dissertacao.pdf

More documents

Recommendations

Info

Another very important procedure for RSA regarding congruences is Mod- ular Exponentiation. Given integers b, e, N, suppose we wish to calculate the integer c satisfying: c ∼ = b e (mod N) (6) A straightforward method is to simply calculate b e and then its remainder when divided by N. This algorithm’s complexity is O(e) so it is infeasible for large values of e. An alternative method, more efficient, is described below: Algorithm 1. (Exponentiation by repeated squaring and multiplica- tion). Given integers b, e, N, to compute the modular exponentiation c ∼ = b e (mod N) we proceed as follows: 1. write e in its binary representation: (em−1, em−2, ..., e1, e0)2 such that e = i=m−1 i=0 ei2i . 2. set c = 1. 3. from i = m − 1 to i = 0: 4. return c. 1. c = c 2 (mod N). 2. If ei = 1, then c = cb (mod N). The complexity of this algorithm is O(m) = O(log(e)). The operations in step 3 can be efficiently done implementing a technique called Montgomery Reduction[34]. We now introduce one definition used in the surprisingly efficient determin- istic primality checking algorithm presented in Chapter 2. Definition 10. Given an integer a and an integer N such that (a, N) = 1, the multiplicative order of a modulo N, denoted oN(a), is the smallest positive integer k such that test. a k ∼ = 1 (mod N) (7) And a definition used in the application of the Solovay-Strassen primality Definition 11. Given an integer q and an integer n, we say that q is a quadratic residue modulo n if there exists an integer x such that: x 2 ∼ = q (mod n) (8) 9
If we want to solve a system of linear modular equations there is one efficient theorem which provides the correct answer quickly: Theorem 1. (Chinese Remainder Theorem): Let a1, ..., .an be n integers and p1, ..., pn be relatively prime positive integers. Set P = n i=1 pi and, for i = 1, ..., n define yi such that: Then, one solution of the system is given by: ⎧ ⎪⎨ ⎪⎩ P yi ∼= 1 (mod pi) (9) pi x ∼ = a1 (mod p1) x ∼ = a2 (mod p2) . x ∼ = an (mod pn) x0 = n i=1 P aiyi pi Any other integer solution, x, of the system of congruences satisfies: 1.5.4 Useful Algorithms and Results (10) x ∼ = x0 (mod P ) (11) We now include some useful definitions and results used in the proofs of the attacks presented in chapter 3. Definition 12. Let p(x) = anx n + an−1x n−1 + ... + a1x + a0 be a polynomial of degree n with roots αi for i = 1, ..., n and q(x) = bmx m + bm−1x m−1 + ... + b1x + b0 be a polynomial of degree m with roots βi for i = 1, ..., n. The Resultant of p and q, denoted Resultant(p, q), is defined by n Resultant(p, q) = a m n b n m i=1 j=1 10 (12) (13) m (αi − βi) (14)
Page 1 and 2: A Survey of Cryptanalytic Attacks o
Page 3 and 4: Palavras Chave: RSA, criptanálise,
Page 5 and 6: Contents 1 Introduction 1 1.1 Crypt
Page 7 and 8: List of Tables 1 Notation . . . . .
Page 9 and 10: messages, Alice and Bob needed a se
Page 11 and 12: key, have lead to restrictions over
Page 13 and 14: 1.5.2 Time Complexity In cryptograp
Page 15: Definition 8. Given an integer N >
Page 19 and 20: 1.5.5 Continued Fractions The conti
Page 21 and 22: 1.6 RSA Definition We are now in co
Page 23 and 24: calculates these roots (though, as
Page 25 and 26: not the case regarding RSA as we ha
Page 27 and 28: 1.8.3 Common Prime RSA For the Comm
Page 29 and 30: So if we use contrapositive of this
Page 31 and 32: The consequence of this theorem is
Page 33 and 34: 2.1.4 AKS Test In 2004, a major bre
Page 35 and 36: We will begin with an old method cr
Page 37 and 38: Theorem 18. Let N > 1 be an integer
Page 39 and 40: e reduced. Regarding the GNFS, it s
Page 41 and 42: factorization of N. That is, each u
Page 43 and 44: Table 3: DeLaurentis Attack’s Exp
Page 45 and 46: Notice that gi(m) ∼ = 0 (mod Ni)
Page 47 and 48: ecovery exponent l to reveal the pl
Page 49 and 50: y fN(x) = 2 −k1e ((m22 k2 + x2 k1
Page 51 and 52: Theorem 25. Let two plain texts m1,
Page 53 and 54: Theorem 28. Given an RSA modulus N
Page 55 and 56: increment m by one and start again.
Page 57 and 58: avoided. It should be noted that, o
Page 59 and 60: 5 Bibliography [1] Kamilah Abdullah
Page 61 and 62: [27] Arjen K. Lenstra, Primality Te
Page 63 and 64: A Implementations of the attacks fr
Page 65 and 66: q = RandomPrime[{2∧ (nbits − 1)
Page 67 and 68:
While[i ≤ 23, n0 = Min[n0, nlist[
Page 69 and 70:
B Implementations of the attacks fr
Page 71 and 72:
C Implementation of Wiener’s atta
show all

dissertacao.pdf

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?