Administrative HW1 due Th, Sep. 20, before class HW2 due Today, before class QUIZ1 Tu, Sep. 18 number theory/cryptography, pages 1-44 of DPV problem session: Fr, Sep. 14, 8am, CSB601

I was great at Geometry. If I wanted to train someone as a comedian, I would make them do lots of proofs. That's what comedy is: a kind of bogus proof. You set up a fallacious premise and then prove it with rigorous logic. It just makes people laugh. You'll find that most of my stuff is based on that system... You must think rationally on a completely absurd plane.

Cryptography – public key - RSA 1. pick two large primes p,q, let N=pq 2. pick e such that gcd(e,p-1)=1, gcd(e,q-1)=1 3. find d such that e.d  1 mod (p-1)(q-1) 4. announce e,N, keep p,q,d secret ENCODE(x) = x e mod N DECODE(y) = y d mod N

Fermat’s little Theorem Let p be a prime. Let a  {1,...,p-1}. Then a p-1  1 (mod p) good for computing inverses? good for primality testing?

if 2 x-1  1 (mod x) say PRIME else say COMPOSITE

good for primality testing? pick random a  {1,...,x-1} if a x-1  1 (mod x) say PRIME else say COMPOSITE

good for primality testing? pick random a  {1,...,x-1} if a x-1  1 (mod x) say PRIME else say COMPOSITE if a x-1  1 (mod x) b x-1  1 (mod x) then (ab) x-1  1 (mod x) (a -1 ) x-1  1 (mod x) Zx*Zx* GOOD NEWS!

BAD NEWS! Carmichael numbers  a  Z 561 * a 560  1 (mod 561) 561 = 3*11* = 2 4 * 5 * 7

GOOD NEWS! can be fixed: main idea (informally): 1 has has only 2 square roots modulo a prime 1 has at least 4 square roots modulo an odd composite what are the square roots of 1 mod 15?

GOOD NEWS! 1 has at least 4 square roots modulo an odd composite Chinese Remainder Theorem Let M,N be such that gcd(M,N)=1. Let a,b be two integers. Then x  a (mod M) x  b (mod N) has a unique solution in {0,...,MN-1}

Rabin-Miller Primality Test pick random a  {1,...,x-1} if a x-1  1 (mod x) say COMPOSITE x-1=2 k.y where y is odd e:=x-1 for j from 1 to k do e:=e/2; if 2 e  1 (mod x) then if 2 e  -1 (mod x) then PRIME else COMPOSITE PRIME

Primality testing P RP co-RP ZPP co-RP = Miler-Rabin ( ) RP = Adleman-Huang (1992) P = Agrawal,Saxena,Kayal (2002)

Primality testing P NP co-NP Pratt’1975

Ok so I can test for primality, how do I get a random prime???

What else can I use random primes for?

Group set S, with a binary operation  : S  S  S 1)  is associative a  (b  c) = (a  b)  c 2) neutral element (  e  S)(  x  S) e  x = x  e = x 3) inverse (  x  S)(  y  S) x  y = y  x = e

Lagrange’s theorem Let G be finite. Let H  G. Then |H| divides |G|. we say H is a subgroup of G (denoted H  G) if for all x,y  H we have x  y  H, and for all x  H we have x -1  H DEFINITION: