1 / 64

Aritmética Computacional

Aritmética Computacional. Francisco Rodríguez Henríquez CINVESTAV e-mail: francisco@cs.cinvestav.mx. Fairy Tale : Chinese Emperor used to count his army by giving a series of tasks. All troops should form groups of 3. Report back the number of soldiers that were not able to do this.

stacie
Télécharger la présentation

Aritmética Computacional

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Aritmética Computacional Francisco Rodríguez Henríquez CINVESTAV e-mail: francisco@cs.cinvestav.mx

  2. Fairy Tale: Chinese Emperor used to count his army by giving a series of tasks. All troops should form groups of 3. Report back the number of soldiers that were not able to do this. Now form groups of 5. Report back. Now form groups of 7. Report back. Etc. At the end, if product of all group numbers is sufficiently large, can ingeniously figure out how many troops. Chinese Remainder Theorem

  3. Chinese Remainder Theorem

  4. Chinese Remainder Theorem mod 3: N mod 3 = 1

  5. Chinese Remainder Theorem mod 5: N mod 5 = 2

  6. Chinese Remainder Theorem mod 7: N mod 7 = 2

  7. Secret inversion formula (for N < 105 = 3·5·7): N  a (mod 3) N  b (mod 5) N  c (mod 7) Implies that N =(-35a + 21b + 15c) mod 105. So in our case a = 1, b = 2, c = 2 gives: N = (-35·1+ 21·2+ 15·2)mod 105 = (-35+ 42+ 30)mod 105 = 37mod 105 = 37 Chinese Remainder Theorem

  8. Find three numbers l,m,n with following properties l  1(mod 3), l  0(mod 5), l  0(mod 7) m0(mod 3), m 1(mod 5), m 0(mod 7) n 0(mod 3), n  0(mod 5), n  1(mod 7) Then y = al+bm +cn[secret formula] satisfies y  al+bm +cn (mod 3) a·1+0 + 0 (mod 3)  a (mod 3) Similarly, y  b (mod 5) Similarly, y  c (mod 7) This will imply x  y (mod 3·5·7) CRT: Example

  9. Find three numbers l,m,n: Standard trick. EG, to find l : Multiply together all modulii different from 3. Result: 5·7 = 35 Find an inverse of this number mod 3: In this case it’s easy. 35  2(mod 3) so find an inverse of 2 [2 or anything congruent to 2(mod 3)]. Practice shows that should choose inverse of smallest magnitude: –1. l is the product of (a) and (b): l = -35 l is 0 mod 5 and 7 since it’s divisible by 5·7. But (c) guarantees that it’s 1 modulo 3! CRT: Example

  10. Similarly, m = 21 and n = 15. So our solution to all three congruences is: x = -35a + 21b + 15c If we want to guarantee a solution between 0 and 104, just compute x mod 105 . The same tricks can be generalized to prove: CRT: Example

  11. THM (CRT): Let m1,m2, … ,mn be pairwise relatively prime positive integers. Then there is a unique solution x in [0,m1·m2···mn-1] to the system of congruences: x  a1 (mod m1 ) x  a2 (mod m2 ) x  an(mod mn) Chinese Remainder Theorem

  12. CRT: Conversion Algorithm Step 1. Compute using multi-precision arithmetic. Step 2. Compute the multiplicative inverses of modulo mi for 1 ≤ i ≤ n, i.e., compute the constants ci such that, Step 3. Compute u by performing the sum (in multiprecision arithmetic):

  13. CRT: Conversion Algorithm Theorem. Given the moduli m1, m2,…, mn and the remainders u1, u2,…, un the number u can be computed in O(n2).

  14. CRT: Mixed-Radix Conversion Algorithm Step 1. Compute constants cij for 1 ≤ i < j ≤ n such that, Step 2. Compute Step 3. Compute

  15. CRT: Mixed-Radix Conversion Algorithm Computation of u using the above formula also requires O(n2) arithmetic operations. We now define Vij for 0 ≤ i < j ≤ n such that Voi = ui for 1 ≤ i ≤ n. These Vij are the temporary values of vj resulting from the operations in Step 2 of the mixed-radix conversion algorithm. This way, we build a triangular table of values with diagonal entries Vi = Vi-1,jfor0 ≤ i ≤ n. The entries of this table are named multiplied differences.

  16. CRT: Mixed-Radix Conversion Algorithm An Example: For n = 4, it can be given as follows, Where [mi] stands for modulo mi.

  17. Finite fields: Arithmetic operations FPfinite field operations : Addition, subtraction, multiplication, Squaring,inversion, exponentiation and Primality Testing

  18. Arithmetic Operations in GFp

  19. Modular Addition and Subtraction

  20. Modular Addition Input: A modulus p, and integers a, b in [0, p-1] Output: c = (a + b) mod p. • C0 = Add(a0, b0); • For i from 1 to t-1do: Ci = Add_with_carry(ai, bi); • If the carry bit is set, then subtract p from c = (ct-1,…, c2,c1,c0). (why??) • If c≥ p then c -= p; (why??) • Return(c);

  21. Modular Subtraction Input: A modulus p, and integers a, b in [0, p-1] Output: c = (a - b) mod p. • C0 = Subtract(a0, b0); • For i from 1 to t-1do: Ci = Subtract_with_borrow(ai, bi); • If the carry bit is set, then add p to c = (ct-1,…, c2,c1,c0). (why??) • Return(c);

  22. Modular Multiplication

  23. Modular Multiplication Computation of c = ab mod n can be performed by using: • Classical: Normal integer multiplication followed by reduction • Blakley’s method: The multiplication steps are interleaved with reduction steps. • Montgomery’s method: Uses predominantly modulo 2j arithmetic.

  24. Modular Multiplication: Classical Method

  25. Integer Multiplication We perform the operations radix W = 2w: wordsize of the computer: We define (Carry, Sum) pairs. Our notation is:

  26. Integer Multiplication

  27. Integer Multiplication • for i = 0 to s-1 do: • C:= 0 • for j = 0 to s-1 do: • (C, S) := ti+j + ajbi + C; • ti+j := S; • end • ti+j+1:= C; • end

  28. Integer Multiplication

  29. Integer Multiplication

  30. Integer Multiplication

  31. Integer Multiplication This algorithm requires s2 = (k/w)2 inner product steps: (C, S) := ti+j+ajbi+C; In other words, O(k2) bit operations. The variables ti+j, aj, bi, C and S each hold a single-word, or a w-bit number. Notice that from the main operation in the loop we obtain a double-word, or a 2w-bit number since:

  32. Integer Squaring A straightforward modification of the multiplication algorithm gives the following algorithm for squaring. There are roughly ½ fewer multiplication operations.

  33. Integer Squaring [Guajardo and Paar] Input: An integer a [0, p-1], a = (at-1 at-2 … a1 a0) Output: c = a2. • for i from 0 to 2t-1 do: ci = 0; • for i from 0 to t-1 do • (uv) = c2i + ai2; • C2i=v; C1= u; C2 = 0; • for j from i+1 to t-1 do • (uv) = ci+j+ ai aj + C1; C1 = u; • (uv) = v + ai aj + C2; ci+j = v ; C2 = u; • (uv) = C1+C2, C2 = u; • (uv) = ci+t + v; ci+t= v; • ci+t+1= C2 + u; • return (c);

  34. Integer Squaring [Classical] Input: An integer a [0, p-1], a = (at-1 at-2 … a1 a0) Output: c = a2. • r0 = r1 = r2 = 0; • for k from 0 to2(t-1) do • For each elmt. of {(i, j)| i+j = k, 0 ≤ i ≤ j < t} do • (uv) = ai aj; • If (i < j) then (uv) << 1; r2 = AddC(r2, 0); • r0 = Add(r0, v); r1 = AddC(r1, u); r2 = AddC(r2, 0); • ck = r0; r0 = r1; r1 = r2; r2 = 0; • c2t-1= r0; • return (c);

  35. Reduction Given t, the computation of R which satisfies t = Qn + R With R < n. Here t is a 2k-bit number and n is a k-bit number. The number t and n are positive, so are the results Q and R. Since we are not interested in the quotient, steps of the division algorithm can be simplified.

  36. Reduction Two algorithms of interest: • Restoring Division • Non-restoring division

  37. Restoring Division • R0 := t; • n := 2kn; • for i = 1 to k do: • Ri := Ri-1-n; • if Ri<0 then Ri := Ri-1; • n := n/2; • end • Return Rk;

  38. Restoring Division: An example • We give an example of the restoring division algorithm for computing 3019 mod 53, where, 3019 = (101111001011)2 53 = (110101)2 The result is: 51 = (110011)2

  39. Restoring Division: An example

  40. Restoring Division: An example

  41. Non restoring Division Algorithm • The non-restoring division algorithm allows a negative remainder. • Suppose Ri:=Ri-1-n< 0, then the restoring algorithm assigns Ri:=Ri-1 and performs a subtraction with the shifted n, obtaining Ri+1:= Ri-n/2 = Ri-1-n/2; • However, if Ri = Ri-1 – n < 0, then the non-restoring algorithm lets Ri remain negative and adds the shifted n in the following cycle. Thus it obtains, Ri+1:= Ri+n/2 = (Ri-1-n)+n/2 = Ri-1-n/2; i.e., the same value (!!)

  42. Non-Restoring Division Algorithm • R0 := t; • n := 2kn; • for i = 1 to k do: • if Ri-1<0 then Ri := Ri-1-n; • else Ri := Ri-1+n; • n := n/2; • end • Return Rk;

  43. Non-Restoring Division Algorithm • Since the remainder is allowed to stay negative, we use 2’s complement coding to represent such numbers. • Also, note that the nonrestoring division algorithm may require a final restoration cycle in which a negative remainder is corrected by adding the last value of n back to it. • Example Computation of 51 = 3019 mod 53.

  44. Restoring Division: An example

  45. Restoring Division: An example

  46. Barrett Reduction Barrett reduction computes r = x mod m given x and m. The algorithm requires the precomputation of the quantity, It is advantageous if many reductions are performed with a single modulus. Typically, the radix b is chosen to be a power of two closed to the word-size of the processor. Barrett reduction is based on the following fact: Given

  47. Barrett Reduction Input: positive integers x = (x2k-1 … x1x0), p = (pk-1 … p1p0) Output: x mod p. • if r < 0 then • While r≥ p do: r= r-p; • Return(r);

  48. Barrett Reduction Example: Let b = 4, k = 3, x = (313221)b, and p = (233)b(i.e., x = 3561, and p = 47). Then  = |46/p| = 87 = (1113)b, |x/bk-1| = |(313221)b/42| = (3132)b, |x/bk-1|  = (3132)b  (1113)b = (10231302)b Hence q = (1023)b, r1 = (3221)b (why??) r2 = (1023)b (233)b mod b4 =(3011)b, and r = r1 – r2 = (210)b Thus x mod p = (210)b = 36

  49. Barrett Reduction : Computational efficiency • All divisions performed in the algorithm are simple right-shifts of the base b representation. • Since the k+1 MSBs of x/bk-1|  are not needed to determine q (why??), only a partial multiple-precision multiplication is necessary.

  50. Reduction The arithmetic in Barrett reduction can be reduced by choosing b to be a power of 2. For primes p of special form, there exist very fast modular reduction techniques [For example, see “Software Implementation of the NIST Elliptic Curves Over Prime Fields”, Brown, Hankerson, López and Menezes].

More Related