1 / 35

Chapter 1

Chapter 1. Algorithms with Numbers. Bases and Logs. How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number we can make: 1x2 k-1 + 1x2 k-2 + … + 1x2 1 + 1x2 0 = 2 k - 1 Example: 1111 = 2 4 – 1 Answer: N = 2 k – 1 and solve for k.

rutter
Télécharger la présentation

Chapter 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 1 Algorithms with Numbers

  2. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number we can make: 1x2k-1 + 1x2k-2 + … + 1x21 + 1x20 = 2k - 1 Example: 1111 = 24 – 1 Answer: N = 2k – 1 and solve for k

  3. Bases and Logs Answer: N = 2k – 1 and solve for k N + 1 = 2k Log(N+1) = Log(2k) Log(N+1) = k ┌ Log(N+1) ┐ = k

  4. Bases and Logs • Log N is the power you raise 2 to get N 2Log(N) = N • For large N, Log(N) is much smaller than N • N =1,073,741,834 Log(N) = 30 • Which algorithm is better? O(N2) or O(n Log N)

  5. Bases and Logs • Log N is the number of times you must halve N to get down to 1 • Log N is the number of bits in the binary representation of N (Ceil (Log (N+1))) • Log N is the depth of a complete binary tree with N nodes (Floor(Log n)) • Log N is approximately the sum of 1 + ½ + 1/3 + … + 1/N

  6. Addition of Binary Numbers • Why isn’t binary addition O(1)? Don’t we have hardware operations for that? • The sum of x + y is n + 1 bits at most • Each individual bit gets computed in fixed amount of time • Running time = c0 + c1n = O(n)

  7. Multiplication 1 1 0 1 13 1 0 1 1 11 x _______ x ___ 1 1 0 1 13 1 1 0 1 26 0 0 0 0 0 1 1 0 1 104 _________________ ___ 1 0 0 0 1 1 1 1 143

  8. Al Khwarizmi’s Method 1 1 0 1 11 13 1 0 1 1 5 26 x _______ 2 52 1 1 0 1 1 104 1 1 0 1 _______ 0 0 0 0 143 1 1 0 1 _________________ 1 0 0 0 1 1 1 1

  9. Another Approach X * Y = 2(X * floor(Y/2)) if y is even X + 2(X * floor(Y/2)) if y is odd ----------------------------------------- function multiply(X,Y) if Y = 0: return 0 Z = multiply(X,floor(Y/2)) if Y is even return 2 * Z else: return X + 2 * Z

  10. Let X = 3 (imperative language) Y = 4 Z = X + Y --------------------------------------------------- (let ((X 3)(Y 4)) (+ X Y) ) (Scheme version) 3 X Y (+ x y) 4

  11. Sequence of Lets X = 3 Y = X Z = (+ X Y) --------------------------------------------------- (let ((X 3)) (let ((Y X)) (+ X Y))) (let* ((X 3) (Y X)) (+ X Y))

  12. Sequence of Lets (let ((X 3)) (let ((Y X)) (+ X Y))) 3 X Y (+ X Y) (let* ((X 3) (Y X)) (+ X Y))

  13. Division function divide(x,y) if x = 0: return (q,r) = (0,0) (q,r) = divide(floor(x/2),y) q = 2 q , r = 2 r if x is odd: r = r + 1 if r >= y: r = r – y, q = q + 1 return (q,r)

  14. Modular Exponentiation function modexp(x, y, N) Input: Two n-bit integers x and N, an integer exponent y Output: xy mod N if y = 0: return 1 z = modexp(x, floor(y/2),N) if y is even: return z2 mod N else: return x * z2 mod N

  15. Euclid’s GCD Algorithm function Euclid(a, b) Input: Two integers a and b with a b 0 Output: gcd(a, b) if b = 0: return a return Euclid(b, a mod b) Why is this O(n3)?

  16. Extension to Euclid’s Algorithm • If someone says “d is the gcd(a,b)”, how do we know? • Lemma: if d divides both a and b, and d = ax + by for some integers x and y, then d is the gcd of a and b

  17. Extended GCD Algorithm function Extended-Euclid(a, b) Input: Two positive integers a and b with a ≥ b ≥ 0 Output: Integers x, y, d such that d = gcd(a; b) and ax + by = d if b = 0: return (1, 0, a) (x’, y’ d) = Extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

  18. Modular Division We say x is the multiplicative inverse of a modulo N if ax ≡ 1 (mod N). Not every integer has such a multiplicative inverse Example 2x ! ≡ 1 (mod 6) for any x. If gcd(a,N) = 1, a and N are relatively prime If a and N are relatively prime, the extended Euclid’s algorithm gives integers x and y such that ax + Ny = 1. (ax + Ny)MOD N = 1 MOD N, ax MOD N = 1 But then x is the multiplicative inverse of a mod N!

  19. Modular Division Theorem • For any a mod N, a has a multiplicative inverse if and only if it is relatively prime to N. When the inverse exists, it can be found in O(n3) time (where n denotes the number of bits in N) by running the extended Euclid algorithm • Example: Compute 11-1 mod 25 Using EEA, 4(25) - 9(11) = 1. Reducing both sides mod 25 we have: -9 (11) ≡ 1 mod 25, so -9 ≡ 16 mod 25 is the inverse of 11 mod 25. In other words, if I want to divide by 11 mod 25, I can instead multiply by 16 mod 25

  20. Another Example • Let p = 17, q = 53 • N = p * q = 17 * 53 = 901 • Choose e relatively prime to (p-1)(q-1) = 16 * 52 = 832, so somewhat arbitrarily let e be 19. The public key is (901,19).

  21. Public key is (901,19). • Let the message be 123. • Encrypting the message involves computing 12319 MOD 901 = 115 • The encrypted message is 115 • To decrypt the message we compute the inverse of 19 MOD (17-1)(53-1) = 19 MOD 832 .

  22. Computing the Inverse of 19 MOD 832 • Using the extended Euclidean algorithm, we see that 219(19) + (-5)(832) = 1 • Taking MOD on both sides we have • (219(19) + (-5)(832)) MOD 832 = 1 MOD 832 and 219(19) = 1 MOD 832, since the addition of multiples of 832 can be removed • In other words, 219 is the multiplicative inverse of 19 MOD 832. • This makes the decryption function x219 MOD 901

  23. Decrypting with x219 MOD 901 • Use modexp to compute the expression • 115219 MOD 901 = 123 • (12319)219 MOD 901 = 123

  24. Implications For division mod N, we can only divide by integers that are relatively prime to N. To divide by s, we multiply by the inverse of s (s-1). To find the inverse of s MOD t, we run EEA on s and t. This produces a(s) + b(t) = 1 if s is relatively prime to t

  25. Implications Applying MOD t results in (a(s) + b(t))MOD t = a(s) MOD t = 1 MOD t In other words, a = s-1 This technique relies heavily on finding large prime numbers p and q

  26. Primality Testing • Factoring is hard, primality is easy. Why? • To test if N is prime, we can try to divide it by 2,3,5,7…, √N (We try to factor it) • This approach still takes lots of time • Fermat’s little theorem: If p is prime, then for every 1 ≤ a ≤ p ap-1 ≡ 1 mod p

  27. Primality Testing Using FLT function primality(N) Input: Positive integer N Output: yes/no Pick a positive integer a < N at random if aN-1 ≡ 1 (mod N): return yes else: return no

  28. Primality Testing There are no guarantees that this works! There are some composite integers that satisfy aN-1 ≡ 1 (mod N) 341 = 11 x 31 is not prime, and yet 2340 ≡ 1 mod 341. Even so, we hope the answer will be correct most of the time. It certainly works if N is prime

  29. Primality Testing Carmichael numbers pass Fermat’s test for all a relatively prime to N For non-Carmichael numbers, a composite integer will fail for at least half the values of a where 1 ≤ a ≤ p If we randomly choose a, we have at least half a chance of the algorithm working correctly

  30. A Primality Algorithm with Low Error Probability function primality2(N) Input: Positive integer N Output: yes/no Pick positive integers a1,a2,…, ak < N at random if aiN-1 ≡ 1 (mod N)for all i = 1,2,… k: return yes else: return no

  31. A Primality Algorithm with Low Error Probability • Pr(Algorithm 1.8 returns yes when N is not prime) ≤ 1/2k • Testing k = 100 values of a makes the probability of failure at most 2-100,which is miniscule: far less, for instance, than the probability that a random cosmic ray will sabotage the computer during the computation!

  32. Generating Primes • Primes are abundant. • A random n-bit number has roughly a one-in-n chance of being prime (actually about 1/(ln 2n) ≈ 1:44/n). • For instance, About 1 in 20 social security numbers is prime!

  33. Generating Primes • Pick a random n-bit number N. • Run a primality test on N. • If it passes the test, output N; else repeat the process.

  34. RSA Summary • Pick any two primes p and q and let N = pq. For any e relatively prime to (p-1)(q -1): 1. The mapping x → x e mod N is a bijection on {0,1,…,N} 2. Moreover, the inverse mapping is easily realized: let d be the inverse of e modulo (p-1)(q -1). Then for all x {0,…,N}, (x e)d ≡ x mod N:

  35. Assignment • Send me a public key (N,e), and I will send you a coded message x e MOD N. Send me the decoded message back in an email. You get to choose N and e. • The message I send will be a number less than N. In a real application the number could be an message in ASCII • Grad Students: Compute two prime numbers p and q with 100 or more digits using Scheme. Generate N = p * q. Choose a suitable e. As before, send me (N, e) but also include your Scheme code for selecting primes.

More Related