diff --git a/Advanced/Cryptography/main.tex b/Advanced/Cryptography/main.tex index 3d0d418..6c86472 100755 --- a/Advanced/Cryptography/main.tex +++ b/Advanced/Cryptography/main.tex @@ -17,10 +17,12 @@ \maketitle - \input{parts/part 1} - \input{parts/part 2} - \input{parts/part 3} + \input{parts/0 euclidean} + \input{parts/1 mod} + \input{parts/2 groups} + \input{parts/3 DLP} + %\input{parts/part 3} - \input{parts/challenge} + %\input{parts/challenge} \end{document} diff --git a/Advanced/Cryptography/parts/part 1.tex b/Advanced/Cryptography/parts/0 euclidean.tex similarity index 55% rename from Advanced/Cryptography/parts/part 1.tex rename to Advanced/Cryptography/parts/0 euclidean.tex index 7d8e2e1..0779c7d 100755 --- a/Advanced/Cryptography/parts/part 1.tex +++ b/Advanced/Cryptography/parts/0 euclidean.tex @@ -1,16 +1,9 @@ +\section{The Euclidean Algorithm} + \definition{} -The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \\ +The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \par We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$. - -\theorem{The Division Algorithm} -Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \\ -In other words, we can divide $a$ by $b$ to get $q$ remainder $r$. - -\theorem{} -For any integers $a, b, c$, \\ -$\gcd(ac + b, a) = \gcd(a, b)$ - \problem{} Find $\gcd(20, 14)$ by hand. @@ -20,9 +13,17 @@ Find $\gcd(20, 14)$ by hand. \vfill -\problem{The Euclidean Algorithm} -Using the theorems above, detail an algorithm for finding $\gcd(a, b)$.\\ -Then, compute $\gcd(1610, 207)$ by hand. \\ +\theorem{The Division Algorithm} +Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \par +In other words, we can divide $a$ by $b$ to get $q$ remainder $r$. + +\theorem{} +For any integers $a, b, c$, \par +$\gcd(ac + b, a) = \gcd(a, b)$ + +\problem{The Euclidean Algorithm} +Using the two theorems above, detail an algorithm for finding $\gcd(a, b)$. \par +Then, compute $\gcd(1610, 207)$ by hand. \par \begin{solution} Using \ref{gcd_abc} and the division algorthm, @@ -51,32 +52,47 @@ Then, compute $\gcd(1610, 207)$ by hand. \\ \vfill \pagebreak -\problem{Divide and Conquer} -If we are given $a, b, c$, when can we find $u, v$ that satisfy $au + bv = c$? -\problempart{Divide} -Show that if we find a solution $(u, v)$ to $au + bv = \gcd(a, b)$, we can easily find a $(u, v)$ for any other value of $c$. \\ -\textcolor{gray}{\textit{Note: } We are not looking for \textit{all} $(u, v)$ that solve $au + bv = c$, we are looking for an easy way to find \textit{any} $(u, v)$.} -\begin{solution} - Note that $\gcd(a, b)$ divides both a and b. \\ - Therefore, any $c$ must be divisible by $\gcd(a, b)$. - The smallest such $c$ is $\gcd(a, b)$ itself, and we can get all other tuples $(u, v, c)$ by scaling. -\end{solution} -\vfill - -\problempart{Conquer} +\problem{} Using the output of the Euclidean algorithm, \begin{itemize} \item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$ - \item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ \\ + \item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ % gcd = 1 % u = 11; v = -175 \end{itemize} -For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\ -For every such $c$, what are $u$ and $v$? +This is called the \textit{extended Euclidean algorithm}. + +%For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\ +%For every such $c$, what are $u$ and $v$? + +\vspace{2mm} + +\textbf{Hint:} + +After running the Euclidean algorithm, you have a table similar to the one shown below. \par +You can use a bit of algebra to rearrange these statements to get what you need. \par + +\vspace{5mm} + +\newdimen\mywidth +\setbox0=\hbox{Using the Euclidean Algorithm to find that $\gcd(20, 14) = 2$:} +\mywidth=\wd0 +\begin{minipage}{\mywidth} + \begin{center} + Using the Euclidean Algorithm to find that $\gcd(20, 14) = 2$: \par + $20 = 14 \times 1 + 6$ \par + $14 = 6 \times 2 + 2$ \par + $6 = 2 \times 3 + 0$ \par + \end{center} +\end{minipage}\par +\vspace{2mm} +We now want to write the 2 in the last equation in terms of 20 and 14. + + \begin{solution} @@ -100,23 +116,13 @@ For every such $c$, what are $u$ and $v$? \end{multicols} Using the right table, we can replace $6$ in $2 = 14 - 6 \times 2$ to get - $2 = 14 - (20 - 14) \times 2$, \\ - which gives us $2 = \gcd(20, 14) = (3)14 + (-2)20$. \\ - - \textcolor{gray}{\textit{Note to instructors:} You can present the $(20, 14)$ case as an example.} + $2 = 14 - (20 - 14) \times 2$, \par + which gives us $2 = \gcd(20, 14) = (3)14 + (-2)20$. \par \linehack{} - $(-2)20 + (3)14 = \gcd(20, 14) = 2$ \\ - $(11)541 + (-175)34 = \gcd(541, 34) = 1$ - - \linehack{} - - We can find a solution $(u, v)$ when $c$ is any integer multiple of $\gcd(541, 34)$. \\ - If $c = k \times \gcd(541, 34)$, \\ - $u = k \times u_0 = 11k$ and $v = k \times v_0 = -175k$. \\ - (See Part A) - + $\gcd(20, 14) = 20(-2) + 14(3)$ \par + $\gcd(541, 34) = 541(11) + 34(-175)$ \end{solution} diff --git a/Advanced/Cryptography/parts/1 mod.tex b/Advanced/Cryptography/parts/1 mod.tex new file mode 100755 index 0000000..36daf31 --- /dev/null +++ b/Advanced/Cryptography/parts/1 mod.tex @@ -0,0 +1,74 @@ +\section{Modular Arithmetic} + +\definition{} +$\mathbb{Z}_n$ is the set of integers mod $n$. For example, $\mathbb{Z}_5 = \{0, 1, 2, 3, 4\}$. \par + +\problem{} +Create a multiplication addition table for $\mathbb{Z}_4$: + +\begin{center} +\begin{tabular}{c | c c c c} + + & 0 & 1 & 2 & 3 \\ + \hline + 0 & ? & ? & ? & ? \\ + 1 & ? & ? & ? & ? \\ + 2 & ? & ? & ? & ? \\ + 3 & ? & ? & ? & ? \\ +\end{tabular} +\end{center} + + + + + +\definition{} +Let $a, b \in \mathbb{Z}_n$. \par +If $a \times b = 1$, we say that $b$ is the \textit{inverse} of $a$ in $\mathbb{Z}_n$. + +\vspace{2mm} + +We usually write \say{$a$ inverse} as $a^{-1}$. \par +Inverses are \textbf{not} guaranteed to exist. + +\theorem{} +$a$ has an inverse in $\mathbb{Z}_n$ iff $\gcd(a, n) = 1$ \par + +\problem{} +Find the inverse of $3$ in $\mathbb{Z}_4$, if one exists. \par +Find the inverse of $20$ in $\mathbb{Z}_{14}$, if one exists. \par +Find the inverse of $2$ in $\mathbb{Z}_5$, if one exists. +%$34^\star \equiv -175 \equiv 366 \pmod{541}$. +\vfill + + +\problem{} +Today, we will often assume that $n$ is prime. \par +Why? What is special about $\mathbb{Z}_n$ with a prime $n$? + +\vfill +\pagebreak + +\problem{} +In general, how can we find the inverse of $a$ in $\mathbb{Z}_n$? Assume $a$ and $n$ are coprime.\par +\hint{You can find that $34^{-1}$ is $-175$ in $\mathbb{Z}_{541}$ by looking at a previous problem.} + +\begin{solution} + We need an $a^{-1}$ so that $a \times a^{-1} = 1$. \par + This means that $aa^{-1} - mk = 1$. \par + Since $a$ and $m$ are coprime, $\gcd(a, m) = 1$ and $aa^{-1} - mk = \gcd(a, m)$ \par + Now use the extended Euclidean algorithm from \ref{extendedeuclid} to find $a^\star$. +\end{solution} + +\vfill + +\definition{} +Elements in $\mathbb{Z}_n$ that have an inverse are called \textit{units}. \par +The set of units in $\mathbb{Z}_n$ is called $\mathbb{Z}_n^\times$, which is read \say{$\mathbb{Z}$ mod $n$ cross}. + +\problem{} +What is $\mathbb{Z}_5^\times$? \par +What is $\mathbb{Z}_{12}^\times$? \par + +\vfill +\pagebreak + diff --git a/Advanced/Cryptography/parts/2 groups.tex b/Advanced/Cryptography/parts/2 groups.tex new file mode 100755 index 0000000..91b8908 --- /dev/null +++ b/Advanced/Cryptography/parts/2 groups.tex @@ -0,0 +1,136 @@ +\section{Groups} + +Group theory gives us a set tools for understanding complex systems. We can use groups to solve the Rubik's cube, to solve problems in physics and chemistry, and to understand complex geometric symmetries. It's also worth noting that all modern cryptography relies heavily on group theory. + +\definition{} +A \textit{group} $(G, \ast)$ consists of a set $G$ and an operator $\ast$. \par +Groups always have the following properties: + +\begin{enumerate} + \item $G$ is closed under $\ast$. In other words, $a, b \in G \implies a \ast b \in G$. + \item $\ast$ is associative: $(a \ast b) \ast c = a \ast (b \ast c)$ for all $a,b,c \in G$ + \item There is an \textit{identity} $e \in G$, so that $a \ast e = a \ast e = a$ for all $a \in G$. + \item For any $a \in G$, there exists a $b \in G$ so that $a \ast b = b \ast a = e$. $b$ is called the \textit{inverse} of $a$. \par + This element is written as $-a$ if our operator is addition and $a^{-1}$ otherwise. +\end{enumerate} + +Any pair $(G, \ast)$ that satisfies these properties is a group. + +\problem{} +Is $(\mathbb{Z}_5, +)$ a group? \par +Is $(\mathbb{Z}_5, -)$ a group? \par +\hint{$+$ and $-$ refer to the usual operations in modular arithmetic.} +\vfill + + +\problem{} +Show that $(\mathbb{R}, \times)$ is not a group, then make it one by modifying $\mathbb{R}$. \par + +\begin{solution} + $(\mathbb{R}, \times)$ is not a group because $0$ has no inverse. \par + The solution is simple: remove the problem. + + \vspace{3mm} + + $(\mathbb{R} - \{0\}, \times)$ is a group. +\end{solution} +\vfill + + +\problem{} +What is the smallest group we can create? + +\begin{solution} + Let $(G, \circledcirc)$ be our group, where $G = \{\star\}$ and $\circledcirc$ is defined by the identity $\star \circledcirc \star = \star$ + + Verifying that the trivial group is a group is trivial. +\end{solution} +\vfill + +\pagebreak + +%\problem{} +%Show that a group has exactly one identity element. +%\vfill + +%\problem{} +%Show that each element in a group has exactly one inverse. +%\vfill + +%\problem{} +%Show that $(\mathbb{Z}_n^\times, \times)$ is a group for any $n \in \mathbb{Z}^+$. +%\vfill + +%\problem{} +%Let $(G, \ast)$ be a group and $a, b, c \in G$. Show that... +%\begin{itemize} +% \item $a \ast b = a \ast c \implies b = c$ +% \item $b \ast a = c \ast a \implies b = c$ +%\end{itemize} +%This means that we can \say{cancel} operations in groups, much like we do in algebra. +%\vfill +%\pagebreak + + + + +% \problem{} +% Let $G$ be the set of all bijections $A \to A$. \par +% Let $\circ$ be the usual composition operator. \par +% Is $(G, \circ)$ a group? +% +% \vfill +% +% \definition{} +% Note that our definition of a group does \textbf{not} state that $a \ast b = b \ast a$. \par +% Many interesting groups do not have this property. +% Those that do are called \textit{abelian} groups. \par +% +% \vspace{2mm} +% +% One example of a non-abelian group is the set of invertible 2x2 matrices under matrix multiplication. In this handout, all % groups are abelian. +% +% +% +% \problem{} +% Show that if $G$ has four elements, $(G, \ast)$ is abelian. + +\problem{} +Let $(G, \ast)$ be a group with finitely many elements, and let $a \in G$. \par +Show that $\exists n \in \mathbb{Z}^+$ so that $a^n = e$ \par +\hint{$a^n = a \ast a \ast ... \ast a$ repeated $n$ times.} + +\vspace{2mm} + +The smallest such $n$ defines the \textit{order} of $g$. + +\vfill + +\problem{} +What is the order of 5 in $(\mathbb{Z}_{25}, +)$? \par +What is the order of 2 in $(\mathbb{Z}_{17}^\times, \times)$? \par + +\vfill + + +\theorem{} +Let $p$ be a prime number. \par +In any group $(\mathbb{Z}_p^\times, \ast)$ there exists a $g \in \mathbb{Z}_p^\times$ where... +\begin{itemize} + \item The order of $g$ is $p - 1$ + \item $\{a^0,~ a^1,~ ...,~ a^{p - 2}\} = \mathbb{Z}_n^\times$ +\end{itemize} +We call such a $g$ a \textit{generator}, since its powers generate every other element in the group. + +\begin{instructornote} + $\mathbb{Z}_p^\times$ has $p-1$ elements. \par + The set $\{a^0,~ a^1,~ ...,~ a^{p - 2}\}$ also has $p-1$ elements, since we start counting from zero. + + \vspace{2mm} + + The fact that the last power here is $p-2$ can be a bit confusing, but it's just the result of counting from zero. + We could also write this set as $\{a^1,~ a^2,~ ...,~ a^{p - 1}\}$, since $a^0 = a^{p - 1}$. +\end{instructornote} + +\vfill +\pagebreak diff --git a/Advanced/Cryptography/parts/3 DLP.tex b/Advanced/Cryptography/parts/3 DLP.tex new file mode 100755 index 0000000..78cc936 --- /dev/null +++ b/Advanced/Cryptography/parts/3 DLP.tex @@ -0,0 +1,42 @@ +\section{The Discrete Log Problem} + +\definition{} +Let $g$ be a generator in $(\mathbb{Z}_p^\times, \ast)$ \par +Let $n$ be a positive integer. + +\vspace{1mm} + +We now want a function \say{log} from $\mathbb{Z}_p^\times$ to $\mathbb{Z}^+$ so that $\log_g(g^n) = n$. \par +In other words, we want an inverse of the \say{exponent} function. + +\vspace{1mm} + +This is the \textit{discrete logarithm problem}, often abbreviated \textit{DLP}. + +\problem{} +Does the discrete log function even exist? \par +Show that $\exp$ is a bijection, which will guarantee the existence of $\log$. \par +\note[Note]{Why does this guarantee the existence of log? Recall our lesson on funtions.} + +\vfill + +\problem{} +What's the simplest (but not the most efficient) way to calculate $\log_g(a)$? + +\vfill + +\problem{} +Find an efficient way to solve the discrete log problem. \par +Then learn \LaTeX, write a paper, and enjoy free admission to the graduate program at any university. \par + +\vfill + +The discrete logarithm can be quickly computed in a few special cases. But, in general, there is no known way to efficiently compute it in general. Interestingly enough, we haven't been able to prove that an efficient solution \textit{doesn't} exist. The best we can offer is a \say{proof by effort:} many smart people have been trying for long time and haven't solved it yet. It probably doesn't exist. + +\vspace{2mm} + +In the next few pages, we'll see how the assumption \say{DLP is hard} can be used to construct various tools used to secure communications. + +\pagebreak + + diff --git a/Advanced/Cryptography/parts/challenge.tex b/Advanced/Cryptography/parts/old-challenge.tex similarity index 100% rename from Advanced/Cryptography/parts/challenge.tex rename to Advanced/Cryptography/parts/old-challenge.tex diff --git a/Advanced/Cryptography/parts/part 3.tex b/Advanced/Cryptography/parts/old-part 3.tex similarity index 100% rename from Advanced/Cryptography/parts/part 3.tex rename to Advanced/Cryptography/parts/old-part 3.tex diff --git a/Advanced/Cryptography/parts/part 2.tex b/Advanced/Cryptography/parts/part 2.tex deleted file mode 100755 index d0a8c30..0000000 --- a/Advanced/Cryptography/parts/part 2.tex +++ /dev/null @@ -1,65 +0,0 @@ -\section{Modular Arithmetic} - -\definition{} -We say that $a, b$ are equivalent mod $m$ if $m$ divides $a - b$. \\ -If $a$ is equivalent to $b$ mod $m$, we write $a \equiv b \pmod{m}$. \\ -You can think of $b$ as the remainder of $a \div m$: -\begin{itemize} - \item[] $32 \equiv 2 \pmod{6}$ - \item[] $4 \equiv 4 \pmod{6}$ - \item[] $-2 \equiv 4 \pmod{6}$ -\end{itemize} - -\problem{} -Complete the following: -\begin{itemize} - \item[] $87 \equiv ? \pmod{12}$ \hspace{3em} \textcolor{gray}{(Your answer should be between $0$ and $12$)} - \item[] $13 \equiv 2 \pmod{?}$ - \item[] $? \equiv 1 \pmod{9}$ -\end{itemize} - -\begin{solution} - \begin{itemize} - \item[] $87 \equiv 3 \pmod{12}$ - \item[] $13 \equiv 2 \pmod{11}$ - \item[] $(9k + 1) \equiv 1 \pmod{9}\ \forall k \in \mathbb{Z}$ - \end{itemize} -\end{solution} - -\vfill - -\definition{} -The inverse of $a$ mod $m$ is an integer $a^\star$ so that \\ -$a \times a^\star \equiv 1 \pmod{m}$. \\ -Note that not every $a$ has an inverse mod $m$. - -\theorem{} -$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ -\textcolor{gray}{\textit{The proof of this theorem is left as a challenge problem.}} - -\problem{D\'ej\`a vu?} -Find the inverse of $20 \pmod{14}$, if one exists. \\ -Find the inverse of $34 \pmod{541}$, if one exists. - -\begin{solution} - $20^\star$ does not exist mod $14$, by \ref{mod_has_inverse}. \\ - $34^\star \equiv -175 \equiv 366 \pmod{541}$. - See \ref{general_inverse} for an explanation. -\end{solution} - -\vfill - -\problem{} -In general, how can we find the inverse of $a \pmod{p}$?\\ -(Assume $p$ is prime.) - -\begin{solution} - We need an $a^\star$ so that $a \times a^\star \equiv 1 \pmod{m}$. \\ - This means that $aa^\star - mk = 1$. \\ - Since $p$ is prime, $\gcd(a, m) = 1$, and $aa^\star - mk = \gcd(a, m)$ \\ - Now use the Extended Euclidean Algorithm from \ref{extend_e_algorithm} to find $a^\star$. -\end{solution} - -\vfill -\pagebreak -