Scribd
Upload
277 views9 pages

Chinese Remainder Theorem in Cryptography

The document discusses the Chinese Remainder Theorem (CRT) and discrete logarithms. It explains that CRT allows solving systems of equations modulo different moduli more efficiently by working separately in each moduli. It provides the procedure and an example of using CRT. It also discusses some extensions of CRT to non-co-prime moduli. It then introduces discrete logarithms, which are the inverse problem of exponentiation, and notes that while exponentiation is easy, finding discrete logarithms is generally hard.

Uploaded by

Fake Account
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
277 views9 pages

Chinese Remainder Theorem in Cryptography

The document discusses the Chinese Remainder Theorem (CRT) and discrete logarithms. It explains that CRT allows solving systems of equations modulo different moduli more efficiently by working separately in each moduli. It provides the procedure and an example of using CRT. It also discusses some extensions of CRT to non-co-prime moduli. It then introduces discrete logarithms, which are the inverse problem of exponentiation, and notes that while exponentiation is easy, finding discrete logarithms is generally hard.

Uploaded by

Fake Account
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Cryptography and Information Security

Fall, 2002

Module 2
Chinese Remainder Theorem,
Discrete Logarithms
Chinese Remainder Theorem (CRT) –
Why ?

• used to speed up modulo computations


• working modulo a product of numbers
– eg. mod M = m1m2..mk
• Chinese Remainder theorem lets us work in
each moduli mi separately
• since computational cost is proportional to
size, this is faster than working in the full
modulus M
CRT
• If there is a set of different argument equations, where one
variable is consistent with different moduli, which are
relatively prime, then CRT states that the variable has a
unique solution for all the moduli.
• x mod m1 =a1
• x mod m2=a2
• ….x mod mk=ak
• x=(a1*M1*M-1 + a2*M2*M-2 +…..+ ak*Mk*M-k ) mod M
• provided gcd(mi,mj)=1 for all i,j from 1 to k and i != j
Procedure to solve using CRT
• Step 1: Extract / calculate m1, m2,……mk
• Step 2: M= m1*m2*m3*…..*mk
• Step 3: Mi=M/mi  M1=M/m1, M2=M/m2 …….
• Step 4: Extract / calculate a1,a2,…….ak
• Step 5: Calculate Mi-1 for all i=1 to k
• Step6: Calculate x=(a1*M1*M-1 + a2*M2*M-2 +…..+
ak*Mk*M-k ) mod M
Example
• x mod 3=2, x mod 5=3, x mod 7 =2. Solve x.
ai mi M Mi Mi-1
2 3 105 35 2
3 5 21 1
2 7 15 1

• M=m1*m2*m3= 105
• M1=105/m1=35, M2=105/m2=21, M3=105/m3=15
• M1. M-1 mod m1 =1  35*M-1 mod 3 = 1  M-1 = 2
• M2. M-2 mod m2 =1  21*M-2 mod 5 = 1  M-2 = 1
• M3. M-3 mod m3 =1  15*M-3 mod 7 = 1  M-3 = 1
• x=(a1*M1*M-1 + a2*M2*M-2 +a3*M3*M-3 ) mod M
• x=(2*35*2 + 3*21*1 + 2*15*1) mod 105  233 mod 105
• X = 23
CRT with non co-prime moduli
• If there is a set of different argument equations, where one
variable is consistent with different moduli, then CRT states that
the variable has a unique solution for all the moduli.
• x mod m1 =a1
• x mod m2=a2
• ….x mod mk=ak
• where gcd(mi,mj)=1 might not be true for all I,j, but
• gcd([Link]) divides ai-aj for all 1<=I,j,<=k, I !=j
• Moreover, if a solution exists, then it is uniquely modulo L ( where
L = lcm(m1,m2,..mk) ).
• Modifications required are find new set of ni from 1 to k , s.t. they
are co-prime to each other and L=n1*n2*…..*nk
• Generate sj, for all j 1 to k, s.t. sj (mod L/nj)=0 AND sj (mod nj)=1
• Solve x=(a1*s1+ a2*s2+…..+ak*sk)
Primitive Roots
• from Euler’s theorem have aø(n)mod n=1
• consider ammod n=1, GCD(a,n)=1
– must exist for m= ø(n) but may be smaller
– once powers reach m, cycle will repeat
• if smallest is m= ø(n) then a is called a
primitive root
• if p is prime, then successive powers of a
"generate" the group mod p
• these are useful but relatively hard to find
Discrete Logarithms
• the inverse problem to exponentiation is to find
the discrete logarithm of a number modulo p
• that is to find x where ax = b mod p
• written as x=loga b mod p or x=dloga,p(b)
• if a is a primitive root then always exists,
otherwise may not
– x = log3 4 mod 13 (x st 3x = 4 mod 13) has no answer
– x = log2 3 mod 13 = 4 by trying successive powers
• whilst exponentiation is relatively easy, finding
discrete logarithms is generally a hard problem
Simple Example
• If we take a prime number, 7 and one of its primitive root, say,
5
• 5x mod 7 can be calculated easily, if x is given
• However, if 5x mod 7 =3 is given, finding x is difficult, as one
has to try out 7-1=6 cases to substitute x and get the unique
remainder as 7. This is true, as the primitive root of a prime
number n will generate n-1 unique remainder values. X=5
• If the prime number n is very large, it becomes practically
impossible to try out the n-1 computations to get to the
answer.

You might also like