RSA and Eisenstein Integers

RSA Cryptosystem and Eisenstein Integers Cahlen Humphreys Math 406: Number Theory

May 9, 2013

Introduction

The RSA cryptosystem is a public-key cryptography alogrithm in which security is dependent upon the difficulty of factoring a number which is the product of two large primes [1].

Introduction

The RSA cryptosystem is a public-key cryptography alogrithm in which security is dependent upon the difficulty of factoring a number which is the product of two large primes [1]. Developed in 1977.

Introduction

The RSA cryptosystem is a public-key cryptography alogrithm in which security is dependent upon the difficulty of factoring a number which is the product of two large primes [1]. Developed in 1977. Ron [R]ivest, Adi [S]hamir, and Leonard [A]dleman.

Introduction

The Eisenstein integers are a commutative ring Z[ω], and are of the form z = a + b ω . They are named after the mathematician Gotthold Eisenstein, and are also know informally as Eulerian integers . In the complex plane Eisentstein integers from a triangle lattice, as pictured above.

Introduction

The Eisenstein integers are a commutative ring Z[ω], and are of the form z = a + b ω . They are named after the mathematician Gotthold Eisenstein, and are also know informally as Eulerian integers . In the complex plane Eisentstein integers from a triangle lattice, as pictured above. Z[ω ] =



a + b ω : a, b

∈ Z, ω =

√ −1 + i 3 2



Table of Contents

I RSA Algorithm

Table of Contents

I RSA Algorithm i Description of the algorithm

Table of Contents

I RSA Algorithm i Description of the algorithm ii Example

Table of Contents


II Eisenstein Integers

Table of Contents


II Eisenstein Integers i Description (Some lemmas and theorems)

Table of Contents


II Eisenstein Integers i Description (Some lemmas and theorems) ii Euclidean Domain Proof

Table of Contents


II Eisenstein Integers i Description (Some lemmas and theorems) ii Euclidean Domain Proof iii Primes

Table of Contents


II Eisenstein Integers i ii iii iv

Description (Some lemmas and theorems) Euclidean Domain Proof Primes Example of GCD

RSA Algorithm

Suppose Alice and Bob want to communicate in a private manner. 1 Bob creates a private key.

RSA Algorithm

Suppose Alice and Bob want to communicate in a private manner. 1 Bob creates a private key. 1

Choose two large primes p , q

∈ Z.

RSA Algorithm

Suppose Alice and Bob want to communicate in a private manner. 1 Bob creates a private key. 1 2

Choose two large primes p , q Z. Let N = pq , we call N the public modulus.

∈

RSA Algorithm

Suppose Alice and Bob want to communicate in a private manner. 1 Bob creates a private key. 1 2 3

Choose two large primes p , q Z. Let N = pq , we call N the public modulus. Take φ(N ). ).

∈

RSA Algorithm



∈

φ(N ) = φ(pq ) = φ(p )φ(q ) = (p − 1)(q − 1), because p , q are primes.

RSA Algorithm



∈

φ(N ) = φ(pq ) = φ(p )φ(q ) = (p − 1)(q − 1), because p , q are primes. 4

Choose e

∈ Z such that 0 < e < φ(N ),), and and gcd gcd (e , φ(N )) )) = 1.

RSA Algorithm



∈

φ(N ) = φ(pq ) = φ(p )φ(q ) = (p − 1)(q − 1), because p , q are primes. 4 5

Choose e Z such that 0 < e < φ(N ), ) , and and gcd gcd (e , φ(N )) )) = 1. Let d e −1 mod φ(N ). ). (ie. d is the multiplcative inverse of e modulo φ(N )) ))

≡

∈

RSA Algorithm



∈

φ(N ) = φ(pq ) = φ(p )φ(q ) = (p − 1)(q − 1), because p , q are primes. 4 5

6

Choose e Z such that 0 < e < φ(N ), ) , and and gcd gcd (e , φ(N )) )) = 1. Let d e −1 mod φ(N ). ). (ie. d is the multiplcative inverse of e modulo φ(N )) )) Bob’s public key is (e (e , N ), ), and private key is d .

≡

∈

RSA Algorithm

Alice, pictured above, has a message which she wishes to send to Bob in a private manner. Let the message M < N be some integer value after converting the message into numbers.

RSA Algorithm

Alice, pictured above, has a message which she wishes to send to Bob in a private manner. Let the message M < N be some integer value after converting the message into numbers. 1 Alice takes Bob’s public key (e (e , N ) and performs the following operation:

RSA Algorithm

Alice, pictured above, has a message which she wishes to send to Bob in a private manner. Let the message M < N be some integer value after converting the message into numbers. 1 Alice takes Bob’s public key (e (e , N ) and performs the following operation: C = M e mod N

RSA Algorithm

Alice, pictured above, has a message which she wishes to send to Bob in a private manner. Let the message M < N be some integer value after converting the message into numbers. 1 Alice takes Bob’s public key (e (e , N ) and performs the following operation: C = M e mod N C is Alice’s ciphertext. Alice then sends C to Bob.

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message.

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message. 1 Bob takes C and and is able to retrieve M by the following computation:

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message. 1 Bob takes C and and is able to retrieve M by the following computation: M = C d mod N .

RSA Algorithm Overview

1

Choose primes p , q

2

Let N = pq .

3

Choose e

4

∈ Z.

gcd(e , φ(N )) )) = 1. ∈ Z such that 0 < e < φ(N ) and gcd(e Find multiplicative inverse of e , d ≡ e −1 mod φ(N ). ).

5

(e , N ) - Public Key.

6

d - Private Key.

7

Take a message M Z such that M < N . Encrypt: C = M e mod N .

8

∈

C - Ciphertext 9

Decrypt: M = C d mod N .

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143. Then φ(N ) = (11

− 1)(13 − 1) = (10)(12) = 120.

RSA Example


− 1)(13 − 1) = (10)(12) = 120.

Let e = 23, and note 0 < 23 < 12 120, 0, and gcd gcd (23 (23, 120) = 1.

RSA Example


− 1)(13 − 1) = (10)(12) = 120.

Let e = 23, and note 0 < 23 < 12 120, 0, and gcd gcd (23 (23, 120) = 1. Then d = 47, because 47 23

· ≡1

mod 120.

RSA Example


− 1)(13 − 1) = (10)(12) = 120.


· ≡1

mod 120.

Let our message converted to a number be M = 75.

RSA Example


− 1)(13 − 1) = (10)(12) = 120.


· ≡1

mod 120.

Let our message converted to a number be M = 75. To find C we compute 7523 mod 143, and find that C = 69, where C is our ciphertext.

RSA Example


− 1)(13 − 1) = (10)(12) = 120.


· ≡1

mod 120.

Let our message converted to a number be M = 75. To find C we compute 7523 mod 143, and find that C = 69, where C is our ciphertext. To retrieve our message we compute 6947 mod 143 = 75.

Eisenstein Integers The Eisenstein integers can be described as the set Z[ω ] =



a + b ω : a, b

∈ Z, ω =

√ −1 + i 3 2



Eisenstein Integers The Eisenstein integers can be described as the set Z[ω ] =



a + b ω : a, b

∈ Z, ω =

√ −1 + i 3 2



Lemma (1) ω2 = ω ¯: 2

ω =

−

√ 1 + i 3 2

 −

√ 1 + i 3 2



=

1+

i 2 (3)

√ √ − i 3 − i 3 4

√ − 2 − 2i 2 = 4 √ −1 − i 3 =

=ω ¯

2

Eisenstein Integers Lemma (2) ω2 + ω + 1 = 0


Lemma (3) ωω ¯ = ω ω2 = ω3 = 1


Lemma (3) ωω ¯ = ω ω2 = ω3 = 1

Lemma (4) ω ¯ = 1 ω. Proof. From Lemma 2 we have ω 2 + ω + 1 = 0, 0, and from Lemma 1 we have that ω 2 = ω ¯ . So we simply substitute:

− −

ω2 + ω + 1 = 0 =

⇒ =⇒

ω ¯ +ω+1=0 ω ¯=

−1 − ω 

Z[ω ] forms a Euclidean Domain

The next thing we want to show is that Z[ω ] forms a Euclidean domain.


The next thing we want to show is that Z[ω ] forms a Euclidean domain. Why do we care?


The next thing we want to show is that Z[ω ] forms a Euclidean domain. Why do we care? ED =

⇒

UFD (Unique Factorization) [2]


The next thing we want to show is that Z[ω ] forms a Euclidean domain. Why do we care? ED = UFD (Unique Factorization) [2] Division Algo Algorithm rithm

⇒


The next thing we want to show is that Z[ω ] forms a Euclidean domain. Why do we care? ED = UFD (Unique Factorization) [2] Division Algo Algorithm rithm Modular Arithmetic

⇒


The next thing we want to show is that Z[ω ] forms a Euclidean domain. Why do we care? ED = UFD (Unique Factorization) [2] Division Algo Algorithm rithm Modular Arithmetic

⇒

Things we need for RSA.


Definition Given α = a + b ω Z[ω ], Define N : Z[ω ] 0 Z:α

∈ \{ } →

ab + b 2 . → N (α) = αα¯ = a2 − ab +



∈ \{ } →

ab + b 2 . → N (α) = αα¯ = a2 − ab +

Theorem Given α, β

∈ Z[ω], then the norm function is multiplicative. N (αβ ) = N (α)N (β )



∈ \{ } →

ab + b 2 . → N (α) = αα¯ = a2 − ab +

Theorem Given α, β

∈ Z[ω], then the norm function is multiplicative. N (αβ ) = N (α)N (β )

Theorem (4) Given α, β

∈ Z[ω], there exists u , v ∈ Q such that β/α = u + u + v ω v ω .


We now have what we need to prove that Z[ω ] forms a Euclidean Domain.


We now have what we need to prove that Z[ω ] forms a Euclidean Domain.

Theorem Z[ω ] forms a Euclidean Domain under the norm N (a + b ω ) = a2

ab + b 2 . − ab +

Primes in Z[ω ] Lemma The only units of Z[ω ] are 1, ω , and ω 2 . (ie. The only numbers in Z[ω ] such that the the norm is equal to 1).

± ±

±

N ( 1 + 0ω 0 ω ) = 12

± − 1(0) + 02 = 1 N (0 (0 ± ω ) = 02 − 0(1) + 12 = 1 N (0 (0 ± ω 2 ) = N (−1 − ω ) = N (1 (1 + ω ) = 12 − 1(1) + 12 = 1 Recall, Lemma 3 implies that ω 2 =

−1 − ω and −ω2 = 1 + ω.

Primes in Z[ω ] Lemma The only units of Z[ω ] are 1, ω , and ω 2 . (ie. The only numbers in Z[ω ] such that the the norm is equal to 1).

± ±

±

N ( 1 + 0ω 0 ω ) = 12

± − 1(0) + 02 = 1 N (0 (0 ± ω ) = 02 − 0(1) + 12 = 1 N (0 (0 ± ω 2 ) = N (−1 − ω ) = N (1 (1 + ω ) = 12 − 1(1) + 12 = 1 Recall, Lemma 3 implies that ω 2 =

−1 − ω and −ω2 = 1 + ω.

Definition An Eisenstein prime is a number that cannot be expressed as a product of other Eisenstein integers. The only factors are itself, its conjugate, and the units 1, ω, ω 2 .

± ± ±

Primes in Z[ω ]

Primes in Z[ω ] fall into one of three categories:

Primes in Z[ω ]

Primes in Z[ω ] fall into one of three categories: 1

(1

− ω), often considered the loneliest prime .

Primes in Z[ω ]

Primes in Z[ω ] fall into one of three categories: 1 2

(1 ω), often considered the loneliest prime . Positive prime integers x Z, such that x 2 mod 3.

−

∈

≡

Primes in Z[ω ]



−

∈

≡

Example: 2, 5, 11 11,, 17 17,, 23 23,, 29 29,, 41 41,, 47 47,, 53 53,, 59 59,, 71 71,, 83 83,, 89 89,, 101 101,, . . .

{

}

Primes in Z[ω ]



−

∈

≡

Example: 2, 5, 11 11,, 17 17,, 23 23,, 29 29,, 41 41,, 47 47,, 53 53,, 59 59,, 71 71,, 83 83,, 89 89,, 101 101,, . . . 3

{

Complex numbers α = a + b ω where N (α) is prime in Z and N (α) 1 mod 3.

≡

}

Primes in Z[ω ]



−

∈

≡

Example: 2, 5, 11 11,, 17 17,, 23 23,, 29 29,, 41 41,, 47 47,, 53 53,, 59 59,, 71 71,, 83 83,, 89 89,, 101 101,, . . . 3

{


≡

}

Example: N (2 (2 + 3ω 3ω ) = 7 1 mod 3, 3, so 2 + 3ω is prime in Z[ω ]. But 7 = (2 ω )(2 ω 2 ), and hence 7 is not prime in Z[ω ].

−

−

≡

Primes in Z[ω ]



−

∈

≡

Example: 2, 5, 11 11,, 17 17,, 23 23,, 29 29,, 41 41,, 47 47,, 53 53,, 59 59,, 71 71,, 83 83,, 89 89,, 101 101,, . . . 3

{


≡

}


−

Why do we care?

−

≡

Primes in Z[ω ]



−

∈

≡

Example: 2, 5, 11 11,, 17 17,, 23 23,, 29 29,, 41 41,, 47 47,, 53 53,, 59 59,, 71 71,, 83 83,, 89 89,, 101 101,, . . . 3

{


≡

}


−

−

Why do we care? RSA.

≡

GCD in Z[ω ] We also need to be able to take the greatest common divisor of two Eisenstein integers in order to have an RSA cryptosystem.

GCD in Z[ω ] We also need to be able to take the greatest common divisor of two Eisenstein integers in order to have an RSA cryptosystem. Exampl Example: e: We will will take take the gcd (4 + 5ω, 5 + 7ω ).

GCD in Z[ω ] We also need to be able to take the greatest common divisor of two Eisenstein integers in order to have an RSA cryptosystem. Exampl Example: e: We will will take take the gcd (4 + 5ω, 5 + 7ω ). First we take the norm of both, from this we can determine if either of them are prime. N (5 (5 + 7ω 7 ω ) = 52

− 5(7) + 72 = 25 − 35 + 49 = −10 + 49 = 39

N (4 (4 + 5ω 5ω ) = 42

− 4(5) + 52 = 16 − 20 + 25 = −4 + 24 = 21

And neither 39 nor 21 are prime in Z, hence they they are not prim primee in Z[ω ].

GCD in Z[ω ] We also need to be able to take the greatest common divisor of two Eisenstein integers in order to have an RSA cryptosystem. Exampl Example: e: We will will take take the gcd (4 + 5ω, 5 + 7ω ). First we take the norm of both, from this we can determine if either of them are prime. N (5 (5 + 7ω 7 ω ) = 52

− 5(7) + 72 = 25 − 35 + 49 = −10 + 49 = 39

N (4 (4 + 5ω 5ω ) = 42

− 4(5) + 52 = 16 − 20 + 25 = −4 + 24 = 21

And neither 39 nor 21 are prime in Z, hence they they are not prim primee in Z[ω ].

GCD in Z[ω ] Now we take the integer with the larger norm divide it by the integer with the smaller norm.

GCD in Z[ω ] Now we take the integer with the larger norm divide it by the integer with the smaller norm. 5 + 7ω 7ω 5 + 7ω 7 ω 4 + 5ω ¯ (5 + 7ω 7ω )(4 + 5¯ ω) = = 4 + 5ω 5ω 4 + 5ω 5 ω 4 + 5ω ¯ 16 + 25(1) + 20ω 20ω + 20¯ ω (5 + 7ω 7ω )(4 )(4 + 5¯ 5ω ¯) = 41 + 20(ω 20(ω + ω 2 ) (5 + 7ω 7ω )(4 )(4 + 5¯ 5ω ¯) = 41 + 20( 1) 20 + 35ω 35ω ω ¯ + 28ω 28ω + 25 25ω ¯ = 21 20 + 35 + 28ω 28ω + 25( 1 ω ) = 21 55 + 28ω 28ω 25 25 25ω ω = 21 30 + 3ω 3ω = = 1.42 + 0. 0.14 14ω ω 21

 

−

− −

− −

GCD in Z[ω ] Now we take the integer with the larger norm divide it by the integer with the smaller norm. 5 + 7ω 7ω 5 + 7ω 7 ω 4 + 5ω ¯ (5 + 7ω 7ω )(4 + 5¯ ω) = = 4 + 5ω 5ω 4 + 5ω 5 ω 4 + 5ω ¯ 16 + 25(1) + 20ω 20ω + 20¯ ω (5 + 7ω 7ω )(4 )(4 + 5¯ 5ω ¯) = 41 + 20(ω 20(ω + ω 2 ) (5 + 7ω 7ω )(4 )(4 + 5¯ 5ω ¯) = 41 + 20( 1) 20 + 35ω 35ω ω ¯ + 28ω 28ω + 25 25ω ¯ = 21 20 + 35 + 28ω 28ω + 25( 1 ω ) = 21 55 + 28ω 28ω 25 25 25ω ω = 21 30 + 3ω 3ω = = 1.42 + 0. 0.14 14ω ω 21

 

−

− −

− −

GCD in Z[ω ] We now take the closest integer values of 1. 1.42 and 0. 0.14,

GCD in Z[ω ] We now take the closest integer values of 1. 1.42 and 0. 0.14, [1..42] = 1 [1 [0..14] = 0 [0

GCD in Z[ω ] We now take the closest integer values of 1. 1.42 and 0. 0.14, [1..42] = 1 [1 [0..14] = 0 [0 So we let our quotient q = 1 + 0ω 0ω. We now have that 5 + 7ω = (4 + 5ω 5ω )(1) + r =

⇒

therefore, r = 1 + 2ω 2ω .

r = (5 + 7ω 7ω )

− (4 + 5ω 5ω )

GCD in Z[ω ] We now take the closest integer values of 1. 1.42 and 0. 0.14, [1..42] = 1 [1 [0..14] = 0 [0 So we let our quotient q = 1 + 0ω 0ω. We now have that 5 + 7ω = (4 + 5ω 5ω )(1) + r =

⇒

r = (5 + 7ω 7ω )

− (4 + 5ω 5ω )

therefore, r = 1 + 2ω 2ω .Hence, 5 + 7ω = (4 + 5ω 5ω )( 1 ) + (1 + 2ω 2ω)

          a

b

q

r

GCD in Z[ω ] Now we must find q 1 and r 1 such that 4 + 5ω = (1 + 2ω 2ω )q 1 + r 1 .

GCD in Z[ω ] Now we must find q 1 and r 1 such that 4 + 5ω = (1 + 2ω 2ω )q 1 + r 1 . So we rinse and repeat. We divide 4 + 5ω 5ω by 1 + 2ω 2ω, and omitting the algebra we end up with 4 + 5ω =2 1 + 2ω

−ω

which implies that 4 + 5ω 5 ω = (1 + 2ω 2ω )(2

− ω) + 0

GCD in Z[ω ] Now we must find q 1 and r 1 such that 4 + 5ω = (1 + 2ω 2ω )q 1 + r 1 . So we rinse and repeat. We divide 4 + 5ω 5ω by 1 + 2ω 2ω, and omitting the algebra we end up with 4 + 5ω =2 1 + 2ω

−ω

which implies that 4 + 5ω 5 ω = (1 + 2ω 2ω )(2

− ω) + 0

and therefore, gcd(5 + 7ω, 7ω, 4 + 5ω ) = 1 + 2ω .

Generalized GCD Algorithm in Z[ω ]

1

Take two numbers α, β

∈ Z[ω], where α = 0.


1 2

Take two numbers α, β Z[ω ], where α = 0. If α β , then gcd(α, gcd(α, β ) = α.

|

∈




1 2

Take two numbers α, β Z[ω ], where α = 0. If α β , then gcd(α, gcd(α, β ) = α. 1

|

∈

If α β , then u , v

|

∃



∈ Q such that β/α = u + u + v ω v ω (Theorem 4).


1 2

Take two numbers α, β Z[ω ], where α = 0. If α β , then gcd(α, gcd(α, β ) = α. 1 2

|

∈



If α β , then u , v Q such that β /α = u + u + v ω v ω (Theorem 4). Let a = [u ] and b = [v ] v ] (ie. The closest integer value of u and v ). v ).

|

∃

∈


1 2

Take two numbers α, β Z[ω ], where α = 0. If α β , then gcd(α, gcd(α, β ) = α. 1 2 3

|

∈



If α β , then u , v Q such that β /α = u + u + v ω v ω (Theorem 4). Let a = [u ] and b = [v ] v ] (ie. The closest integer value of u and v ). v ). Let r = β (a + b ω )α.

|

∃

−

∈


1 2

Take two numbers α, β Z[ω ], where α = 0. If α β , then gcd(α, gcd(α, β ) = α. 1 2 3 4

|

∈



If α β , then u , v Q such that β /α = u + u + v ω v ω (Theorem 4). Let a = [u ] and b = [v ] v ] (ie. The closest integer value of u and v ). v ). Let r = β (a + b ω )α. Then β = α(a + b ω ) + r . r .

|

∃

−

∈


1 2


|

∈




|

∃

∈

−

If r i i = 0, then our GCD is r i i −1 . If r i i  = 0, we repeat the process until r i i = 0.


1 2


|

∈




|

∃

∈

−

If r i i = 0, then our GCD is r i i −1 . If r i i  = 0, we repeat the process until r i i = 0.

Observe that this is very similar to the Euclidean Algorithm in Z.

Eulers φ function in Z[ω ]

Wait for Paul!

Conclusion

Can we have an RSA cryptosystem using Eisenstein integers?

Conclusion

Can we have an RSA cryptosystem using Eisenstein integers? Yes.

Conclusion


Is it any more secure than RSA using using regular integers?

Conclusion


Is it any more secure than RSA using using regular integers? Probably not, however more time and research would be needed to give a completely accurate assessment.

Conclusion



What did I learn?

Conclusion



What did I learn? More about Z[ω ] than I ever thought I would, and lots of Algebra.

Future Work

Develop a fully functioning RSA cryptosystem using Eisenstein integers in Maple.

References

[1] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems , Communications of the ACM. 21 (2): 120-126. 1978. [2] Cameron, Peter J. Introduction to Algebra, Algebra, Oxford University Press, USA. 2008.

RSA and Eisenstein Integers

Recommend Documents