Transcript Topics
Università di Padova - Scuola di Scienze - a.a. 2016-2017 Programma di Crittografia (Cryptography) svolto per lezioni - Daily topics - A. Languasco
1 Schedule : Monday and Tuesday, 09.30-11.30. Room 2BC60, Torre Archimede. First Lecture: October 3rd.
Trial dates : 01/31/2017, room 1A150, 9:30-12:00; 02/22/2017, room 1A150, 9:30-12:00; 06/16/2017, room 1A150, 9:30-12-00; 07/05/2017, room 1AD100, 9:30-12-00; 09/19/2017, v 1AD100, 9:30-12:00.
Remark
: The main references are [ 5 ] (in Italian) and the Addenda [ 4 ] (partly in Italian and
partly in English). People coming from abroad can also use the references listed at the bottom of the daily summaries or at the end of every single topic.
0.1
RSA-challenge factoring problem
On May 13rd 2016, RSA-220 was factored; RSA-220 is a number having 220 decimal digits which was enlisted as one of the RSA-challenges . S. Bai, P. Gaudry, A. Kruppa, E. Thomé and P. Zimmermann, see
RSA220 = 226013852620340578494165404861019751350803891571977671832119776810944564181 796667660859312130658257725063156288667697044807000181114971186300211248792819948748 2066070131066586646083327982803560379205391980139946496955261 has the following two prime factors p = 686365641226756627438237149928843780013084223997916484462124499332154106144146426 67938213644208420192054999687 q = 329290743948634981204930154921293529191645519653623395246268605116929034930946524 63337824866390738191765712603 T OPICS W EEK 1.
Lecture 1 (10/03/2016).
Overview. First definition of a Cryptosystem. Classical and Modern Cryp tosystems. Enciphering and Deciphering keys and their role in the classification. Example: Caesar’s
method. Heuristics about RSA. Overview of the RSA method. (Ref. Koblitz [ 3 ])
Lecture 2 (10/04/2016).
Definition of a bit operation. Computational complexity of sum, difference, product and division of two integers. How to use Bezout formula to compute modular inverses. (Ref. Koblitz
W EEK 2.
Lecture 3 (10/10/2016).
Computational complexity of the product of s > 2 integers. The Square and Multiply Method (to compute a m and a m mod
Square and Multiply Method. (Ref. Koblitz [ 3
n ) and its computational complexity. Pseudocode for the
]). How to compute the order of an element in
Z ∗ n and its computational complexity.
Lecture 4 (10/11/2016).
Computation of the b -expansion of an integer. Computing ( x + b ) n mod ( x r − 1 , n )
W EEK 3.
Lecture 5 (10/17/2016).
The Euclidean Theorem on the gcd. The Euclidean Algorithm. The length of the loop of the Euclidean Algorithm. Lemma about the rate of growth of the quotients of the Euclidean File last updated on: Tuesday 15 th November, 2016, 12:52
Università di Padova - Scuola di Scienze - a.a. 2016-2017 Programma di Crittografia (Cryptography) svolto per lezioni - Daily topics - A. Languasco
2 Algorithm. The Extended Euclidean Algorithm. The length of the loop of the Extended Euclidean Algorithm. Definition and some properties of the sequences a k , b k of the Extended Euclidean Algo-
This lecture stopped at 10:40 due to a blackout.
Lecture 6 (10/18/2016).
Computational complexity of the Euclidean Algorithm and of the Extended
Euclidean Algorithm (Ref. Shoup [ 7 ]). Square roots of 1 modulo a prime. Square roots of 1 modulo
n = pq , p , q
distinct odd primes. (Ref. Koblitz [ 3 ]) Definition of the Euler totient function. On the Euler
totient function: ∑ d | n ϕ ( d ) = n attacking RSA via computing and ϕ ( m , n X ) , is a multiplicative function.
m randomly chosen and n X ϕ ( n ) = n ∏ p | n ( 1 − 1 / p ) . The cost of
W EEK 4.
Lecture 7 (10/24/2016).
Wilson’s Theorem; computational remarks. A direct proof of Fermat Theo-
rem. Pseudoprimality, remarks on Carmichael numbers and their distribution. (Ref. Koblitz [ 3 ]) The
Miller-Rabin Theorem. Strong pseudoprimality. Miller-Rabin probabilistic primality algorithm. As suming GRH, the Miller-Rabin method becomes a deterministic polynomial primality test (not proved).
(Ref. Koblitz [ 3 ]). Remarks on the Riemann Zeta function and RH (this will not be asked during the
exam).
Lecture 8 (10/25/2016).
Computational complexity of the Miller-Rabin test. (Ref. Koblitz [ 3 ]). The
Agrawal, Kayal, Saxena (AKS) Theorem (not proved). The AKS Algorithm and its correctness. (Ref.
Granville [ 2 ] + AKS paper [ 1 ]).
W EEK 5.
Lecture 9 (11/07/2016).
Basic algorithms: d -root of n and its computational complexity. Lemmas used to prove the computational complexity of the AKS algorithm. Computational complexity of the AKS
algorithm (Ref. Granville [ 2 ] + AKS paper [ 1 ]).
Lecture 10 (11/08/2016).
RSA: ϕ ( n X ) has to be kept secret. Eratosthenes’ Sieve: description. Compu tational complexity of Eratosthenes’ Sieve. Analytic tools to estimate the computational complexity of Eratosthenes’ Sieve. Factoring algorithms: Trial division method for factoring integers.
W EEK 6.
Lecture 11 (11/14/2016).
Fermat factoring method. About the Birthday Paradox. Pollard’s
(Floyd iteration included). (Ref. Koblitz [ 3 ])
ρ method Lecture 12 (11/15/2016).
Factoring algorithms: Pollard’s p − 1 method. Remarks on Pomerance’s
Quadratic Sieve factoring method. (Ref. Koblitz [ 3 ] and Pomerance [ 6 ]) Few words on the digital
signature. Definition of Digital signature using a public-key method; simpler case, digital signature with
message integrity. (Ref. Koblitz [ 3 ]).
References
[1] M. Agrawal, N. Kayal, and N. Saxena, PRIMES is in P , Annals of Mathematics 160 (2004), 781– 793, http://annals.math.princeton.edu/wp-content/uploads/annals-v160-n2-p12.pdf
.
[2] A. Granville, It is easy to determine whether a given integer is prime , Bulletin Amer. Math. Soc.
42 (2005), 3–38, http://www.ams.org/bull/2005-42-01/S0273-0979-04-01037-7/home.html
.
File last updated on: Tuesday 15 th November, 2016, 12:52
Università di Padova - Scuola di Scienze - a.a. 2016-2017 Programma di Crittografia (Cryptography) svolto per lezioni - Daily topics - A. Languasco
3 [3] N. Koblitz, A Course in Number Theory and Cryptography , second ed., Springer-Verlag, 1994.
[4] A. Languasco and A. Zaccagnini, Addenda for the cryptography course , (2015), Available on-line http://www.math.unipd.it/~languasc/corso-crittografia/Addenda-Crypto.pdf
.
[5] A. Languasco and A. Zaccagnini, Manuale di Crittografia , Ulrico Hoepli Editore, 2015, //www.hoepli.it/libro/manuale-di-crittografia/9788820366902.html
.
http: [6] C. Pomerance, A tale of two sieves , Notices American Mathematical Society 43 (1996), 1473–1485.
[7] V. Shoup, A Computational Introduction to Number Theory and Algebra , Cambridge U. P., 2005.
[8] P. Zimmermann, Factorisation of RSA-220 with CADO-NFS , 2016, inria.fr/pipermail/cado-nfs-discuss/2016-May/000626.html
.
https://lists.gforge.
File last updated on: Tuesday 15 th November, 2016, 12:52