CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative Commons Attribution-Share Alike 3.0 Unported License Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

Announcements  HW #1 Due Now  Always start of class  Always show work  FERPA protects your student record  Need waiver to return graded work without cover sheet

Objectives  Add the Max Rule to your asymptotic analysis toolbox  Review modular arithmetic  Discuss and analyze algorithms for:  modular arithmetic  modular exponentiation

Max. rule  Another useful rule for Asymptotic analysis. O( f(n) + g(n) ) = O( max( f(n), g(n) ) )  Examples:

Max. rule  Another useful rule for Asymptotic analysis. O( f(n) + g(n) ) = O( max( f(n), g(n) ) )  Examples:

Goal for Ch. 1  Appreciate the role of theoretical analysis in the security of RSA.  Requires: Solve, analyze, and use (!) two important and related problems:  Factoring: Given a number N, express it as a product of its prime numbers  Primality Testing: Given a number N, determine whether it is prime  Which one is harder?

Algorithms for Integer Arithmetic

 Addition  Multiplication  Division

Algorithms for Integer Arithmetic

Modular Arithmetic

Congruency

An important distinction  Congruency  Equality, using the modulus operator

Properties  Associativity:  Commutativity:  Distributivity:

Substitution Rule

Useful Consequence x y  (x mod z) y (mod z) x y mod z = (x mod z) y mod z  Example:

Useful Consequence x y  (x mod z) y (mod z) x y mod z = (x mod z) y mod z  Example:

Modular Addition

Modular Multiplication

Goal: Modular Exponentiation  We need to compute x y mod N for values of x, y, and N that are several hundred bits long.  Can we do so quickly?

Sequential Exponentiation Describe a simple algorithm for doing exponentiation:

Analysis of Sequential Exponentiation function seqexp (x, y) Input: An n-bit integer x and a non-negative integer exponent y (arbitrarily large) Output: x y if y=0: return 1 r = x for i = 1 to y-1 do r = r x return r

Modular Exponentiation, Take I

New Ideas  Represent y (the exponent) in binary  Then break down x y into factors using the non-zero bits of y  Also: compute the factors using repeated squaring  Reduce factors using substitution rule

New Ideas  Represent y (the exponent) in binary  Then break down x y into factors using the non-zero bits of y  Also: compute the factors using repeated squaring  Reduce factors using substitution rule

Modular Exponentiation, Take II Right shift Multiplication Recursive call

Analysis of Modular Exponentiation  Each multiplication is  (n 2 )  Each modular reduction is  (n 2 )  There are log(y)=m of them  Thus, modular exponentiation is in  (n 2 log y) =  (n 2 m) function modexp (x, y, N) if y=0: return 1 z = modexp(x, floor(y/2), N) if y is even: return z 2 mod N else: return x z 2 mod N

Modular Exponentiation (II), Iterative Formulation

Modular Exponentiation  x y mod N  Key Insights: 1.Exponent y can be represented in binary 2.Problem can be factored into one factor per binary digit 3.Each factor can be reduced mod N (substitution rule)

Example We’re employing same insights and a little more cleverness than the algorithm.

Example worked by Strictly Tracing the Algorithm 2^125 mod 127 modexp(2,125,127) x=2, y=125, N=127 i=125, r=1, z = 2 mod 127 = 2 r = 1*2 mod 127 = 2 z = 2^2 mod 127 = 4 i = 62 z = 4^2 mod 127 = 16 i = 31 r = 2 * 16 mod 127 = 32 z = 16^2 mod 127 = 2 * 128 mod 127 = 2 i = 15 r = 32 * 2 mod 127 = 64 z = 2^2 mod 127 = 4 i = 7 r = 64 * 4 mod 127 = 2 * 128 mod 127 = 2 z = 4^2 mod 127 = 16 i = 3 r = 2 * 16 mod 127 = 32 z = 16^2 mod 127 = 2 * 128 mod 127 = 2 i = 1 r = 32 * 2 mod 127 = 64 z = 2^2 mod 127 = 4 i = 0 return r=64 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r

Example #2 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r Strictly tracing the algorithm.

Example #2 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r

Example Needed: two volunteers: Volunteer A: use our final modexp() to compute it. Volunteer B: compute 3 20 then reduce mod 10

Efficiency  The key point is that x y mod N is easy  modexp is in  (n 2 log y)  In fact, it requires about 1.5 log 2 y multiplications for typical y  seqexp required y-1 multiplications  When x, y, and N are 200 digit numbers  Assume 1 multiplication of two 200 digit numbers takes seconds  modexp typically takes about 1 second  seqexp would require times the Age of the Universe!  Only works when y is an integer.

Assignment  Read: Section 1.4  HW #2:  Problem 1.25 using modexp,  Then redo 1.25 but replace 125 with 126 for the exponent  Implement modular exponentiation now as a step toward finishing Project #1

Next  Primality Testing