1 高等演算法 -Introduction 1. Analysis 2. Basic arithmetic 3. Modular arithmetic 4. GCD 5. Primality testing 6. Cryptography

2 Algorithm Algorithm ： a specified set of simple instructions to be followed to solve a problem. require how much in the way of resoureces ： time or space. 以決定該 algorithm 是否 useful. 1. Analysis

3 Analysis Note that 1. Input size 2. the number of basic computer steps 1. Analysis

4 Fibonacci Fibonacci number: 0, 1, 1, 2, 3, 5, 8 Rule: 1. Analysis

5 Fibonacci Exponential function fib1(n) if n=0: return 0 if n=1: return 1 return fib1(n-1) + fib1(n-2) polynomial function fib2(n) if n=0: return 0 create an array f[0…n] f[0]=0, f[1]=1 for i=2…n: f[i]=f[i-1]+f[i-2] return f[n] T(n)=T(n-1)+T(n-2)+3 T(n) ≧ F n T(n) = n-1 1. Analysis

6 Fibonacci polynomial T(n) = O(logn) 1. Analysis 兩個 2  2matrix 相乘 4 加法 8 乘法

7 Fibonacci 1. Analysis T(n) = O(logn)

8 Fibonacci 1. Analysis 公式解

9 Big-O Def ： T(N)=O(f(N)) if there are positive constant c and n 0 such that T(N) cf(N) when N n 0 例： T(N)=1000N, f(N)=N 2 n 0 =10 c= N cN 2 ∴ 1000N=O(N 2 ) 1. Analysis

10 Def ： Big-O 1. Analysis

11 Big-O 不可寫 1. Analysis

12 如何判斷 function 成長速度 1. 基本 function ： 2. 例如： error 1. Analysis

13 NlogN N logN 1. Analysis

14 如何判斷 function 成長速度 3. 利用 limit 比較 f(N) 與 g(N) 計算 例如：比較 NlogN 與 N Analysis

15 2. Basic arithmetic Addition: Input:x and y are each n bits long; bit complexity: O(n)

16 2. Basic arithmetic Multiplication : bit complexity: O(n 2 ) 13 × 11; x = 1101 and y = If x and y are both n bits, then there are n intermediate rows, with lengths of up to 2n bits.

17 2. Basic arithmetic Multiplication : Khwarizmi’s method13 × 11 bit complexity: O(n 2 ) 偶數 ( 高度 n)

18 2. Basic arithmetic Multiplication : Karatsuba’s method bit complexity: O(n ) Schonhage-Strassen’s method (based on FFT) bit complexity: O(nlognloglogn) A = 2 n/2 A 1 + A 0 B = 2 n/2 B 1 + B 0 A*B = 2 n A 1 B n/2 (A 0 B 1 + A 1 B 0 )+ A 0 B 0 = (2 n + 2 n/2 ) A 1 B n/2 (A 1 - A 0 )(B 0 - B 1 )+ (2 n +1)A 0 B 0  T(n)  3T(n/2) + c*n  T(n)  3c’n log 2 3

19 2. Basic arithmetic Division: x = yq + r and r < y.  Division of a 2n-bit integer by an n-bit integer can be performed using O(n 2 ) bit operations  There is an algorithm to find the quotient q = [x/y], when the 2n-bit integer x is divided by the integer y having no more than n bits, using O(M(n)), where M(n) is the number of bit operations needed to multiply two n-bit integers. bit complexity: O(nlognloglogn)

20 3. Modular arithmetic x ≡ y (mod N) ⇐⇒ N divides (x − y).

21 3. Modular arithmetic

22 Modular addition Since x and y are each in the range 0 to N − 1, their sum is between 0 and 2(N − 1). If the sum exceeds N − 1, we merely need to subtract off N to bring it back into the required range. The overall computation therefore consists of an addition, and possibly a subtraction, of numbers that never exceed 2N. Its running time is linear in the sizes of these numbers, in other words O(n), where n = log N is the size of N; x+y mod N 3. Modular arithmetic

23 Modular multiplication The product can be as large as (N − 1) 2, but this is still at most 2n bits long since log(N − 1) 2 = 2 log(N − 1) ≤ 2n. To reduce the answer modulo N, we compute the remainder upon dividing it by N, using our quadratic-time division algorithm. Multiplication thus remains a quadratic operation. O(n 2 ) x. y mod N 3. Modular arithmetic

24 Modular exponentiation x y mod N O(y) modular multiplications is clearly exponential in the size of y O(logy) modular multiplications;bit complexity: O(n 3 ) 3. Modular arithmetic

25 Modular exponentiation 3. Modular arithmetic Square and multiply mod 55 = = ((((((((37 1 ) 2 )37 0 ) 2 )37 1 ) 2 )37 1 ) 2 )37 1 ) mod 55 (..((37 1 ) 2 mod 55 )37 0 ) 2 mod 55 )37 1 mod 55 ) 2 mod 55 )37 1 mod 55 ) 2 mod 55 )37 1 ) mod 55 =53

26 5. Primality testing But, 341 = 11 · 31 is not prime, and yet ≡ 1 mod 341 (a=2)

27 5. Primality testing Carmichael Numbers

28 5. Primality testing Lemma: If a N−1 ≡ 1 mod N for some a relatively prime to N, then it must hold for at least half the choices of a < N. If N is prime, then a N−1 ≡ 1 mod N for all a < N. If N is not prime, then a N−1 ≡ 1 mod N for at most half the values of a < N.

29 5. Primality testing Pr(Algorithm 1.8 returns yes when N is not prime) ≤1/2 k

30 5. Primality testing Given a number N, prove that N is a prime. Sieve of Eratosthenes Miller 1975 (using Riemann hypothesis) Adleman, Pomerance and Rumely 1983 Agrawal, Kayal and Saxena 2002 Lenstra and Pomerance 2003

31 6. Cryptography 1. 張三選 2 個大質數 p 和 q ( 至少 100 位數 ) ，令 N = p q 2. 再計算 Ø(N)=(p-1)(q-1) ，並選 1 個與 Ø(N) 互質數 e Ø(N) 為 Euler‘s Totient 函數，其意為與 N 互質之個數 3. (e,N) 即為張三的公開金鑰 加密法為 C = M e mod N 4. 張三選 1 個數 d ，滿足 e d mod Ø(N) = 1 5. d 即為張三的解密金鑰 ( 亦稱私有金鑰或祕密金鑰 ) 解密法為 M = C d mod N  RSA 之安全性取決於質因數分解之困難度  要將很大的 N 因數分解成 P 跟 Q 之相乘，是很困難的 RSA

32 6. Cryptography 1. 張三選 p=5 ， q=11 ; 此時 N = p q = 5 x 11 = 張三選出 1 個與 ( p-1 ) x ( q-1 ) = ( 5-1 )( 11-1 ) = 4 x 10 = 40 互質數 e=7 3.( e, N) = (7,55) 即為張三的公開金鑰 4. 張三選 1 個數 d=7 當作解密金鑰， 滿足 e d  1 mod 40 ( 7 x 23  1 mod 40 ) 令明文 M = 53 加密 : C = M e mod N = 53 7 mod 55 = 37 解密 : M = C d mod N = mod 55 = 53