Data Structures for Java Data Structures for Java

William H. Ford William H. Ford William R. Topp William R. Topp

Chapter 28 Chapter 28

Number Theory and Encryption Number Theory and Encryption

Bret Ford

Basic Number Theory Concepts Basic Number Theory Concepts



a a divides divides b if b = a * h for some b if b = a * h for some integer h.

integer h.



An integer p is a An integer p is a prime prime if p if p   2 and p has 2 and p has two only two divisors 1 and p.

two only two divisors 1 and p.



A A composite number composite number is the product of two is the product of two integers

integers   2 called factors. 2 called factors.



The The greatest common divisor greatest common divisor of a and b of a and b

(gcd(a,b))is the largest integer that divides (gcd(a,b))is the largest integer that divides

both a and b.

both a and b.

Basic Number Theory Concepts Basic Number Theory Concepts

(continued) (continued)

 Integers a and b are relatively prime if Integers a and b are relatively prime if gcd(a,b) is 1.

gcd(a,b) is 1.

 The Greek mathematician Euclid provided The Greek mathematician Euclid provided an elegant recursive algorithm for

an elegant recursive algorithm for

computing gcd(a,b). The algorithm, called computing gcd(a,b). The algorithm, called the the Euclidean Algorithm Euclidean Algorithm , computes , computes

gcd(a,b) using the identity gcd(a,b) using the identity

gcd(a,b) = gcd(b, a%b)

gcd(a,b) = gcd(b, a%b)

and the stopping condition

and the stopping condition

Basic Number Theory Concepts Basic Number Theory Concepts

(continued) (continued)

EuclidGCD(a,b)

Assume a and b are nonnegative integers if (b == 0)

gcd(a,b) = a; // stopping condition.

else

gcd(a,b) = g(b, a% b) // recursive step Examples

1. Let a = 54, b = 30

gcd(54,30) = gcd(30,54 % 30) = gcd(30,24) gcd(30,24) = gcd(24,30 % 24) = gcd(24,6) gcd(24,6) = gcd(6,24 % 6) = gcd(6,0) gcd(6,0) = 6 // stop: gcd(54,30) = 6 2. Let a = 45, b = 16

gcd(45,16) = gcd(16,45 % 16) = gcd(16,13) gcd(16,13) = gcd(13,16 % 13) = gcd(13,3) gcd(13,3) = gcd(3,13 % 3) = gcd(3,1)

Basic Number Theory Concepts Basic Number Theory Concepts

(continued) (continued)

 An expression of the form b*x + c*y is a An expression of the form b*x + c*y is a linear combination

linear combination of b and c. of b and c.

 An extension of the Euclidean algorithm An extension of the Euclidean algorithm uses the chain of recursive calls to

uses the chain of recursive calls to

represent gcd(a,b) as a linear combination represent gcd(a,b) as a linear combination

of a and b; that is, the algorithm of a and b; that is, the algorithm

determimes integers i and j such that determimes integers i and j such that

gcd(a,b) = a * i + b * j for some integers i and j

gcd(a,b) = a * i + b * j for some integers i and j

Basic Number Theory Concepts Basic Number Theory Concepts

(continued (continued

Examples

1. Let a = 54, b = 30. The extended Euclid's algorithm determines that gcd(54, 30) = 6 and finds integers i = -1 and j = 2 such that 6 is a linear combination of 54 and 30.

6 = gcd(54,30) = 54 * -1 + 30 * 2 // i = -1, j = 2 = -54 + 60

2. Let a = 45, b = 16. The extended Euclid's algorithm determines that gcd(45, 16) = 1 and finds integers i = 5 and j = -14 such that 1 is a linear combination of 45 and 16.

1 = gcd(45,16) = 45 * 5 + 16 * -14 // i = 5, j = -14 = 225 + -224

Modular Arithmetic Modular Arithmetic



A traditional view for the set of A traditional view for the set of

integers is a line that marks discrete values centered integers is a line that marks discrete values centered

about 0. The integers are an unbounded linear about 0. The integers are an unbounded linear

collection of numbers.

collection of numbers.



Taking the remainder after division by a positive Taking the remainder after division by a positive number n, maps the integers into a finite set of number n, maps the integers into a finite set of

integers in the range [0, n). The mapping uses the integers in the range [0, n). The mapping uses the

mod operator

mod operator % For an integer a, the mapping is a % For an integer a, the mapping is a -> a % n.

-> a % n.

Modular Arithmetic (continued) Modular Arithmetic (continued)

 a = b (mod n) if and only if b - a = n * k a = b (mod n) if and only if b - a = n * k for some integer k. We say a is congruent for some integer k. We say a is congruent

to b modulo n.

to b modulo n.

Example: Assume n = 15

18 = 3 (mod 15) 18 - 3 = 15 = 15 * 1 // k = 1 50 = 5 (mod 15) 50 - 5 = 45 = 15 * 3 // k = 3

Modular Arithmetic (continued) Modular Arithmetic (continued)

 Define Z(n) = {0,1,2. . . n-1} with Define Z(n) = {0,1,2. . . n-1} with

operators +, *, and ^ (exponent). Results operators +, *, and ^ (exponent). Results

are computed modulo n.

are computed modulo n.

Arithmetic Operations in Z(n)

Add (+): a + b = (a + b) (mod n) Multiply (*): a * b = (a*b) (mod n)

Exponent(^): (a)^e = (a^e) (mod n) // exponent is e

Add(+): 7 + 11 = 18 (mod 15) = 3 Multiply(*): 7 * 11 = 77 (mod 15) = 2 Exponent(^): 7² = 49 (mod 15) = 4

Modular Arithmetic (continued) Modular Arithmetic (continued)

 If a is in Z(n) and gcd(a,n) = 1, then a has If a is in Z(n) and gcd(a,n) = 1, then a has a an inverse in Z(n); there exists an i in

a an inverse in Z(n); there exists an i in Z(n) such that a*i = 1 (mod n)

Z(n) such that a*i = 1 (mod n)



Let a be a number in Z(n), then a has a Let a be a number in Z(n), then a has a

multiplicative inverse if and only if a and n are multiplicative inverse if and only if a and n are

relatively prime (gcd(a,n) = 1).

relatively prime (gcd(a,n) = 1).

Examples: Assume n = 15

1. 1 = gcd(7, 15) = 7 * 13 + 15 * -6. Inverse of 7 is 13.

2. 1 = gcd(2, 15) = 2 * 8 + 15 * -1 Inverse of 2 is 8.

Euler's Totient Function Euler's Totient Function

 Euler totient function Euler totient function   (n) is the number (n) is the number of integers in Z(n) relatively prime to n.

of integers in Z(n) relatively prime to n.

Examples:

1. (5) = 4 (numbers 1, 2, 3, and 4 are relatively prime to 5) 2. (6) = 2 (numbers 1 and 5 are relatively prime to 6)

3. (7) = 6 (numbers 1, 2, 3, 4, 5, and 6 are relatively prime to 7)

4. (15) = 8 (numbers 1, 2, 4, 7, 8, 11, 13, and 14 are relatively prime to 15)

Euler's Totient Function Euler's Totient Function

(continued) (continued)

 If n is prime, If n is prime,   (n) = n-1 (n) = n-1

 If p and q are prime, If p and q are prime,

  (pq) = (pq) =   (p) * (p) *   (q) = (p-1)(q-1). (q) = (p-1)(q-1).

 Euler's Theorem: Euler's Theorem:



Let n be a positive integer and let a be an Let n be a positive integer and let a be an integer such that gcd(a,n) = 1. Then

integer such that gcd(a,n) = 1. Then

a a

^(n(n))

= 1 (mod n). = 1 (mod n).

Euler's Totient Function Euler's Totient Function

(concluded) (concluded)

  (n) (n) a a gcd(a,n) = 1 gcd(a,n) = 1 a a

^(n)(n)

(mod n) (mod n)

  (5) = 4 (5) = 4 3 3 gcd(3,5) = 1 gcd(3,5) = 1 3 3

⁴⁴

=81=1(mod 5) =81=1(mod 5)

  (6) = 2 (6) = 2 5 5 gcd(5,6) = 1 gcd(5,6) = 1 5 5

²²

=25=1(mod 6) =25=1(mod 6)

  (7) = 6 (7) = 6 2 2 gcd(2,7) = 1 gcd(2,7) = 1 2 2

⁶⁶

=64=1(mod 7) =64=1(mod 7)

  (15) = 8 (15) = 8 4 4 gcd(4,15) = 1 gcd(4,15) = 1 4 4

⁸⁸

=65536=1(mod 15) =65536=1(mod 15)

Secure Message Passing Secure Message Passing

 View the customer as a client process and View the customer as a client process and the retailer as a server process. To send a the retailer as a server process. To send a

message, the client encrypts the message, the client encrypts the

information into numeric data and information into numeric data and

transmits it across the Internet. The transmits it across the Internet. The

retailer decrypts the data back to the retailer decrypts the data back to the

original message. The techniques for original message. The techniques for

encryption and decryption are called encryption and decryption are called

cryptograpy

cryptograpy . _.

Secure Message Passing Secure Message Passing

(continued) (continued)

 RSA data encryption uses a public-key and RSA data encryption uses a public-key and a private-key to encrypt and decrypt a

a private-key to encrypt and decrypt a message.

message.



The server retains the secret key but sends the The server retains the secret key but sends the public key to the client who uses it to encrypt a public key to the client who uses it to encrypt a message. The term "public" is meaningful. The message. The term "public" is meaningful. The

server makes no attempt to hide the value from server makes no attempt to hide the value from

an eavesdropper when sending the key. The

an eavesdropper when sending the key. The

client uses the public key even though it may

client uses the public key even though it may

Secure Message Passing Secure Message Passing

(continued)

(continued)

Creating Keys for RSA Creating Keys for RSA

Encryption Encryption



Begin by selecting (at random) two Begin by selecting (at random) two

prime numbers p and q and form the product prime numbers p and q and form the product

n = p * q.

n = p * q.



Let t be the value of the Euler totient Let t be the value of the Euler totient function for a product of primes.

function for a product of primes.

t = t =   (n) = (p - 1) * (q - 1) (n) = (p - 1) * (q - 1)



Select at random an encryption key e subject Select at random an encryption key e subject to the conditions e < t and

to the conditions e < t and

gcd(e, t) = 1. The public key is the pair (e,n).

gcd(e, t) = 1. The public key is the pair (e,n).

Creating Keys for RSA Creating Keys for RSA Encryption (concluded) Encryption (concluded)

 Compute the decryption key d which is the Compute the decryption key d which is the inverse of e modulo t. Use the extended

inverse of e modulo t. Use the extended Euclidean algorithm to find d.

Euclidean algorithm to find d.

1 = gcd(e,t) = e * d + t * j 1 = gcd(e,t) = e * d + t * j

for some integers d and j for some integers d and j The private key is the pair (d,n).

The private key is the pair (d,n).

Using Keys for RSA Encryption Using Keys for RSA Encryption

 Theorem (RSA) Theorem (RSA)



Let n = p * q where p and q are prime Let n = p * q where p and q are prime

numbers and let e and d be encryption and numbers and let e and d be encryption and

decryption keys; that is 1 = e * d (mod t) decryption keys; that is 1 = e * d (mod t)

where t = (p - 1) * (q - 1). Then for any where t = (p - 1) * (q - 1). Then for any

integer a in Z(n), integer a in Z(n),

a = a

a = a

^e*de*d

(mod n) (mod n)

Using Keys for RSA Encryption Using Keys for RSA Encryption

(continued) (continued)



Assume M in Z(n) is a numeric Assume M in Z(n) is a numeric

representation of a message and let representation of a message and let

C = M

C = M

^ee

(mod n). (mod n).



C C

^dd

(mod n) = (M (mod n) = (M

^ee

(mod n)) (mod n))

^dd

(mod n) = M (mod n) = M

^e*de*d

(mod n) = M.

(mod n) = M.



Using the RSA algorithm securely requires Using the RSA algorithm securely requires using large primes p and q for n = p*q. It using large primes p and q for n = p*q. It

relies on the fact that it is very, very hard to relies on the fact that it is very, very hard to

find the factors p, q of n.

find the factors p, q of n.

Using Big Integers Using Big Integers

 The class BigInteger allows for the The class BigInteger allows for the

creation and manipulation of integers with creation and manipulation of integers with

an arbitrarily large number of digits. Aside an arbitrarily large number of digits. Aside

from addition, etc. there are methods that from addition, etc. there are methods that

implement modular arithmetic, evaluate implement modular arithmetic, evaluate

the GCD, and generate prime numbers.

the GCD, and generate prime numbers.

The static constant ONE defines the The static constant ONE defines the

BigInteger value 1. The class provides the BigInteger value 1. The class provides the

tools for RSA encryption.

tools for RSA encryption.

Using Big Integers (continued) Using Big Integers (continued)

// convert a String to a BigInteger representation String message;

BigInteger bigInt = new BigInteger(message.getBytes());

// convert a BigInteger to a String BigInteger bigInt;

String message = new String(bigInt.toByteArray())

BigInteger Class BigInteger Class

// The BigInteger constant one static BigInteger ONE

// returns a BigInteger whose value is (this + val) BigInteger add(BigInteger val)

// returns a BigInteger value which is the // inverse of this (mod n)

BigInteger modInverse(BigInteger n)

// returns a BigInteger value this^exp (mod n) BigInteger modPow(BigInteger exp, BigInteger n)

// returns a BigInteger whose value is (this * val) BigInteger multiply(BigInteger val)

// returns a BigInteger whose value is (this - val) BigInteger subtract(BigInteger val)

Program 28.1 Program 28.1

import java.math.BigInteger;

public class Program28_1 {

public static void main(String[] args) {

// define Z(n)

BigInteger p, q, n;

// used for keys BigInteger t, e, d;

// sent and received messages String clientMsg, serverMsg;

// BigInteger variables for data encryption

BigInteger strData, encryptedData, decryptedData;

// create BigInteger objects p = 5, q = 11

Program 28.1 (continued) Program 28.1 (continued)

// compute n = p * q n = p.multiply(q);

// use BigInteger operations to // compute t = (p-1)*(q-1)

t = p.subtract(BigInteger.ONE).multiply(

q.subtract(BigInteger.ONE));

// create BigInteger e = 3 which is

// relatively prime to t; that is, (e,t)=1 e = new BigInteger("3");

// modInverse() returns d, the inverse // of e (mod t); that is, e*d = 1 (mod t) d = e.modInverse(t);

Program 28.1 (continued) Program 28.1 (continued)

// convert the single character // string "1" to a BigInteger clientMsg = "1";

strData = new BigInteger(clientMsg.getBytes());

System.out.println("Client message: \"" + clientMsg + "\" Data value: " + strData);

// use modPow() to encrypt strData by // raising it to power e mod n

encryptedData = strData.modPow(e,n);

System.out.println("Encrypted data: " + encryptedData);

// decrypt the encrypted data by raising // it to power d mod n

decryptedData = encryptedData.modPow(d,n);

System.out.println("Decrypted data: " +

Program 28.1 (concluded) Program 28.1 (concluded)

// convert BigInteger back to a string

serverMsg = new String(decryptedData.toByteArray());

System.out.println("Server message: \"" + serverMsg + "\"");

} }

Run:

Client message: "1" Data value: 49 Encrypted data: 4

Decrypted data: 49 Server message: "1"

BigInteger Prime Numbers BigInteger Prime Numbers

 The BigInteger class has methods that The BigInteger class has methods that produce random prime numbers of

produce random prime numbers of arbitrary size. The static method arbitrary size. The static method

probablePrime() returns a positive probablePrime() returns a positive

BigInteger object that is probably prime, BigInteger object that is probably prime,

with a specified bit length. The probability with a specified bit length. The probability

that the integer is prime is

that the integer is prime is ≥ ≥ 1-2 1-2

^-100.-100.

public static BigInteger probablePrime(int bitLength, Random rnd)

BigInteger Prime Numbers BigInteger Prime Numbers

(continued) (continued)

 A brute-force method discovers a number A brute-force method discovers a number e such that gcd(e,t) = 1. It uses a

e such that gcd(e,t) = 1. It uses a constructor that creates randomly constructor that creates randomly

generated BigInteger prime numbers, generated BigInteger prime numbers,

which are uniformly distributed over the which are uniformly distributed over the

range 0 to 2

range 0 to 2

^{numBits 1numBits 1‑‑}

, inclusive. , inclusive.

BigInteger Prime Numbers BigInteger Prime Numbers

(concluded) (concluded)

// returns a number relatively prime to t

public static BigInteger randomModValue(BigInteger t) {

BigInteger k = null;

Random rnd = new Random();

// generate a sequence of random numbers and exit // the loop when the number is relatively prime to t do

{

// random number k is in the range 0 to 264 -1 k = new BigInteger(64,rnd);

} while(!t.gcd(k).equals(BigInteger.ONE));

return k;

RSA Client and Server RSA Client and Server

 In the software supplement, you can find In the software supplement, you can find RSAServer and RSAClient programs that RSAServer and RSAClient programs that

use encryption for client/server message use encryption for client/server message

handling.

handling.

RSA Client and Server RSA Client and Server

(continued)

(continued)

Implementing Euclid's GCD Implementing Euclid's GCD

Algorithms Algorithms

// compute the greatest common divisor // of the nonnegative integers a and b // where both a and b cannot be 0

int gcd(int a, int b) {

if (b == 0)

return a; // a divides a and 0 else

return gcd(b, a%b); // recursive step }

Implementing Euclid's GCD Implementing Euclid's GCD

Algorithms (continued) Algorithms (continued)

// variables defined outside the scope of extGCD() static int i;

static int j;

...

// computes values i, j such that // gcd(a,b) = a * i + b * j

public static void extGCD(int a, int b) {

int x, y;

// stopping condition corresponds to // gcd(a,0) = a; the linear combination // is gcd(a,b) = a * 1 + b * 0; assign // i = 1 and j = 0

if (b == 0) {

Implementing Euclid's GCD Implementing Euclid's GCD

Algorithms (continued) Algorithms (continued)

else {

extGCD(b,a%b);

// gcd(b, a%b) = b*i + (a%b)*j;

// recompute i and j so gcd(a, b) = a*i + b*j // save i and j in x and y

x = i;

y = j;

// update i and j in terms of x, y, and a/b i = y;

j = x - (a/b) * y;

}