Applications of Number

Theory
CS/APMA 202
Rosen section 2.6
Aaron Bloomfield

1
 About this lecture set
We are only going to go over parts of section 2.6
 Just the ones that deal directly with 2.6

Much of the underlying theory we will not be able

to get to
 It’s beyond the scope of this course

Much of why this all works won’t be taught

 It’s just an introduction to how it works

2
 Private key cryptography
The function and/or key to encrypt/decrypt
is a secret
 (Hopefully) only known to the sender and
recipient

The same key encrypts and decrypts

How do you get the key to the recipient?

3
 Public key cryptography
Everybody has a key that encrypts and a
separate key that decrypts
 They are not interchangable!

The encryption key is made public

The decryption key is kept private

4
Public key cryptography goals
Key generation should be relatively easy

Encryption should be easy

Decryption should be easy
 With the right key!

Cracking should be very hard

5
 Is that number prime?
Use the Fermat primality test

Given:
 n: the number to test for primality
 k: the number of times to test (the certainty)

The algorithm is:

repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime
6
 Is that number prime?
The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime
Let n = 105
 Iteration 1: a = 92: 92104 mod 105 = 1
 Iteration 2: a = 84: 84104 mod 105 = 21
 Therefore, 105 is composite

8
 Is that number prime?
The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime
Let n = 101
 Iteration 1: a = 55: 55100 mod 100 = 1
 Iteration 2: a = 60: 60100 mod 100 = 1
 Iteration 3: a = 14: 14100 mod 100 = 1
 Iteration 4: a = 73: 73100 mod 100 = 1
 At this point, 101 has a (½)4 = 1/16 chance of still
being composite
9
More on the Fermat primality test
Each iteration halves the probability that the number is a
composite
 Probability = (½)k
 If k = 100, probability it’s a composite is (½) 100 = 1 in 1.2  1030
that the number is composite
Greater chance of having a hardware error!
 Thus, k = 100 is a good value

However, this is not certain!

 There are known numbers that are composite but will always
report prime by this test

Source: http://en.wikipedia.org/wiki/Fermat_primality_test
10
Google’s latest recruitment
campaign

11
 RSA
Stands for the inventors: Ron Rivest, Adi
Shamir and Len Adleman

Three parts:
 Key generation
 Encrypting a message
 Decrypting a message

12
 Key generation steps
1. Choose two random large prime numbers p ≠ q, and
n = p*q

2. Choose an integer 1 < e < n which is relatively prime to

(p-1)(q-1)

3. Compute d such that d * e ≡ 1 (mod (p-1)(q-1))

 Rephrased: d*e mod (p-1)(q-1) = 1

4. Destroy all records of p and q

13
 Key generation, step 1
Choose two random large prime numbers p ≠ q
 In reality, 2048 bit numbers are recommended
That’s  617 digits
 From last lecture: chance of a random odd 2048 bit
number being prime is about 1/710
We can compute if a number is prime relatively quickly via
the Fermat primality test

We choose p = 107 and q = 97

Compute n = p*q
 n = 10379
14
 Key generation, step 1
Java code to find a big prime number:

BigInteger prime = new BigInteger

(numBits, certainty, random);

The number of Certainty that the The random number

bits of the prime number is a prime generator

15
 Key generation, step 1
Java code to find a big prime number:
import java.math.*;
import java.util.*;

class BigPrime {

static int numDigits = 617;

static int certainty = 100;

static final double LOG_2 = Math.log(10)/Math.log(2);

static int numBits = (int) (numDigits * LOG_2);

public static void main (String args[]) {

Random random = new Random();
BigInteger prime = new BigInteger (numBits, certainty,
random);
System.out.println (prime);
}
} 16
 Key generation, step 1
How long does this take?
 Keep in mind this is Java!
 These tests done on a 850 Mhz Pentium
machine
 Average of 100 trials (certainty = 100)

 200 digits (664 bits): about 1.5 seconds

 617 digits (2048 bits): about 75 seconds

17
 Key generation, step 1
Practical considerations
 p and q should not be too close together
 (p-1) and (q-1) should not have small prime
factors
 Use a good random number generator

18
 Key generation, step 2
Choose an integer 1 < e < n which is
relatively prime to (p-1)(q-1)

There are algorithms to do this efficiently

 We aren’t going over them in this course

Easy way to do this: make e be a prime

number
 It only has to be relatively prime to (p-1)(q-1),
but can be fully prime
19
 Key generation, step 2
Recall that p = 107 and q = 97
 (p-1)(q-1) = 106*96 = 10176 = 26*3*53

We choose e = 85
 85 = 5*17
 gcd (85, 10176) = 1
 Thus, 85 and 10176 are relatively prime

20
 Key generation, step 3
Compute d such that:
d * e ≡ 1 (mod (p-1)(q-1))
 Rephrased: d*e mod (p-1)(q-1) = 1

There are algorithms to do this efficiently

 We aren’t going over them in this course

We choose d = 4669
 4669*85 mod 10176 = 1

Use the script at

http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

21
 Key generation, step 3
Java code to find d:

import java.math.*;

class FindD {
public static void main (String args[]) {

BigInteger pq = new BigInteger("10176");

BigInteger e = new BigInteger ("85");

System.out.println (e.modInverse(pq));
}
}

Result: 4669 22
 Key generation, step 4
Destroy all records of p and q

If we know p and q, then we can compute

the private encryption key from the public
decryption key

d * e ≡ 1 (mod (p-1)(q-1))

23
 The keys
We have n = p*q = 10379, e = 85, and
d = 4669

The public key is (n,e) = (10379, 85)

The private key is (n,d) = (10379, 4669)

Thus, n is not private

 Only d is private

In reality, d and e are 600 (or so) digit numbers

 Thus n is a 1200 (or so) digit number
24
 Encrypting messages
To encode a message:
1. Encode the message m into a number
2. Split the number into smaller numbers m < n
3. Use the formula c = me mod n
c is the ciphertext, and m is the message

Java code to do the last step:

 m.modPow (e, n)
 Where the object m is the BigInteger to
encrypt
25
 Encrypting messages example
1. Encode the message into a number
 String is “Go Cavaliers!!”
 Modified ASCII codes:
41 81 02 37 67 88 67 78 75 71 84 85 03 03
2. Split the number into numbers < n
 4181 0237 6788 6778 7571 8485 0303
3. Use the formula c = me mod n
 418185 mod 10379 = 4501
 023785 mod 10379 = 2867
 678885 mod 10379 = 4894
 Etc…
Encrypted message:
 4501 2867 4894 0361 3630 4496 6720

26
 Encrypting RSA messages
 Formula is c = me mod n

27
 Decrypting messages
1. Use the formula m = cd mod n on each
number

2. Split the number into individual ASCII

character numbers

3. Decode the message into a string

28
 Decrypting messages example
Encrypted message:
 4501 2867 4894 0361 3630 4496 6720

1. Use the formula m = cd mod n on each number

 45014669 mod 10379 = 4181
 28674669 mod 10379 = 0237
 48944669 mod 10379 = 6788
 Etc…
2. Split the numbers into individual characters
 41 81 02 37 67 88 67 78 75 71 84 85 03 03
3. Decode the message into a string
 Modified ASCII codes:
41 81 02 37 67 88 67 78 75 71 84 85 03 03
 Retrieved String is “Go Cavaliers!!”

29
 modPow computation
1. How to compute c = me mod n or m = cd mod n?
 Example: 45014669 mod 10379 = 4181

Use the script at

http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpow

Other means:
 Java: use the BigInteger.modPow() method
 Perl: use the bmodpow function in the BigInt library
 Etc…

30
 Why this works
m = cd mod n
c = me mod n

cd ≡ (me)d ≡ med (mod n)

Recall that:
 ed ≡ 1 (mod p-1)
 ed ≡ 1 (mod q-1)
Thus,
 med ≡ m (mod p)
 med ≡ m (mod q)
med ≡ m (mod pq)
med ≡ m (mod n)

31
 Cracking a message
In order to decrypt a message, we must compute m = cd mod n
 n is known (part of the public key)
 c is known (the ciphertext)
 e is known (the encryption key)
Thus, we must compute d with no other information
 Recall: choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
 Recall: Compute d such that d * e ≡ 1 (mod (p-1)(q-1))
Thus, we must factor the composite n into it’s component primes
 There is no efficient way to do this!
 We can tell that n is composite very easily, but we can’t tell what its
factors are
Once n is factored into p and q, we compute d as above
 Then we can decrypt c to obtain m
32
Cracking a message example
In order to decrypt a message, we must compute m = cd
mod n
 n = 10379
 c is the ciphertext being cracked
 e = 85
In order to determine d, we need to factor n
 d * e ≡ 1 (mod (p-1)(q-1))
 We factor n into p and q: 97 and 107
 d * 85 ≡ 1 (mod (96)(106))
 This would not have been feasible with two large prime
factors!!!
We then compute d as above, and crack the message

33
 Signing a message
Recall that we computed
d*e mod (p-1)(q-1) = 1

Note that d and e are interchangable!

 You can use either for the encryption key

You can encrypt with either key!

 Thus, you must use the other key to decrypt

34
 Signing a message
To “sign” a message:
1. Write a message, and determine the MD5
hash
2. Encrypt the hash with your private
(encryption) key
3. Anybody can verify that you created the
message because ONLY the public
(encryption) key can decrypt the hash
4. The hash is then verified against the
message
35
 PGP and GnuPG
Two applications which implement the
RSA algorithm

 GnuPG Is open-source (thus it’s free)

 PGP was first, and written by Phil Zimmerman

The US gov’t didn’t like PGP…

36
The US gov’t and war munitions

37
 How to “crack” PGP
Factoring n is not feasible
Thus, “cracking” PGP is done by other
means
 Intercepting the private key
“Hacking” into the computer, stealing the computer,
etc.
 Man-in-the-middle attack
 Etc.

38
 Other public key encryption
methods

Modular logarithms
 Developed by the US government, therefore
not widely trusted

Elliptic curves

39
 Quantum computers
A quantum computer could (in principle) factor n in
reasonable time
 This would make RSA obsolete!
 Shown (in principle) by Peter Shor in 1993
 You would need a new (quantum) encryption algorithm to
encrypt your messages

This is like saying, “in principle, you could program a

computer to correctly predict the weather”

IBM recently created a quantum computer that

successfully factored 15 into 3 and 5

I bet the NSA is working on such a computer, also

40
 Sources
Wikipedia article has a lot of info on RSA
and the related algorithms

 Those articles use different variable names

 Link at http://en.wikipedia.org/wiki/RSA

41
 Quick survey
 I felt I understood the material in this
slide set…
a) Very well
b) With some review, I’ll be good
c) Not really
d) Not at all

42
 Quick survey
 The pace of the lecture for this
slide set was…
a) Fast
b) About right
c) A little slow
d) Too slow

43
 Quick survey
 How interesting was the material
in this slide set? Be honest!
a) Wow! That was SOOOOOO cool!
b) Somewhat interesting
c) Rather borting
d) Zzzzzzzzzzz

44