Cryptography – BCS Public-Key Cryptography – RSA

(1)

Cryptography – BCS Public-Key Cryptography – RSA

Pierre-Alain Fouque

Université de Rennes 1

September, 15 2020

Pierre-Alain Fouque Cryptography – BCS Public-Key Cryptography – RSA

(2)

Agenda

1 Group and Ring

2 Greatest common divisor

3 Euclidean Algorithm

4 Prime Numbers

5 Numeration in baseb

6 Chinese Remainder Theorem

7 Euler Totient Function

8 Euler Theorem

(3)

Group

Definition (Group)

A groupG is a set of elements with a binary operation·such that

1 Closure : For all a,b∈G,a·b∈G.

2 Associativity : For alla,b andc in G,(a·b)·c =a·(b·c)

3 Identity element : LetG, ste·a=a·e =a. It is unique and is called the identity element.

4 Inverse element : For each a∈G, there exists an element b ∈G, denoted a⁻¹ (or−a, if the operation is denoted "+"), st a·b=b·a=e, where e is the identity element.

5 abelian – optional : Ifa·b =b·a,G is called abelian.

Definition (Group morphism)

A functiona:G →H between two groups(G,·)and(H, ?) is called a homomorphism if for allg,k∈G, a(g·k) =a(g)?a(k)

(4)

Example & Subgroup

Examples

(N,+),(Z,×) are not group

(Z,+),({−1,+1},×),(Q,×) are groups Definition (Subgroup)

It is a groupH contained within a bigger one, G. The identity element ofG is inH, and wheneverh1 andh2 are inH, then so are h₁·h₂ andh₁⁻¹. The elements ofH, equipped with the group operation onG restricted to H, form a group

Example

(3Z,+)is a subgroup of (Z,+) as 0∈3Z, and ifh₁,h₂∈3Z, h1+h2 is in 3Zand−h₁ ∈3Z

The quotient group Z/nZ={¯0,¯1, . . . ,n−1} where

¯

a={k ∈Z|k =amodn}

(5)

Ring, Field

Definition (Ring - Example(Z,+,·))

1 R is an abelian group under addition, i.e. :

+is associative :(a+b) +c =a+ (b+c) for all a,b,c ∈R +is commutative : a+b=b+a for alla,b∈R

0 is the additive identity : 0∈R st a+0=afor all a∈R

−ais the additive inverse of a: If a,−a∈R,sta+ (−a) =0

2 (a·b)·c =a·(b·c)for all a,b,c ∈R (·is associative) There is an element 1∈R sta·1=aand 1·a=a for all a∈R (1 is the multiplicative identity)

3 Multiplication is distributive with respect to addition a·(b+c) = (a·b) + (a·c)for all a,b,c ∈R (b+c)·a= (b·a) + (c·a)for all a,b,c ∈R Definition (Field - Example(Q,+,·))

A ring with an identity element for·st all non-zero element has an inverse for·

(6)

Euclidean Division

Proposition (Euclidean Division)

Let(a,b)∈Z×Z^∗. There exists a unique pair(q,r)∈Z×Z st

a=bq+r and0≤r<|b|.

q,r are called the quotient and the remainder of the euclidean division ofa by b.

Lemma

LetH be a subgroup ofZ. There exists a uniquen ∈Nst H=nZ.

Example

Letaandb two non-zero integers. The set aZ+bZ=

au+bv|u,v ∈Z ,is a subgroup ofZ. There exists a unique integerd ≥1 staZ+bZ=dZ.

(7)

Greatest common divisor

Definition

The integerd is called the Greatest common divisor ofaandb, and writtend = gcd(a,b).

Bézout Property

There exist two integersu andv st d =au+bv. Lemma

The gcd ofa andb is the unique integer st :

1 it is a divisor of aandb.

2 it is a multiple of any common divisor of a andb.

Definition

aandb are coprime (a is prime with b), if gcd(a,b) =1.

(8)

Greatest common divisor

Lemma

aandb are coprime iff ∃(u,v)∈Z² st au+bv =1.

Corollary

The integers _d^a and ^b_d are coprime.

(9)

Least Common Multiple

Definition

Given two non-zero integersa andb, the set aZ∩bZis a subgroup ofZ. The integer mst

aZ∩bZ=mZ

is called the least common multiple ofa andb.

Proposition

gcd(a,b) lcm(a,b) =|ab|.

(10)

Euclidean Algorithm (Computation of the gcd)

Definition

Define a finite sequence of integers(r_i)i≥0, called the sequence of remainders (defined toa andb), as follows : we define

r0=aandr1=b.

Letr0,r1,· · ·,r_i fori ≥1. It r_i 6=0,r_i+1 is the remainder of the euclidean division ofri−1 by r_i. Ifr_i =0, the process will stop and the sequence of remainders isr0,r1,· · · ,ri−1,ri. There exists a unique integern≥1 st :

0<rn<rn−1< . . . <r1 <r0 andrn+1 =0.

Proposition

rn= gcd(a,b).

(11)

Computation of Bézout Relation

Definition

Two sequences of integers(ui)0≤i≤n and(vi)0≤i≤n st u₀ =1,u₁ =0 andv₀ =0,v₁=1,

ui+1 =ui−1−u_iq_i andvi+1=vi−1−v_iq_i fori =1, . . . ,n−1, whereq_i is the quotient of the euclidean division of ri−1 by r_i. Proposition

r_n=au_n+bv_n Theorem (Complexiy)

n ≤ 3

2log2logb+1

(12)

Computation of inverse mod n

Inverse ofamodn

The inverse of amodn is an integerb+nZsuch that ab =1modn

If we compute the Extended Euclidean Algorithm on a,n we get two integersu,v such that

au+nv = gcd(a,n)

If gcd(a,n) =1,au+nv =1 and we compute this relation modn, we get

au =1modn meaning that u is the inverse ofamodn.

Sometimes, we have to add a multiple of n to get a value between 1 and n−1.

(13)

Prime Numbers

Definition (Prime Number)

Any integerp ≥2 whose only positive divisors are 1 and p.

Lemma

Letp an integer ≥2. Then, p is prime iffp is not the product of two integers strictly larger than1.

Corollary (Euclide)

The set of prime numbers is infinite.

(14)

Fundamental Theorem of Arithmetic

Theorem

Any integern≥2can be uniquely written as n =p₁ⁿ¹. . .p_rⁿ^r,

where theni are non negative integers, and thepi are primes st pi−1 <pi for alli =2, . . . ,r, called the decomposition of n into prime factors.

Theorem (π(x): Number of primes≤x - π(x)' _log^x_x) For all realx≥2, we have

log2 2

x

logx ≤π(x)≤(9log2) x logx.

(15)

Numeration in base b ≥ 2

Theorem

Letx a non negative integer. We can writex uniquely as x=a_nbⁿ+an−1bⁿ⁻¹+. . .+a1b+a0

wheren ∈N,a0, . . . ,an∈Nst0≤ai ≤b−1andan is non zero.

x=a_nan−1. . .a1a0 : decomposition of x in baseb and x= (a_n· · ·a₀)_b.

Theorem (Fast Exponentiation)

We can computexⁿ with O(logn) multiplications

(16)

Chinese Remainder Theorem

Theorem

Letm andn two non negative coprime integers.

f :Z→Z/mZ×Z/nZ,

defined st for alla∈Z

f(a) = (a+mZ,a+nZ), is an onto ring morphism, whose kernel ismnZ. The ringsZ/mnZet Z/mZ×Z/nZare isomorphs given the mapa+mnZ7→(a+mZ,a+nZ)

(17)

Euler Totient Function

Definition

For alln≥1, the integer ϕ(n) is the number of integers between 1 andn, and coprime with n.

ϕ(n) =

1≤k ≤n: gcd(k,n) =1 Lemma

For all primep and integer r ≥1, we get ϕ(p^r) =p^r −p^r⁻¹

Lemma

Letn≥1. An integeraanda¯its class mod nZ. Then, a¯is invertible inZ/nZiff gcd(a,n) =1.

(Z/nZ)^∗ =

¯

a:1≤a≤n and gcd(a,n) =1

(18)

Euler Totient Function

Corollary (The order of(Z/nZ)^∗ is ϕ(n).) The ringZ/nZis a field iffn is prime.

Corollary

Letm andn two non-negative coprime integers. We get

ϕ(mn) =ϕ(m)ϕ(n)

Theorem

ϕ(n) =nY

p|n

1− 1

p

(19)

Euler Theorem

Theorem (Euler, 1760)

Letn a non-negative integer. For all integer acoprime with n, a^ϕ(n) =1modn

Proposition

LetG an abelian group of order n, with identity elemente.

For allx ∈G, we havexⁿ=e.

Corollary (Fermat Little Theorem)

Letp be a prime number. For all integer anon divisible by p,

a^p−1 =1modp

In particular, for all integera, we get a^p=amodp