Public Key Cryptography 2 RSA. Lemma 1 Let s and t be relatively prime. Then Proof: Let be given by...
-
Upload
arthur-goodwin -
Category
Documents
-
view
214 -
download
0
description
Transcript of Public Key Cryptography 2 RSA. Lemma 1 Let s and t be relatively prime. Then Proof: Let be given by...
Lemma 1
Let s and t be relatively prime. Then
Proof: Let be given byFirst we show that actually maps
Then we show is an isomorphism.
€
U(st) ≈U(s)⊕U(t)
€
:U(st) →U(s)⊕U(t)
€
(x) = (xmod s,xmod t)
€
U(st) to U(s)⊕U(t)
Example
Let s = 8, t = 15, so that st = 120.(83) = (83 mod 8, 83 mod 15)
= (3,8)(29) = (29 mod 8, 29 mod 15)
= (5,14)(83•29) = (7) = (7,7)
= (3•5 mod 8, 8•14 mod 15)= (83)•(29)
Choose any x in U(st). Then gcd(x,st) = 1.There exist integers a, b with ax + bst = 1.Then 1 is a linear combination of x and s,so gcd(x,s) =1.Hence x mod s is in U(s).Similarly x mod t is in U(t).
€
:U(st) →U(s)⊕U(t)
is one-to-one
Suppose (x) = (y) where 0 ≤ x ≤ y < st. Then (x mod s,x mod t) = (y mod s,y mod t) So x mod s = y mod s and x mod t = y mod tHence s and t both divide y–x. But s, t are relatively prime, sost divides y–x as well.Also 0 ≤ y–x < st, so y–x = 0.It follows that is one-to-one.
is onto
Choose any (xs,xt) inThere exist integers a, b with as + bt = 1.Let x = (btxs + asxt ) mod st.In moment, we will show that x is in U(st).Then x = btxs + asxt + stn for some n. Sox mod s = (1•xs + 0•xt + 0•n) mod s = xs
x mod t = (0•xs + 1•xt + 0•n) mod t = xt
So (x) = (xs, xt), and is onto.
€
U(s)⊕U(t)
gcd(x,st)=1
Example: The inverse of
(x) = (x mod 8, x mod 15) Suppose (x) = (3,8). Find x.First write 2•8+(-1)•15 = 1Then x = (-1•15)(3) + (2•8)(8) = -45 + 128
= 83
To show gcd(x,st) = 1:
Given xs in U(s), xt in U(t), x = (btxs + asxt) where as+bt = 1. Set y = (btxs
-1+ asxt-1).
Now xy = (btxs + asxt)(btxs-1+ asxt
-1), soxy mod s = (1•xs+ 0)(1• xs
-1 + 0) mod s = 1.xy mod t = (0 + 1•xt)(0 + 1•xt
-1) mod t = 1.Now s | xy–1, t |xy–1, and gcd(s,t)=1 implies st | xy–1, so xy mod st = 1.Hence x and st are relatively prime.
is Operation Preserving
(x)(y) = (x mod s,x mod t)(y mod s,y mod t)= (xy mod s,xy mod t)= (xy)
Since is one-to-one, onto, and operation preserving, is an isomorphism.
Therefore,
€
U(st) ≈U(s)⊕U(t)
Theorem: (Gauss)
Let p be an odd prime, n > 0.
Corollary 1. For odd prime p,
Corollary 2. Let p and q be odd primes.
Proof:
€
U(pn ) ≈ Z(pn − pn−1)
€
U(p) ≈ Z(p−1)
€
U(pq) ≈ Z p−1 ⊕Zq−1
€
U(pq) ≈U(p)⊕U(q) ≈Z p−1 ⊕Zq−1
RSA Recipe
Choose (large) odd primes p,qLet N = p•q, m = lcm(p-1,q-1)Choose E relatively prime to mLet D = E-1 in U(m)To encode message M: C = ME mod NTo decode message C: M = CD mod N
Public Keyis E, N
Private Keyis D, N
Will RSA work?
M = lcm(p-1,q-1) = h(p-1) = k(q-1) for some integers h, k.ED + sM = 1 for some integer s.So, ED mod (p-1) = ED mod (q-1) = 1
Also, isomorphism Let . Then .
€
φ :U(N) →Z p−1 ⊕Zq−1
€
φ(m) = (a,b)
€
φ(mk ) = (ka,kb)
Will RSA work?
M = lcm(p-1,q-1) = h(p-1) = k(q-1) for some integers h, k.
We claimLet be an isomorphism.Say . Then
So as required.€
φ :U(N) →Z p−1 ⊕Zq−1
€
φ(x) = (a,b)
€
=(h(p−1)a,k(q−1)b) = (0,0) = φ(1)
€
φ(xM ) = (Ma,Mb)
€
xM =1
€
xM =1 for all x ∈U(N).
Operation Preserving
One-to-One
Encoding, Decoding are inverses
Recall that E and D are inverses mod M.So ED = 1+sM for some integer s.Let x in U(N) be a message. In U(N),y = xE is the encrypted message.The decrypted message is z = yD = xED = x1+sM = x•(xM)s = xRSA works!