280wk6_x4 - RSA: Decryption If you get an encrypted message...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: RSA: Decryption If you get an encrypted message C = M e mod n , how do you decrypt Compute C d M ed (mod n ). Can do this quickly using fast exponentiation again Claim: M ed M (mod n ) Proof: Since ed 1 (mod ( p- 1)( q- 1)) ed 1 (mod p- 1) and ed 1 (mod q- 1) Since ed = k ( p- 1) + 1 for some k , M ed = ( M p- 1 ) k M M (mod p ) (Fermats Little Theorem) True even if p | M Similarly, M ed M (mod q ) Since p , q , relatively prime, M ed M (mod n ) (The- orem 10). Note: Decryption would be easy for someone who can factor n . RSA depends on factoring being hard! 1 Digital Signatures How can I send you a message in such a way that youre convinced it came from me (and can convince others). Want an analogue of a certified signature Cool observation: To send a message M , send M d (mod n ) where ( n,e ) is my public key Recipient (and anyone else) can compute ( M d ) e M (mod n ), since M is public No one else could have sent this message, since no one else knows d . 2 Probabilistic Primality Testing RSA requires really large primes. This requires testing numbers for primality. Although there are now polynomial tests, the stan- dard approach now uses probabilistic primality tests Main idea in probabilistic primality testing algorithm: Choose b between 1 and n at random Apply an easily computable (deterministic) test T ( b,n ) such that T ( b,n ) is true (for all b ) if n is prime. If n is composite, there are lots of b s for which T ( b,n ) is false Example: Compute gcd( b,n ). If n is prime, gcd( b,n ) = 1 If n is composite, gcd( b,n ) negationslash = 1 for some b s Problem: there may not be that many witnesses 3 Example: Compute b n- 1 mod n If n is prime b n- 1 1 (mod n ) (Fermat) Unfortunately, there are some composite numbers n such that b n- 1 1 (mod n ) These are called Carmichael numbers There are tests T ( b,n ) with the property that T ( b,n ) = 1 for all b if n is prime T ( b,n ) = 0 for at least 1 / 3 of the b s if n is composite T ( b,n ) is computable quickly (in polynomial time) Constructing T requires a little more number theory Beyond the scope of this course. Given such a test T , its easy to construct a probabilistic primality test: Choose 100 (or 200) b s at random Test T ( b,n ) for each one If T ( b,n ) = 0 for any b , declare b composite This is definitely correct If T ( b,n ) = 1 for all b s you chose, declare n prime This is highly likely to be correct 4 Prelim Coverage Chapter 0: Sets * Operations: union, intersection, complementa- tion, set difference * Proving equality of sets Relations: * reflexive, symmetric, transitive, equivalence re- lations * transitive closure Functions * Injective, surjective, bijective * Inverse function Important functions and how to manipulate them: * exponent, logarithms, ceiling, floor, mod...
View Full Document

This note was uploaded on 10/09/2008 for the course COM S 280 taught by Professor Kleinberg during the Spring '05 term at Cornell University (Engineering School).

Page1 / 7

280wk6_x4 - RSA: Decryption If you get an encrypted message...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online