Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.

Published byMarcus Little Modified over 8 years ago

Similar presentations

Presentation on theme: "CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative."— Presentation transcript:

1 CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative Commons Attribution-Share Alike 3.0 Unported License Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

2 Announcements  Homework: Required to show your work  Remember 3/2/1/0  Project #1  Today we’ll work through the rest of the math

3 Practice Key points: Represent exponent in binary Break up the problem into factors (one per binary digit) Compute the factors by repeated squaring Use the substitution rule

4 Practice Key points: Represent exponent in binary Break up the problem into factors (one per binary digit) Use the substitution rule

5 Objectives  Part 1:  Introduce Fermat’s Little Theorem  Understand and analyze the Fermat primality tester  Part 2:  Discuss GCD and Multiplicative Inverses, modulo N  Prepare to Introduce Public Key Cryptography  This adds up to a lot of ideas!

6 Part 1: Primality Testing

7 Fermat’s Little Theorem p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

8 Fermat’s Little Theorem p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

9 Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  a  ~a  ~b  ~b  ~a

10 Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  aThe Converse  ~a  ~bThe Inverse  ~b  ~aThe Contrapositive

11 Contrapositive of Fermat’s Little Theorem

12 First Prime Number Test

13 False Witnesses  If primality(N) returns “possibly prime”, then N might or might not be prime, as the answer indicates  Consider 15:  4 14 mod 15 = 1  but 15 clearly isn’t prime!  4 is called a false witness of 15  Given a non-prime N, we call a number a where a N-1 mod N = 1 a “false witness” (to the claim that N is prime)

14 Relatively Prime  Two numbers a and N are relatively prime iff their greatest common divisor is 1.  3 and 5?  4 and 8?  4 and 9?  Consider the Carmichael numbers:  They pass the test (i.e., a N-1 mod N = 1) for all a relatively prime to N.

15 False Witnesses  Ignoring Carmichael numbers,  How common are false witnesses?  Lemma: If a n-1 mod n = 1 for some a relatively prime to n, then it must hold for at least half the choices of a < n

16 State of Affairs  Summary:  If n is prime, then a n-1 mod n = 1 for all a < n  If n is not prime, then a n-1 mod n = 1 for at most half the values of a < n  Allows us to put a bound on how often our primality() function is wrong.

17 False Witnesses  Notes:  Less than 3.3% of the possible witnesses for n < 1000 are false.  Consider 651,693,055,693,681.  Have 99.9965% chance of picking a false witness!

18 Correctness  Question #1: Is the “Fermat test” correct?  No  Question #1’: How correct is the Fermat test?  The algorithm is ½-correct with one-sided error.  The algorithm has 0.5 probability of saying “yes N is prime” when N is not prime.  But when the algorithm says “no N is not prime”, then N must not be prime (by contrapositive of Fermat's Little Theorem)

19 Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runP(Error) Cn/a PC PP

20 Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runError? Cn/a PC PP

21 P(Correct)  k trials gives 1/(2 k ) probability of being incorrect when the answer is "prime“ P(Correct) =

22 P(Correct)  k trials gives 1/(2 k ) probability of being incorrect when the answer is "prime“ P(Correct) =

23 Modified Primality Test function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // possibly prime; do nothing else: return “not prime” return yes

24 2. Greatest Common Divisor

25 Greatest Common Divisor  Euclid’s rule:  gcd(x, y) = gcd (x mod y, y) = gcd (y, x mod y)  Can compute gcd(x,y) for large x, y by modular reduction until we reach the base case! function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

26 Example  gcd(25, 11)

27 Example  gcd(25, 11)

28 3 Questions  1. Is it Correct?  2. How long does it take?  3. Can we do better?

29 Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

30 Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

31 Bezout’s Identity

32 Extended Euclid Algorithm function extended-Euclid (a, b) Input: Two positive integers a & b with a  b  0 (n-bits) Output: Integers x, y, d such that d = gcd(a, b) and ax + by = d if b=0: return (1,0,a) (x’, y’, d) = extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

33 Example  Note: there’s a great worked example of how to use the extended-Euclid algorithm on Wikipedia here: http://en.wikipedia.org/wiki/Extended_Euclidean _algorithm  And another linked from the reading column on the schedule for today

34 Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

35 Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

36 Finding Multiplicative Inverses (Modulo N)

37 Multiplicative Inverses

38 Next  RSA

39 Assignment  HW #3: 1.9, 1.18, 1.20  Finish your project #1 whiteboard experience on time.  Finish project #1 for the early bonus and the win!

Download ppt "CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative."

Similar presentations

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE 311 1.

CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.

CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.
CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring 2013 1.

CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
COMP 170 L2 Page 1 L05: Inverses and GCDs l Objective: n When does have an inverse? n How to compute the inverse? n Need: Greatest common dividers (GCDs)

COMP 170 L2 Page 1 L05: Inverses and GCDs l Objective: n When does have an inverse? n How to compute the inverse? n Need: Greatest common dividers (GCDs)
Module :MA3036NI Cryptography and Number Theory Lecture Week 7

Module :MA3036NI Cryptography and Number Theory Lecture Week 7
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.

1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share.

CS 312: Algorithm Analysis Lecture #3: Algorithms for Modular Arithmetic, Modular Exponentiation This work is licensed under a Creative Commons Attribution-Share.
CS 312: Algorithm Analysis

CS 312: Algorithm Analysis

Similar presentations

Ads by Google