RSA and Eisenstein Integers

RSA Cryptosystem and Eisenstein Integers
Cahlen Humphreys
Math 406: Number Theory
May 9, 2013
Introduction
The RSA cryptosystem is a public-key cryptography alogrithm in which
security is dependent upon the diculty of factoring a number which is
the product of two large primes [1].
Developed in 1977.
Ron [R]ivest, Adi [S]hamir, and Leonard [A]dleman.
C. Humphreys (BSU) RSA Cryptosystem and Eisenstein Integers May 9, 2013 2 / 25
Introduction
Developed in 1977.
Introduction
Developed in 1977.
Introduction
The Eisenstein integers are a commutative ring Z[], and are of the form
z = a +b. They are named after the mathematician Gotthold Eisenstein,
and are also know informally as Eulerian integers. In the complex plane
Eisentstein integers from a triangle lattice, as pictured above.
Z[] =
_
a + b : a, b Z, =
1 + i
3
2
_
Introduction
The Eisenstein integers are a commutative ring Z[], and are of the form
z = a +b. They are named after the mathematician Gotthold Eisenstein,
and are also know informally as Eulerian integers. In the complex plane
Eisentstein integers from a triangle lattice, as pictured above.
Z[] =
_
a + b : a, b Z, =
1 + i
3
2
_
Table of Contents
I RSA Algorithm
i Description of the algorithm
ii Example
II Eisenstein Integers
i Description (Some lemmas and theorems)
ii Euclidean Domain Proof
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
Table of Contents
I RSA Algorithm
ii Example
iii Primes
iv Example of GCD
RSA Algorithm
Suppose Alice and Bob want to communicate in a private manner.
1
Bob creates a private key.
1 Choose two large primes p, q Z.
2 Let N = pq, we call N the public modulus.
3 Take (N).
(N) = (pq) = (p)(q) = (p 1)(q 1), because p, q are primes.
4 Choose e Z such that 0 < e < (N), and gcd (e, (N)) = 1.
5 Let d e
1
mod (N). (ie. d is the multiplcative inverse of e
modulo (N))
6 Bobs public key is (e, N), and private key is d.
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
1
3 Take (N).
5 Let d e
1
modulo (N))
RSA Algorithm
Alice, pictured above, has a message which she wishes to send to Bob in a
private manner. Let the message M < N be some integer value after
converting the message into numbers.
1
Alice takes Bobs public key (e, N) and performs the following
operation:
C = M
e
mod N
C is Alices ciphertext. Alice then sends C to Bob.
RSA Algorithm
1
operation:
C = M
e
mod N
RSA Algorithm
1
operation:
C = M
e
mod N
RSA Algorithm
1
operation:
C = M
e
mod N
RSA Algorithm
Bob recieves C from Alice and he now wishes to decrypt the message.
1
Bob takes C and and is able to retrieve M by the following
computation:
M = C
d
mod N.
RSA Algorithm
1
computation:
M = C
d
mod N.
RSA Algorithm
1
computation:
M = C
d
mod N.
RSA Algorithm Overview
1
Choose primes p, q Z.
2
Let N = pq.
3
Choose e Z such that 0 < e < (N) and gcd (e, (N)) = 1.
4
Find multiplicative inverse of e, d e
1
mod (N).
5
(e, N) - Public Key.
6
d - Private Key.
7
Take a message M Z such that M < N.
8
Encrypt: C = M
e
mod N.
C - Ciphertext
9
Decrypt: M = C
d
mod N.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
Let e = 23, and note 0 < 23 < 120, and gcd (23, 120) = 1.
Then d = 47, because 47 23 1 mod 120.
Let our message converted to a number be M = 75.
To nd C we compute 75
23
mod 143, and nd that C = 69, where
C is our ciphertext.
To retrieve our message we compute 69
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
RSA Example
Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.
Then (N) = (11 1)(13 1) = (10)(12) = 120.
23
47
mod 143 = 75.
Eisenstein Integers
The Eisenstein integers can be described as the set
Z[] =
_
a + b : a, b Z, =
1 + i
3
2
_
Lemma (1)
2
= :
2
=
_
1 + i
3
2
__
1 + i
3
2
_
=
1 + i
2
(3) i
3 i
3
4
=
2 2i
2
4
=
1 i
3
2
=
Eisenstein Integers
The Eisenstein integers can be described as the set
Z[] =
_
a + b : a, b Z, =
1 + i
3
2
_
Lemma (1)
2
= :
2
=
_
1 + i
3
2
__
1 + i
3
2
_
=
1 + i
2
(3) i
3 i
3
4
=
2 2i
2
4
=
1 i
3
2
=
Eisenstein Integers
Lemma (2)
2
+ + 1 = 0
Lemma (3)
=
2
=
3
= 1
Lemma (4)
= 1 .
Proof. From Lemma 2 we have
2
+ + 1 = 0, and from Lemma 1 we
have that
2
= . So we simply substitute:
2
+ + 1 = 0 = + + 1 = 0
= = 1
Eisenstein Integers
Lemma (2)
2
+ + 1 = 0
Lemma (3)
=
2
=
3
= 1
Lemma (4)
= 1 .
2
have that
2
2
+ + 1 = 0 = + + 1 = 0
= = 1
Eisenstein Integers
Lemma (2)
2
+ + 1 = 0
Lemma (3)
=
2
=
3
= 1
Lemma (4)
= 1 .
2
have that
2
2
+ + 1 = 0 = + + 1 = 0
= = 1
Z[] forms a Euclidean Domain
The next thing we want to show is that Z[] forms a Euclidean domain.
Why do we care?
ED = UFD (Unique Factorization) [2]
Division Algorithm
Modular Arithmetic
Things we need for RSA.
Why do we care?
Division Algorithm
Modular Arithmetic
Why do we care?
Division Algorithm
Modular Arithmetic
Why do we care?
Division Algorithm
Modular Arithmetic
Why do we care?
Division Algorithm
Modular Arithmetic
Why do we care?
Division Algorithm
Modular Arithmetic
Denition
Given = a + b Z[],
Dene N : Z[]\{0} Z : N() = = a
2
ab + b
2
.
Theorem
Given , Z[], then the norm function is multiplicative.
N() = N()N()
Theorem (4)
Given , Z[], there exists u, v Q such that / = u + v.
Denition
Given = a + b Z[],
Dene N : Z[]\{0} Z : N() = = a
2
ab + b
2
.
Theorem
N() = N()N()
Theorem (4)
Denition
Given = a + b Z[],
Dene N : Z[]\{0} Z : N() = = a
2
ab + b
2
.
Theorem
N() = N()N()
Theorem (4)
We now have what we need to prove that Z[] forms a Euclidean Domain.
Theorem
Z[] forms a Euclidean Domain under the norm N(a +b) = a
2
ab +b
2
.
We now have what we need to prove that Z[] forms a Euclidean Domain.
Theorem
Z[] forms a Euclidean Domain under the norm N(a +b) = a
2
ab +b
2
.
Primes in Z[]
Lemma
The only units of Z[] are 1, , and
2
. (ie. The only numbers in
Z[] such that the the norm is equal to 1).
N(1 + 0) = 1
2
1(0) + 0
2
= 1
N(0 ) = 0
2
0(1) + 1
2
= 1
N(0
2
) = N(1 ) = N(1 +) = 1
2
1(1) + 1
2
= 1
Recall, Lemma 3 implies that
2
= 1 and
2
= 1 +.
Denition
An Eisenstein prime is a number that cannot be expressed as a product of
other Eisenstein integers. The only factors are itself, its conjugate, and the
units 1, ,
2
.
Primes in Z[]
Lemma
The only units of Z[] are 1, , and
2
. (ie. The only numbers in
Z[] such that the the norm is equal to 1).
N(1 + 0) = 1
2
1(0) + 0
2
= 1
N(0 ) = 0
2
0(1) + 1
2
= 1
N(0
2
) = N(1 ) = N(1 +) = 1
2
1(1) + 1
2
= 1
Recall, Lemma 3 implies that
2
= 1 and
2
= 1 +.
Denition
An Eisenstein prime is a number that cannot be expressed as a product of
other Eisenstein integers. The only factors are itself, its conjugate, and the
units 1, ,
2
.
Primes in Z[]
Primes in Z[] fall into one of three categories:
1
(1 ), often considered the loneliest prime.
2
Positive prime integers x Z, such that x 2 mod 3.
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
Complex numbers = a + b where N() is prime in Z and
N() 1 mod 3.
Example: N(2 + 3) = 7 1 mod 3, so 2 + 3 is prime in Z[]. But
7 = (2 )(2
2
), and hence 7 is not prime in Z[].
Why do we care? RSA.
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
Why do we care?
RSA.
Primes in Z[]
1
2
Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }
3
N() 1 mod 3.
7 = (2 )(2
2
GCD in Z[]
We also need to be able to take the greatest common divisor of two
Eisenstein integers in order to have an RSA cryptosystem.
Example: We will take the gcd (4 + 5, 5 + 7). First we take the norm of
both, from this we can determine if either of them are prime.
N(5 + 7) = 5
2
5(7) + 7
2
= 25 35 + 49
= 10 + 49
= 39
N(4 + 5) = 4
2
4(5) + 5
2
= 16 20 + 25
= 4 + 24
= 21
And neither 39 nor 21 are prime in Z, hence they are not prime in Z[].
GCD in Z[]
Example: We will take the gcd (4 + 5, 5 + 7).
First we take the norm of
N(5 + 7) = 5
2
5(7) + 7
2
= 25 35 + 49
= 10 + 49
= 39
N(4 + 5) = 4
2
4(5) + 5
2
= 16 20 + 25
= 4 + 24
= 21
GCD in Z[]
N(5 + 7) = 5
2
5(7) + 7
2
= 25 35 + 49
= 10 + 49
= 39
N(4 + 5) = 4
2
4(5) + 5
2
= 16 20 + 25
= 4 + 24
= 21
GCD in Z[]
N(5 + 7) = 5
2
5(7) + 7
2
= 25 35 + 49
= 10 + 49
= 39
N(4 + 5) = 4
2
4(5) + 5
2
= 16 20 + 25
= 4 + 24
= 21
GCD in Z[]
Now we take the integer with the larger norm divide it by the integer with
the smaller norm.
5 + 7
4 + 5
=
5 + 7
4 + 5
_
4 + 5
4 + 5
_
=
(5 + 7)(4 + 5 )
16 + 25(1) + 20 + 20
=
(5 + 7)(4 + 5 )
41 + 20( +
2
)
=
(5 + 7)(4 + 5 )
41 + 20(1)
=
20 + 35 + 28 + 25
21
=
20 + 35 + 28 + 25(1 )
21
=
55 + 28 25 25
21
=
30 + 3
21
= 1.42 + 0.14
GCD in Z[]
the smaller norm.
5 + 7
4 + 5
=
5 + 7
4 + 5
_
4 + 5
4 + 5
_
=
(5 + 7)(4 + 5 )
16 + 25(1) + 20 + 20
=
(5 + 7)(4 + 5 )
41 + 20( +
2
)
=
(5 + 7)(4 + 5 )
41 + 20(1)
=
20 + 35 + 28 + 25
21
=
20 + 35 + 28 + 25(1 )
21
=
55 + 28 25 25
21
=
30 + 3
21
= 1.42 + 0.14
GCD in Z[]
the smaller norm.
5 + 7
4 + 5
=
5 + 7
4 + 5
_
4 + 5
4 + 5
_
=
(5 + 7)(4 + 5 )
16 + 25(1) + 20 + 20
=
(5 + 7)(4 + 5 )
41 + 20( +
2
)
=
(5 + 7)(4 + 5 )
41 + 20(1)
=
20 + 35 + 28 + 25
21
=
20 + 35 + 28 + 25(1 )
21
=
55 + 28 25 25
21
=
30 + 3
21
= 1.42 + 0.14
GCD in Z[]
We now take the closest integer values of 1.42 and 0.14,
[1.42] = 1
[0.14] = 0
So we let our quotient q = 1 + 0. We now have that
5 + 7 = (4 + 5)(1) + r = r = (5 + 7) (4 + 5)
therefore, r = 1 + 2.Hence,
5 + 7
. .
a
= (4 + 5
. .
b
)( 1
..
q
) + (1 + 2
. .
r
)
GCD in Z[]
[1.42] = 1
[0.14] = 0
5 + 7 = (4 + 5)(1) + r = r = (5 + 7) (4 + 5)
5 + 7
. .
a
= (4 + 5
. .
b
)( 1
..
q
) + (1 + 2
. .
r
)
GCD in Z[]
[1.42] = 1
[0.14] = 0
5 + 7 = (4 + 5)(1) + r = r = (5 + 7) (4 + 5)
therefore, r = 1 + 2.
Hence,
5 + 7
. .
a
= (4 + 5
. .
b
)( 1
..
q
) + (1 + 2
. .
r
)
GCD in Z[]
[1.42] = 1
[0.14] = 0
5 + 7 = (4 + 5)(1) + r = r = (5 + 7) (4 + 5)
5 + 7
. .
a
= (4 + 5
. .
b
)( 1
..
q
) + (1 + 2
. .
r
)
GCD in Z[]
Now we must nd q
1
and r
1
such that
4 + 5 = (1 + 2)q
1
+ r
1
.
So we rinse and repeat. We divide 4 + 5 by 1 + 2, and omitting the
algebra we end up with
4 + 5
1 + 2
= 2
which implies that
4 + 5 = (1 + 2)(2 ) + 0
and therefore, gcd(5 + 7, 4 + 5) = 1 + 2.
GCD in Z[]
Now we must nd q
1
and r
1
such that
4 + 5 = (1 + 2)q
1
+ r
1
.
4 + 5
1 + 2
= 2
which implies that
4 + 5 = (1 + 2)(2 ) + 0
GCD in Z[]
Now we must nd q
1
and r
1
such that
4 + 5 = (1 + 2)q
1
+ r
1
.
4 + 5
1 + 2
= 2
which implies that
4 + 5 = (1 + 2)(2 ) + 0
Generalized GCD Algorithm in Z[]
1
Take two numbers , Z[], where = 0.
2
If |, then gcd (, ) = .
1 If |, then u, v Q such that / = u + v (Theorem 4).
2 Let a = [u] and b = [v] (ie. The closest integer value of u and v).
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
= 0, then our GCD is r
i 1
. If r
i
= 0, we repeat the process until
r
i
= 0.
Observe that this is very similar to the Euclidean Algorithm in Z.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
1
2
If |, then gcd (, ) = .
3 Let r = (a + b).
4 Then = (a + b) + r .
If r
i
i 1
. If r
i
r
i
= 0.
Eulers function in Z[]
Wait for Paul!
Conclusion
Can we have an RSA cryptosystem using Eisenstein integers?
Yes.
Is it any more secure than RSA using using regular integers?
Probably not, however more time and research would be needed to give
a completely accurate assessment.
What did I learn?
More about Z[] than I ever thought I would, and lots of Algebra.
Conclusion
Yes.
What did I learn?
Conclusion
Yes.
What did I learn?
Conclusion
Yes.
What did I learn?
Conclusion
Yes.
What did I learn?
Conclusion
Yes.
What did I learn?
Future Work
Develop a fully functioning RSA cryptosystem using Eisenstein integers in
Maple.
References
[1] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining
digital signatures and public-key cryptosystems, Communications of
the ACM. 21 (2): 120-126. 1978.
[2] Cameron, Peter J. Introduction to Algebra, Oxford University
Press, USA. 2008.

RSA and Eisenstein Integers

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

RSA and Eisenstein Integers

Загружено:

Авторское право:

Доступные форматы

RSA Cryptosystem and Eisenstein Integers

Вам также может понравиться