1 // a is not a Carmichael number
List them?
[tools.strongwitness.MRPT.primalitytesting.number, 2]
1. n = 1+q*2k with q odd // Any odd n has unique representation
2. a in [2,n-1] or in W(n)
What holds?
[strongwitness.MRPT.primalitytesting.number, 2]
( i) aq notequiv 1 (mod n)
(ii) aq*2^i notequiv -1 (mod n) for all I in [0,k-1]
What is the definition?
[proposition65.strongwitness.MRPT.primalitytesting.number]
If a in W(n) then n is composite
What is the proof?
[proposition65.strongwitness.MRPT.primalitytesting.number, 9]
1. Suppose a in W(n) and n prime
2. an-1 = aq*2^k equiv 1 (mod n) // By theorem 6.2
3. Consider successive squares
4. aq notequiv 1 (mod n),…, aq*2^k equiv 1 (mod n)
5. Let j be the maximal number for which b=aq*2^j notequiv 1 (mod n) holds
6. b notequiv 1 (mod n) but b² equiv 1 (mod n)
7. Because n prime we know that Zn is a field and hence b=1 or b=-1
8. Because b notequiv 1 (mod n) we know b=-1
9. b=-1 is a contradiction to the definition of the strong witness
What is the definition?
[theorem66.strongwitness.MRPT.primalitytesting.number]
|{a| a in [2,n-1] and a notin W(n)}| <= n/4
What holds?
[MRPT.primalitytesting.number, 3]
1. P(MRPT states “n composite” | n composite) >= 3/4
2. P(MRPT states “n prime” | n composite) <= (1/4)M // For M many independently different a
3. P(MRPT states “n prime” | n prime) = 1
What are the steps?
[MRPT.primalitytesting.number, 3+3]
1. Compute n = 1+q2^k with q odd
2. Choose a in [2,n-1] uniformly distributed at random
3. Compute y = aq mod n
4. If (y=1 or n-1) then return “n prime”
5. If for any I in [1,k] y² mod n is n-1 then return “n prime”
6. Otherwise return “n composite”
What are the characteristics?
[deterministic.primalitytesting.number, 3]
1. Since August 6, 2002
2. Polynomial time deterministic algorithm
3. Much slower than MRPT // That is why MRPT is still used in most applications
What is the characteristic?
[large.primalitytesting.number]
Presented algorithms can be used to find large prime numbers
What are the steps?
[large.primalitytesting.number, 2]
1. Choose large, odd n in N
2. Iterate over n←n+2 until a prim number is found
What is an alternative description?
[theorem67.large.primalitytesting.number]
Prime Number Theorem
What is the definition?
[theorem67.large.primalitytesting.number]
|{p|p<=n, p prime}| ~ n/ln(n) // Reasonable period of time
What would be an example?
[large.primalitytesting.number]
For n=2512 we get 2/ln(2512)~1/177.4
What are the characteristics?
[problem.factorization.number, 2+2]
1. Detecting whether n is prime or composite is computationally “easy”
2. Much harder is prime factorization for given integer
3. “Trial-division” // Naive algorithm and much too inefficient
4. Advanced algorithms as the quadratic sieve and the number field sieve are based on proposition 6.8
What is the definition?
[proposition68.factorization.number]
If x notequiv +-y (mod n) and x² equiv y² (mod n) then gcd(x-y, n) is a nontrivial factor of n
What is the proof?
[proposition68.factorization.number, 4]
1. x² equiv y² (mod n) with n|x²-y²
2. n|(x-y)(x+y)
3. But by assumption n!|(x+-y)
4. Hence factor s of n must be “shared” between (x-y) and (x+y)
What are the characteristics?
[algorithm.factorization.number, 3]
1. Find x and y fulfilling the conditions of proposition 6.8
2. p is smallest prime factor of n
3. Can be considered as a one-way function
What are the characteristics?
[oneway.algorithm.factorization.number, 2]
1. Computing n is easy
2. Factorization into p and q is computationally infeasible
List them!
[algorithm.factorization.number]
1. Quadratic Sieve
2. Elliptic Curve Factoring
3. Number Field Sieve
