Advanced Network Security
Advanced Network Security
Factorization algorithms
03 and their applications in
cryptography.
The Chinese remainder
theorem and its 04
application.
05 Quadratic congruence.
modular exponentiation
06
and logarithm. 1
1.Prime numbers and their applications in
Cryptography
2
Definition
A positive integer is a prime if and only if it is exactly divisible by
two integers, 1 and itself. A composite is a positive integer with
more than two divisors.
3
Continued
Example 1.1
What is the smallest prime?
Solution
The smallest prime is 2, which is divisible by 2 (itself) and 1.
Example 1.2
Solution
There are four primes less than 10: 2, 3, 5, and 7. It is
interesting to note that the percentage of primes in the range
1 to 10 is 40%. The percentage decreases as the range
increases. 4
Continued
Coprimes
Two positive integers, a and b, are relatively prime, or coprime,
if gcd (a, b) = 1. Note that the number 1 is relatively prime with
any integer. If p is a prime, then all integers 1 to p − 1 are
relatively prime to p.
Cardinality of Primes
5
Cardinality of Primes
Infinite Number of Primes
There is an infinite number of primes.
Number of Primes
A function called π(n) is defined that finds the number of
primes smaller than or equal to n. The following shows the
values of this function for different n’s.
If the number is too big. The the following equation is used for
find the range.
6
Continued
Example 1.3
Find the number of primes less than 1,000,000.
Solution
The approximation gives the range 72,383 to 78,543. The
actual number of primes is 78,498.
7
Checking for Primeness
Given a number n, how can we determine if n is a prime? The answer
is that we need to see if the number is divisible by all primes less than
Ön
We know that this method is inefficient, but it is a good start.
8
Continued
Example 1.5
Is 97 a prime?
Solution
The floor of Ö97 = 9. The primes less than 9 are 2, 3, 5, and
7. We need to see if 97 is divisible by any of these numbers.
It is not, so 97 is a prime.
9
Continued
Sieve of Eratosthenes
The Greek mathematician Eratosthenes devised a method to find
all primes less than n. The method is called the sieve of
Eratosthenes. Suppose we want to find all prime less than 100.
We write down all the numbers between 2 and 100. Because
Ö100 = 10, we need to see if any number less than 100 is divisible
by 2, 3, 5, and 7. Table 1.1 shows the result.
10
Continued
Table 1.1 Sieve of Eratosthenes
11
Euler’s Phi-Function
Euler’s phi-function, f (n), which is sometimes called the
Euler’s totient function plays a very important role in
cryptography.
12
Continued
We can combine the above four rules to find the value of
f(n). For example, if n can be factored as
n = p1e1 × p2e2 × … × pkek
then we combine the third and the fourth rule to find
13
Continued
Example 1.6
Solution
Because 13 is a prime, f(13) = (13 −1) = 12.
Example 1.7
ap − 1 ≡ 1 mod p
Second Version
ap ≡ a mod p
15
Applications
Exponentiation
Example 1.7
Find the result of 610 mod 11.
Solution
We have 610 mod 11 = 1. This is the first version of Fermat’s
little theorem where p = 11.
Example 1.8
Find the result of 312 mod 11.
Solution
Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermat’s little
theorem.
16
Continued
Multiplicative Inverses
a−1 mod p = a p − 2 mod p
Example 1.9
The answers to multiplicative inverses modulo a prime can be
found without using the extended Euclidean algorithm:
17
Euler’s Theorem
First Version
af(n) ≡ 1 (mod n)
Second Version
a k × f(n) + 1 ≡ a (mod n)
18
Applications
Exponentiation
Example 1.10
Solution
We have 624 mod 35 = 6f(35) mod 35 = 1.
19
Continued
Multiplicative Inverses
Euler’s theorem can be used to find multiplicative inverses
modulo a composite.
a−1 mod n = af(n)−1 mod n
Example 1.11
The answers to multiplicative inverses modulo a composite can
be found without using the extended Euclidean algorithm if we
know the factorization of the composite:
20
Generating Primes
Mersenne Primes
A number in the form Mp = 2p − 1 is called a Mersenne number
and may or may not be a prime.
21
Continued
Fermat Primes
F0 = 3 F1 = 5 F2 = 17 F3 = 257 F4 = 65537
F5 = 4294967297 = 641 × 6700417 Not a prime
22
2. PRIMALITY TESTING
23
PRIMALITY TESTING
Finding an algorithm to correctly and efficiently test a very
large integer and output a prime or a composite has always been
a challenge in number theory, and consequently in
cryptography. However, recent developments look very
promising.
24
Continued
Algorithms that deal with this issue can be divided into two
broad categories:
1.Deterministic algorithms
A deterministic primality testing algorithm accepts an
integer and always outputs a prime or a composite.
2.Probabilistic algorithms
A probabilistic algorithm does not guarantee the correctness of
the result. However, we can make the probability of error so
small that it is almost certain that the algorithm has returned a
correct answer.
25
Deterministic Algorithms
Divisibility Algorithm
The most elementary deterministic test for primality is the divisibility
test. We use as divisors all numbers smaller that . If any of these
numbers divides n, then n is composite.
26
Continued
Example 2.1
Assume n has 200 bits. What is the number of bit operations
needed to run the divisibility-test algorithm?
Solution
The bit-operation complexity of this algorithm is 2 n /2. This
b
27
Continued
AKS Algorithm
28
Continued
Example 2.1
Assume n has 200 bits. What is the number of bit operations
needed to run the AKS algorithm?
Solution
This algorithm needs only (log2200)12 = 39,547,615,483 bit
operations. On a computer capable of doing 1 billion bit
operations per second, the algorithm needs only 40 seconds.
29
Probabilistic Algorithms
Fermat Test
30
Continued
Example 2.1
Solution
Use base 2
31
Continued
Fermat Test
In this test, we write n − 1 as the product of an odd number m
and a power of 2
32
Continued
Pseudocode
There exists a proof that each time a number passes a Miller-Rabin test,
the probability that it is not a prime is 1/4.
33
Continued
Example 2.1
Solution
Using base 2, let 561 − 1 = 35 × 24, which means m = 35, k =
4, and a = 2.
34
Continued
Example 2.1
We already know that 27 is not a prime. Let us apply the Miller-
Rabin test.
Solution
With base 2, let 27 − 1 = 13 × 21, which means that m = 13, k
= 1, and a = 2. In this case, because k − 1 = 0, we should do
only the initialization step: T = 2 13 mod 27 = 11 mod 27.
However, because the algorithm never enters the loop, it
returns a composite.
35
3. Factorization algorithms and their
applications in cryptography
36
Factorization
37
Fundamental Theorem of Arithmetic
According to the Fundamental Theorem of Arithmetic, any
positive integer greater than one can be written uniquely in the
following prime factorization form where p1, p2,…, pk are
primes and e1, e2, …, ek are positive integers.
Greatest Common Divisor
38
Factorization Methods
Trial Division Method
Algorithm
39
Continued
Example 2.1
Solution
We run a program based on the algorithm and get the
following result.
40
Continued
Fermat Method
Algorithm
41
Continued
Pollard p – 1 Method
Algorithm
42
Continued
Example 2.1
Use the Pollard p − 1 method to find a factor of 57247159 with
the bound B = 8.
Solution
We run a program based on the algorithm and find that p =
421. As a matter of fact 57247159 = 421 × 135979. Note that
421 is a prime and p − 1 has no factor greater than 8
421 − 1 = 22 × 3 × 5 × 7
43
4.CHINESE REMAINDER THEOREM
44
Definition & Equation
The Chinese remainder theorem (CRT) is used to solve a set of
congruent equations with one variable but different moduli, which
are relatively prime, as shown below:
46
Example 1
Find the solution to the simultaneous equations:
47
Solution
1. M = 3 × 5 × 7 = 105
4. x = (2 × 35 × 2 + 3 × 21 × 1 + 2 × 15 × 1) mod 105
= 23 mod 105
48
Applications
49
5. QUADRATIC CONGRUENCE
50
Quadratic Congruence Modulo a Prime
We first consider the case in which the modulus is a prime.
Example 5.1
Example 5.2
51
Quadratic Residues and Nonresidue
In the equation x2 ≡ a (mod p), a is called a quadratic residue (QR)
if the equation has two solutions; a is called quadratic nonresidue
(QNR) if the equation has no solutions.
52
Continued
Example 5.3
There are 10 elements in Z11*. Exactly five of them are
quadratic residues and five of them are nonresidues. In
other words, Z11* is divided into two separate sets, QR and
QNR, as shown in Figure 5.1.
53
Continued
Euler’s Criterion
a. If a(p−1)/2 ≡ 1 (mod p), a is a quadratic residue
modulo p.
b. If a(p−1)/2 ≡ −1 (mod p), a is a quadratic nonresidue modulo
p.
Example 5.4
54
Continued
Example 5.3
There are 10 elements in Z11*. Exactly five of them are
quadratic residues and five of them are nonresidues. In
other words, Z11* is divided into two separate sets, QR and
QNR, as shown in Figure 5.1.
55
Solving Quadratic Equation Modulo a Prime
Although the Euler criterion tells us if an integer a is a QR or
QNR in Zp*, it cannot find the solution. To find the solution to
this quadratic equation, we notice that a prime can be either p = 4k
+ 1 or p = 4k + 3, in which k is a positive integer. The solution to a
quadratic equation is very involved in the first case; it is easier in
the second.
56
Continued
Example 5.4
Solve the following quadratic equations:
Solution
58
Continued
Example 5.5
Assume that x2 ≡ 36 (mod 77). We know that 77 = 7 × 11.
We can write
60
6. EXPONENTIATION AND LOGARITHM
61
EXPONENTIATION AND LOGARITHM
Exponentiation and logarithm are inverses of each other.
The following shows the relationship between them, in
which a is called the base of the exponentiation or
logarithm.
62
EXPONENTIATION
63
Fast Exponentiation
Fast exponentiation is possible using the square-and-multiply
method. In traditional algorithms only multiplication is used to
simulate exponentiation, but the fast exponentiation algorithm uses
both squaring and multiplication.
65
Continued
Example 5.5
Figure 6.1 shows the process for calculating y = a x using the
Algorithm 6.1 (for simplicity, the modulus is not shown). In this
case, x = 22 = (10110)2 in binary. The exponent has five bits.
66
Continued
67
Logarithm
In cryptography, we also need to discuss modular logarithm. If we
use exponentiation to encrypt or decrypt, the adversary can use
logarithm to attack. We need to know how hard it is to reverse the
exponentiation.
68
Exhaustive Search
69
Continued
71
Continued
Order of an Element.
Example 6.3
Find the order of all elements in G = <Z 10∗, ×>.
Solution
This group has only f(10) = 4 elements: 1, 3, 7, 9. We can find the
order of each element by trial and error.
a. 11 ≡ 1 mod (10) → ord(1) = 1.
b. 34 ≡ 1 mod (10) → ord(3) = 4.
c. 74 ≡ 1 mod (10) → ord(7) = 4.
d. 92 ≡ 1 mod (10) → ord(9) = 2.
72
Continued
Euler’s Theorem
Example 6.4
73
Continued
Primitive Roots
In the group G = <Zn∗, ×>, when the order of an element is the
same as f(n), that element is called the primitive root of the group.
74
Continued
Primitive Roots
Example 6.5
Below shows the result of ai ≡ x (mod 7) for the group
G = <Z7∗, ×>. In this group, f(7) = 6.
75
Continued
Cyclic Group
If g is a primitive root in the group, we can generate the set Z n* as
Zn∗ = {g1, g2, g3, …, gf(n)}
Example 6.6
The group G = <Z10*, ×> has two primitive roots because f(10) =
4 and f(f(10)) = 2. It can be found that the primitive roots are 3
and 7. The following shows how we can create the whole set Z 10*
using each primitive root.
76
Continued
The idea of Discrete Logarithm
Properties of G = <Zp*, ×> :
77
Continued
Solution to Modular Logarithm Using Discrete Logs
Tabulation of Discrete Logarithms
Table
78
Continued
Example 6.6
80
Vertical Box Key List
Lorem ipsum dolor sit amet, nibh est. A Lorem ipsum dolor sit amet, nibh est. A
magna maecenas, quam magna nec quis, magna maecenas, quam magna nec quis,
lorem nunc. Suspendisse viverra sodales lorem nunc. Suspendisse viverra sodales
mauris, cras pharetra proin egestas arcu mauris, cras pharetra proin egestas arcu
erat dolor, at amet. erat dolor, at amet.
Lorem ipsum dolor sit amet, nibh est. A Lorem ipsum dolor sit amet, nibh est. A
magna maecenas, quam magna nec quis, magna maecenas, quam magna nec quis,
lorem nunc. Suspendisse viverra sodales lorem nunc. Suspendisse viverra sodales
mauris, cras pharetra proin egestas arcu mauris, cras pharetra proin egestas arcu
erat dolor, at amet. erat dolor, at amet.
Lorem ipsum dolor sit amet, nibh est. A Lorem ipsum dolor sit amet, nibh est. A
magna maecenas, quam magna nec quis, magna maecenas, quam magna nec quis,
lorem nunc. Suspendisse viverra sodales lorem nunc. Suspendisse viverra sodales
mauris, cras pharetra proin egestas arcu mauris, cras pharetra proin egestas arcu
erat dolor, at amet. erat dolor, at amet.
83
Truck Pictorial Chart
Lorem ipsum dolor sit amet, nibh est.
Lorem 45% A magna maecenas, quam magna nec
quis, lorem nunc. Suspendisse viverra
Ipsum sodales mauris, cras pharetra proin
egestas arcu erat dolor, at amet.
80%
70%
60%
10%
LOREM LOREM LOREM LOREM
IPSUM IPSUM IPSUM IPSUM 85
Ice Cream Infographics
02 04
01 03 05
2018 2020
magna nec quis, lorem nunc. magna nec quis, lorem nunc.
Suspendisse viverra sodales Suspendisse viverra sodales
mauris, cras pharetra proin mauris, cras pharetra proin
egestas arcu erat dolor, at amet. egestas arcu erat dolor, at amet. 88
Curved Path Diagram
Lorem Ipsum
Lorem ipsum dolor sit amet, nibh est. A magna
maecenas, quam magna nec quis, lorem nunc.
Suspendisse viverra sodales mauris, cras
pharetra proin egestas arcu erat dolor, at amet.
Lorem Ipsum
Lorem ipsum dolor sit amet, nibh est. A magna
maecenas, quam magna nec quis, lorem nunc.
Suspendisse viverra sodales mauris, cras
pharetra proin egestas arcu erat dolor, at amet.
89
Search Concept Lorem Ipsum
Lorem Ipsum Lorem Ipsum
Lorem ipsum dolor sit Lorem ipsum dolor sit
amet, at pede luctus vel amet, at pede luctus vel
gravida, nonummy massa gravida, nonummy massa
rutrum lorem volutpat, a rutrum lorem volutpat, a
nunc ornari. nunc ornari.
90
6-Step Hexagons Puzzle Diagram