Tuesday, 27 April Number-Theoretic Algorithms Chapter 31 UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2010 Tuesday, 27 April Number-Theoretic Algorithms Chapter 31

Chapter Dependencies Math: Number Theory Ch 31 Number-Theoretic Algorithms RSA You’re responsible for material in this chapter that we discuss in lecture. (Note that this does not include sections 31.8 or 31.9.)

Overview Motivation: RSA Basics Euclid’s GCD Algorithm Chinese Remainder Theorem Powers of an Element RSA Details

Motivation: RSA

RSA Encryption 31.5 source: 91.503 textbook Cormen et al.

RSA Digital Signature 31.6 ? assume Alice also sends her name so Bob knows whose public key to use source: 91.503 textbook Cormen et al.

RSA Cryptosystem + EXAMPLE encode decode to be explained later…. (31.19)* (31.26) source: 91.503 textbook Cormen et al., 3rd edition to be explained later…. (31.20) (31.35) Assume M < n (31.36) encode need efficient ways to compute P(M), S(C) decode + EXAMPLE

RSA Dependence Correctness: Efficiency: Security: Euler’s f Function Fermat’s Theorem Chinese Remainder Theorem Efficiency: Modular Exponentiation Primality Testing Security: Difficulty of Factoring Large Integers Need to show: see chart of result dependencies on next slide (courtesy of Mark Micire)

with thanks to Mark Micire EUCLID GCD EXTENDED-EUCLID (Eqn. 31.20) 2002 with thanks to Mark Micire

Notes on Primality Testing Efficient primality testing has been goal for > 2,000 years. Early attempts required exponential time. Miller-Rabin (Section 31.8) primality test is a randomized polynomial-time algorithm (1980’s). Agrawal, Kayal, Saxena provided a deterministic polynomial-time algorithm (2002).

Basic Concepts * Indicates that result is on chart of result dependencies

Division & Remainders + EXAMPLE * 31.1 (3.8) source: 91.503 textbook Cormen et al.

Equivalence Class Modulo n (31.1) (31.2) + EXAMPLE source: 91.503 textbook Cormen et al.

Common Divisors + EXAMPLE * * (31.3) (31.4) (31.5) source: 91.503 textbook Cormen et al.

Greatest Common Divisor (31.6) (31.7) (31.8) (31.9) * (31.10) * 31.2 (3.8) + EXAMPLE (31.4) source: 91.503 textbook Cormen et al.

Greatest Common Divisor 31.3 * (31.4) 31.2 31.4 + EXAMPLE source: 91.503 textbook Cormen et al.

Relatively Prime Integers * 31.6 31.2 31.2 + EXAMPLE source: 91.503 textbook Cormen et al.

Relatively Prime Integers 31.7 31.6 * 31.1-6 + EXAMPLE source: 91.503 textbook Cormen et al.

Greatest Common Divisor * 31.9 (31.5) (3.8) (31.4) (31.3) (31.14) (31.15) + EXAMPLE source: 91.503 textbook Cormen et al.

Euclid’s GCD Algorithm

Euclid’s GCD Algorithm * + EXAMPLE Also see Java code on course web site source: 91.503 textbook Cormen et al.

Extended Euclid + EXAMPLE * * (31.16) source: 91.503 textbook Cormen et al.

Chinese Remainder Theorem

Modular Arithmetic source: 91.503 textbook Cormen et al.

Finite Groups Additive group mod 6 Multiplicative group mod 15 31.2 size of this group is 6 size of this group is 8 source: 91.503 textbook Cormen et al. elements relatively prime to n

Finite Groups 31.12 source: 91.503 textbook Cormen et al.

Finite Groups 31.13 31.6 31.12 31.26 source: 91.503 textbook Cormen et al.

Euler’s Phi Function + EXAMPLE * (31.19) source: 91.503 textbook Cormen et al.

Lagrange’s Theorem + EXAMPLE * 31.15 source: 91.503 textbook Cormen et al.

Finite Groups + EXAMPLE * * additive subgroup generated by a 31.17 source: 91.503 textbook Cormen et al. 31.18 31.19 * where k + EXAMPLE

Solving Modular Linear Eq * 31.20 + EXAMPLE (31.4) source: 91.503 textbook Cormen et al.

Solving Modular Linear Eq source: 91.503 textbook Cormen et al. 31.22 31.18 31.24 * + EXAMPLE

Solving Modular Linear Eq * + EXAMPLE 31.26 * source: 91.503 textbook Cormen et al.

Chinese Remainder Theorem 31.27 * (31.23) + EXAMPLE (31.23) (31.24) (31.25) (31.26) source: 91.503 textbook Cormen et al.

Chinese Remainder Theorem Corollary 31.28. If n1, n2, …, nk are pairwise relatively prime and n = n1n2…nk, then, for any integers a1, a2, …, ak, the set of simultaneous equations for i = 1, 2, …, k, has a unique solution modulo n for the unknown x. 31.29 * source: 91.503 textbook Cormen et al.

NumTheory Example. Given the two equations what is a mod 65? Note that 65 = 5•13. The table of moduli wrt 5 and 13 for all integers in Z65. source: 91.503 textbook Cormen et al. & Prof. Pecelli Table can be generated diagonally. 1/1/2019

NumTheory Knowing that find a mod 65. We have source: 91.503 textbook Cormen et al. & Prof. Pecelli Knowing that find a mod 65. We have a1 = 2, n1 = 5 , m1 = n/n1 = 13, a2 = 3, n2 = 13, m2 = n/n2 = 5. We can compute: 1/1/2019

Powers of an Element

Theorems of Euler & Fermat 31.30 * 31.31 * 31.20 source: 91.503 textbook Cormen et al.

Modular Exponentiation * + EXAMPLE Also see Java code on course web site source: 91.503 textbook Cormen et al.

RSA Details

RSA Encryption 31.5 source: 91.503 textbook Cormen et al.

RSA Digital Signature 31.6 ? assume Alice also sends her name so Bob knows whose public key to use source: 91.503 textbook Cormen et al.

RSA Cryptosystem encode decode (31.19) (31.26) source: 91.503 textbook Cormen et al., 3rd edition (31.20) (31.35) (31.36) encode decode need efficient ways to compute P(M), S(C)

RSA Correctness p q by Thm 31.31 (Fermat) (31.37) (31.38) 31.31) p by Thm 31.31 (Fermat) q 31.29 source: 91.503 textbook Cormen et al. 3rd edition