Cryptography - Sage

More documents

Recommendations

Info

CHAPTERSEVENElementary Number TheoryIn this lecture we assume that R is one of the rings Z or F 2 [x], m is an element of R,and we denote by (m) or mR the set {mx : x ∈ R}, which is called an ideal of R. Theprinciple goal is to introduce the quotient or residue class rings R/mR and to understandhow to work with its elements. We refer to m as the modulus of R/mR.7.1 Quotient ringsThe residue class ring R/mR is a commutative ring, whose elements are sets, called cosetsof mR, of the forma = a + mR = {a + mx : x ∈ R},and multiplication and addition laws are derived from that on R:a + b = (a + mR) + (b + mR) = (a + b) + mR = (a + b),a ∗ b = (a + mR) ∗ (b + mR) = (a ∗ b) + mR = (a ∗ b).The fact that R/mR is a ring means that the addition (+) and multiplication (∗) arewell-defined on cosets, and satisfy the usual associative and distributive laws.Example 7.1 Consider the ring R/mR = Z/mZ with modulus m = 21. We consider theaddition and muliplication of 2 = 23 and −2 = 19, and show that in each pair of equalelements, we can use either the first or the second representative to define the sum andproduct. First, for addition, we find:but on the other hand:2 + −2 = 2 + (−2) = 0,23 + 19 = 23 + 19 = 42,which equals 0 since 42 is in 21Z. Multiplication is similarly independent of the representativeswe chose:2 ∗ −2 = 2 ∗ (−2) = −4 = 17,59
which holds since −4 = 17 + (−1) ∗ 21, or23 + 19 = 437 = 17,where the latter identity is determined by 437 = 17 + 420 = 17 + 20 ∗ 21.7.2 The mod operatorIn both rings R = Z and R = F 2 [x], we have an operator mod m for producing a canonicalsmallest representative for elements of the quotient rings R/mR. This means that we canwork with this smallest or reduced representative in computations in R/mR. In particular,we note that working with this representative is well-defined:((a mod m) + (b mod m)) mod m = (a + b) mod m((a mod m) ∗ (b mod m)) mod m = (a ∗ b) mod msince, a mod m = b mod m if and only if a = b.The value a mod m can be computed by long division — successively subtracting offmultiples until the result is smaller, until the final result is smaller than m. The definitionof x smaller than y is x < y for positive x, y in Z, and deg(x) < deg(y) for polynomialsx, y in F 2 [x].Definition 7.2 Using the mod operator we define a boolean operator ≡ mod m suchthat the value a ≡ b mod m is True if and only if (a − b) mod m is zero.Example 7.3 We use the operator mod to determine a canonical representative for x 7 inF 2 [x]/(x 2 + x + 1). First we write x 7 = (x 3 ) 2 ∗ x, and compute:x 3 mod (x 2 + x + 1)= (x 3 + x ∗ (x 2 + x + 1)) mod (x 2 + x + 1)= (x 2 + x) mod (x 2 + x + 1)= ((x 2 + x) + (x 2 + x + 1)) mod (x 2 + x + 1) = 1.It follows that x 7 mod x 2 + x + 1 = (1 2 ∗ x) mod (x 2 + x + 1) = x. By explicit long division:x 5 + x 4 +x 2 + x + 1 ) x 7x 7 + x 6 + x 5x 6 + x 5x 6 + x 5 + x 4x 2 + xx 4x 4 + x 3 + x 2x 3 + x 2x 3 + x 2 + xx60 Chapter 7. Elementary Number Theory
Page 1 and 2:
Author (David R. Kohel) /Title (Cry
Page 4 and 5:
CONTENTS1 Introduction to Cryptogra
Page 6:
PrefaceWhen embarking on a project
Page 10 and 11:
information. We introduce here some
Page 12 and 13:
ut strings in A ∗ map injectively
Page 14 and 15: CHAPTERTWOClassical Cryptography2.1
Page 16 and 17: LV MJ CW XP QO IG EZ NB YH UA DS RK
Page 18 and 19: As a special case, consider 2-chara
Page 20 and 21: Note that if d k = 1, then we omit
Page 22: ExercisesSubstitution ciphersExerci
Page 25 and 26: Ciphertext-only AttackThe cryptanal
Page 27 and 28: of size n, suppose that p i is the
Page 29 and 30: Note that ZKZ and KZA are substring
Page 31: Checking possible keys, the partial
Page 34 and 35: sage: X = pt.frequency_distribution
Page 36 and 37: CHAPTERFOURInformation TheoryInform
Page 38 and 39: For each of these we can extend our
Page 40 and 41: in terms of the cryptosystem), then
Page 42 and 43: CHAPTERFIVEBlock CiphersData Encryp
Page 44 and 45: Deciphering. Suppose we begin with
Page 46 and 47: The Advanced Encryption Standard al
Page 48 and 49: 1. Malicious substitution of a ciph
Page 50 and 51: locks M j−1 , . . . , M 1 as well
Page 52: where X = K ⊕ M = (X 1 , X 2 , X
Page 55 and 56: 6.2 Properties of Stream CiphersSyn
Page 57 and 58: Exercise. Verify that the equality
Page 59 and 60: n 2 n − 11 12 33 74 155 316 637 1
Page 61 and 62: Exercise 6.6 In the previous exerci
Page 63: Exercise 6.9 Compute the first 8 te
Page 67 and 68: must therefore have a divisor of de
Page 69 and 70: Shrinking Generator cryptosystemLet
Page 72 and 73: CHAPTEREIGHTPublic Key Cryptography
Page 74 and 75: Initial setup:1. Alice and Bob publ
Page 76 and 77: We apply this rule in the RSA algor
Page 78 and 79: the discrete logarithm problem (DLP
Page 80 and 81: Man in the Middle AttackThe man-in-
Page 82: Exercise 8.6 Fermat’s little theo
Page 85 and 86: k < p − 1 with GCD(k, p − 1) =
Page 88 and 89: CHAPTERTENSecret SharingA secret sh
Page 90: using any t shares (x 1 , y 1 ), .
Page 93 and 94: sage-------------------------------
Page 95 and 96: sage: x.is_unit?Type:builtin_functi
Page 97 and 98: Python (hence SAGE) has useful data
Page 99 and 100: sage: n = 12sage: for i in range(n)
Page 101 and 102: sage: I = [55+i for i in range(3)]
Page 103 and 104: sage: I = [7, 4, 11, 11, 14, 22, 14
Page 105 and 106: ExercisesRead over the above SAGE t
Page 107 and 108: 102
Page 109 and 110: Solution. The block length is the n
Page 111 and 112: Solution.below.The coincidence inde
Page 113 and 114: analysis of the each of the decimat
Page 115 and 116:
arbitrary permutation of the alphab
Page 117 and 118:
In order to understand naturally oc
Page 119 and 120:
We do this by first verifying the e
Page 121 and 122:
Solution.None provided.Linear feedb
Page 123 and 124:
Multiplying each through by the con
Page 125 and 126:
Solution. The linear complexity of
Page 127 and 128:
If a, b, and c are as above, then f
Page 129 and 130:
Exercise 8.5 Use SAGE to find a lar
Page 131 and 132:
Solution. Now we can verify that e
Page 133 and 134:
which has no common factors with p
Page 135 and 136:
sage: p = 2^32+61sage: m = (p-1).qu
Page 137 and 138:
sage: a5 := a^n5sage: c5 := c^n5sag
Page 139 and 140:
The application of this function E
Page 141 and 142:
5. (∗) How many elements a of G h
Page 143:
1. The value f(0) of the polynomial
show all

Cryptography - Sage

Create successful ePaper yourself

Delete template?

Save as template?