Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Published byScott Goodwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:"— Presentation transcript:

1 Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder: pass in worksheet on using RSA today or tomorrow. 5. Term project groups and topics due by Friday. Questions? This week: Primality testing, factoring Primality testing, factoring Discrete Logs Discrete Logs DTTF/NB479: DszquphsbqizDay 21

2 Plus-delta 5-min

3 Use Ch 10 – 19 as inspiration. Elliptic curves? Elliptic curves? Quantum crypto? Quantum crypto? Security protocols? Security protocols?Deliverables: A paper demonstrating your understanding of the topic A paper demonstrating your understanding of the topic A 20-min in-class presentation 9 th /10 th week A 20-min in-class presentation 9 th /10 th week Groups of ~3 to bound presentation time. Term projects

4 Pulling 479 back into cache RSA: public-key system: n, e known Easy to encrypt Easy to encrypt But need factorization of n (pq) to find d to decrypt. But need factorization of n (pq) to find d to decrypt. Factorization is a “one-way” function Factorization is a “one-way” function Builds on lots of ch 3 number theory, like Euclid, Fermat, and Euler. Builds on lots of ch 3 number theory, like Euclid, Fermat, and Euler. You used Maple to send messages You looked at some “implementation mistakes” (for example, using small values for e)

5 Compositeness testing Oops, did I say primality testing? Today, we discuss three techniques that can guarantee a number is composite, and guess when one is prime. 1.Square Root Compositeness Theorem + 2.Fermat’s Theorem = 3.Miller-Rabin Compositeness Test

6 Square Root Compositeness Theorem Given integers n, x, and y: Then n is composite, and gcd(x-y, n) is a non-trivial factor Proof: live in class Toy example showing 35 is composite using x=2 and y=12.

7 Review Fermat’s little theorem: If n is prime and doesn’t divide a, then If n is prime and doesn’t divide a, thenContrapositive: If then n is composite If then n is composite In practice, If then n is probably prime If then n is probably prime Rare counterexamples (15k our of first 10B ints) called pseudoprimes Rare counterexamples (15k our of first 10B ints) called pseudoprimesNotes Never gives factors Never gives factors Compute using powermod Compute using powermod=1 Not 1 PrimeMostNone Composite Rare pseudoprime All

8 Miller-Rabin Compositeness Test To test whether n is prime or composite Given odd n>1, write n-1=2 k m, where k >=1. Choose a base a randomly (or just pick a=2) Let b 0 =a m (mod n) If b 0 =+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute b i =b i-1 2. If b i =1(mod n), stop. n is composite by SRCT, and gcd(b i-1 -1,n) is a factor. If b i =-1(mod n), stop. n is probably prime by Fermat. If b k =1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat.

9 Miller-Rabin Given odd n>1, write n-1=2 k m, where k >=1. Choose a base a randomly (or just pick a=2) Let b 0 =a m (mod n) If b 0 =+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute b i =b i-1 2. If b i =1(mod n), stop. n is composite by SRCT, and gcd(b i-1 -1,n) is a factor. If b i =-1(mod n), stop. n is probably prime by Fermat. If b k =1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat. So: k b0b0 b1b1 bkbk Big picture: Fermat on steroids By doing a little extra work (finding k to change the order of the powermod), we can call some pseudoprimes composite and find some of their factors

10 Examples of Miller-Rabin Given odd n>1, write n-1=2 k m, where k >=1. Choose a base a randomly (or just pick a=2) Let b 0 =a m (mod n) If b 0 =+/-1, stop. n is probably prime by Fermat For i = 1..k-1 Compute b i =b i-1 2. If b i =1(mod n), stop. n is composite by SRCT, and gcd(b i-1 -1,n) is a factor. If b i =-1(mod n), stop. n is probably prime by Fermat. If b k =1 (mod n), stop. n is composite by SRCT Else n is composite by Fermat. 1.n=189 2.n=561 (Fermat says prob prime) Big picture: Fermat on steroids By doing a little extra work (finding k to change the order of the powermod), we can call some pseudoprimes composite and find some of their factors Those composites that even get by M-R are called strong pseudoprimes (~20% of pseudoprimes < 10B). Why does it work?

11 Using within a primality testing scheme Odd? div by other small primes? Prime by Factoring/ advanced techn.? n no yes prime Fermat?

12 Using within a primality testing scheme Finding large probable primes #primes < x = #primes < x = Density of primes: ~1/ln(x) For 100-digit numbers, ~1/230. So ~1/115 of odd 100-digit numbers are prime Can start with a random large odd number and iterate, applying M-R to remove composites. We’ll soon find one that is a likely prime. Maple’s nextprime() appears to do this, but also runs the Lucas test: http://www.mathpages.com/home/k math473.htm http://www.mathpages.com/home/k math473.htm http://www.mathpages.com/home/k math473.htm Odd? div by other small primes? Prime by Factoring/ advanced techn.? n no yes prime Pass M-R?

Download ppt "Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:"

Similar presentations

WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
MS 101: Algorithms Instructor Neelima Gupta

MS 101: Algorithms Instructor Neelima Gupta
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Announcements: See schedule for weeks 8 and 9 See schedule for weeks 8 and 9 Project workdays, due dates, exam Project workdays, due dates, exam Projects:

Announcements: See schedule for weeks 8 and 9 See schedule for weeks 8 and 9 Project workdays, due dates, exam Project workdays, due dates, exam Projects:
Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.

Announcements: 1. Term project groups and topics due tomorrow midnight Waiting for posts from most of you. Questions? This week: Primality testing, factoring.
and Factoring Integers (I)

and Factoring Integers (I)
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10.

Announcements: Computer exam next class Computer exam next classQuestions? DTTF/NB479: DszquphsbqizDay 10.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.

Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O167 10 th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.

Announcements: 1. Short “pop” quiz on Ch 3 (today?) 2. Term project groups and topics due midnight 3. HW6 due Tuesday. Questions? This week: Primality.
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Similar presentations

Ads by Google