Applications%20of%20Number%20Theory

1
Applications of Number Theory

• CS/APMA 202
• Rosen section 2.6
• Aaron Bloomfield

2
About this lecture set

• We are only going to go over parts of section 2.6
• Just the ones that deal directly with 2.6
• Much of the underlying theory we will not be able
  to get to
• Its beyond the scope of this course
• Much of why this all works wont be taught
• Its just an introduction to how it works

3
Private key cryptography

• The function and/or key to encrypt/decrypt is a
  secret
• (Hopefully) only known to the sender and
  recipient
• The same key encrypts and decrypts
• How do you get the key to the recipient?

4
Public key cryptography

• Everybody has a key that encrypts and a separate
  key that decrypts
• They are not interchangable!
• The encryption key is made public
• The decryption key is kept private

5
Public key cryptography goals

• Key generation should be relatively easy
• Encryption should be easy
• Decryption should be easy
• With the right key!
• Cracking should be very hard

6
Is that number prime?

• Use the Fermat primality test
• Given
• n the number to test for primality
• k the number of times to test (the certainty)
• The algorithm is
• repeat k times
• pick a randomly in the range 1, n-1
• if an-1 mod n ? 1 then return composite
• return probably prime

7
End of lecture on 22 February 2005
8
Is that number prime?

• The algorithm is
• repeat k times
• pick a randomly in the range 1, n-1
• if an-1 mod n ? 1 then return composite
• return probably prime
• Let n 105
• Iteration 1 a 92 92104 mod 105 1
• Iteration 2 a 84 84104 mod 105 21
• Therefore, 105 is composite

9
Is that number prime?

• The algorithm is
• repeat k times
• pick a randomly in the range 1, n-1
• if an-1 mod n ? 1 then return composite
• return probably prime
• Let n 101
• Iteration 1 a 55 55100 mod 100 1
• Iteration 2 a 60 60100 mod 100 1
• Iteration 3 a 14 14100 mod 100 1
• Iteration 4 a 73 73100 mod 100 1
• At this point, 101 has a (½)4 1/16 chance of
  still being composite

10
More on the Fermat primality test

• Each iteration halves the probability that the
  number is a composite
• Probability (½)k
• If k 100, probability its a composite is
  (½)100 1 in 1.2 ?? 1030 that the number is
  composite
• Greater chance of having a hardware error!
• Thus, k 100 is a good value
• However, this is not certain!
• There are known numbers that are composite but
  will always report prime by this test
• Source http//en.wikipedia.org/wiki/Fermat_primal
  ity_test

11
Googles latest recruitment campaign
12
RSA

• Stands for the inventors Ron Rivest, Adi Shamir
  and Len Adleman
• Three parts
• Key generation
• Encrypting a message
• Decrypting a message

13
Key generation steps

• Choose two random large prime numbers p ? q, and
  n pq
• Choose an integer 1 lt e lt n which is relatively
  prime to (p-1)(q-1)
• Compute d such that d e 1 (mod (p-1)(q-1))
• Rephrased de mod (p-1)(q-1) 1
• Destroy all records of p and q

14
Key generation, step 1

• Choose two random large prime numbers p ? q
• In reality, 2048 bit numbers are recommended
• Thats ? 617 digits
• From last lecture chance of a random odd 2048
  bit number being prime is about 1/710
• We can compute if a number is prime relatively
  quickly via the Fermat primality test
• We choose p 107 and q 97
• Compute n pq
• n 10379

15
Key generation, step 1

• Java code to find a big prime number

BigInteger prime new BigInteger (numBits,
certainty, random)
The number of bits of the prime
Certainty that the number is a prime
The random number generator
16
Key generation, step 1

• Java code to find a big prime number
• import java.math.
• import java.util.
• class BigPrime
• static int numDigits 617
• static int certainty 100
• static final double LOG_2 Math.log(10)/Math.log
  (2)
• static int numBits (int) (numDigits LOG_2)
• public static void main (String args)
• Random random new Random()
• BigInteger prime new BigInteger (numBits,
  certainty,
• random)
• System.out.println (prime)

17
Key generation, step 1

• How long does this take?
• Keep in mind this is Java!
• These tests done on a 850 Mhz Pentium machine
• Average of 100 trials (certainty 100)
• 200 digits (664 bits) about 1.5 seconds
• 617 digits (2048 bits) about 75 seconds

18
Key generation, step 1

• Practical considerations
• p and q should not be too close together
• (p-1) and (q-1) should not have small prime
  factors
• Use a good random number generator

19
Key generation, step 2

• Choose an integer 1 lt e lt n which is relatively
  prime to (p-1)(q-1)
• There are algorithms to do this efficiently
• We arent going over them in this course
• Easy way to do this make e be a prime number
• It only has to be relatively prime to (p-1)(q-1),
  but can be fully prime

20
Key generation, step 2

• Recall that p 107 and q 97
• (p-1)(q-1) 10696 10176 26353
• We choose e 85
• 85 517
• gcd (85, 10176) 1
• Thus, 85 and 10176 are relatively prime

21
Key generation, step 3

• Compute d such that
• d e 1 (mod (p-1)(q-1))
• Rephrased de mod (p-1)(q-1) 1
• There are algorithms to do this efficiently
• We arent going over them in this course
• We choose d 4669
• 466985 mod 10176 1
• Use the script at http//www.cs.virginia.edu/cgi-
  bin/cgiwrap/asb/modpow

22
Key generation, step 3

• Java code to find d
• import java.math.
• class FindD
• public static void main (String args)
• BigInteger pq new BigInteger("10176")
• BigInteger e new BigInteger ("85")
• System.out.println (e.modInverse(pq))
• Result 4669

23
Key generation, step 4

• Destroy all records of p and q
• If we know p and q, then we can compute the
  private encryption key from the public decryption
  key
• d e 1 (mod (p-1)(q-1))

24
The keys

• We have n pq 10379, e 85, and d 4669
• The public key is (n,e) (10379, 85)
• The private key is (n,d) (10379, 4669)
• Thus, n is not private
• Only d is private
• In reality, d and e are 600 (or so) digit numbers
• Thus n is a 1200 (or so) digit number

25
Encrypting messages

• To encode a message
• Encode the message m into a number
• Split the number into smaller numbers m lt n
• Use the formula c me mod n
• c is the ciphertext, and m is the message
• Java code to do the last step
• m.modPow (e, n)
• Where the object m is the BigInteger to encrypt

26
Encrypting messages example

• Encode the message into a number
• String is Go Cavaliers!!
• Modified ASCII codes
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03
• Split the number into numbers lt n
• 4181 0237 6788 6778 7571 8485 0303
• Use the formula c me mod n
• 418185 mod 10379 4501
• 023785 mod 10379 2867
• 678885 mod 10379 4894
• Etc
• Encrypted message
• 4501 2867 4894 0361 3630 4496 6720

27
Encrypting RSA messages

• Formula is c me mod n

28
Decrypting messages

1. Use the formula m cd mod n on each number
2. Split the number into individual ASCII character
   numbers
3. Decode the message into a string

29
Decrypting messages example

• Encrypted message
• 4501 2867 4894 0361 3630 4496 6720
• Use the formula m cd mod n on each number
• 45014669 mod 10379 4181
• 28674669 mod 10379 0237
• 48944669 mod 10379 6788
• Etc
• Split the numbers into individual characters
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03
• Decode the message into a string
• Modified ASCII codes
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03
• Retrieved String is Go Cavaliers!!

30
modPow computation

• How to compute c me mod n or m cd mod n?
• Example 45014669 mod 10379 4181
• Use the script at http//www.cs.virginia.edu/cgi-
  bin/cgiwrap/asb/modpow
• Other means
• Java use the BigInteger.modPow() method
• Perl use the bmodpow function in the BigInt
  library
• Etc

31
Why this works

• m cd mod n
• c me mod n
• cd (me)d med (mod n)
• Recall that
• ed 1 (mod p-1)
• ed 1 (mod q-1)
• Thus,
• med m (mod p)
• med m (mod q)
• med m (mod pq)
• med m (mod n)

32
Cracking a message

• In order to decrypt a message, we must compute m
  cd mod n
• n is known (part of the public key)
• c is known (the ciphertext)
• e is known (the encryption key)
• Thus, we must compute d with no other information
• Recall choose an integer 1 lt e lt n which is
  relatively prime to (p-1)(q-1)
• Recall Compute d such that d e 1 (mod
  (p-1)(q-1))
• Thus, we must factor the composite n into its
  component primes
• There is no efficient way to do this!
• We can tell that n is composite very easily, but
  we cant tell what its factors are
• Once n is factored into p and q, we compute d as
  above
• Then we can decrypt c to obtain m

33
Cracking a message example

• In order to decrypt a message, we must compute m
  cd mod n
• n 10379
• c is the ciphertext being cracked
• e 85
• In order to determine d, we need to factor n
• d e 1 (mod (p-1)(q-1))
• We factor n into p and q 97 and 107
• d 85 1 (mod (96)(106))
• This would not have been feasible with two large
  prime factors!!!
• We then compute d as above, and crack the message

34
Signing a message

• Recall that we computed de mod (p-1)(q-1) 1
• Note that d and e are interchangable!
• You can use either for the encryption key
• You can encrypt with either key!
• Thus, you must use the other key to decrypt

35
Signing a message

• To sign a message
• Write a message, and determine the MD5 hash
• Encrypt the hash with your private (encryption)
  key
• Anybody can verify that you created the message
  because ONLY the public (encryption) key can
  decrypt the hash
• The hash is then verified against the message

36
PGP and GnuPG

• Two applications which implement the RSA
  algorithm
• GnuPG Is open-source (thus its free)
• PGP was first, and written by Phil Zimmerman
• The US govt didnt like PGP

37
The US govt and war munitions
38
How to crack PGP

• Factoring n is not feasible
• Thus, cracking PGP is done by other means
• Intercepting the private key
• Hacking into the computer, stealing the
  computer, etc.
• Man-in-the-middle attack
• Etc.

39
Other public key encryption methods

• Modular logarithms
• Developed by the US government, therefore not
  widely trusted
• Elliptic curves

40
Quantum computers

• A quantum computer could (in principle) factor n
  in reasonable time
• This would make RSA obsolete!
• Shown (in principle) by Peter Shor in 1993
• You would need a new (quantum) encryption
  algorithm to encrypt your messages
• This is like saying, in principle, you could
  program a computer to correctly predict the
  weather
• IBM recently created a quantum computer that
  successfully factored 15 into 3 and 5
• I bet the NSA is working on such a computer, also

41
Sources

• Wikipedia article has a lot of info on RSA and
  the related algorithms
• Those articles use different variable names
• Link at http//en.wikipedia.org/wiki/RSA

42
Quick survey

• I felt I understood the material in this slide
  set
• Very well
• With some review, Ill be good
• Not really
• Not at all

43
Quick survey

• The pace of the lecture for this slide set was
• Fast
• About right
• A little slow
• Too slow

44
Quick survey

• How interesting was the material in this slide
  set? Be honest!
• Wow! That was SOOOOOO cool!
• Somewhat interesting
• Rather borting
• Zzzzzzzzzzz