UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Spring, 2009 Tuesday, 28 April Number-Theoretic Algorithms Chapter 31

Chapter Dependencies Ch 31 Number-Theoretic Algorithms RSA Math: Number Theory You’re responsible for material in this chapter that we discuss in lecture. (Note that this does not include sections 31.8 or 31.9.)

Overview ä Motivation: RSA ä Basics ä Euclid’s GCD Algorithm ä Chinese Remainder Theorem ä Powers of an Element ä RSA Details

Motivation: RSA

RSA Encryption source: textbook Cormen et al. 31.5

RSA Digital Signature source: textbook Cormen et al assume Alice also sends her name so Bob knows whose public key to use ?

RSA Cryptosystem (31.19) (31.26) (31.35) (31.36) encode decode source: textbook Cormen et al. to be explained later…. need efficient ways to compute P(M), S(C)

RSA Dependence ä Correctness:  Euler’s  Function ä Fermat’s Theorem ä Chinese Remainder Theorem ä Efficiency: ä Modular Exponentiation ä Primality Testing ä Security: ä Difficulty of Factoring Large Integers see chart of result dependencies on next slide (courtesy of Mark Micire)… Need to show:

Notes on Primality Testing ä Efficient primality testing has been goal for > 2,000 years. ä Early attempts required exponential time. ä Miller-Rabin (Section 31.8) primality test is a randomized polynomial-time algorithm (1980’s). ä Agrawal, Kayal, Saxena provided a deterministic polynomial-time algorithm (2002).

Basic Concepts * Indicates that result is on chart of result dependencies

Division & Remainders source: textbook Cormen et al (3.8) *

Equivalence Class Modulo n source: textbook Cormen et al. (31.1) (31.2)

Common Divisors source: textbook Cormen et al. (31.3) (31.4) (31.5) * *

Greatest Common Divisor source: textbook Cormen et al. (31.6) (31.7) (31.8) (31.9) (31.10) 31.2 (3.8) (31.4) * *

Greatest Common Divisor source: textbook Cormen et al (31.4) *

Relatively Prime Integers source: textbook Cormen et al *

Relatively Prime Integers source: textbook Cormen et al *

Greatest Common Divisor source: textbook Cormen et al (31.5) (3.8) (31.4) (31.3) (31.4) (31.3) (31.5) (31.14) (31.15) (31.14) (31.15) *

Euclid’s GCD Algorithm

source: textbook Cormen et al. * Also see Java code on course web site

Extended Euclid source: textbook Cormen et al. (31.16) 31.1 * *

Chinese Remainder Theorem

Modular Arithmetic source: textbook Cormen et al.

Finite Groups source: textbook Cormen et al. size of this group is 6 size of this group is Additive group mod 6 Multiplicative group mod 15 elements relatively prime to n

Finite Groups source: textbook Cormen et al

Finite Groups source: textbook Cormen et al

Euler’s Phi Function source: textbook Cormen et al. (31.19) *

Lagrange’s Theorem source: textbook Cormen et al *

Finite Groups * source: textbook Cormen et al ** additive subgroup generated by a where k

Solving Modular Linear Eq source: textbook Cormen et al (31.4) *

Solving Modular Linear Eq source: textbook Cormen et al * *

Solving Modular Linear Eq source: textbook Cormen et al * *

Chinese Remainder Theorem source: textbook Cormen et al. (31.23) (31.23) (31.24) (31.25) (31.26) *

Chinese Remainder Theorem source: textbook Cormen et al *

Powers of an Element

Theorems of Euler & Fermat source: textbook Cormen et al * * 31.20

Modular Exponentiation source: textbook Cormen et al. * Also see Java code on course web site

RSA Details

RSA Encryption source: textbook Cormen et al. 31.5

RSA Digital Signature source: textbook Cormen et al assume Alice also sends her name so Bob knows whose public key to use ?

RSA Cryptosystem (31.19) (31.26) (31.35) (31.36) encode decode source: textbook Cormen et al. need efficient ways to compute P(M), S(C)

RSA Correctness source: textbook Cormen et al. (31.35)(31.36) by Thm (Fermat)