undergraduate thxts in mathematics - springer978-1-4419-9003-7/1.pdf · undergraduate thxts in...
TRANSCRIPT
Undergraduate Thxts in Mathematics
Springer Science+Business Media, LLC
Editors
S. Axler F. W. Gehring
K.A. Ribet
Undergraduate Texts in Mathematics
Abbott: Understanding Analysis.Anglin: Mathematics: A Concise History
and Philosophy .Readings in Mathematics.
Anglin/Lambek: The Heritage ofThales.Readings in Mathematics.
Apostol: Introduction to AnalyticNumber Theory. Second edition.
Armstrong: Basic Topology.Armstrong: Groups and Symmetry.Axler: Linear Algebra Done Right.
Second edition.Beardon: Limits: A New Approach to
Real Analysis.BaklNewman: Complex Analysis.
Second edition.BanchofflWermer: Linear Algebra
Through Geometry. Second edition.Berberian: A First Course in Real
Analysis.Bix: Conics and Cubics: A
Concrete Introduction to AlgebraicCurves.
Bremaud: An Introduction toProbabilistic Modeling.
Bressoud: Factorization and PrimalityTesting.
Bressoud: Second Year Calculus.Readings in Mathematics .
Brickman: Mathematical Introductionto Linear Programming and GameTheory.
Browder: Mathematical Analysis:An Introduction .
Buchmann: Introduction toCryptography, Second edition.
Buskes/van Rooij: Topological Spaces:From Distance to Neighborhood.
Callahan: The Geometry of Spacetime:An Introduction to Special and GeneralRelavitity.
Carter/van Brunt: The LebesgueStieltjes Integral: A PracticalIntroduction .
Cederberg: A Course in ModemGeometries . Second edition.
Childs: A Concrete Introduction toHigher Algebra. Second edition.
Chung/AitSahlia: Elementary ProbabilityTheory: With Stochastic Processes andan Introduction to MathematicalFinance. Fourth edition .
Cox/Little/O'Shea: Ideals, Varieties ,and Algorithms. Second edition.
Croom: Basic Concepts of AlgebraicTopology.
Curtis: Linear Algebra: An IntroductoryApproach. Fourth edition .
Daepp/Gorkin: Reading, Writing, andProving: A Closer Look atMathematics.
Devlin : The Joy of Sets: Fundamentalsof Contemporary Set Theory .Second edition.
Dlxmler: General Topology.Driver: Why Math?Ebbinghaus/FlumlThomas:
Mathematical Logic. Second edition .Edgar: Measure, Topology, and Fractal
Geometry.Elaydi: An Introduction to Difference
Equations . Second edition .Erdos/Suranyi: Topics in the Theory of
Numbers.Estep: Practical Analysis in One Variable .Exner: An Accompaniment to Higher
Mathematics.Exner: Inside Calculus.Fine/Rosenberger: The Fundamental
Theory of Algebra.Fischer: Intermediate Real Analysis.Flanigan/Kazdan: Calculus Two: Linear
and Nonlinear Functions . Secondedition.
Fleming: Functions of Several Variables.Second edition.
Foulds: Combinatorial Optimization forUndergraduates .
Foulds: Optimization Techniques: AnIntroduction .
(continued after index)
Johannes Buchmann
Introduction toCryptography
Second Edition
, Springer
Johannes A. Buchmann Department of Computer Science Thchnical University, Darmstadt Hochschulstr, 10 64289 Darmstadt Germany
Editorial Board
S. Axler Mathematics Department San Francisco State
University San Francisco, CA 94132 USA
F.w. Gehring Mathematics Department East Hali University of Michigan Ann Arbor, MI 48109 USA
K.A. Ribet Mathematics Department University of California
Berkeley Berkeley, CA 94720-3840 USA
[email protected] [email protected] [email protected]
Cover: The factorization of RSA-576, a 576-bit or 174-digit prime number, was the goal of an open ehallenge sponsored by RSA Laboratories (Bedford, Mass.). RSA-576 was faetored by a team of researehers in Germany and other eountries in December, 2003.
Mathematics Subjeet Classifieation (2000): 94-01, 94A60, l1T71
Library of Congress Cataloging in Publieation Data Buehmann, Johannes.
Introduction to cryptography I Johannes Buchmann. - [2nd ed.). p. em. - (Undergraduate texts in mathematies)
Inc\udes bibliographieal references and index.
1. Cod ing theory. 2. Cryptography. 1. Title. II Series. QA268.B83 2004 003l 54-de22 2004041657 ISBN 978-0-387-20756-8 ISBN 978-1-4419-9003-7 (eBook) DOI 10.1007/978-1-4419-9003-7
Printed on aeid-free paper.
German edition: Einfiirung in die Kryptographie <CSpringer Science+Business Media New York 2004 Originally published by Springer-Verlag New York, Inc. in 2004 Softcover reprint of the hardcover 1 st edition
Ali rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form ofinformation storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden.
The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as sueh, is not to be taken as an expression of opinion as to whether or not they are subjeet to proprietary rights.
9865432 1 SPIN 10991503 (hard eover) - SPIN 10963999 (soft cover)
springeronIine.eom
For Almut, Daniel, and Jan
Contents
Preface for the Second Edition xiii
Preface xv
1 Integers 11.1 Basics. . . . . .. . . . .. 11.2 Divisibility . . . . . . . . . 31.3 Representation of Integers 41.4 0 - and Q-Notation . . . . . 61.5 Cost of Addition, Multiplication , and Division with
Remainder . . . . . . . . . 71.6 Polynomial Time . . . . . 91.7 Greatest Common Divisor 91.8 Euclidean Algorithm ... 121.9 Extended Euclidean Algorithm . 161.10 Analysis of the Extended Euclidean Algorithm 181.11 Factoring into Primes 221.12 Exercises . . . . . . . . . . . . . . . 24
2 Congruences and Residue Class Rings2.1 Congruences .
2929
..Vll
V111 Contents
2.22.32.42.52.62.72.82.92.102.112.122.132.142.152.162.172.182.192.202.212.22
2.23
Semigroups .Groups .Residue Class Ring .Fields .Division in the Residue Class Ring .Analysis of the Operations in the Residue Class RingMultiplicative Group of Residues mod mOrder of Group ElementsSubgroups .Fermat's Little TheoremFast Exponentiation . . .Fast Evaluation of Power ProductsComputation of Element Orders .The Chinese Remainder TheoremDecomposition of the Residue Class RingA Formula for the Euler cp-FunctionPolynomials . . . . . . . . .Polynomials over Fields. . . . . . .Construction of Finite Fields . . . .The Structure of the Unit Group of Finite FieldsStructure of the Multiplicative Group of ResiduesModulo a Prime NumberExercises .
3234353636383941424445484951535556586165
6667
3 Encryption3.1 Encryption Schemes .3.2 Symmetric and Asymmetric Cryptosystems3.3 Cryptanalysis . . . .3.4 Alphabets and Words3.5 Permutations . . . . .3.6 Block Ciphers . . . .3.7 Multiple Encryption .3.8 The Use of Block Ciphers3.9 Stream Ciphers ... ..3.10 The Affine Cipher . . . .3.11 Matrices and Linear Maps3.12 Affine Linear Block Ciphers3.13 Vigenere, Hill, and Permutation Ciphers
717173747780818283939597
102103
Contents
3.14 Cryptanalysis of Affine Linear Block Ciphers . 1043.15 Secure Cryptosystems . 1053.16 Exercises . .. . . ... .. . III
4 Probability and Perfect Secrecy 1154.1 Probability . ... ... 1154.2 Conditional Probability 1174.3 Birthday Paradox . . . . 1184.4 Perfect Secrecy . . . . . 1194.5 Vernam One-Time Pad 1234.6 Random Numbers . . . 1244.7 Pseudorandom Numbers 1244.8 Exercises . . . ... ... 125
5 DES 1275.1 Feistel Ciphers . 1275.2 DESAlgorithm. 1285.3 An Example . . 1345.4 Security of DES 1365.5 Exercises . . .. 137
6 AES 1396.1 Notation . . . 139
6.2 Cipher .... 1406.3 KeyExpansion 1456.4 An Example 1466.5 InvCipher 1486.6 Exercises . . 148
7 Prime Number Generation 1517.1 ThaI Division . . . . . 1517.2 Fermat Test . . . . . . 1537.3 Carmichael Numbers 1547.4 Miller-Rabin Test . 1567.5 Random Primes 1597.6 Exercises ... . . 160
X Contents
8 Public-Key Encryption 1638.1 Idea . . . . . . . . . 1638.2 Security. . . . . . . 1658.3 RSA Cryptosystem . 1678.4 Rabin Encryption . 1818.5 Diffie-Hellman Key Exchange 1868.6 EIGamal Encryption . 1918.7 Exercises . . . . .. . 196
9 Factoring 1999.1 Trial Division . 1999.2 P - 1 Method . 2009.3 Quadratic sieve 2019.4 Analysis of the Quadratic Sieve 2069.5 Efficiency of Other Factoring Algorithms 2109.6 Exercises. . . ... . .. .. . . .. . . . 211
10 Discrete Logarithms 21310.1 The DL Problem . . . . . . . . . . . . . 21310.2 Enumeration . . . . . . . . . . . . . . . 21410.3 Shanks Baby-Step Giant-Step Algorithm 21410.4 The Pollard p-Algorithm ... . 21710.5 The Pohlig-Hellman Algorithm . 22110.6 Index Calculus . . . . . . . . . . 22610.7 Other Algorithms . . . . . . . . 23010.8 Generalization of the Index Calculus Algorithm 23110.9 Exercises . . . . . . . . . . . . . . . . . . . . . . 232
11 Cryptographic Hash Functions 23511.1 Hash Functions and Compression Functions 23511.2 Birthday Attack .. . . . . . . . . . . . . . . 23811 .3 Compression Functions from Encryption Functions 23911.4 Hash Functions from Compression Functions 23911 .5 SHA-l . . . . . . . . . . . . . . . . . . . 24211 .6 Other Hash Functions . . . . . . . . . . 24411 .7 An Arithmetic Compression Function . 24511 .8 Message Authentication Codes 24711 .9 Exercises . . . . . . . . . . . . . . . . . 248
Contents Xl
12 Digital Signatures 24912.1 Idea . . . . . . 24912.2 Security . . . . 25012.3 RSA Signatures . 25112.4 Signatures from Public-Key Systems . 25712.5 ElGamal Signature . . . . . . . . . . . 25712.6 The Digital Signature Algorithm (DSA) 26312.7 Undeniable Signatures 26612.8 Blind Signatures 27112.9 Exercises . 274
13 Other Systems 27713.1 Finite Fields 27813.2 Elliptic Curves . . 27813.3 Quadratic Forms . 28213.4 Exercises . . . . . 283
14 Identification 28514.1 Passwords 28614.2 One-Time Passwords . . . . . . . . 28714.3 Challenge-Response Identification . 28714.4 Exercises . . . . . . . . . . . . . . . 292
15 Secret Sharing 29315.1 The Principle 29315.2 The Shamir Secret Sharing Protocol 29415.3 Exercises . . . . . . . . . . . . . . . 297
16 Public-Key Infrastructures 29916.1 Personal Security Environments 29916.2 Certification Authorities 30116.3 Certificate Chains . 306
Solutions of the exercises 307
References 325
Index 331
Preface for theSecond Edition
The second edition of my introduction to cryptography contains updates and new material. I have updated the discussion of the securityof encryption and signature schemes and the state ofthe art in factoring and computing discrete logarithms. I have added descriptions oftime-memory trade of attacks and algebraic attacks on block ciphers,the Advanced Encryption Standard (AES), the Secure Hash Algorithm (SHA-l) , secret sharing schemes, and undeniable and blindsignatures. I have also corrected the errors that have been reportedto me . I thank the readers of the first edition for all comments andsuggestions.
October 2003 Johannes Buchmann
XIll
Preface
Cryptography is a key technology in electronic security systems.Modern cryptograpic techniques have many uses, such as to digitallysign documents, for access control, to implement electronic money,and for copyright protection. Because of these important uses it isnecessary that users be able to estimate the efficiency and securityof cryptographic techniques. It is not sufficient for them to knowonly how the techniques work.
This book is written for readers who want to learn about modern cryptographic algorithms and their mathematical foundationbut who do not have the necessary mathematical background. Itis my goal to explain the basic techniques of modern cryptography,including the necessary mathematical results from linear algebra,algebra , number theory, and probability theory. I only assume basicmathematical knowledge.
The book is based on courses in cryptography that I have beenteaching at the Technical University Darmstadt, since 1996. I thankall students who attended the courses and who read the manuscriptcarefully for their interest and support. In particular, I would like tothank Harald Baier, Gabi Barking, Manuel Breuning, Safuat Hamdy,Birgit Henhapl, Michael Jacobson (who also corrected my English) ,Markus Maurer, Andreas Meyer, Stefan Neis, Sachar Paulus, Thomas
xv
XVI Preface
Pfahler, Marita Skrobic, Edlyn Teske, Patrick Theobald, and RalfPhilipp Weinmann. I also thank the staff at Springer-Verlag, inparticular Martin Peters, Agnes Herrmann, Claudia Kehl, Ina Lindemann, and Terry Kornak, for their support in the preparation ofthis book.
DarmstadtJune 1999 Johannes Buchmann