RA1 and RA2: ModMath and RSA Flashcards
N divides (x - y) iff …
x === y mod N
If x === y mod N and a === b mod N, then …
(x + y) === (a + b) mod N
and
xy === ab mod N
Euclid’s Rule: If x >= y > 0, then gcd(x, y) = …
gcd(y, x mod y)
How do we use Euclid’s Rule to to find gcd(x, y)?
Euclid(x, y):
if y = 0: return x
return Euclid(y, x mod y)
So we recursively use that last line to make the problem smaller until y is 0.
What is the key lemma for the Extended Euclid algorithm (with alpha and beta)?
If d divides both x and y and d = x * alpha + y * beta for integers alpha and beta, then d = gcd(x, y)
What is the Extended Euclid algorithm for computing d = gcd(x, y) and returning the integers alpha and beta such that d = xalpha + ybeta?
ExtEuclid(x, y):
Input: x >= y >= 0
Output: Ints d, alpha, and beta such that d = gcd(x, y) and d = xalpha = ybeta
if y = 0: return (x, 1, 0)
d, alpha’, beta’ = ExtEuclid(y, x mod y)
return (d, beta’, alpha’ - floor(x/y) * beta’)
Modular Exponentiation Algorithm
ModExp(x, y, N):
inputs: x, y, and N such that x, y, N >= 0
output: x^y mod N
if y = 0: return 1
z = ModExp(x, floor(y/2), N)
if y is even: return z^2 mod N
else: return x * z^2 mod N
How do we compute the multiplicative inverse of x mod N, i.e. x^(-1) mod N?
Run ExtEuclid(x, N). This gives you d, alpha, beta. x^(-1) === alpha mod N.
Fermat’s Little Theorem (!!!!)
If p is prime then for every z in 1…p-1, z^(p-1) === 1 mod P, i.e. gcd(z, p) = 1.
What is Euler’s totient function?
phi(N) = (p-1)(q-1) for primes p and q such that N = pq. It gives the number of integers in 1…N-1 that are relatively prime to N.
Euler’s Theorem
Generalization of Fermat’s Little Theorem to all integers.
For N, z such that gcd(z, N) = 1, then z^phi(N) === 1 mod N.
What is the key idea of the RSA algorithm?
Let p be prime. Take b and c such that bc === 1 mod (p-1). This implies bc = 1 + k(p-1) where k is some integer.
This implies we can take a number z in 1…p-1 and do z^(bc) === z^(1 + k(p-1)) === z * z^((p-1)^k) === z mod p. This is because z^(p-1) === 1 mod p, so z^((p-1)^k) === 1^k === 1 mod p.
You can therefore encrypt z by raising to the power b and decrypt by raising that to the power c! However, you need to share the key p.
For a better approach, we replace Fermat’s Little Theorem with Euclid’s Theorem. For primes p and q, let N = pq. Choose d, e such that d*e === 1 mod (p-1)(q-1).
Then z^(de) === z * (z^((p-1)(q-1)))^k === z mod N. This is because z^((p-1)(q-1)) === 1 mod N.
Now we can encrypt by raising z to e, decrypt by raising that to d, and we only have to share N and e! And no one can work out d from that, because they’d need to find p and q from N.
What are the public and private keys for RSA?
Public: (N, e)
Private: d
What is a (relatively) quick way to check whether a number is prime?
If we want to know whether N is prime, we check whether it is divisible by each m s.t. 1 < m <= sqrt(N)
When does a multiplicative inverse exist?
There exists some x^(-1) mod N iff gcd(x, N) = 1.
