Cryptography &

System Security

Sonal Bankar
Basic Concepts in Number
Theory
 Modular Arithmetic
⮚ define modulo operator “a mod n” to be
remainder when a is divided by n
● where integer n is called the modulus
⮚ b is called a residue of a mod n
● since with integers can always write: a = qn + b
● usually chose smallest positive remainder as residue
• ie. 0 <= b <= n-1
● process is known as modulo reduction
• eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7
⮚ a & b are congruent if: a mod n = b mod n
● when divided by n, a & b have same remainder
● eg. (100 = 34) mod 11
⮚ -12 mod 7= (7*-2) +2 = 2
⮚ -5 mod 7 = -1*7 +2=2
⮚ -13 mod 4 = (4*-4)+3=3
⮚ 7 mod 5 = 2
Modular Arithmetic Operations
⮚ can perform arithmetic with residues
⮚ uses a finite number of values, and loops
back from either end
Zn = {0, 1, . . . , (n – 1)}
⮚ modular arithmetic is when we do addition
& multiplication and modulo reduce
answer can do reduction at any point, ie
● a+b mod n = [a mod n + b mod n] mod n
Modular Arithmetic Operations
1.[(a mod n) + (b mod n)] mod n
= (a + b) mod n
2.[(a mod n) – (b mod n)] mod n
= (a – b) mod n
3.[(a mod n) x (b mod n)] mod n
= (a x b) mod n
e.g.
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 =
4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8
=5
Modular Arithmetic Properties
 Euclidean Algorithm
⮚ an efficient way to find the GCD(a,b)
⮚ uses theorem that:
● GCD(a,b) = GCD(b, a mod b)
⮚ Euclidean Algorithm to compute GCD(a,b) is:
Euclid(a,b)
if (b=0) then return a;
else return Euclid(b, a mod b);
calculate

GCD(1970,1066)
 Example GCD(1970,1066)
GCD(a,b) = GCD(b,a mod b)

1970 = 1 x 1066 + 904 gcd(1066, 904)

1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)
 GCD(1160718174, 316258250)
Dividend Divisor Quotient
Remainder
a = 1160718174 b = 316258250 q1 = 3 r1 =
211943424
b = 316258250 r1 = 211943424 q2 = 1 r2 =
104314826
r1 = 211943424 r2 = 104314826 q3 = 2 r3 =
3313772
r2 = 104314826 r3 = 3313772 q4 = 31 r4 =
1587894
r3 = 3313772 r4 = 1587894 q5 = 2 r5 =
137984
r4 = 1587894 r5 = 137984 q6 = 11 r6 =
70070
r5 = 137984 r6 = 70070 q7 = 1 r7 =
67914
Extended Euclidean Algorithm
⮚ calculates not only GCD but x & y:
ax + by = d = gcd(a, b)
⮚ useful for later crypto computations
⮚ follow sequence of divisions for GCD but
assume at each step i, can find x &y:
r = ax + by
⮚ at end find GCD value and also x & y
⮚ if GCD(a,b)=1 these values are inverses
 Finding Inverses
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
Inverse of 550 in GF(1759)
Q A1 A2 A3 B1 B2 B3
— 1 0 1759 0 1 550
3 0 1 550 1 –3 109
5 1 –3 109 –5 16 5
21 –5 16 5 106 –339 4
1 106 –339 4 –111 355 1
(A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
(T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
(A1, A2, A3)=(B1, B2, B3)
(B1, B2, B3)=(T1, T2, T3) GF:Galios Field
Find MI of 11 in z26
(161,28)
 Definition
Three groups of positive integers

Note
A prime is divisible only by itself and 1.
 Continued

Example 1
What is the smallest prime?
Solution
The smallest prime is 2, which is divisible by 2 (itself) and 1.

Example 2
List the primes smaller than 10.
Solution
There are four primes less than 10: 2, 3, 5, and 7. It is interesting
to note that the percentage of primes in the range 1 to 10 is 40%.
The percentage decreases as the range increases.
 Checking for Primeness

Given a number n, how can we determine if n is a prime?

The answer is that we need to see if the number is
divisible by all primes less than

We know that this method is inefficient, but it is a good

start.
 Example 5

Is 97 a prime?
Solution
The floor of √97 = The primes less than 9 are 2, 3, 5, and 7. We
need to see if 97 is divisible by any of these numbers. It is not, so
97 is a prime.

Example 6
Is 301 a prime?
Solution
The floor of √301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore
301 is not a prime.
Sieve of Eratosthenes
 Euler’s Phi-Function

Euler’s phi-function, φ (n), which is sometimes called

the
Euler’s totient function plays a very important role in
cryptography.
The value of the Euler φ-function at the positive integer n is defined to be the number of positive
integers less than or equal to n that are relatively prime to n.

Rules
We can combine the above four rules to find the value of
φ(n). For example, if n can be factored as
n = p e × p2e × … × p ke
1
1 2 k

then we combine the third and the fourth rule to find

Note
The difficulty of finding φ(n) depends on the
difficulty of finding the factorization of n.
Example 7
What is the value of φ(13)?
Solution
Because 13 is a prime, φ(13) = (13 −1) = 12.

Example 8
What is the value of φ(10)?

Solution
We can use the third rule: φ(10) = φ(2) × φ(5) = 1 × 4 = 4, because
2 and 5 are primes.
Example 9
What is the value of φ(240)?
Solution
We can write 240 = 24 × 31 × 51. Then

φ(240) = (24 −23) × (31 − 30) × (51 − 50) = 64

Example 10
Can we say that φ(49) = φ(7) × φ(7) = 6 × 6 = 36?
Solution
No. The third rule applies when m and n are relatively prime.
Here 49 = 72. We need to use the fourth rule: φ(49) = 72 − 71 = 42.
Example 11
What is the number of elements in Z14*?

Solution
The answer is φ(14) = φ(7) × φ(2) = 6 × 1 = 6. The members are 1,
3, 5, 9, 11, and 13.

Note
Interesting point: If n > 2, the value of φ(n) is even.
 Fermat’s Little Theorem
This is a special case of Euler's totient theorem. It is sometimes called
Fermat's primality test and is a necessary but not sufficient test for
primality.

First Version

ap − 1 ≡ 1 mod p

Second Version

ap ≡ a mod p
Example 12
Find the result of 610 mod 11.
Solution
We have 610 mod 11 = 1. This is the first version of Fermat’s little
theorem where p = 11.
Example 13
Find the result of 312 mod 11.
Solution
Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermat’s little theorem.
 Multiplicative Inverses

a−1 mod p = a p − 2 mod p

Example 14
The answers to multiplicative inverses modulo a prime can be
found without using the extended Euclidean algorithm:
 Euler’s Theorem

First Version

aφ(n) ≡ 1 (mod n)
Second Version

a k × φ(n) + 1 ≡ a (mod n)
Note
The second version of Euler’s theorem is used in the
RSA cryptosystem.
 Continued

Example 15

Find the result of 624 mod 35.

Solution
We have 624 mod 35 = 6φ(35) mod 35 = 1.

Example 16
Find the result of 2062 mod 77.
Solution
If we let k = 1 on the second version, we have (φ(77)=60)
2062 mod 77 = (20 mod 77) (20φ(77) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
Find the result of 23145 mod 91.

Solution
If we let k = 2 on the second version, we
have (φ(91)=72)
23145 mod 91 = 23φ(91)*2 + 1 mod 91
= 23
 Continued

Multiplicative Inverses
Euler’s theorem can be used to find multiplicative
inverses modulo a composite.

a−1 mod n = aφ(n)−1 mod n

 Continued

Example 17
The answers to multiplicative inverses modulo a composite can be
found without using the extended Euclidean algorithm if we know
the factorization of the composite:
 Continued

Fermat Primes

F0 = 3 F1 = 5 F2 = 17 F3 = 257 F4 = 65537
F5 = 4294967297 = 641 × 6700417 Not a prime
Find a b mod m when b is large

Example 5 117 mod 19

Step 1: write b as powers of 2

i.e 117 =1+4+16+32+64

Example 5 117 mod 19 = 5 (1+4+16+32+64) mod 19

5 1 mod 19 = 5
5 2 mod 19 = 6
5 4 mod 19 = (52 * 52 )mod 19
= 6 * 6 mod 19 = 17
5 8 mod 19 = (54 * 54 )mod 19 = 17*17 mod 19 = 4
5 16 mod 19 = (58 * 58 )mod 19 = 16
5 32 mod 19 = 9
5 64mod 19 = 5
5 117 mod 19 = (5*17*16*9*5) mod 19 = 61200 mod 19 = 1
Example 5 117 mod 19 [a k × φ(n) + 1 ≡ a (mod n)]

φ(19) = 19-1=18

5 (109+8)

58*5 6 × φ(19) + 1 mod 19

(4 X 5 )mod 19 = 1
Solve 8 59 mod 77
59=1+2+8+16+32