P vs. NP, AKS, RSA: The Acronyms of Mathematics Awareness Month Emily List Wittenberg University s07.elist@wittenberg.edu Thank you for the introduction and thank you for the University of Akron and the section meeting for giving me the opportunity to speak.

April 2006: Mathematics Awareness Month “Mathematics and Internet Security” Every April since 1986 the Joint Policy Board of Mathematics has sponsored mathematics awareness month. This year the theme is “Mathematics and Internet Security” To address this topic I will be speaking specifically on the P vs NP problem and how it relates to the RSA cryptosystem. The RSA cryptosystem is the system that allows us to send credit card numbers and other sensitive information across the internet securely. First we will begin by defining what p and np problems are.

Definitions P: yes or no decision problems that can be solved by an algorithm that runs in polynomial time. Polynomial time: the number of steps needed to solve a problem can be expressed as a function . Where x is the size of the input and n is a constant. Example of a P problem: adding two n digit numbers together…it only takes n steps. These algorithms are said to be feasible. There is a qualitative difference between polynomial time and superpolynomail time (anything that is larger than polynomial time) Mathematicians and Computer scientists are always looking for algorithms that run in polynomial time for problems we don’t have one for yet.

What’s so great about polynomial time? Running time of algorithm t(n) Maximum size solvable in 1 second n N0=100 million 100 N0 1000 N0 100n N1=1 million 100 N1 1000 N1 n2 N2=10,000 10 N2 31.6 N2 n3 N3=464 4.64 N3 10 N3 2n N4=26 N4+6.64 N4+9.97 Current computer 100 times faster 1000 times faster This table shows the qualitative difference between polynomial and superpolynomial time. Talk about the first column and how it relates to the second column. And then how the third and the fourth really show the most dramatic difference: when computers get faster polynomial running time increases by a factor, while super polynomial time only increases by an additive constant. Ramachandran, Vijaya. P versus NP

Definitions Continued NP: a problem that can be verified using an algorithm that runs in polynomial time IMPORTANT: This does not mean “not polynomial time” -All P problems are NP -example of a problem that is NP but not known to be P: factoring a large number. If we have the factors it’s easy to verify that they are factors, but it is sometimes hard to find those factors. Easy way to think about it: jigsaw puzzle, minesweeper game It’s also important to note that these are by no means the “hardest” of all problems, there are other types of problems that cannot be talked about in this way that are harder.

What would a solution to P = NP? look like? or The big question is: Is P = NP? These are what the two solutions to that question would look like. NP P

Why is P vs NP important? Clay Mathematics Institute: $1,000,000 prize Internet security implications Public Key Encryption Whitfield Diffie and Martin Hellman, 1976 Whitfiled Diffie and Martin Hellman— RSA public-key cryptosystem Ronald Rivest, Adi Shamir, and Leonard Aldeman, 1977

RSA Encryption Uses a function that is NP but not known to be P to encrypt information. Fermat’s Little Theorem: Let a and p be integers such that p is prime and gcd(a, p) =1, then

Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m. Proof.

Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m. Proof. ef = (p-1)(q-1)k + 1 By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km.

Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m. Proof. ef = (p-1)(q-1)k + 1 By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km. Then by Fermat’s little theorem: (m(p-1))(q-1)k 1 (me)f m(p-1)(q-1)km m (mod p)

Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m. Proof. ef = (p-1)(q-1)k + 1 By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km. Then by Fermat’s little theorem: (m(p-1))(q-1)k 1 (me)f m(p-1)(q-1)km m (mod p) Similarly, (me)f m(p-1)(q-1)km m (mod q).

Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m. Proof. ef = (p-1)(q-1)k + 1 By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km. Then by Fermat’s little theorem: (m(p-1))(q-1)k 1 (me)f m(p-1)(q-1)km m (mod p) Similarly, (me)f m(p-1)(q-1)km m (mod q). Therefore, by the Chinese Remainder Theorem we have (me)f (mod n) m.

RSA Example We want to encrypt the number 17: Necessary Information Where is comes from What it is for this example p,q prime p=67 q=89 n pq 5963 Φ(n) Number of integers less than n that are relatively prime to n . (p-1)(q-1) 5808 e,f e,f >1 such that e = 37 f = 157 We want to encrypt the number 17: xe(mod n) 1716(mod 5963) 5064 To decrypt: 5064f (mod 5963) 5064157 17

Why is RSA secure? It’s nearly impossible to find f without the factors of n. Since we do not have an algorithm that runs in polynomial time to find factorizations, finding the factors n is nearly impossible. Figure out what to put on this slide.

Is this number prime, if so what are it’s factors? 203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123

Sieve of Eratosthenes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100

Sieve of Eratosthenes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100

Sieve of Eratosthenes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100

Sieve of Eratosthenes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100

Does the Sieve of Eratosthenes run in polynomial time? Why not? For a number with N digits, the number of steps the sieve needs is [10N]1/2 which is exponential. Figure out what sieve isn’t P so I can explain it better.

“Primes” is in P In 2002, Manindra Agrawal, Neeraj Kayal and Nitin Saxena came up with an algorithm that runs in polynomial and give the primality of a number. “This algorithm is beautiful” Carl Pomerance “The proof is simple, elegant and beautiful” R. Balasubramanian Practice pronouncing names!!, uses “relatively” simple math—it doesn’t use the eliptic curves that people were thinking was necessary.

AKS Algorithm From “PRIMES is in P” This algorithm DOES NOT attempt to factor the number n at all, this is different from many of the other previous attempts. From “PRIMES is in P”

Explanation of AKS Lemma 2.1 Let a be an integer, n is a natural number, n > 2 and gcd(a,n)=1. Then n is prime iff (X+ a)n Xn +a(mod n). Proof. By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i .

Explanation of AKS Lemma 2.1 Let a be an integer, n is a natural number, n > 2 and gcd(a,n)=1. Then n is prime iff (X+ a)n Xn +a(mod n). Proof. By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i . Suppose n is prime. Then 0 (mod n) and hence all of the coefficients are zero.

Explanation of AKS Lemma 2.1 Let a be an integer, n is a natural number, n > 2 and gcd(a,n)=1. Then n is prime iff (X+ a)n Xn +a(mod n). Proof. By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i . Suppose n is prime. Then 0 (mod n) and hence all of the coefficients are zero. Suppose n is composite. Consider a prime q that is a factor of n and let qk divide n, but qk+1 does not. Then qk does not divide and gcd( an-q, qk) =1 Hence, the coefficient of Xq is not zero (mod n). Therefore (X+a)n Xn +a (mod n).

Does AKS ruin RSA? Why not? NO!! AKS does not factor a number, it only tells us if it is prime or not. RSA is secure as long as we don’t have an algorithm that can factor in polynomial time.

Acknowledgements Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. PRIMES is in P. (http://www.cse.iitk.ac.in/news/primality_v3.ps), Februaruy 2003. P vs NP Problem. Clay Mathematics Institute, (http://www.claymath.org/millennium/P_vs_NP/) Ramachandran, Vijaya. P versus NP. University of Texas Lectures on the Millennium Prize Problems, May 2001. (http://www.claymath.org/video/) Stewart, Ian. Ian Stewart on Minesweeper. Clay Mathematics Institute, (http://www.claymath.org/Popular_Lectures/Minesweeper) Kaliski, Burt. The Mathematics of the RSA Public-Key Cryptosystem. RSA Laboratories. Polynomial time. Wikipedia, (http://en.wikipedia.org/wiki/Polynomial _time)