Randomized Algorithm & Public Key Cryptography Binhai Zhu Computer Science Department, Montana State University Frequently, presenters must deliver material of a technical nature to an audience unfamiliar with the topic or vocabulary. The material may be complex or heavy with detail. To present technical material effectively, use the following guidelines from Dale Carnegie Training®.   Consider the amount of time available and prepare to organize your material. Narrow your topic. Divide your presentation into clear segments. Follow a logical progression. Maintain your focus throughout. Close the presentation with a summary, repetition of the key steps, or a logical conclusion. Keep your audience in mind at all times. For example, be sure data is clear and information is relevant. Keep the level of detail and vocabulary appropriate for the audience. Use visuals to support key points or steps. Keep alert to the needs of your listeners, and you will have a more receptive audience. 5/21/2019

Randomized Algorithm How to flip a coin? 5/21/2019

Randomized Algorithm How to flip a coin? Easy. But the interesting part is that this kind of simple idea can help us designing algorithms. 5/21/2019

Randomized Algorithm How to flip a coin? Easy. But the interesting part is that this kind of simple idea can help us designing algorithms. Example. Quicksort. 5/21/2019

Randomized Algorithm How to flip a coin? Easy. But the interesting part is that this kind of simple idea can help us designing algorithms. Example. Quicksort. In designing randomized algorithms, you can assume that we will toss a dice which can have many faces. (With a coin, it is a dice with 2 faces.) 5/21/2019

Assistant Hiring Problem Suppose that you are assigned the job to interview and hire an office assistant, the rule is that the current best candidate will be hired. Assume that the cost to interview a candidate is Ci and the cost to hire a candidate is Ch (typically Ch >> Ci). What would you do? 5/21/2019

Assistant Hiring Problem Assume that the cost to interview a candidate is Ci and the cost to hire a candidate is Ch (typically Ch >> Ci). What would you do? Easy! Hire-Assistant(n) //1 to n are the candidates 1. best ← 0 2. For i =1 to n interview candidate i If i is better than best then best ← i hire candidate i 5/21/2019

Assistant Hiring Problem Assume that the cost to interview a candidate is Ci and the cost to hire a candidate is Ch (typically Ch >> Ci). What would you do? Easy! Hire-Assistant(n) //1 to n are the candidates 1. best ← 0 2. For i =1 to n interview candidate i If i is better than best then best ← i hire candidate i What is the total cost of this algorithm? 5/21/2019

Assistant Hiring Problem Assume that the cost to interview a candidate is Ci and the cost to hire a candidate is Ch (typically Ch >> Ci). What would you do? Easy! Hire-Assistant(n) //1 to n are the candidates 1. best ← 0 2. For i =1 to n interview candidate i If i is better than best then best ← i hire candidate i What is the total cost of this algorithm? If m candidates are hired, the total cost is O(nCi+mCh). As n, Ci, Ch are all constants, m is the crucial parameter! 5/21/2019

Assistant Hiring Problem As m = n in the worst case, the worst case running time of Hire-Assistant(-) is O(n(Ci+Ch)). But intuitively this can’t be true in reality — it would be insane to hire all the candidates! What can we do? 5/21/2019

Assistant Hiring Problem As m = n in the worst case, the worst case running time of Hire-Assistant(-) is O(n(Ci+Ch)). But intuitively this can’t be true in reality — it would be insane to hire all the candidates! What can we do? Analyze the behavior of m, with a randomized algorithm! 5/21/2019

Assistant Hiring Problem An algorithm is randomized if its behavior is determined not only by input but also by random numbers. 5/21/2019

Assistant Hiring Problem An algorithm is randomized if its behavior is determined not only by input but also by random numbers. Randomized-Hire-Assistant(n) 0. Randomly permute the list of candidates 1. best ← 0 2. For i =1 to n 3. interview candidate i 4. If i is better than best 5. then best ← i 6. hire candidate i 5/21/2019

Indicator Random Variable I{A} I{A} = 1, if event A occurs. I{A} = 0, if event A does not occur. //let A- be the complement of A Lemma. Given a sample space S and an event A in the sample space, let XA=I{A}. Then E{XA}=Pr{A}. 5/21/2019

Indicator Random Variable I{A} I{A} = 1, if event A occurs. I{A} = 0, if event A does not occur. //let A- be the complement of A Lemma. Given a sample space S and an event A in the sample space, let XA=I{A}. Then E{XA}=Pr{A}. Proof. E{XA} = E[I{A}] = 1 x Pr{A} + 0 x Pr{A-} = Pr{A}. 5/21/2019

Indicator Random Variable I{A} I{A} = 1, if event A occurs. I{A} = 0, if event A does not occur. //let A- be the complement of A Lemma. Given a sample space S and an event A in the sample space, let XA=I{A}. Then E{XA}=Pr{A}. Example. Let’s look at flipping n coins. Yi — random variable denoting the outcome of the i-th flip Xi — I{Yi=H} X — random variable denoting the total number of HEADs in n coin flipping What is E[X]? 5/21/2019

Indicator Random Variable I{A} Lemma. Given a sample space S and an event A in the sample space, let XA=I{A}. Then E{XA}=Pr{A}. Example. Let’s look at flipping n coins. Yi — random variable denoting the outcome of the i-th flip Xi — I{Yi=H} X — random variable denoting the total number of HEADs in n coin flipping What is E[X]? X = Σ i=1 to n Xi, so E[X] = E [Σ i=1 to n Xi ] = Σ i=1 to n E[Xi] = Σ i=1 to n Pr[event Xi occurs] = Σ i=1 to n ½ = n/2 5/21/2019

Analysis of Randomized-Hire-Assistant Xi = I{candidate i is hired}; i.e., Xi=1 if and only if i is hired. X = Σ i=1 to n Xi What is E[X]? E[X] = E [Σ i=1 to n Xi ] = Σ i=1 to n E[Xi] = Σ i=1 to n Pr[candidate i is hired occurs] //is the best = Σ i=1 to n 1/i = 1 + ½ + 1/3 + …+ 1/n = O(log n). The answer is natural, as log n << n. 5/21/2019

Public Key Cryptography Private Key Cryptography is easy: everybody keeps a secret key for your email account. But this is not efficient when you (e.g., a bank) need to communicate with many people. 5/21/2019

Public Key Cryptography Private Key Cryptography is easy: everybody keeps a secret key for your email account. But this is not efficient when you (e.g., a bank) need to communicate with many people. The idea is that everybody maintains two keys, a private one and a public one. When Alice sends a message M to Bob, Alice encrypts the message using Bob’s public key PB, sends PB(M) to Bob and Bob decrypts it using his own private key SB, i.e., SB(PB(M))=M. (The tricky part is that you can’t decrypt the message using PB.) 5/21/2019

Public Key Cryptography Another application is called Digital Signatures, you want to know the message you have received is from the true party from whom you are expecting a message. The idea is again that everybody maintains two keys, a private one and a public one. When Alice sends a digital signature to Bob, Alice encrypts the signature M’ using her secret key SA, i.e., δ=SA(M’), sends (δ,M’) to Bob and Bob decrypts δ using Alice’s public key PA and verify whether PA(δ)=M’ or not. If not, then Bob can claim that the Alice who sends the signature is a fake. 5/21/2019

Public Key Cryptography Another application is called Digital Signatures, you want to know the message you have received is from the true party from whom you are expecting a message. The idea is again that everybody maintains two keys, a private one and a public one. When Alice sends a digital signature to Bob, Alice encrypts the signature M’ using her secret key SA, i.e., δ=SA(M’), sends (δ,M’) to Bob and Bob decrypts δ using Alice’s public key PA and verify whether PA(δ)=M’ or not. If not, then Bob can claim that the Alice who sends the signature is a fake. PA(SA(M))=SA(PA(M))=M is the foundation for the whole public key system! 5/21/2019

Public Key Cryptography Q: All these sound like fairy tales, how can it work? A: Mathematics! 5/21/2019

Public Key Cryptography Q: All these sound like fairy tales, how can it work? A: Mathematics! Of course, most of you are probably not at the level to understand the proofs yet. But let’s at least see a working algorithm. 5/21/2019

RSA Public Key Cryptography Select two large random prime numbers p,q (>1000 bits). n = pq. Select a small odd integer e that is relative prime to (p-1)(q-1). Find d such that de = 1 (mod (p-1)(q-1)). Create keys, public key: (e,n), secret key: (d,n) P(M) = Me(mod n) S(C) = Cd (mod n) 5/21/2019

RSA Public Key Cryptography Select two large random prime numbers p,q (>1000 bits). n = pq. Select a small odd integer e that is relative prime to (p-1)(q-1). Find d such that de = 1 (mod (p-1)(q-1)). Create keys, public key: (e,n), secret key: (d,n) P(M) = Me(mod n) S(C) = Cd (mod n) Example: p=11,q=29,n=319 (p-1)(q-1)=280 e=3 5/21/2019

RSA Public Key Cryptography Select two large random prime numbers p,q (>1000 bits). n = pq. Select a small odd integer e that is relative prime to (p-1)(q-1). Find d such that de = 1 (mod (p-1)(q-1)). Create keys, public key: (e,n), secret key: (d,n) P(M) = Me(mod n) S(C) = Cd (mod n) Example: p=11,q=29,n=319 (p-1)(q-1)=280 e=3 d=187 5/21/2019

RSA Public Key Cryptography Select two large random prime numbers p,q (>1000 bits). n = pq. Select a small odd integer e that is relative prime to (p-1)(q-1). Find d such that de = 1 (mod (p-1)(q-1)). Create keys, public key: (e,n), secret key: (d,n) P(M) = Me(mod n) S(C) = Cd (mod n) Mde = Med = M (mod n) is the core of the proof. 5/21/2019