Salman Cheema
9
th
April 2009
Integer
Factorization Problem
Outline
Cryptography & Number Theory
RSA
Integer
Factorization Problem
Complexity
Q&A
2
Private Key Cryptography
Been in use for the last few thousand years.
Everyone uses the same secret
key
for encryption and
decryption.
Issues
Key leaked => broken security.
Impersonation is possible.
How to distribute the key
securely?
Knowledge of the algorithm usually allows an attacker to guess
the key.
3
Public Key Cryptography
Introduced by Diffie & Hellman in 1976.
Most significant paradigm shift in a few thousand years.
Features
Each user has two keys (a public key and a private key)
The algorithm is public knowledge.
Knowledge of the algorithm does not help an attacker.
4
Requirements for PKC
1.
Anyone can quickly encrypt messages for A using his
public key.
2.
Only
A can quickly decrypt messages.
3.
It
must
be hard for anyone else to decrypt messages
intended for A in a reasonable amount of time.
(3) guarantees security.
Also implies the need for computationally hard problems.
5
Number Theory Stuff
Prime Numbers
Integers that have
no positive
factors except
themselves and 1.
Composite Numbers
Integers that
have at least one non

trivial
factor except
themselves and
1.
Co

prime
or Relatively Prime
Two integers a and b are
co

prime
iff
GCD(a, b
)=
1.
GCD(a, b) = Largest integer that completely divides both a
and b.
Euclid’s algorithm can be used to compute GCD.
6
More Number Theory
Euler’s Totient function
ɸ
(n
) =
Count of
numbers < n that are
co

prime
to n
If n is
prime
ɸ
(n
) =
n

1
If n is composite
(e.g. n=p . q)
ɸ
(n
) =
ɸ
(p . q) =
ɸ
(p).
ɸ
(q) = (
p

1
).(
q

1
)
p and q must be co

prime.
Euler’s Theorem
Given a number n,
∀
a
∈
{1, 2, 3,…., n

1}
GCD(a, n)=1
=>
a
ɸ
(n
)
mod n =
1
7
RSA
Invented by Rivest, Shamir & Adleman in 1978.
Public key cryptosystem based on the Integer Factorization
problem.
Very Popular
One of the first to support Digital Signatures.
8
RSA
–
Key Generation
Every user
Picks
two large
random prime numbers (p
, q
)
Computes
n = p . q
Computes
ɸ
(n
) = (p

1
).(
q

1)
Picks
a random integer
e
1 < e <
ɸ
(n)
GCD(
ɸ
(n
),e) =
1
Computes d = e

1
mod
ɸ
(n)
Public Key
=
(n, e)
Secret Key
= (
ɸ
(n),
d
)
9
Encryption/Decryption
Encryption (raise M to the e
th
power in mod n)
C
=
M
e
mod
n
Decryption (raise C to the d
th
power in mod n)
M
=
C
d
mod
n
Works because e & d are inverses
e.d = 1 mod
ɸ
(n) => e.d = 1 + k.
ɸ
(n)
(M
e
)
d
mod n
= (M)
1+ k.
ɸ
(n)
mod n
= M(M
k
)
ɸ
(n)
mod n = M mod n
10
Breaking RSA
Public
knowledge = (n
, e
)
Secret knowledge =
(
ɸ
(n),
d
)
d cannot be computed without knowing
ɸ
(n).
Recall that
d=e

1
mod
ɸ
(n)
An attacker must
compute
ɸ
(n
) given only
n.
Need to factorize n into its prime factors.
11
Integer Factorization
Stated as a search problem
Given an integer
n, find its prime factors.
Brute

force approach
For
∀
2 ≤
s
i
≤ √n,
Verify if s
i
divides n.
Need to consider at most √n numbers for division.
Using k

bits => 2
k/2
possibilities.
Given a 150

bit number and a PFLOPS capable
supercomputer, time needed ≈ 1 year
RSA typically uses ~ 1000 bits for its numbers.
12
Congruence of Squares
To factorize N, choose numbers a, b that satisfy
a
2
≡
b
2
mod N
a
≢
±
b mod N
N divides (a

b)(a+b) but neither (a

b) nor (a+b)
either (a+b) or (a

b) should have a factor in common with N.
Compute GCD(a
±
b, N) to find factor.
The trick is how to quickly come up with suitable a,b.
Most efficient known algorithm is General Number Field Sieve.
For a b

bit integer, runtime is O(e
(c(
∛
b)(
∛
(log b)²)
)
Current Record
: in November 2005, a 640

bit integer was
factored in 5 months. (www.rsalabs.com)
13
Integer Factorization
Integer Factorization as a Decision Problem,
Given two integers A, k
Does there exist a prime number p such that
2 ≤ p ≤ k
p completely divides A.
“YES” instance => we can find a prime number p that
satisfies the above requirements
“NO” instance => we cannot find any prime number that
satisfies above requirements.
14
Complexity
Clearly
Integer Factorization is in
NP.
Witness: An Oracle provides the factor p.
Verify that p is prime AND 2 ≤ p ≤ k
Verify that p is
a factor of n.
Also in Co

NP
Witness: An Oracle provides all prime numbers < k
Verify that each is indeed prime.
Verify that none of them completely divide n.
Integers can be tested for
primality
in polynomial time.
[
Agarwal
et al 2002]
15
Is it NP

Complete?
Unknown
What if it is NP

Complete?
Its complement will be Co

NP Complete.
∀p ∈ NP, p ⇨ Integer Factorization
Therefore NP
⊆
Co

NP
∀p
c
∈ Co

NP, p
c
⇨ (Integer Factorization)
c
Therefore Co

NP
⊆
NP
ergo Co

NP = NP
16
What if it’s not polynomial
Suppose the best possible algorithm for Integer Factorization
is exponential.
It follows that P != NP
A problem exists in NP that does not have a polynomial
algorithm.
But if it is polynomial, tough luck
Cannot say anything about “P=NP?”
Will break RSA in its current form though.
17
Conclusion
Integer Factorization lies in NP, but we don’t know exactly
how hard it is.
The best known algorithm (given classical computers) runs
in exponential time.
In 1994, Peter Shor invented a Quantum Computing
Algorithm for factorization.
Runs in O(b
3
) time and needs O(b) storage for a b

bit
integer.
Tested in 2001 using Quantum Computer with 7 q

bits.
Factorized 15 into 3 and 5.
(Wikipedia)
18
References
Arjen K Lenstra, Integer Factoring, Designs, Codes and
Cryptography, 19, 101
–
128 (2000)
Jorg Rothe, Some Facets of Complexity Theory and
Cryptography: A Five Lecture Tutorial, ACM Computing Surveys,
Vol. 34, No. 4, December 2002, pp. 504
–
549
Manindra Agrawal, Neeraj Kayal, Nitin Saxena, "PRIMES is in P",
Annals of Mathematics
160 (2004), no. 2
RIVEST, R., SHAMIR, A., AND ADLEMAN, L. 1978. A method
for obtaining digital signature and public

key cryptosystems.
Commun. ACM, 21, 2
(Feb.), 120
–
126, pp. 781
–
793
Neal Koblitz, A Course in Number Theory and Cryptography, 2
nd
Edition, Springer

Verlag 1994
19
Questions
20
Comments 0
Log in to post a comment