Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share.

Published byClemence Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share."— Presentation transcript:

1 CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative Commons Attribution-Share Alike 3.0 Unported License Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

2 Announcements  HW #1 Due Now  Always start of class  Always show work  FERPA protects your student record  Need waiver to return graded work without cover sheet

3 Objectives  Add the Max Rule to your asymptotic analysis toolbox  Review modular arithmetic  Discuss and analyze algorithms for:  modular arithmetic  modular exponentiation

4 Max. rule  Another useful rule for Asymptotic analysis. O( f(n) + g(n) ) = O( max( f(n), g(n) ) )  Examples:

5 Max. rule  Another useful rule for Asymptotic analysis. O( f(n) + g(n) ) = O( max( f(n), g(n) ) )  Examples:

6 Goal for Ch. 1  Appreciate the role of theoretical analysis in the security of RSA.  Requires: Solve, analyze, and use (!) two important and related problems:  Factoring: Given a number N, express it as a product of its prime numbers  Primality Testing: Given a number N, determine whether it is prime  Which one is harder?

7 Algorithms for Integer Arithmetic

8  Addition  Multiplication  Division

9 Algorithms for Integer Arithmetic

10 Modular Arithmetic

11 Congruency

12 An important distinction  Congruency  Equality, using the modulus operator

13 Properties  Associativity:  Commutativity:  Distributivity:

14 Substitution Rule

15

16 Useful Consequence x y  (x mod z) y (mod z) x y mod z = (x mod z) y mod z  Example:

17 Useful Consequence x y  (x mod z) y (mod z) x y mod z = (x mod z) y mod z  Example:

18 Modular Addition

19

20 Modular Multiplication

21

22 Goal: Modular Exponentiation  We need to compute x y mod N for values of x, y, and N that are several hundred bits long.  Can we do so quickly?

23 Sequential Exponentiation Describe a simple algorithm for doing exponentiation:

24 Analysis of Sequential Exponentiation function seqexp (x, y) Input: An n-bit integer x and a non-negative integer exponent y (arbitrarily large) Output: x y if y=0: return 1 r = x for i = 1 to y-1 do r = r x return r

25 Modular Exponentiation, Take I

26

27 New Ideas  Represent y (the exponent) in binary  Then break down x y into factors using the non-zero bits of y  Also: compute the factors using repeated squaring  Reduce factors using substitution rule

28 New Ideas  Represent y (the exponent) in binary  Then break down x y into factors using the non-zero bits of y  Also: compute the factors using repeated squaring  Reduce factors using substitution rule

29 Modular Exponentiation, Take II Right shift Multiplication Recursive call

30 Analysis of Modular Exponentiation  Each multiplication is  (n 2 )  Each modular reduction is  (n 2 )  There are log(y)=m of them  Thus, modular exponentiation is in  (n 2 log y) =  (n 2 m) function modexp (x, y, N) if y=0: return 1 z = modexp(x, floor(y/2), N) if y is even: return z 2 mod N else: return x z 2 mod N

31 Modular Exponentiation (II), Iterative Formulation

32 Modular Exponentiation  x y mod N  Key Insights: 1.Exponent y can be represented in binary 2.Problem can be factored into one factor per binary digit 3.Each factor can be reduced mod N (substitution rule)

33 Example We’re employing same insights and a little more cleverness than the algorithm.

34 Example worked by Strictly Tracing the Algorithm 2^125 mod 127 modexp(2,125,127) x=2, y=125, N=127 i=125, r=1, z = 2 mod 127 = 2 r = 1*2 mod 127 = 2 z = 2^2 mod 127 = 4 i = 62 z = 4^2 mod 127 = 16 i = 31 r = 2 * 16 mod 127 = 32 z = 16^2 mod 127 = 2 * 128 mod 127 = 2 i = 15 r = 32 * 2 mod 127 = 64 z = 2^2 mod 127 = 4 i = 7 r = 64 * 4 mod 127 = 2 * 128 mod 127 = 2 z = 4^2 mod 127 = 16 i = 3 r = 2 * 16 mod 127 = 32 z = 16^2 mod 127 = 2 * 128 mod 127 = 2 i = 1 r = 32 * 2 mod 127 = 64 z = 2^2 mod 127 = 4 i = 0 return r=64 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r

35 Example #2 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r Strictly tracing the algorithm.

36 Example #2 function modexp (x, y, N) Input: Two n-bit integers x and N, an integer exponent y (arbitrarily large) Output: x y mod N if y = 0: return 1 i = y; r = 1; z = x mod N while i > 0 if i is odd: r = r z mod N z = z 2 mod N i = floor(i/2) return r

37 Example Needed: two volunteers: Volunteer A: use our final modexp() to compute it. Volunteer B: compute 3 20 then reduce mod 10

38 Efficiency  The key point is that x y mod N is easy  modexp is in  (n 2 log y)  In fact, it requires about 1.5 log 2 y multiplications for typical y  seqexp required y-1 multiplications  When x, y, and N are 200 digit numbers  Assume 1 multiplication of two 200 digit numbers takes 0.001 seconds  modexp typically takes about 1 second  seqexp would require 10 179 times the Age of the Universe!  Only works when y is an integer.

39 Assignment  Read: Section 1.4  HW #2:  Problem 1.25 using modexp,  Then redo 1.25 but replace 125 with 126 for the exponent  Implement modular exponentiation now as a step toward finishing Project #1

40 Next  Primality Testing

Download ppt "CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share."

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
Cryptography and Network Security

Cryptography and Network Security
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Number Theory and Cryptography

Number Theory and Cryptography
Lecture 2 Aug 28 goals: Introduction to recursion examples of recursive programs.

Lecture 2 Aug 28 goals: Introduction to recursion examples of recursive programs.
Chapter 2 Fundamentals of the Analysis of Algorithm Efficiency Copyright © 2007 Pearson Addison-Wesley. All rights reserved.

Chapter 2 Fundamentals of the Analysis of Algorithm Efficiency Copyright © 2007 Pearson Addison-Wesley. All rights reserved.
Announcements: HW3 updated. Due next Thursday HW3 updated. Due next Thursday Written quiz tomorrow on chapters 1-2 (next slide) Written quiz tomorrow on.

Announcements: HW3 updated. Due next Thursday HW3 updated. Due next Thursday Written quiz tomorrow on chapters 1-2 (next slide) Written quiz tomorrow on.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Section 5.4 1. Section Summary Recursive Algorithms Proving Recursive Algorithms Correct Recursion and Iteration (not yet included in overheads) Merge.

Section Section Summary Recursive Algorithms Proving Recursive Algorithms Correct Recursion and Iteration (not yet included in overheads) Merge.
CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.

CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.
Arithmetic.

Arithmetic.
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
Section 4.3: Fermat’s Little Theorem Practice HW (not to hand in) From Barr Text p. 284 # 1, 2.

Section 4.3: Fermat’s Little Theorem Practice HW (not to hand in) From Barr Text p. 284 # 1, 2.
CS 312: Algorithm Analysis

CS 312: Algorithm Analysis
CS 312: Algorithm Design & Analysis Lecture #34: Branch and Bound Design Options for Solving the TSP: Tight Bounds This work is licensed under a Creative.

CS 312: Algorithm Design & Analysis Lecture #34: Branch and Bound Design Options for Solving the TSP: Tight Bounds This work is licensed under a Creative.
CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.

CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.
CompSci 102 Discrete Math for Computer Science February 16, 2012 Prof. Rodger.

CompSci 102 Discrete Math for Computer Science February 16, 2012 Prof. Rodger.
CS 312: Algorithm Analysis Lecture #8: Non-Homogeneous Recurrence Relations This work is licensed under a Creative Commons Attribution-Share Alike 3.0.

CS 312: Algorithm Analysis Lecture #8: Non-Homogeneous Recurrence Relations This work is licensed under a Creative Commons Attribution-Share Alike 3.0.
CS 312: Algorithm Design & Analysis Lecture #23: Making Optimal Change with Dynamic Programming Slides by: Eric Ringger, with contributions from Mike Jones,

CS 312: Algorithm Design & Analysis Lecture #23: Making Optimal Change with Dynamic Programming Slides by: Eric Ringger, with contributions from Mike Jones,

Similar presentations

Ads by Google