dissertacao.pdf

More documents

Recommendations

Info

The first case refers to algorithms which we say run in time polynomial in log(N). Such an algorithm is called efficient as its complexity function grows in a rather controlled way. In opposition, algorithms belonging to the second case are called inefficient: they quickly become infeasible by any computer or even network of computers. When referring to problems, we will call them hard if there is no known algorithm running in polynomial time that solves it. In opposition, a problem which can be solved for any input with an algorithm running in polynomial time is said to be an easy problem. 1.5.3 Modular Arithmetic Modular Arithmetic is a fundamental basis for cryptography in general and for RSA in particular. For this reason we present a set of definitions and results which will enable the reader to fully understand the operations behind RSA. We will also present some of the most used algorithms within the RSA operations. We start with the congruence relation: Definition 6. Let N be a positive integer. We say that two integers a and b are congruent modulo N if there exists an integer k such that a − b = kN. We represent this relation with the following notation: a ∼ = b (mod N) (2) It should be noted that this is an equivalence relation. After choosing the modulus N, we get a partition of the integers into N different classes since every integer a must be congruent modulo N to an integer in the set {0, 1, ..., N − 1}. When the modulus N is implicit, we define [a] = {b ∈ Z : a ∼ = b (mod N)}, called the equivalence class of a. We introduce two operations with these equivalence classes, simple extensions of the usual addition and multiplication: Definition 7. (Modular Operations): Given two classes of equivalence [x] and [y] defined modulo N, we define the operations: addition: [x] + [y] = [x + y] multiplication: [x][y] = [xy] Throughout the text we will stop referring to the equivalence class [x] as [x] and instead write simply x. The modulus regarding which the equivalence class is defined will also not be written, rather it will be explicit from its context. 7
Definition 8. Given an integer N > 0, the modular ring ZN is the set: ZN = {[0], [1], ..., [N − 1]} (3) (which will also be defined as ZN = {0, 1, ..., N − 1}) along with the modular operations defined above. The division operation is an extension of the multiplication operation: to divide the equivalence class x by the equivalence class y, we multiply x by the inverse of y (mod N), according to the next definition. In the ring ZN we can easily define inverses, which will be necessary to create RSA keys: Definition 9. Let a be an element of the modular ring ZN. The inverse of a modulo N is the integer x satisfying: which we will refer to as a −1 (mod N). ax ∼ = 1 (mod N) (4) It is important to note that a −1 (mod N) exists if and only if (a, N) = 1. When this is the case, the Extended Euclidean Algorithm (explained in the next section) will provide us with the values x, y such that ax + yN = 1. From the last equation we get: ax ∼ = 1 (mod N) ⇔ ax − 1 = kN ⇔ ax − kN = 1 (5) We know a and N so x, the inverse of a, is given by the Extended Euclidean Algorithm (along with the value of k , which can be discarded). If (a, N) = 1 then there are no integer solutions x, k for this equation, and therefore there is no inverse of a modulo N. However, if given a modulus N and an integer a, we find out that a does not have an inverse modulo N, then we can compute a factor of N by simply computing (a, N). 8
Page 1 and 2: A Survey of Cryptanalytic Attacks o
Page 3 and 4: Palavras Chave: RSA, criptanálise,
Page 5 and 6: Contents 1 Introduction 1 1.1 Crypt
Page 7 and 8: List of Tables 1 Notation . . . . .
Page 9 and 10: messages, Alice and Bob needed a se
Page 11 and 12: key, have lead to restrictions over
Page 13: 1.5.2 Time Complexity In cryptograp
Page 17 and 18: If we want to solve a system of lin
Page 19 and 20: 1.5.5 Continued Fractions The conti
Page 21 and 22: 1.6 RSA Definition We are now in co
Page 23 and 24: calculates these roots (though, as
Page 25 and 26: not the case regarding RSA as we ha
Page 27 and 28: 1.8.3 Common Prime RSA For the Comm
Page 29 and 30: So if we use contrapositive of this
Page 31 and 32: The consequence of this theorem is
Page 33 and 34: 2.1.4 AKS Test In 2004, a major bre
Page 35 and 36: We will begin with an old method cr
Page 37 and 38: Theorem 18. Let N > 1 be an integer
Page 39 and 40: e reduced. Regarding the GNFS, it s
Page 41 and 42: factorization of N. That is, each u
Page 43 and 44: Table 3: DeLaurentis Attack’s Exp
Page 45 and 46: Notice that gi(m) ∼ = 0 (mod Ni)
Page 47 and 48: ecovery exponent l to reveal the pl
Page 49 and 50: y fN(x) = 2 −k1e ((m22 k2 + x2 k1
Page 51 and 52: Theorem 25. Let two plain texts m1,
Page 53 and 54: Theorem 28. Given an RSA modulus N
Page 55 and 56: increment m by one and start again.
Page 57 and 58: avoided. It should be noted that, o
Page 59 and 60: 5 Bibliography [1] Kamilah Abdullah
Page 61 and 62: [27] Arjen K. Lenstra, Primality Te
Page 63 and 64: A Implementations of the attacks fr
Page 65 and 66:
q = RandomPrime[{2∧ (nbits − 1)
Page 67 and 68:
While[i ≤ 23, n0 = Min[n0, nlist[
Page 69 and 70:
B Implementations of the attacks fr
Page 71 and 72:
C Implementation of Wiener’s atta
show all

dissertacao.pdf

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?