chap. 8,9: introduction to number theory and rsa algorithm jen-chang liu, 2004 adapted from lecture...
Post on 22-Dec-2015
220 views
TRANSCRIPT
![Page 1: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/1.jpg)
Chap. 8,9: Introduction to number theory and RSA algorithm
Jen-Chang Liu, 2004
Adapted fromLecture slides by Lawrie Brown
![Page 2: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/2.jpg)
The Devil said to Daniel Webster: "Set me a task I can't carry out, and I'll give you anything in the world you ask for."
Daniel Webster: "Fair enough. Prove that for n greater than 2, the equation an + bn = cn has no non-trivial solution in the integers."
They agreed on a three-day period for the labor, and the Devil disappeared.
At the end of three days, the Devil presented himself, haggard, jumpy, biting his lip. Daniel Webster said to him, "Well, how did you do at my task? Did you prove the theorem?'
"Eh? No . . . no, I haven't proved it.""Then I can have whatever I ask for? Money? The
Presidency?'"What? Oh, that—of course. But listen! If we could just prove
the following two lemmas—"—The Mathematical Magpie, Clifton Fadiman
![Page 3: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/3.jpg)
Clifton Fadiman Clifton Fadiman was a multi-talented
writer, critic, raconteur and bookworm. He is best remembered as moderator of the erudite radio quiz show Information, Please, which ran from 1938 until 1952.
He wrote a book: The Lifetime Reading Plan ( 一生的讀書計畫 ) ,列出 西方經典一百本
![Page 4: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/4.jpg)
Key Distribution Problem Symmetric schemes require both
parties to share a common secret key How to securely distribute this key ? often secure system failure due to a break
in the key distribution scheme
(eavesdropping)
![Page 5: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/5.jpg)
Key Distribution methods given parties A and B have various
key distribution alternatives:1. A can select key and physically deliver to
B2. third party can select & physically deliver
key to A & B3. if A & B have communicated previously
can use previous key to encrypt a new key4. if A & B have secure communications with
a third party C, C can relay key between A & B
Not suitablefor largesystems
Initial distribution?
![Page 6: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/6.jpg)
Scale of key distribution problem
A network with N hosts => N(N-1)/2 pairs
Node-level encryption N(N-1)/2
Application-level encryption 10 applications/node
![Page 7: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/7.jpg)
Key distribution center (KDC)
Key distribution
center (KDC)
KDC shares a unique key (master key) with each user to distributesecret key (session key) between a pair of users: scale of key distribution problem reduces to N
EMK1 (Secret key)EMK2 (Secret key)
Secret keySecret key
![Page 8: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/8.jpg)
Asymmetric cryptography
Real world example: locker
Public key & private key
![Page 9: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/9.jpg)
Difference between symmetric and asymmetric cryptography
Symmetric encryption:Reverse operation is possible
Asymmetric encryption:Hard to findreverse operation
![Page 10: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/10.jpg)
One-way trap door function
Public key
Public keyPrivate key
![Page 11: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/11.jpg)
Motivation: RSA public-key algorithm
One key for encryption, one key for decryption
Public directory
AliceBob
![Page 12: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/12.jpg)
Preview of RSA algorithm R: Rivest, S: Shamir, A: Adleman Plaintext M, ciphertext C
C = Me mod n, where 0 ≤ M < n
M = Cd mod n = (Med) mod n
Q: Is there e, d, n such that (Med)≡ M mod n ?A: Euler’s theorem
Q: Given e , is it possible to compute M directly from C ?
![Page 13: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/13.jpg)
Outline Prime numbers Fermat’s and Euler’s Theorems RSA algorithm Testing for primality
![Page 14: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/14.jpg)
Prime Numbers prime numbers only have divisors of 1 and
self they cannot be written as a product of other
numbers note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not prime numbers are central to number theory list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199
![Page 15: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/15.jpg)
Prime Factorisation prime factorisation: any integer a>1
can be factored in a unique way , are primes each ai is a positive
integer eg. 91=7×13 ; 3600=24×32×52
Note: factoring a number is relatively hard compared to multiplying the factors together to generate the number
tat
aa pppa 2121 tppp 21
![Page 16: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/16.jpg)
Relatively Prime Numbers & GCD
two numbers a,b are relatively prime if have no common divisors apart from 1 eg. 8 & 15 are relatively prime since
factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor
conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers eg. 300=22×31×52 18=21×32 hence GCD(18,300)=21×31×50=6
![Page 17: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/17.jpg)
Outline Prime numbers Fermat’s and Euler’s Theorems RSA algorithm Testing for primality
![Page 18: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/18.jpg)
Fermat's Theorem also known as Fermat’s Little Theorem ap-1 mod p = 1
where p is prime and gcd(a,p)=1 [a, p 互質 ]
useful in public key and primality testing
![Page 19: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/19.jpg)
Proof of Fermat’s law Recall: p is a prime, Zp is a Galois Field
Any a multiplied by{1,2,…,p-1} will span{1,2,…,p-1} in some order
a×2a×…×((p-1)a) ≡ [(a mod p)×(2a mod p)×…×((p-1)a mod p)] mod p ≡ [1×2×…×(p-1)] mod p ≡ (p-1)! mod p
(p-1)! ap-1 ≡ (p-1)! mod p
![Page 20: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/20.jpg)
Proof of Fermat’s law (cont.)
(p-1)! ap-1 ≡ (p-1)! mod p
Because (p-1)! is relatively prime to p
ap-1 ≡ 1 mod p
This can be re-written as
ap ≡ a mod p
Example: a = 7, p = 19 => 718 ≡ 1 mod 19 ?
718 =716×72
72=49≡11 mod 1974=72×72≡(11×11) mod 19= 7 mod 1978=74×74≡(7×7) mod 19= 11 mod 19716=78×78≡(11×11) mod 19= 7 mod 19
≡(7×11) mod 19 = 1 mod 19
![Page 21: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/21.jpg)
Euler’s Totient Function ø(n)
when doing arithmetic modulo n complete set of residues is: 0..n-1 reduced set of residues is those numbers
(residues) which are relatively prime to n eg. for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9}
number of elements in reduced set of residues is called the Euler Totient Function ø(n)
i.e. is the number of positive integers less than n and relatively prime to n
![Page 22: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/22.jpg)
Example: totient function ø(37)=?
37 is a prime, {1,…,36} are all relatively prime to 37
ø(37)=36 ø(35)=?
List them: {1,2,3,4,6,8,9,11,12,13,16,17,18,19,22,23,24,26,27,29,31,32,33,34}
ø(35)=24
![Page 23: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/23.jpg)
Euler’s Totient Function ø(n)
Some special case: for p (p prime) : ø(p) = p-1 for p•q (pq, both prime): ø(p•q)=(p-1)×(q-1)
Proof for ø(p•q) = (p-1)×(q-1) {1,2,3,…, pq-1} 與 pq 互質的個數?
=> 與 pq 非互質個數:1. p 的倍數: {p, 2p, 3p,…, (q-1)p}
2. q 的倍數: {q, 2q, 3q,…, (p-1)q}
ø(p•q) =pq-1 – (p-1) – (q-1) = pq-p-q+1 = (p-1)(q-1)= ø(p)×ø(q)
![Page 24: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/24.jpg)
Euler's Theorem Fermat's Theorem: an-1 ≡ 1 mod n Euler’s theorem: aø(n)≡ 1 mod n
where gcd(a,n)=1 eg.
a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 210 = 1024 = 1 mod 11
![Page 25: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/25.jpg)
Proof for Euler’s theorem aø(n)≡ 1 mod n, gcd(a,n)=1 n is a prime => Fermat’s theorem Arbitrary n: ø(n) means the number of integers
that is relatively prime to n, denote the set of integers as )(21 ,,, nxxxR
Multiply each by a, modulo n:
n) mod (,,n) mod (,n) mod ( )(21 naxaxaxS
S is a permutation of R !!!* a is relatively prime to n, and xi is relative prime to n => so does axi
* There is no duplicate in S
![Page 26: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/26.jpg)
Proof for Euler’s theorem (cont.)
)(21 ,,, nxxxR n) mod (,,n) mod (,n) mod ( )(21 naxaxaxS
is the permutation of
)(
1
)(
1
n) mod (n
ii
n
ii xax
n) (mod
)(
1
)(
1
n
ii
n
ii xax
n) (mod )(
1
)(
1
)(
n
ii
n
ii
n xxa
mod n
n) (mod 1)( na
OR n) (mod 1)( aa n
(Med)≡ M mod nRecall: RSA algorithm
![Page 27: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/27.jpg)
Corollary to Euler’s theorem
RSA algorithm: Euler’s theorem: Given prime p and q, n=pq, 0<a<n
(Med)≡ M mod nn) (mod 1)( aa n
n) (mod 1)1)(1(1)( aaa qpn
gcd(a, n)=1
a: plaintext => not necessary prime to n !!!
1. a is prime to n => Euler’s theorem
2. a is NOT prime to n => a 是 p 的倍數 或 a 是 q 的倍數 Prove case 1: a = cp
but a qp, because 0<a<n=pq => gcd(a, q) = 1
![Page 28: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/28.jpg)
Corollary to Euler’s theorem (cont.)
case 1: a = cp, gcd(a,q)=1Euler’s theorem
q mod 1)( qa
自乘 ø(p) 次
q mod 1 )()( pqa
=> q mod 1)( naTotient function
=> 1kq)( na
=>Multiply a=cp akcnakcpq1)( na
=> n mod 1)( aa n
Δ
![Page 29: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/29.jpg)
Corollary to Euler’s theorem (cont.)
Given prime p and q, n=pq, 0<a<n
Alternative form of the corollary (used in RSA)
n) (mod 1)1)(1(1)( aaa qpn
n mod )( )(1)( aaa knnk
n mod )1( ak By Euler’s theorem
n mod a
![Page 30: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/30.jpg)
RSA from Euler’s corollary RSA algorithm: find e, d, n to satisfy
Euler’s corollary: given primes p and q, n=pq,
0<a<n, and arbitrary k
(Med)≡ M mod n
n mod 1)1)(1(1)( aaa qpknk
We want ed = k( n) + 1
=> ed ≡ 1 mod ( n)
or d ≡ e-1 mod ( n)(d is the multiplicative inverse of e, it existsIf d (and e) is relatively prime to (n) )
![Page 31: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/31.jpg)
Outline Prime numbers Fermat’s and Euler’s Theorems RSA algorithm Testing for primality
![Page 32: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/32.jpg)
RSA algorithm – decide parameters
1. Select primes p and q.2. Calculate n=pq.3. Calculate (n)=(p-1)(q-1)4. Select e that is relative
prime to and less than (n)5. Determine d such that de ≡ 1 mod (n),and d< (n)(d is the multiplicative inverse of e, find
it using Extended Euclid’s algorithm)
Example:
p=17, q=11
n= 17x11 = 187
(n)= 16x10 = 160
e = 7
d = 23
![Page 33: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/33.jpg)
RSA encryption/decryption example
Public key: KU={e,n}={7,187} Private key: KR={d,n}={23,187}
![Page 34: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/34.jpg)
Ingredient and security of RSA
p, q: two primes (private, chosen)
n=pq (public, calculated)
e, with gcd((n),e)=1 (public, chosen) 1<e< (n) d ≡ e-1 mod (n) (private, calculated)
(n) must be a secret, else d can be calculated
n is known => (n) can be calculated from n?
p, q must be secrets => (n) = (p-1)(q-1)
=> p, q calculated from n?
![Page 35: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/35.jpg)
The security of RSA Brute-force: try all private keys Mathematical attacks:
Factor n into its two prime factors, n=> p×q
Determine (n) directly Determine d directly without (n)
Timing attacks: depends on the running time of the decryption algorithm
Samecomplexity
![Page 36: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/36.jpg)
RSA recommended key size
How to evaluate RSA security ? rough extrapolations of the running times
for smaller keys TWIRL: a hardware for integer factorization
for a 1024-bit RSA key in less than a year with only $10 million worth of hardware
Protection Lifetime of Data
Present – 2010
Present – 2030
Present – 2031 and Beyond
Minimum symmetric security level
80 bits 112 bits 128 bits
Minimum RSA key size
1024 bits 2048 bits 3072 bits
![Page 37: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/37.jpg)
![Page 38: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/38.jpg)
Single prime modulus RSA algorithm: Fermat’s theorem: A single prime modulus n?
(aed)≡ a mod n
an ≡ a mod n, n is a prime
ed = k(n-1) + 1
an-1 ≡ 1 mod n ak(n-1)+1 ≡ a mod n=>
ed ≡ 1 mod (n-1)=>
e, d 互為 Zn-1 下的乘法反元素However, if (e, n) is public
We can calculate d easily !!! (Zn-1 下的乘法反元素 )
![Page 39: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/39.jpg)
MultiPrime RSA RSA: n = p q MultiPrime RSA: n = p q r ?
More primes to make up the modulus, Ex. 1024 bits RSA, 341, 341, 342 bits
primes the faster the private key operations the easier to factor
![Page 40: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/40.jpg)
Computation – encryption/decryption
Modular exponentiation: Fast algorithm use the property:
Write exponential d as binary number: bkbk-1…b1b0
ex. 2310 = 101112 = 24+22+21+20
M = Cd mod n
(a x b) mod n = (a mod n) x (b mod n) mod n
n mod n mod n mod n mod 0
2
0
2
j
j
j
j
bb
d CCC
1123 mod 187 =(1116×114×112×111) mod 187=[(1116 mod 187)×(114 mod 187)×(112 mod 187)×(111 mod 187)] mod 187=…=88
![Page 41: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/41.jpg)
Fast exponentiation ab mod n b=10111
1
a1
2 10
a10自乘
2+1101
a101自乘 a
2+11011
a1011自乘 a
2+110111
a10111自乘 a
ax ax =a2x
![Page 42: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/42.jpg)
Pseudo-code for fast exponentiation
c=0; /* c will be the exponent at last */d=1; /* d will be the ab mod n at last */
for(i=k; i>=0; i--){ /* k+1 bits for b */ c = 2*c; d = (d*d) mod n; if ( bi == 1 ){ c = c+1; d = (d*a) mod n }}
Timing attacks
If this bit is 1, exec. time willbe slower
![Page 43: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/43.jpg)
Resist to timing attacks Constant exponentiation time
return the results of exponentiation after a fixed time
Random delay Add random delay to the exp. execution
time Blinding
Multiply ciphertext by a random number
![Page 44: Chap. 8,9: Introduction to number theory and RSA algorithm Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d815503460f94a66d25/html5/thumbnails/44.jpg)
Reading assignment The code book ( 碼書 )
報告重點:年代,人物,故事,加解密方式 投影片請多用書上圖片解說故事及人物 Report one chapter per week Chap .1: 洪善群 , 張凱鈞 Chap. 2: 鄧偉華 Chap. 3: Chap. 4: Chap. 5: Chap. 6: Chap. 7: PGP 93321510, 93321538,
93321518