Publickey cryptosystem

1
Public-key cryptosystem

• Secret-key cryptosystem
• eK dK dK is the same as or derived from eK.
• Called symmetric-key cryptosystem.
• Problem how to distribute eK dK to Alice Bob
  securely.
• Public-key cryptosystem
• Computationally infeasible to compute dK from eK.
• Called non- symmetric-key cryptosystem.
• eK is made public, called public key
• But dK is kept secret, called private key.

2
Public-key system how it works

• Everybody selects its own public key P and
  private key S, and publicizes P.
• Therefore Alice has (Pa , Sa), and Bob has (Pb ,
  Sb).
• Everybody knows Pa, Pb,
• Suppose Alice wants to send a message to Bob.
• Alice encrypts the message with Bobs public key
  Pb and sends out.
• (only) Bob can decrypt the message using his
  private key Sb. Nobody else can.

3
RSA cryptosystem--preview

• Suppose np?q, where p and q are big primes.
• Select (find) a and b, such that a?b1 mod ?(n).
• K(n,p,q,a,b), publicize n,b, but keep p,q,a
  secret.
• For any x,y?Zn , define
• eK(x) xb mod n
• dK(y) ya mod n
• Of course, from n,b, it is very difficult to get
  a (as well as p,q,?(n)).

4
More number theory

• For any positive n,
• Zn is a ring,
• ? (n) ?i1m (piei - piei-1 ) where n ?i1m
  piei
• b ? Zn has a multiplicative inverse iff gcd(b,
  n) 1.
• Znb b is coprime to n, then (Zn,?) is a
  abelian group.

• ? (modulo n) is associative and commutative.

2. 1 is the multiplicative identity.
3. Any element b ?Zn, there exists b-1 ?Zn,
such that bb-11.
4. Zn is closed under ? (modulo n).
Question how to compute b-1 for any given b
?Zn?
5
Euclidean Algorithmcompute gcd(a,b)

• Let r0a, r1b, (suppose a ? b)
• r0 q1 r1 r2 0 ? r2? r1
• r1 q2 r2 r3 0 ? r3? r2
• rm-2 qm-1 rm-1 rm 0 ? rm? rm-1
• rm-1 qm rm
• Then gcd(a,b)gcd(r0, r1)gcd(r1, r2)
• gcd(rm-1, rm) rm
  (Why?)
• Given n and b, if gcd(n,b)1, then b is coprime
  to n and has a multiplicative inverse b-1. But
  how to get b-1?

6
Extended Euclidean Algorithmcompute inverse

• Define tj and sj in Euclidean Algorithm as

Where qjs is the values in Euclidean Algorithm.
7
Extended Euclidean Algorithm--theorems

• Theorem for 0? j ? m, rjsjr0tjr1.
• Corollary suppose gcd(r0,r1)1, then r1-1 mod r0
  tm mod r0, i.e., tm r1-1.
• Therefore, for given n and b, use extended
  Euclidean Algorithm to compute r2, r3,,rm, and
  t2, t3,,tm, (no need for s2, s3,,sm), if rmgt1,
  then b is not coprime to n. otherwise, b is
  coprime to n and b-1tm.

8
Chinese remainder theorem

• Suppose m1,,mr are pairwise relatively prime
  (coprime) positive integers, and suppose a1,,ar
  are integers. Then the system of r congruences x
  ? ai (mod mi) (1? i ?r) has a unique solution
  modulo Mm1??mr, which is given by x?i1raiMiyi
  mod M. Where MiM/mi and yiMi-1 mod mi.

9
Chinese remainder theorem (CRT)

• Proof
• x is a solution
• x is unique
• Two folds of CRT
• Given x, computer x mod m1,, x mod mr (direct)
• Given x mod m1,, x mod mr, compute x.

10
Other facts from number theory

• Divisibility
• If ab, and c is any integer, then abc
• If ab and bc, then ac
• If ab,ac, then abc, and ab-c
• Any natural number n can be written uniquely
  (except the order of factors) as a product of
  primes
• If a prime pab, then pa or pb
• If ma and na, and gcd(m,n)1, then mna

11
Other facts from number theory (cont.)

• Congruences
• If a?b mod m and b?c mod m then a?c mod m
• If a?b mod m and c?d mod m then
• ac?bd mod m and a-c?b-d mod m
• and ac?bd mod m
• If a?b mod m then a?b mod d for any dm.
• If a?b mod m and a?b mod n and gcd(m,n)1, then
  a?b mod mn.

12
Other facts from number theory (cont.)

• Fermats Little Theorem
• Let p be a prime, any integer a satisfies ap? a
  mod p, and any integer a not divisible by p
  satisfies ap-1 ?1 mod p.
• Euler phi-function
• If p is a prime, then ?(p)p-1 and for any
  integer a, ?(pa)pa- pa-1 pa(1-1/p).
• If gcd(p,q)1, then ?(pq)?(p)?(q) (from CRT).
• ? (n) ?i1m (piei - piei-1 ) where n ?i1m
  piei

13
Other facts from number theory (cont.)

• (Lagrange) Theorem
• Suppose G is a multiplicative group of order n
  and g?G, then the order m of g (i.e., smallest m
  such that gm1) divides n.
• Corollary
• If b ?Zn, the b?(n)?1 mod n.

14
Other facts from number theory (cont.)

• Theorem if p is a prime, then Zp is a cyclic
  group. i.e,
• There is an element ? of order p-1, called
  primitive element.
• Zp ?i 0? i ?p-2
• i.e., any element ?, can be written ?i and the
  order of ? is (p-1)/gcd(p-1,i).
• If gcd(p-1,i)1, then ? ?i is also a primitive
  element.
• Therefore, the number of primitive elements in
  Zp is ?(p-1).

15
Other facts from number theory (cont.)

• Theorem
• Suppose p is a prime and ? ?Zp . Then ? is a
  primitive element modulo p iff ?(p-1)/q ?1 mod p
  for all primes q such that q(p-1).

16
RSA cryptosystem

• Suppose np?q, where p and q are big primes (512
  bits).
• Select (find) a and b, such that a ? b1 mod ?(n)
  ((p-1)(q-1)).
• K(n,p,q,a,b), publicize n,b, but keep p,q,a
  secret.
• For any x,y?Zn , define
• eK(x) xb mod n dK(y) ya mod n
• Of course, from n,b, it is very difficult to get
  a (as well as p,q,?(n)).

17
Proof of RSA

• If x0 ?Zn , then it is correct.
• If x ?Zn , then
• ab1 mod ?(n), abt?(n)1 (for some t).
• ya(xb)a ? x t?(n)1 ? (x?(n))t x ? 1t x ? x
  (mod n)
• If x ? Zn\Zn , then

How to prove it?56