Online Cryptography Course Dan Boneh Intro. Number Theory Modular e’th roots Dan Boneh Modular e’th roots We know how to solve modular linear equations: a⋅x +

Download Report

Transcript Online Cryptography Course Dan Boneh Intro. Number Theory Modular e’th roots Dan Boneh Modular e’th roots We know how to solve modular linear equations: a⋅x + 

Online Cryptography Course
Dan Boneh
Intro. Number Theory
Modular e’th roots
Dan Boneh
Modular e’th roots
We know how to solve modular linear equations:
a⋅x + b = 0 in ZN
Solution: x = −b⋅a-1 in ZN
What about higher degree polynomials?
Example:
let p be a prime and c∈Zp .
x2 – c = 0 ,
Can we solve:
y3 – c = 0 , z37 – c = 0
in Zp
Dan Boneh
Modular e’th roots
Let p be a prime and c∈Zp .
Def:
x∈Zp s.t. xe = c in Zp
Examples:
is called an e’th root of c .
71/3 = 6 in
31/2 = 5 in
11/3 = 1
21/2 does not exist in
in
Dan Boneh
The easy case
When does c1/e in Zp
The easy case:
exist?
suppose gcd( e , p-1 ) = 1
Then for all c in (Zp)*:
Proof:
Can we compute it efficiently?
let d = e-1 in Zp-1 .
c1/e exists in Zp and is easy to find.
Then
d⋅e = 1 in Zp-1 ⇒
Dan Boneh
The case e=2: square roots
If p is an odd prime then gcd( 2, p-1) ≠ 1
Fact: in
Example: in
, x⟶
:
x2
is a 2-to-1 function
1
10
1
Def: x in
x
2
9
4
3
x2
8
9
−x
4
7
5
5
6
3
is a quadratic residue (Q.R.) if it has a square root in
p odd prime ⇒ the # of Q.R. in
is (p-1)/2 + 1
Dan Boneh
Euler’s theorem
Thm:
x in (Zp)* is a Q.R.
Example:
in
:
=
Note: x≠0 ⇒
x(p-1)/2
x(p-1)/2 = 1 in Zp
⟺
(p odd prime)
15, 25, 35, 45, 55, 65, 75, 85, 95, 105
1 -1
1
1 1, -1, -1, -1, 1, -1
1/2
p-1
= (x ) = 11/2 ∈ { 1, -1 }
Def: x(p-1)/2 is called the Legendre Symbol of x over p
in Zp
(1798)
Dan Boneh
Computing square roots mod p
Suppose p = 3 (mod 4)
Lemma: if c∈(Zp)* is Q.R. then
√c
= c(p+1)/4 in Zp
Proof:
When p = 1 (mod 4), can also be done efficiently, but a bit harder
run time ≈ O(log3 p)
Dan Boneh
Solving quadratic equations mod p
Solve:
a⋅x2 + b⋅x + c = 0
Solution:
in Zp
x = (-b ± √b2 – 4⋅a⋅c ) / 2a
in Zp
• Find (2a)-1 in Zp using extended Euclid.
• Find square root of b2 – 4⋅a⋅c in Zp (if one exists)
using a square root algorithm
Dan Boneh
Computing e’th roots mod N ??
Let N be a composite number and e>1
When does c1/e in ZN
exist?
Can we compute it efficiently?
Answering these questions requires the factorization of N
(as far as we know)
Dan Boneh
End of Segment
Dan Boneh