RSA and Eisenstein Integers

RSA Cryptosystem and Eisenstein Integers

Cahlen Humphreys

Math 406: Number Theory

May 9, 2013

Introduction

The RSA cryptosystem is a public-key cryptography alogrithm in whichsecurity is dependent upon the difficulty of factoring a number which isthe product of two large primes [1].

Developed in 1977.

Ron [R]ivest, Adi [S]hamir, and Leonard [A]dleman.

C. Humphreys (BSU) RSA Cryptosystem and Eisenstein Integers May 9, 2013 2 / 25

Introduction

Developed in 1977.

Introduction

Developed in 1977.

Introduction

The Eisenstein integers are a commutative ring Z[ω], and are of the formz = a + bω. They are named after the mathematician Gotthold Eisenstein,and are also know informally as Eulerian integers. In the complex planeEisentstein integers from a triangle lattice, as pictured above.

Z[ω] =

{a + bω : a, b ∈ Z, ω =

−1 + i√

Introduction

The Eisenstein integers are a commutative ring Z[ω], and are of the formz = a + bω. They are named after the mathematician Gotthold Eisenstein,and are also know informally as Eulerian integers. In the complex planeEisentstein integers from a triangle lattice, as pictured above.

Z[ω] =

{a + bω : a, b ∈ Z, ω =

−1 + i√

Table of Contents

I RSA Algorithm

i Description of the algorithmii Example

II Eisenstein Integers

i Description (Some lemmas and theorems)ii Euclidean Domain Proof

iii Primesiv Example of GCD

Table of Contents

I RSA Algorithm

i Description of the algorithm

ii Example

Table of Contents

I RSA Algorithm

Table of Contents

I RSA Algorithm

Table of Contents

I RSA Algorithm

i Description (Some lemmas and theorems)

ii Euclidean Domain Proofiii Primesiv Example of GCD

Table of Contents

I RSA Algorithm

Table of Contents

I RSA Algorithm

iii Primes

iv Example of GCD

Table of Contents

I RSA Algorithm

RSA Algorithm

Suppose Alice and Bob want to communicate in a private manner.1 Bob creates a private key.

1 Choose two large primes p, q ∈ Z.2 Let N = pq, we call N the public modulus.3 Take φ(N).

φ(N) = φ(pq) = φ(p)φ(q) = (p − 1)(q − 1), because p, q are primes.

4 Choose e ∈ Z such that 0 < e < φ(N), and gcd (e, φ(N)) = 1.5 Let d ≡ e−1 mod φ(N). (ie. d is the multiplcative inverse of e

modulo φ(N))6 Bob’s public key is (e,N), and private key is d .

RSA Algorithm

1 Choose two large primes p, q ∈ Z.

2 Let N = pq, we call N the public modulus.3 Take φ(N).

RSA Algorithm

1 Choose two large primes p, q ∈ Z.2 Let N = pq, we call N the public modulus.

3 Take φ(N).φ(N) = φ(pq) = φ(p)φ(q) = (p − 1)(q − 1), because p, q are primes.

RSA Algorithm

4 Choose e ∈ Z such that 0 < e < φ(N), and gcd (e, φ(N)) = 1.

5 Let d ≡ e−1 mod φ(N). (ie. d is the multiplcative inverse of emodulo φ(N))

6 Bob’s public key is (e,N), and private key is d .

RSA Algorithm

modulo φ(N))

6 Bob’s public key is (e,N), and private key is d .

RSA Algorithm

Alice, pictured above, has a message which she wishes to send to Bob in aprivate manner. Let the message M < N be some integer value afterconverting the message into numbers.

1 Alice takes Bob’s public key (e,N) and performs the followingoperation:

C = Me mod NC is Alice’s ciphertext. Alice then sends C to Bob.

RSA Algorithm

C = Me mod N

C is Alice’s ciphertext. Alice then sends C to Bob.

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message.

1 Bob takes C and and is able to retrieve M by the followingcomputation:

M = C d mod N.

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message.1 Bob takes C and and is able to retrieve M by the following

computation:

M = C d mod N.

RSA Algorithm

Bob recieves C from Alice and he now wishes to decrypt the message.1 Bob takes C and and is able to retrieve M by the following

computation:

M = C d mod N.

RSA Algorithm Overview

1 Choose primes p, q ∈ Z.

2 Let N = pq.

3 Choose e ∈ Z such that 0 < e < φ(N) and gcd (e, φ(N)) = 1.

4 Find multiplicative inverse of e, d ≡ e−1 mod φ(N).

5 (e,N) - Public Key.

6 d - Private Key.

7 Take a message M ∈ Z such that M < N.8 Encrypt: C = Me mod N.

C - Ciphertext

9 Decrypt: M = Cd mod N.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

Let e = 23, and note 0 < 23 < 120, and gcd (23, 120) = 1.

Then d = 47, because 47 · 23 ≡ 1 mod 120.

Let our message converted to a number be M = 75.

To find C we compute 7523 mod 143, and find that C = 69, whereC is our ciphertext.

To retrieve our message we compute 6947 mod 143 = 75.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

RSA Example

Let p = 11 and q = 13. Let N = pq = (11)(13) = 143.

Then φ(N) = (11− 1)(13− 1) = (10)(12) = 120.

Eisenstein Integers

The Eisenstein integers can be described as the set

Z[ω] =

{a + bω : a, b ∈ Z, ω =

−1 + i√

Lemma (1)

ω2 = ω:

(−1 + i

)(−1 + i

1 + i2(3)− i√

3− i√

=−2− 2i

=−1− i

Eisenstein Integers

The Eisenstein integers can be described as the set

Z[ω] =

{a + bω : a, b ∈ Z, ω =

−1 + i√

Lemma (1)

ω2 = ω:

(−1 + i

)(−1 + i

1 + i2(3)− i√

3− i√

=−2− 2i

=−1− i

Eisenstein Integers

Lemma (2)

ω2 + ω + 1 = 0

Lemma (3)

ωω = ωω2 = ω3 = 1

Lemma (4)

ω = −1− ω.Proof. From Lemma 2 we have ω2 + ω + 1 = 0, and from Lemma 1 wehave that ω2 = ω. So we simply substitute:

ω2 + ω + 1 = 0 =⇒ ω + ω + 1 = 0

=⇒ ω = −1− ω �

Eisenstein Integers

Lemma (2)

ω2 + ω + 1 = 0

Lemma (3)

ωω = ωω2 = ω3 = 1

Lemma (4)

ω2 + ω + 1 = 0 =⇒ ω + ω + 1 = 0

=⇒ ω = −1− ω �

Eisenstein Integers

Lemma (2)

ω2 + ω + 1 = 0

Lemma (3)

ωω = ωω2 = ω3 = 1

Lemma (4)

ω2 + ω + 1 = 0 =⇒ ω + ω + 1 = 0

=⇒ ω = −1− ω �

Z[ω] forms a Euclidean Domain

The next thing we want to show is that Z[ω] forms a Euclidean domain.

Why do we care?

ED =⇒ UFD (Unique Factorization) [2]Division AlgorithmModular Arithmetic

Things we need for RSA.

Why do we care?

ED =⇒ UFD (Unique Factorization) [2]

Division AlgorithmModular Arithmetic

Why do we care?

ED =⇒ UFD (Unique Factorization) [2]Division Algorithm

Modular Arithmetic

Why do we care?

Definition

Given α = a + bω ∈ Z[ω],Define N : Z[ω]\{0} → Z : α 7→ N(α) = αα = a2 − ab + b2.

Theorem

Given α, β ∈ Z[ω], then the norm function is multiplicative.

N(αβ) = N(α)N(β)

Theorem (4)

Given α, β ∈ Z[ω], there exists u, v ∈ Q such that β/α = u + vω.

Definition

Theorem

Theorem (4)

Definition

Theorem

Theorem (4)

We now have what we need to prove that Z[ω] forms a Euclidean Domain.

Theorem

Z[ω] forms a Euclidean Domain under the norm N(a+ bω) = a2− ab + b2.

We now have what we need to prove that Z[ω] forms a Euclidean Domain.

Theorem

Z[ω] forms a Euclidean Domain under the norm N(a+ bω) = a2− ab + b2.

Primes in Z[ω]

The only units of Z[ω] are ±1,±ω, and ±ω2. (ie. The only numbers inZ[ω] such that the the norm is equal to 1).

N(±1 + 0ω) = 12 − 1(0) + 02 = 1

N(0± ω) = 02 − 0(1) + 12 = 1

N(0± ω2) = N(−1− ω) = N(1 + ω) = 12 − 1(1) + 12 = 1

Recall, Lemma 3 implies that ω2 = −1− ω and −ω2 = 1 + ω.

Definition

An Eisenstein prime is a number that cannot be expressed as a product ofother Eisenstein integers. The only factors are itself, its conjugate, and theunits ±1,±ω,±ω2.

Primes in Z[ω]

The only units of Z[ω] are ±1,±ω, and ±ω2. (ie. The only numbers inZ[ω] such that the the norm is equal to 1).

N(±1 + 0ω) = 12 − 1(0) + 02 = 1

N(0± ω) = 02 − 0(1) + 12 = 1

N(0± ω2) = N(−1− ω) = N(1 + ω) = 12 − 1(1) + 12 = 1

Recall, Lemma 3 implies that ω2 = −1− ω and −ω2 = 1 + ω.

Definition

An Eisenstein prime is a number that cannot be expressed as a product ofother Eisenstein integers. The only factors are itself, its conjugate, and theunits ±1,±ω,±ω2.

Primes in Z[ω]

Primes in Z[ω] fall into one of three categories:

1 (1− ω), often considered the loneliest prime.2 Positive prime integers x ∈ Z, such that x ≡ 2 mod 3.

Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }3 Complex numbers α = a + bω where N(α) is prime in Z and

N(α) ≡ 1 mod 3.

Example: N(2 + 3ω) = 7 ≡ 1 mod 3, so 2 + 3ω is prime in Z[ω]. But7 = (2− ω)(2− ω2), and hence 7 is not prime in Z[ω].

Why do we care? RSA.

Primes in Z[ω]

1 (1− ω), often considered the loneliest prime.

2 Positive prime integers x ∈ Z, such that x ≡ 2 mod 3.

N(α) ≡ 1 mod 3.

Primes in Z[ω]

N(α) ≡ 1 mod 3.

Primes in Z[ω]

Example: {2, 5, 11, 17, 23, 29, 41, 47, 53, 59, 71, 83, 89, 101, . . . }

3 Complex numbers α = a + bω where N(α) is prime in Z andN(α) ≡ 1 mod 3.

Primes in Z[ω]

N(α) ≡ 1 mod 3.

Primes in Z[ω]

N(α) ≡ 1 mod 3.

Primes in Z[ω]

N(α) ≡ 1 mod 3.

Why do we care?

Primes in Z[ω]

N(α) ≡ 1 mod 3.

GCD in Z[ω]

We also need to be able to take the greatest common divisor of twoEisenstein integers in order to have an RSA cryptosystem.

Example: We will take the gcd (4 + 5ω, 5 + 7ω). First we take the norm ofboth, from this we can determine if either of them are prime.

N(5 + 7ω) = 52 − 5(7) + 72

= 25− 35 + 49

= −10 + 49

N(4 + 5ω) = 42 − 4(5) + 52

= 16− 20 + 25

= −4 + 24

And neither 39 nor 21 are prime in Z, hence they are not prime in Z[ω].

GCD in Z[ω]

We also need to be able to take the greatest common divisor of twoEisenstein integers in order to have an RSA cryptosystem.Example: We will take the gcd (4 + 5ω, 5 + 7ω).

First we take the norm ofboth, from this we can determine if either of them are prime.

N(5 + 7ω) = 52 − 5(7) + 72

= 25− 35 + 49

= −10 + 49

N(4 + 5ω) = 42 − 4(5) + 52

= 16− 20 + 25

= −4 + 24

GCD in Z[ω]

We also need to be able to take the greatest common divisor of twoEisenstein integers in order to have an RSA cryptosystem.Example: We will take the gcd (4 + 5ω, 5 + 7ω). First we take the norm ofboth, from this we can determine if either of them are prime.

N(5 + 7ω) = 52 − 5(7) + 72

= 25− 35 + 49

= −10 + 49

N(4 + 5ω) = 42 − 4(5) + 52

= 16− 20 + 25

= −4 + 24

GCD in Z[ω]

We also need to be able to take the greatest common divisor of twoEisenstein integers in order to have an RSA cryptosystem.Example: We will take the gcd (4 + 5ω, 5 + 7ω). First we take the norm ofboth, from this we can determine if either of them are prime.

N(5 + 7ω) = 52 − 5(7) + 72

= 25− 35 + 49

= −10 + 49

N(4 + 5ω) = 42 − 4(5) + 52

= 16− 20 + 25

= −4 + 24

GCD in Z[ω]

Now we take the integer with the larger norm divide it by the integer withthe smaller norm.

5 + 7ω

4 + 5ω=

5 + 7ω

4 + 5ω

(4 + 5ω

4 + 5ω

(5 + 7ω)(4 + 5ω)

16 + 25(1) + 20ω + 20ω

=(5 + 7ω)(4 + 5ω)

41 + 20(ω + ω2)

=(5 + 7ω)(4 + 5ω)

41 + 20(−1)

=20 + 35ωω + 28ω + 25ω

=20 + 35 + 28ω + 25(−1− ω)

=55 + 28ω − 25− 25ω

=30 + 3ω

21= 1.42 + 0.14ω

GCD in Z[ω]

5 + 7ω

4 + 5ω=

5 + 7ω

4 + 5ω

(4 + 5ω

4 + 5ω

(5 + 7ω)(4 + 5ω)

16 + 25(1) + 20ω + 20ω

=(5 + 7ω)(4 + 5ω)

41 + 20(ω + ω2)

=(5 + 7ω)(4 + 5ω)

41 + 20(−1)

=20 + 35ωω + 28ω + 25ω

=20 + 35 + 28ω + 25(−1− ω)

=55 + 28ω − 25− 25ω

=30 + 3ω

21= 1.42 + 0.14ω

GCD in Z[ω]

5 + 7ω

4 + 5ω=

5 + 7ω

4 + 5ω

(4 + 5ω

4 + 5ω

(5 + 7ω)(4 + 5ω)

16 + 25(1) + 20ω + 20ω

=(5 + 7ω)(4 + 5ω)

41 + 20(ω + ω2)

=(5 + 7ω)(4 + 5ω)

41 + 20(−1)

=20 + 35ωω + 28ω + 25ω

=20 + 35 + 28ω + 25(−1− ω)

=55 + 28ω − 25− 25ω

=30 + 3ω

21= 1.42 + 0.14ω

GCD in Z[ω]

We now take the closest integer values of 1.42 and 0.14,

[1.42] = 1

[0.14] = 0

So we let our quotient q = 1 + 0ω. We now have that

5 + 7ω = (4 + 5ω)(1) + r =⇒ r = (5 + 7ω)− (4 + 5ω)

therefore, r = 1 + 2ω.Hence,

5 + 7ω︸︷︷︸a

= (4 + 5ω︸︷︷︸b

)( 1︸︷︷︸q

) + (1 + 2ω︸︷︷︸r

GCD in Z[ω]

[1.42] = 1

[0.14] = 0

5 + 7ω = (4 + 5ω)(1) + r =⇒ r = (5 + 7ω)− (4 + 5ω)

5 + 7ω︸︷︷︸a

= (4 + 5ω︸︷︷︸b

)( 1︸︷︷︸q

) + (1 + 2ω︸︷︷︸r

GCD in Z[ω]

[1.42] = 1

[0.14] = 0

5 + 7ω = (4 + 5ω)(1) + r =⇒ r = (5 + 7ω)− (4 + 5ω)

therefore, r = 1 + 2ω.

Hence,

5 + 7ω︸︷︷︸a

= (4 + 5ω︸︷︷︸b

)( 1︸︷︷︸q

) + (1 + 2ω︸︷︷︸r

GCD in Z[ω]

[1.42] = 1

[0.14] = 0

5 + 7ω = (4 + 5ω)(1) + r =⇒ r = (5 + 7ω)− (4 + 5ω)

5 + 7ω︸︷︷︸a

= (4 + 5ω︸︷︷︸b

)( 1︸︷︷︸q

) + (1 + 2ω︸︷︷︸r

GCD in Z[ω]

Now we must find q1 and r1 such that

4 + 5ω = (1 + 2ω)q1 + r1.

So we rinse and repeat. We divide 4 + 5ω by 1 + 2ω, and omitting thealgebra we end up with

4 + 5ω

1 + 2ω= 2− ω

which implies that

4 + 5ω = (1 + 2ω)(2− ω) + 0

and therefore, gcd(5 + 7ω, 4 + 5ω) = 1 + 2ω.

GCD in Z[ω]

4 + 5ω = (1 + 2ω)q1 + r1.

4 + 5ω

1 + 2ω= 2− ω

which implies that

4 + 5ω = (1 + 2ω)(2− ω) + 0

GCD in Z[ω]

4 + 5ω = (1 + 2ω)q1 + r1.

4 + 5ω

1 + 2ω= 2− ω

which implies that

4 + 5ω = (1 + 2ω)(2− ω) + 0

Generalized GCD Algorithm in Z[ω]

1 Take two numbers α, β ∈ Z[ω], where α 6= 0.

2 If α|β, then gcd (α, β) = α.1 If α 6 |β, then ∃u, v ∈ Q such that β/α = u + vω (Theorem 4).2 Let a = [u] and b = [v ] (ie. The closest integer value of u and v).3 Let r = β − (a + bω)α.4 Then β = α(a + bω) + r .

If ri = 0, then our GCD is ri−1. If ri 6= 0, we repeat the process untilri = 0.

Observe that this is very similar to the Euclidean Algorithm in Z.

1 Take two numbers α, β ∈ Z[ω], where α 6= 0.2 If α|β, then gcd (α, β) = α.

1 If α 6 |β, then ∃u, v ∈ Q such that β/α = u + vω (Theorem 4).2 Let a = [u] and b = [v ] (ie. The closest integer value of u and v).3 Let r = β − (a + bω)α.4 Then β = α(a + bω) + r .

1 If α 6 |β, then ∃u, v ∈ Q such that β/α = u + vω (Theorem 4).

2 Let a = [u] and b = [v ] (ie. The closest integer value of u and v).3 Let r = β − (a + bω)α.4 Then β = α(a + bω) + r .

1 If α 6 |β, then ∃u, v ∈ Q such that β/α = u + vω (Theorem 4).2 Let a = [u] and b = [v ] (ie. The closest integer value of u and v).

3 Let r = β − (a + bω)α.4 Then β = α(a + bω) + r .

1 If α 6 |β, then ∃u, v ∈ Q such that β/α = u + vω (Theorem 4).2 Let a = [u] and b = [v ] (ie. The closest integer value of u and v).3 Let r = β − (a + bω)α.

4 Then β = α(a + bω) + r .

Eulers φ function in Z[ω]

Wait for Paul!

Conclusion

Can we have an RSA cryptosystem using Eisenstein integers?

Is it any more secure than RSA using using regular integers?

Probably not, however more time and research would be needed to givea completely accurate assessment.

What did I learn?

More about Z[ω] than I ever thought I would, and lots of Algebra.

Conclusion

What did I learn?

Conclusion

What did I learn?

Conclusion

What did I learn?

Conclusion

What did I learn?

Conclusion

What did I learn?

Future Work

Develop a fully functioning RSA cryptosystem using Eisenstein integers inMaple.

References

[1] R. Rivest, A. Shamir, and L. Adleman. A method for obtainingdigital signatures and public-key cryptosystems, Communications ofthe ACM. 21 (2): 120-126. 1978.

[2] Cameron, Peter J. Introduction to Algebra, Oxford UniversityPress, USA. 2008.

RSA and Eisenstein Integers

Documents

Transcript of RSA and Eisenstein Integers