This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: RSA: Decryption If you get an encrypted message C = M e mod n , how do you decrypt Compute C d M ed (mod n ). Can do this quickly using fast exponentiation again Claim: M ed M (mod n ) Proof: Since ed 1 (mod ( p 1)( q 1)) ed 1 (mod p 1) and ed 1 (mod q 1) Since ed = k ( p 1) + 1 for some k , M ed = ( M p 1 ) k M M (mod p ) (Fermats Little Theorem) True even if p  M Similarly, M ed M (mod q ) Since p , q , relatively prime, M ed M (mod n ) (The orem 10). Note: Decryption would be easy for someone who can factor n . RSA depends on factoring being hard! 1 Digital Signatures How can I send you a message in such a way that youre convinced it came from me (and can convince others). Want an analogue of a certified signature Cool observation: To send a message M , send M d (mod n ) where ( n,e ) is my public key Recipient (and anyone else) can compute ( M d ) e M (mod n ), since M is public No one else could have sent this message, since no one else knows d . 2 Probabilistic Primality Testing RSA requires really large primes. This requires testing numbers for primality. Although there are now polynomial tests, the stan dard approach now uses probabilistic primality tests Main idea in probabilistic primality testing algorithm: Choose b between 1 and n at random Apply an easily computable (deterministic) test T ( b,n ) such that T ( b,n ) is true (for all b ) if n is prime. If n is composite, there are lots of b s for which T ( b,n ) is false Example: Compute gcd( b,n ). If n is prime, gcd( b,n ) = 1 If n is composite, gcd( b,n ) negationslash = 1 for some b s Problem: there may not be that many witnesses 3 Example: Compute b n 1 mod n If n is prime b n 1 1 (mod n ) (Fermat) Unfortunately, there are some composite numbers n such that b n 1 1 (mod n ) These are called Carmichael numbers There are tests T ( b,n ) with the property that T ( b,n ) = 1 for all b if n is prime T ( b,n ) = 0 for at least 1 / 3 of the b s if n is composite T ( b,n ) is computable quickly (in polynomial time) Constructing T requires a little more number theory Beyond the scope of this course. Given such a test T , its easy to construct a probabilistic primality test: Choose 100 (or 200) b s at random Test T ( b,n ) for each one If T ( b,n ) = 0 for any b , declare b composite This is definitely correct If T ( b,n ) = 1 for all b s you chose, declare n prime This is highly likely to be correct 4 Prelim Coverage Chapter 0: Sets * Operations: union, intersection, complementa tion, set difference * Proving equality of sets Relations: * reflexive, symmetric, transitive, equivalence re lations * transitive closure Functions * Injective, surjective, bijective * Inverse function Important functions and how to manipulate them: * exponent, logarithms, ceiling, floor, mod...
View
Full
Document
This note was uploaded on 10/09/2008 for the course COM S 280 taught by Professor Kleinberg during the Spring '05 term at Cornell University (Engineering School).
 Spring '05
 KLEINBERG

Click to edit the document details