8 - SIT281 Week 8 1.  Factorization of composite numbers...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
SIT281 Week 8 1. Factorization of composite numbers 2. Discrete Logarithm
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
PUZZLE 6 Find an irreducible polynomial that could be used to build the field GF(3 7 )
Background image of page 2
Puzzle solution An example is x 7 + x 6 + x 4 + 1 (mod 3) None of 0, 1 -1 is a solution and it has degree 7 .
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Factorization methods Well, we’ve done a couple of them last week, but these are the major ones: 1.The Miller-Rabin test for primality 2. The p -1 Factoring Algorithm 3. The quadratic sieve 4. Exponent factorization
Background image of page 4
Factoring We have looked at some simple methods of factoring and seen how difficult it can be. In the 1990s, some more sophisticated methods were developed, based on situations where the values have certain forms.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The p -1 Factoring Algorithm This was developed by John Pollard in 1974. It is based on an assumption that for one of the primes p in an RSA number n , the number p -1 has only small prime factors. For instance, if p = 281 , then p -1 = 2 3 × 5 × 7 has a factorization into small primes. The idea of the algorithm is that if we choose a large enough number, say B , then the small factors in p -1 would each appear in B factorial.
Background image of page 6
The p -1 Factoring Algorithm cont’d Example If , then is divisible by 2 3 × 5 × 7 . Now if this is true, then write and use Fermat to get for any We can conclude that Therefore and we can compute d . If we have found a non-trivial factor of n . 7! = 7 × 6 × 5 × 4 × 3 × 2 × 1 p | gcd( a B ! 1, n ) = d ,
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The p -1 Factoring Algorithm cont’d Here’s the recipe. Let a = 2 Choose a bound B ( B ! p – 1 is needed) Compute b a B ! (mod n ) (in some efficient way) Let d = gcd ( b – 1, n ) If 1 < d < n , output divisor d of n . Otherwise try a a + 1 and repeat.
Background image of page 8
The p -1 Factoring Algorithm cont’d Example: Let n = 15770708441 . Choose B = 180 . Let b 2 180 (mod 15770708441) = 11620221425. Compute d = gcd( b -1, n ) = 135979 . We get the factorization 15770708441 = (135979)(115979) The reason that factorization worked is that d -1 = 135978 = 2(3)(131)(173) has only small prime factors. Any B 173 would have worked for this n .
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The p -1 Factoring Algorithm cont’d There are two variables in the algorithm, a and B . Adjusting them can be tricky. It is easier to recompute the algorithm above by increasing a as the computational work is lower than if we increase B . The running time of the algorithm is about O( B × log B × log 2 n ) so choosing a small B helps. How do you avoid this attack? Well, don’t use primes p where p -1 has small prime factors.
Background image of page 10
The Quadratic Sieve This idea is based on a result we’ve already seen in primality testing. That is, if you can find ‘different’ values x and y (mod n ) such that x 2 y 2 (mod n ) , then gcd ( x y , n ) is a nontrivial factor of n . Here, ‘different’ means x ± y . (See sections 6.3 and 6.4.1 of the text.)
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The Quadratic Sieve cont’d The idea is somewhat of a trial and error method and again targets small prime factors.
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 0