Prime Numbers - PowerPoint PPT Presentation

1 / 55
About This Presentation
Title:

Prime Numbers

Description:

Exercise: find GCD (1234,121) Relatively prime ... (ab)c = ac bc. Modular exponents. Regular exponents. Examples. mod((13)25 ,12) ... – PowerPoint PPT presentation

Number of Views:232
Avg rating:3.0/5.0
Slides: 56
Provided by: joel93
Category:
Tags: numbers | prime

less

Transcript and Presenter's Notes

Title: Prime Numbers


1
Prime Numbers
  • The Fundamental Theorem of Arithmetic

2
Prime Numbers and RSA
3
Euclidean algorithm Eudoxus of Cnidus (about 375
BC),
  • function gcd(a, b)
  • if a 0 return b
  • while b ? 0
  • if a gt b a a - b
  • else b b - a
  • return a

4
Euclids algorithm GCD
  • The greatest common divisor of M and N is the
    largest whole number that divides evenly into
    both M and N
  • GCD (6 , 15 ) 3
  • If GCD (M, N) 1 then M and N are called
    relatively prime.
  • Euclids algorithm method to find GCD (M,N)

5
Euclids algorithm
  • M and N whole numbers.
  • Suppose M N. If N is divisible by M then
    GCD(M,N) M.
  • Otherwise, subtract from N the biggest multiple
    of M that is smaller than N. Call the remainder
    R.
  • NMKR or RMK-N. If Q divides into both M and N
    then Q divides into R. So
  • GCD(M,N) GCD (M,R).
  • Repeat until R divides into previous.

6
Example GCD (105, 77)
  • 77 does not divide 105.
  • Subtract 177 from 105. Get R28
  • 28 does not divide into 77. Subtract 228 from
    77. Get R77-5621
  • Subtract 21 from 28. Get 7.
  • 7 divides into 21. Done.
  • GCD (105, 77) 7.

7
Example GCD (105, 47)
  • 47 does not divide 105.
  • Subtract 247 from 105. Get R11
  • 11 does not divide into 47. Subtract 411 from
    47. Get R47-443
  • 3 does not divide 11. Subtract 33 from 11. R2
  • 2 does not divide 3. Subtract 2 from 3. R1
  • GCD (105, 47) 1.

8
Exercise find GCD (1234,121)
9
Relatively prime
  • Two numbers M and N are called relatively prime
    if GCD(M,N)1.

10
Prime numbers
  • A whole number is called prime if it is
    relatively prime to every smaller whole number.

11
Prime factorization theorem
  • fundamental theorem of arithmetic
  • every natural number gt 1 can be written as a
    unique product of prime numbers.
  • Example 69362 x 2 x 2 x 3 x 17 x 17
  • 23 x 3 x 172
  • No other way of writing 6936 as a product of
    prime powers
  • practically proved by Euclid,
  • first correct proof in Disquisitiones
    Arithmeticae by Gauss.

12
GCD(6251,1473)
  • 1
  • 3
  • 7
  • 11

13
Large prime numbers
  • Euclid infinitely many prime numbers
  • Proof given a list of prime numbers, multiply
    all of them together and add one.
  • Either the new number is prime or there is a
    smaller prime not in the list.

14
Euclids proof
  • Consider any finite set of primes. Multiply all
    of them together and add 1 (see Euclid number).
    Call this Q
  • Dividing Q by any of these would give a remainder
    of 1.
  • So Q is not divisible by any number in this list.
  • Any non-prime can be decomposed into a product of
    primes,
  • Either Q is prime itself, or there is a prime
    number in the decomposition of Q that is not in
    the original finite set of primes.
  • Either way, there is at least one more prime that
    was not in the finite set we started with. This
    argument applies no matter what finite set we
    began with. So there are more primes than any
    given finite number.

15
Infinitude of primes
  • 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41,
    43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97
  • list of prime numbers

16
Testing for prime numbers
  • Is 97 a prime number?
  • How about 111?
  • How about 12345678987654321?

17
Computers can factor small prime numbers
18
Primality test
  • A primality test is an algorithm for determining
    whether an input number is prime.
  • As of 2008, factorization is a computationally
    hard problem, whereas primality testing is
    comparatively easy.
  • elliptic curve primality test O((log n)6),
  • Based on believed, but unproven properties
  • 2002 Agrawal, Saxena and Kayal
  • AKS primality test, Õ((log n)6)
  • slower than probabilistic methods.

19
RSA 200
  • RSA-200 2799783391122132787082946763872260162107
    044678695542853756000992932612840010
    76093456710529553608560618223519109513657886371059
    54482006576775098580557613 57909873495014417886317
    8946295187237869221823983
  • RSA-200 3532461934402770121272604978198464368671
    197400197625023649303468776121253679
    423200058547956528088349 79258699544783330333470
    85841480059687737975857364219960734330341455767872
    818 152135381409304740185467

20
How long to factor RSA 200?
  • If a k-digit number is the product of two primes
  • No known algorithm can factor in polynomial time,
    i.e., that can factor it in time O(kp) for some
    constant p.
  • There are algorithms faster than O((1e)k) i.e.,
    sub-exponential.
  • For a quantum computer, Peter Shor discovered an
    algorithm in 1994 that solves it in polynomial
    time O(N3) and O(N) memory.
  • In 2001, the first 7-qubit quantum computer
    became the first to run Shor's algorithm. It
    factored the number 15
  • GNFS O(2(N(1/3))

21
Racing Mathematicians
  • German Federal Agency for Information Technology
    Security (BSI) team
  • record for factorization of semiprimes ( RSA
    Factoring Challenge )
  • On May 9, 2005, factored RSA-200, a 663-bit
    number (200 decimal digits), using the general
    number field sieve.
  • later RSA-640, a smaller number containing 193
    decimal digits (640 bits), on November 4, 2005.
  • Both factorizations required several months of
    computer time using the combined power of 80 AMD
    Opteron CPUs.

22
The number 23571112311 is prime
  • True
  • False

23
There are lots of primes known to man
  • Prime number theorem the number of primes less
    than or equal to N is on the order of N divided
    by log N.
  • http//en.wikipedia.org/wiki/Prime_number_theorem

24
Largest known prime
  • 243,112,609 - 1.

25
An example
  • gcd(1071,1029)
  • gcd(1029,42) (42 1071 mod 1029
  • gcd(42,21) (21 1029 mod 42)
  • gcd(21,0) (0 42 mod 21)
  • 21 since b0, we return a

26
Run time of Euclidean (O(N2)).Red fast, blue
slow
27
RSA
28
The RSA encryption algorithm
  • NPQ (product of two primes)
  • F(N) (P-1)(Q-1)
  • Encryption key 1ltEltf(N) such that
  • GCD(E , f) 1
  • Decryption key D such that
  • DE 1 mod (f)
  • Mlt f

29
Encryption/Decryption
  • CMD mod (N)
  • RCE mod (N)
  • CLAIM RM (the original message)

30
Short digression modular arithmetic
  • A B mod (C)
  • Means that B is the remainder when C is divided
    into A
  • For example, 13 1 mod (12)
  • If it is 330 now then in 13 hours it will be
    430.
  • Shorthand Bmod(A,C)
  • Arithmetic
  • mod (MN, C)mod(mod(M,C) x mod(N,C), C))

31
Laws of exponents
32
Examples
  • mod((13)25 ,12)
  • mod((mod (13 ,12))25, 12)
  • mod(125, 12) mod(1, 12) 1
  • mod((14)25 ,12)
  • mod((mod (14 ,12))25, 12)
  • mod(225, 12) mod(mod(24, 12)6 x mod(2,12), 12)
  • mod(mod(4, 12)5 x2, 12)mod(8 , 12)8

33
Proof of RSA
  • CME mod (N)
  • RCDmod (N) (MD mod (N))E mod (N)
  • (MDE mod (N))
  • DE 1 mod (N)
  • (M1 mod (N)) M (since Mlt N)
  • Fermats little theorem aP-1 1 mod (P)

34
Plaintext to numbers
35
Plaintext message
  • Kill Bill

numerical version
  • Kill Bill 11 09 12 12 00 02 09 12 12
  • M110912120002091212
  • Note Mltf so may need to send message in pieces,
    e.g. one letter at a time

36
Example
  • 11 09 12 12 00 02 09 12 12
  • N 5 x 7 35
  • F4x624
  • E11 then GCD (E, F)1
  • D11 then DxE1215x241
  • So DxE1 mod 24
  • In this case decryption is just the inverse of
    encryption because ED. Generally note true.

37
(No Transcript)
38
EXERCISE
  • Use the cipher table above to decrypt the
    following ciphertext into plain text
  • 0603012020100230 00 32040303 00 281020 301521 00
    14153222100210 00 182120 00 09151420 00 24201511
    00 200230041422

39
Solution
  • Flattery will get you nowhere, but don't stop
    trying

40
  • Simple multiply numbers
  • Difficult factor numbers.
  • example 34537 x 999913453389167 (easy)
  • M1459160519 A xB
  • Find A and B (difficult)
  • Computer check primes up to square-root (roughly
    38000).

41
How long to factor large products?
what if the number to be factored is not ten
digits, but rather 400 digits? square-root 200
digits. lifetime of universe approx. 1018
seconds. If computer could test one trillion
factorizations per second, in the lifetime of the
universe it could check 1030 possibilities.
But there are 10200 possibilities.
42
RSA outline
  • find two huge prime numbers, p and q (about 200
    digits) (private key),
  • Npq public key.
  • Baby prime example
  • p23 and q41
  • pq (23)(41) 943, the public key.
  • E encryption key
  • E is relatively prime to (p-1)(q-1) (22)(40)
    880,
  • E7 is ok as public key
  • To encode the message number M35.
  • C Me (mod N) 357 (mod 943) 64339296875
    (mod 943) 545
  • The number C545 is the encoding of M that is
    sent.
  • D decryption key
  • ed 1 mod (p-1)(q-1)
  • D503 works, since 7503 3521 4(880) 1

43
Why decoding is easy
  • Must calculate CD (mod N) 545503 (mod 943).
  • 503 256 128 64 32 16 4 2 1 so
  • 545503 545256128643216421
  • 545256545128 5451.
  • (mod 943) all the exponents that are powers of 2.
  • For example, 5452 ( mod 943) 545545 297025
    (mod 943) 923
  • Square again 5454 (mod 943) (5452)2 ( mod
    943)
  • 923923 851929 (mod 943) 400, and so on.
  • We obtain the following table
  • 5451 (mod 943) 545
  • 5452 (mod 943) 18
  • 545256 (mod 943) 324
  • So 545503 (mod 943) 324182157958574009
    23545 (mod 943) 35M !

44
Memory efficient modular exponentiation
Montgomery reduction
  • Memory-efficient method
  • Makes use of given two integers a and b, the
    following two equations are equivalent
  • C ab mod m
  • C ( (a mod m)x (bmod m) ) mod
  • The algorithm is as follows
  • 1. Set c 1, e' 0.
  • 2. Increase e' by 1.
  • 3. Set c b mod m
  • 4. If e' lte, goto step 2. Else, c contains the
    correct solution to c be mod m
  • in every pass through step 3, c b(e) mod m
    holds true.
  • In summary, this algorithm basically counts up e'
    by ones until e' reaches e, doing a multiply by b
    and the modulo operation each time it adds one

45
The example b 4, e 13, and m 497 is
presented again. The algorithm passes through
step 3 thirteen times e' 1. c (1 4)
mod 497 4 mod 497 4. e' 2. c (4
4) mod 497 16 mod 497 16. e' 3. c
(16 4) mod 497 64 mod 497 64. e' 4.
c (64 4) mod 497 256 mod 497 256.
e' 5. c (256 4) mod 497 1024 mod 497
30. e' 6. c (30 4) mod 497 120 mod
497 120. e' 7. c (120 4) mod 497
480 mod 497 480. e' 8. c (480 4)
mod 497 1920 mod 497 429. e' 9. c
(429 4) mod 497 1716 mod 497 225. e'
10. c (225 4) mod 497 900 mod 497 403.
e' 11. c (403 4) mod 497 1612 mod
497 121. e' 12. c (121 4) mod 497
484 mod 497 484. e' 13. c (484 4)
mod 497 1936 mod 497 445. The final answer
for c is therefore 445 requires O(e)
multiplications to complete. the computation
time decreases by a factor of at least O(e) in
this method.
46
An efficient method the right-to-left binary
algorithm
  • third method combines previous method and
    exponentiation by squaring
  • convert exponent e to binary notation. That is, e
    can be written as
  • e a_0 x 1 a_1 x 21 a_2 x 22 a_N x 2N
  • length of e is N bits. a_i 0 or 1
  • be (b0)(a_0) x (b1)(a_1) xx (bN)(a_N)
  • So
  • C (b0)(a_0) x (b1)(a_1) xx (bN)(a_N) mod
    M

47
RSA history
  • Algorithm described in 1977 by Ron Rivest, Adi
    Shamir, and Leonard Adleman at MIT
  • Clifford Cocks, a British mathematician working
    for the UK intelligence agency GCHQ, described an
    equivalent system in an internal document in
    1973. His discovery, however, was not revealed
    until 1997 due to its top-secret classification,
    and Rivest, Shamir, and Adleman devised RSA
    independently of Cocks' work.
  • MIT was granted U.S. Patent 4,405,829 for a
    "Cryptographic communications system and method"
    that used the algorithm in 1983. The patent would
    have expired in 2003, but was released to the
    public domain by RSA on 21 September 2000.

48
Pretty Good Privacy
49
PGP
  • Based on public key cryptography
  • Binds public key to user name or email address
  • Authentication digital signature used to
    verify identity of sender
  • integrity checking used to detect whether a
    message has been altered since it was completed
  • Encryption based on RSA/DSA
  • Decryption based on public key
  • Web of trust third party vetting

50
Zimmerman, 1992
  • As time goes on
  • you accumulate keys from other trusted
    parties.
  • Others each choose their own trusted parties.
  • everyone gradually accumulates and distributes
    with their key certifying signatures from others
  • Expectation anyone receiving it will trust at
    least one or two of the signatures.
  • emergence of a decentralized fault-tolerant web
    of confidence for all public keys.

51
  • Any agency wanting to read PGP messages would
    probably use easier means than standard
    cryptanalysis,
  • e.g. rubber-hose cryptanalysis or black-bag
    cryptanalysis i.e. installing some form of trojan
    horse or keystroke logging software/hardware on
    the target computer to capture encrypted keyrings
    and their passwords.
  • The FBI has used this attack against PGP.
  • such vulnerabilities apply to any encryption
    software.

52
  • Criminal investigation of Zimmerman
  • PGP encryption found its way outside the US.
  • Cryptosystems using keys gt 40 bits were
    considered munitions by US export regulations
  • PGP keys gt 128 bits.
  • Feb 1993 Zimmermann targeted by US Govt for
    "munitions export without a license".
  • Penalties were substantial.
  • Zimmermann challenged these regulations in a
    curious way.
  • Published PGP source code as hardback book (MIT
    Press)
  • To build buy the 60 book, scan pages using an
    OCR program, GNU C Compiler. PGP would thus be
    available anywhere in the world.
  • Export of munitions restricted export of books
    is protected ( First Amendment).
  • US export regulations regarding cryptography
    remain in force, but were liberalized
    substantially . PGP can be exported
    internationally except to 7 specific countries
    and a named list of groups and individuals.

53
Mathematical Cryptography
  • William S. Jevons, The Principles of Science A
    Treatise on Logic and Scientific Method,
    (1890s)
  • observed many situations where 'direct' operation
    is easy, but inverse' operation hard.
  • Example encryption is easy decryption is hard.
  • Jevons Ch 7 multiplication of integers is easy,
    finding (prime) factors of product is hard.
  • Jevons anticipated RSA Algorithm for public key
    cryptography

54
The future of cryptography?
  • As of 2005, the largest number factored by a
    general-purpose factoring algorithm was 663 bits
    long (see RSA-200), using a state-of-the-art
    distributed implementation. RSA keys are
    typically 10242048 bits long. Some experts
    believe that 1024-bit keys may become breakable
    in the near term (though this is disputed) few
    see any way that 4096-bit keys could be broken in
    the foreseeable future. Therefore, it is
    generally presumed that RSA is secure if n is
    sufficiently large. If n is 256 bits or shorter,
    it can be factored in a few hours on a personal
    computer, using software already freely
    available. Keys of 512 bits (or less) have been
    shown to be practically breakable in 1999 when
    RSA-155 was factored by using several hundred
    computers. A theoretical hardware device named
    TWIRL and described by Shamir and Tromer in 2003
    called into question the security of 1024 bit
    keys. It is currently recommended that n be at
    least 2048 bits long.

55
Is RSA safe?
  • In 1994, Peter Shor published Shor's algorithm,
    showing that a quantum computer could in
    principle perform the factorization in polynomial
    time. However, quantum computation is still in
    the early stages of development and may never
    prove to be practical.
Write a Comment
User Comments (0)
About PowerShow.com