CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.

Slides:



Advertisements
Similar presentations
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Advertisements

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.
CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring
Divisibility October 8, Divisibility If a and b are integers and a  0, then the statement that a divides b means that there is an integer c such.
Great Theoretical Ideas in Computer Science.
COMP 170 L2 Page 1 L05: Inverses and GCDs l Objective: n When does have an inverse? n How to compute the inverse? n Need: Greatest common dividers (GCDs)
MATH 224 – Discrete Mathematics
Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8
CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share.
CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.
CPSC 490 Number Theory Primes, Factoring and Euler Phi-function Mar.31 st, 2006 Sam Chan.
MA/CSSE 473 Day 08 Randomized Primality Testing Carmichael Numbers Miller-Rabin test.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
CS 312: Algorithm Analysis Lecture #8: Non-Homogeneous Recurrence Relations This work is licensed under a Creative Commons Attribution-Share Alike 3.0.
MA/CSSE 473 Day 11 Primality testing summary Data Encryption RSA.
Cryptography Inverses and GCD Piotr Faliszewski. GCD(a,b) gcd(a, 0) = a gcd(a, b) = gcd(b, a mod b) a = b*q + r Here: q =  a / b  r = a mod b (a –
Introduction to Algorithms Second Edition by Cormen, Leiserson, Rivest & Stein Chapter 31.
CS 312: Algorithm Design & Analysis Lecture #12: Average Case Analysis of Quicksort This work is licensed under a Creative Commons Attribution-Share Alike.
Chapter 4 – Finite Fields
YSLInformation Security -- Public-Key Cryptography1 Prime and Relatively Prime Numbers Divisors: We say that b  0 divides a if a = mb for some m, where.
CS 312: Algorithm Design & Analysis Lecture #2: Asymptotic Notation This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported.
CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.
CSE 311: Foundations of Computing Fall 2014 Lecture 12: Primes, GCD.
Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena.
ENCRYPTION TAKE 2: PRACTICAL DETAILS David Kauchak CS52 – Spring 2015.
CS Modular Division and RSA1 RSA Public Key Encryption To do RSA we need fast Modular Exponentiation and Primality generation which we have shown.
MA/CSSE 473 Day 08 Extended Euclid's Algorithm Modular Division Fermat's little theorem.
CSE 311 Foundations of Computing I Lecture 14 Euclid’s Algorithm Mathematical Induction Autumn 2012 CSE
Tuesday’s lecture: Today’s lecture: One-way permutations (OWPs)
Ch1 - Algorithms with numbers Basic arithmetic Basic arithmetic Addition Addition Multiplication Multiplication Division Division Modular arithmetic Modular.
Great Theoretical Ideas in Computer Science for Some.
CS 312: Algorithm Analysis
Ref: Pfleeger96, Ch.31 Properties of Arithmetic Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996.
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena.
9.1 Primes and Related Congruence Equations 23 Sep 2013.
CSE 311: Foundations of Computing Fall 2013 Lecture 12: Primes, GCD, modular inverse.
Great Theoretical Ideas in Computer Science.
Great Theoretical Ideas In Computer Science COMPSCI 102 Fall 2010 Lecture 16October 27, 2010Duke University Modular Arithmetic and the RSA Cryptosystem.
Cryptography Lecture 14 Arpita Patra © Arpita Patra.
Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number.
MA/CSSE 473 Day 10 Primality Testing. MA/CSSE 473 Day 10 In-class exam: Friday, Sept 28 –You may bring a two-sided 8.5x11 inch piece of paper containing.
MA/CSSE 473 Day 09 Modular Division Revisited Fermat's Little Theorem Primality Testing.
Great Theoretical Ideas in Computer Science.
MA/CSSE 473 Day 07 Extended Euclid's Algorithm Modular Division Fermat's little theorem intro.
MA/CSSE 473 Day 9 Primality Testing Encryption Intro.
A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers.
Number-Theoretic Algorithms
MA/CSSE 473 Day 07 Extended Euclid's Algorithm Modular Division
B504/I538: Introduction to Cryptography
MA/CSSE 473 Day 06 Euclid's Algorithm.
Numerical Algorithms x x-1 Numerical Algorithms
Number-Theoretic Algorithms (UNIT-4)
CSE 311 Foundations of Computing I
Numerical Algorithms x x-1
Number Theory (Chapter 7)
Discrete Math for CS CMPSC 360 LECTURE 12 Last time: Stable matching
Presentation transcript:

CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative Commons Attribution-Share Alike 3.0 Unported License Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

Practice Key points: Represent exponent in binary Break up the problem into factors (one per binary digit) Use the substitution rule

Objectives  Part 1:  Introduce Fermat’s Little Theorem  Understand and analyze the Fermat primality tester  Part 2:  Discuss GCD and Multiplicative Inverses, modulo N  Prepare to Introduce Public Key Cryptography  This adds up to a lot of ideas!

Part 1: Primality Testing

Fermat’s Little Theorem If p is prime, then a p -1  1 (mod p) for any a such that 1  a < p Examples: p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

Fermat’s Little Theorem If p is prime, then a p -1  1 (mod p) for any a such that 1  a < p Examples: p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  a  ~a  ~b  ~b  ~a

Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  aThe Converse  ~a  ~bThe Inverse  ~b  ~aThe Contrapositive

Contrapositive of Fermat’s Little Theorem If p and a are integers such that 1  a < p and a p -1 mod p  1, then p is not prime.

First Prime Number Test Do we really mean yes?

First Prime Number Test Do we really mean yes?

False Witnesses  If primality(N) returns “yes”, then N might or might not be prime.  Consider 15:  4 14 mod 15 = 1  but 15 clearly isn’t prime!  4 is called a false witness of 15

Relatively Prime  Two numbers, a and N, are relatively prime if their greatest common divisor is 1.  3 and 5?  4 and 8?  4 and 9?

False Witnesses  If primality(N) returns “yes”, then N might or might not be prime.  Consider the Carmichael numbers:  They pass the test (i.e., a n-1 mod N = 1) for all a relatively prime to N.

False Witnesses

State of Affairs  Summary:  If n is prime, then a n-1 mod n = 1 for all a < n  If n is not prime, then a n-1 mod n = 1 for at most half the values of a < n  Allows us to put a bound on how often primality() is wrong.

False Witnesses  Notes:  Less than 3.3% of the possible witnesses for n < 1000 are false.  Consider 651,693,055,693,681.  Have % chance of picking a false witness!

Correctness  Question #1: Is the “Fermat test” correct?  No  Question #1’: how correct is the Fermat test?  The algorithm is ½-correct with one-sided error.  The algorithm has 0.5 probability of saying “yes N is prime” when N is not prime.  But when the algorithm says “no N is not prime”, then N must not be prime (by contrapositive of Fermat's Little Theorem)

Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runError? Cn/a PC PP

Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runError? Cn/a PC PP

P(Correct)

Modified Primality Test function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // yes; do nothing else: return no return yes

Modified Primality Test

function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // yes; do nothing else: return no return yes

Randomized Algorithms  We’ll close the loop and revisit these again at the end of the semester.

2. Greatest Common Divisor

Greatest Common Divisor  Euclid’s rule:  gcd(x, y) = gcd (x mod y, y)  Can compute gcd(x,y) for large x, y by modular reduction until we reach the base case! function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

Example  gcd(25, 11)

Example  gcd(25, 11)

3 Questions  1. Is it Correct?  2. How long does it take?  3. Can we do better?

Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

Bezout’s Identity

Extended Euclid Algorithm function extended-Euclid (a, b) Input: Two positive integers a & b with a  b  0 (n-bits) Output: Integers x, y, d such that d = gcd(a, b) and ax + by = d if b=0: return (1,0,a) (x’, y’, d) = extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

Example  Note: there’s a great worked example of how to use the extended-Euclid algorithm on Wikipedia here: _algorithm  And another linked from the reading column on the schedule for today

Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

Finding Multiplicative Inverses  Modular division theorem: For any a mod N, a has a multiplicative inverse modulo N if and only if it is relatively prime to N.  Significance of extended-Euclid algorithm:  When two numbers, a and N, are relatively prime, extended- Euclid produces x and y such that ax + Ny = 1  Thus, ax  1 (mod N)  Because Ny (mod N) = 0 for all integers y  Then x is the multiplicative inverse of a modulo N  i.e., I can use extended-Euclid to compute the multiplicative inverse of a mod N

Multiplicative Inverses  The multiplicative inverse mod N is exactly what we will need for RSA key generation  Notice also: when a and N are relatively prime, we can perform modular division in this way

Next  RSA  Divide & Conquer

Assignment  Read and Understand: Sections 1.4, 2.1, 2.2  HW #3: 1.9, 1.18, 1.20  Finish your project #1 early!  Submit on Thursday by midnight