UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2008

UMass Lowell Computer Science 91.503 Analysis of Algorithms

Prof. Karen Daniels Fall, 2008

Tuesday, 25 NovemberTuesday, 25 NovemberNumber-Theoretic AlgorithmsNumber-Theoretic Algorithms

Chapter 31 Chapter 31

Chapter Dependencies

Ch 31Number-Theoretic AlgorithmsRSA

Math: Number Theory

You’re responsible for material in this chapter that we discuss in lecture. (Note that this does not include sections 31.8 or 31.9.)

Overview

Motivation: RSAMotivation: RSA BasicsBasics Euclid’s GCD AlgorithmEuclid’s GCD Algorithm Chinese Remainder TheoremChinese Remainder Theorem Powers of an ElementPowers of an Element RSA DetailsRSA Details

Motivation: RSA

RSA Encryption

source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.

31.531.5

MMSP AA ))(( MMPS AA ))((

RSA Digital Signature


31.631.6

assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use

'))'(( MMSP AA

?

RSA Cryptosystem

(31.19)(31.19)

(31.26)(31.26)

)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)

encodeencode decodedecode


to be explained later….

need efficient ways to compute P(M), S(C)

RSA Dependence

Correctness:Correctness: Euler’s Euler’s Function Function Fermat’s TheoremFermat’s Theorem Chinese Remainder TheoremChinese Remainder Theorem

Efficiency:Efficiency: Modular ExponentiationModular Exponentiation Primality TestingPrimality Testing

Security:Security: Difficulty of Factoring Large IntegersDifficulty of Factoring Large Integers

)(mod))(())(( nMMSPMPS ed

see chart of result dependencies on next slide (courtesy of Mark Micire)…see chart of result dependencies on next slide (courtesy of Mark Micire)…

Need to show:Need to show:

)(mod nMM ed

Notes on Primality Testing

Efficient primality testing has been goal for > 2,000 Efficient primality testing has been goal for > 2,000 years.years.

Early attempts required exponential time.Early attempts required exponential time. Miller-Rabin (Section 31.8) primality test is a Miller-Rabin (Section 31.8) primality test is a

randomized polynomial-time algorithm (1980’s).randomized polynomial-time algorithm (1980’s). Agrawal, Kayal, Saxena provided a deterministic Agrawal, Kayal, Saxena provided a deterministic

polynomial-time algorithm (2002).polynomial-time algorithm (2002).

Basic Concepts

** Indicates that result is on chart of result dependenciesIndicates that result is on chart of result dependencies

Division & Remainders


31.131.1

(3.8)(3.8) **

Equivalence Class Modulo n


(31.1)(31.1)

(31.2)(31.2)

Common Divisors


(31.3)(31.3)

(31.4)(31.4)

(31.5)(31.5)

**

**

Greatest Common Divisor


(31.6)(31.6)

(31.7)(31.7)

(31.8)(31.8)(31.9)(31.9)

(31.10)(31.10)

31.231.2

(3.8)(3.8)

(31.4)(31.4)

**

**



31.331.3

(31.4)(31.4)

31.231.2

31.431.4

**

Relatively Prime Integers


31.631.6

31.231.2

31.231.2

**

Relatively Prime Integers


31.731.7

31.631.6

31.1-631.1-6 **



31.931.9

(31.5)(31.5)

(3.8)(3.8)

(31.4)(31.4)

(31.3)(31.3)

(31.4)(31.4)

(31.3)(31.3)

(31.5)(31.5) (31.14)(31.14) (31.15)(31.15)

(31.14)(31.14)

(31.15)(31.15)

**

Euclid’s GCD Algorithm

Euclid’s GCD Algorithm


**

Also see Java code on course web Also see Java code on course web sitesite

Extended Euclid


(31.16)(31.16)

31.131.1

**

**

Chinese Remainder Theorem

Modular Arithmetic


Finite Groups


size of this group is 6size of this group is 6 size of this group is 8size of this group is 8

31.231.2

Additive group mod 6Additive group mod 6 Multiplicative group mod 15Multiplicative group mod 15

}1),gcd(:]{[* naZaZ nnn

elements relatively prime to nelements relatively prime to n

Finite Groups


31.1231.12

Finite Groups


31.1331.13

31.631.6

31.1231.12

31.2631.26

Euler’s Phi Function


(31.19)(31.19) **

Lagrange’s Theorem


31.1531.15 **

Finite Groups31.1731.17 **


31.1831.18

31.1931.19

**

**

}1:{ )( kaa k

additive subgroup additive subgroup generated by generated by aa

wherewhere

aaaa k )(

kk

Solving Modular Linear Eq


31.2031.20

(31.4)(31.4)

**



31.2231.22

31.1831.18

31.1831.1831.2231.22

31.2431.24

**

**

'' where,modsolution a as has mod then If :31.23 . 0 nyaxd nx'(b/d) x n)b (axd|bThm



31.2631.26

**

**



(31.23)(31.23)

31.2731.27

(31.23)(31.23)

(31.24)(31.24)

(31.25)(31.25)

(31.26)(31.26)

**



31.2931.29 **

Powers of an Element

Theorems of Euler & Fermat


31.3031.30

31.3131.31

**

**

Modular Exponentiation


**nab mod

Also see Java code on course web siteAlso see Java code on course web site

RSA Details

RSA Encryption


31.531.5

MMSP AA ))(( MMPS AA ))((

RSA Digital Signature


31.631.6

assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use

'))'(( MMSP AA

?

RSA Cryptosystem

(31.19)(31.19)

(31.26)(31.26)

)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)

encodeencode decodedecode


need efficient ways to compute P(M), S(C)

RSA Correctness


(31.35)(31.35) (31.36)(31.36)

31.3131.31

31.2931.29

by Thm 31.31 (Fermat)by Thm 31.31 (Fermat)

UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2008

Documents