COM 5336 Cryptography Lecture 7a Primality Testing

Slides:

Advertisements

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Advertisements

PRIMALITY TESTING – its importance for cryptography

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

Cryptography and Network Security

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

Computability and Complexity

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.

Fermat’s Little Theorem (2/24) Theorem (flt). If p is prime and GCD(a, p) = 1, then a p – 1  1 (mod p). Again, this says that in a mod p congruence, we.

Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Notation Intro. Number Theory Online Cryptography Course Dan Boneh

and Factoring Integers (I)

1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

Probabilistic Complexity. Probabilistic Algorithms Def: A probabilistic Turing Machine M is a type of non- deterministic TM, where each non-deterministic.

Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Slides by Adi Akavia.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x

Announcements: 1. Congrats on reaching the halfway point once again! 2. Reminder: HW5 due tomorrow, HW6 due Tuesday after break 3. Term project groups.

Randomized Algorithms Prof. Dr. Th. Ottmann University of Freiburg

K. -C. Yang and J. -L. Lin National Tsing Hua University

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

greatest common divisors and Euclid’s algorithm

Chapter 8 – Introduction to Number Theory Prime Numbers

Cryptography and Network Security Chapter 8. Chapter 8 – Introduction to Number Theory The Devil said to Daniel Webster: "Set me a task I can't carry.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p ． q, where p and q are distinct primes Proposed.

Topic 18: RSA Implementation and Security

CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

Information Security and Management 4. Finite Fields 8

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about.

Prabhas Chongstitvatana 1 Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable.

CPSC 490 Number Theory Primes, Factoring and Euler Phi-function Mar.31 st, 2006 Sam Chan.

Chapter 14 Randomized algorithms Introduction Las Vegas and Monte Carlo algorithms Randomized Quicksort Randomized selection Testing String Equality Pattern.

MA/CSSE 473 Day 08 Randomized Primality Testing Carmichael Numbers Miller-Rabin test.

The Complexity of Primality Testing. What is Primality Testing? Testing whether an integer is prime or not. – An integer p is prime if the only integers.

MA/CSSE 473 Day 11 Primality testing summary Data Encryption RSA.

PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur.

Cryptography Lecture 7: RSA Primality Testing Piotr Faliszewski.

Analyzing and Testing justified Prime Numbers

CSE 20: Discrete Mathematics for Computer Science Prof. Shachar Lovett.

Pseudorandom numbers John von Neumann: Any one who considers

9/22/15UB Fall 2015 CSE565: S. Upadhyaya Lec 7.1 CSE565: Computer Security Lecture 7 Number Theory Concepts Shambhu Upadhyaya Computer Science & Eng. University.

6.3 Primality Testing. p2. (1) Prime numbers 1. How to generate large prime numbers? (1) Generate as candidate a random odd number n of appropriate size.

מבוא מורחב 1 Lecture 4 Material in the textbook on Pages 44-46, of 2nd Edition Sections and Hanoy towers.

CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.

Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number.

MA/CSSE 473 Day 10 Primality Testing. MA/CSSE 473 Day 10 In-class exam: Friday, Sept 28 –You may bring a two-sided 8.5x11 inch piece of paper containing.

MA/CSSE 473 Day 9 Primality Testing Encryption Intro.

PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Dept of CSE, IIT Kanpur.

A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers.

MA/CSSE 473 Day 08 Randomized Primality Testing Carmichael Numbers

CSE565: Computer Security Lecture 7 Number Theory Concepts

Probabilistic Algorithms

Handbook of Applied Cryptography - CH4, from 4.1~4.3

Numerical Algorithms x x-1 Numerical Algorithms

Randomness and Computation: Some Prime Examples

MA/CSSE 473 Day 08 Randomized Primality Testing Carmichael Numbers

Introduction to Number Theory

RSA Cryptosystem Bits PCs Memory MB ,000 4GB 1,020

Mathematical Background: Prime Numbers

Introduction to Cryptography

Deciding Primality is in P

Material in the textbook on

Cryptography Lecture 20.

Presentation transcript:

COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1 1

Definition A prime number is a positive integer p having exactly two positive divisors, 1 and p. A composite number is a positive integer n > 1 which is not prime. COM 5336 Cryptography Lecture 7a

Primality Test vs Factorization Factorization’s outputs are non-trivial divisors. Primality test’s output is binary: either PRIME or COMPOSITE COM 5336 Cryptography Lecture 7a

Naïve Primality Test Input: Integer n > 2 Output: PRIME or COMPOSITE for (i from 2 to n-1){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

Still Naïve Primality Test Input/Output: same as the naïve test for (i from 1 to ){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

Sieve of Eratosthenes Input/Output: same as the naïve test Let A be an arry of length n Set all but the first element of A to TRUE for (i from 2 to ){ if (A[i]=TRUE) Set all multiples of i to FALSE } if (A[i]=TRUE) return PRIME else return COMPOSITE COM 5336 Cryptography Lecture 7a

Primality Testing Two categories of primality tests Probablistic Miller-Rabin Probabilistic Primality Test Cyclotomic Probabilistic Primality Test Elliptic Curve Probabilistic Primality Test Deterministic Miller-Rabin Deterministic Primality Test Cyclotomic Deterministic Primality Test Agrawal-Kayal-Saxena (AKS) Primality Test COM 5336 Cryptography Lecture 7a

Running Time of Primality Tests Miller-Rabin Primality Test Polynomial Time Cyclotomic Primality Test Exponential Time, but almost poly-time Elliptic Curve Primality Test Don’t know. Hard to Estimate, but looks like poly-time. AKS Primality Test Poly-time, but only asymptotically good. COM 5336 Cryptography Lecture 7a

Fermat’s Primality Test It’s more of a “compositeness test” than a primality test. Fermat’s Little Theorem: If p is prime and , then If we can find an a s.t. , then n must be a composite. If, for some a, n passes the test, we cannot conclude n is prime. Such n is a pseudoprime. If this pseudoprime n is not prime, then this a is called a Fermat liar. If, for all we have can we conclude n is prime? No. Such n is called a Carmichael number. n is a Fermat liar if it passes the test and still is composite a is a Fermat witness if it identifies a composite Carmichael Numbers: 561 (3.11.17), 1105(5.13.17),1729(7.23.29) What is required to write the fermats algorithm COM 5336 Cryptography Lecture 7a

Pseudocode of Fermat’s Primality Test FERMAT(n,t){ INPUT: odd integer n ≥ 3, # of repetition t OUTPUT: PRIME or COMPOSITE for (i from 1 to t){ Choose a random integer a s.t. 2 ≤ a ≤ n-2 Compute if ( ) return COMPOSITE } return PRIME COM 5336 Cryptography Lecture 7a

Miller-Rabin Probabilistic Primality Test It’s more of a “compositeness test” than a primality test. It does not give proof that a number n is prime, it only tells us that, with high probability, n is prime. It’s a randomized algorithm of Las Vegas type. COM 5336 Cryptography Lecture 7a

A Motivating Observation FACT: Let p be an odd prime. . If then Moreover, if , and m is odd. Let . Then either or for some COM 5336 Cryptography Lecture 7a

Miller-Rabin If and Then a is a strong witness for the compositeness of n. If or for some then n is called a pseudoprime w.r.t. base a, and a is called a strong liar. COM 5336 Cryptography Lecture 7a

Miller-Rabin: Algorithm Pseudocode MILLER-RABIN(n,t){ INPUT: odd integer n ≥ 3, # of repetition t Compute k & odd m s.t. for ( i from 1 to t ){ Choose a random integer a s.t. Compute if ( or ){ Set while( and ){ if ( ) return COMPOSITE } if ( ) return COMPOSITE return PRIME COM 5336 Cryptography Lecture 7a

Miller-Rabin: Example 90 = 2*45, s = 1, r = 45 {1,9,10,12,16,17,22,29,38,53,62,69,74, 75,79,81,82,90} are all strong liars. 945 = 1 mod 91 1045 = 1 mod 91 …. All other bases are strong witnesses. 97 = 9 mod 91 98 = 81 mod 91 COM 5336 Cryptography Lecture 7a

Miller-Rabin: Main Theorem Given n > 9. Let B be the number of strong liars. Then If the Generalized Riemann Hypothesis is true, then Miller-Rabin primality test can be made deterministic by running MILLER-RABIN(n, 2log2n) COM 5336 Cryptography Lecture 7a