Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scott CH Huang COM 5336 Cryptography Lecture 7a COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1.

Similar presentations


Presentation on theme: "Scott CH Huang COM 5336 Cryptography Lecture 7a COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1."— Presentation transcript:

1 Scott CH Huang COM 5336 Cryptography Lecture 7a COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1

2 Definition prime A prime number is a positive integer p having exactly two positive divisors, 1 and p. composite A composite number is a positive integer n > 1 which is not prime. COM 5336 Cryptography Lecture 7a

3 Scott CH Huang Primality Test vs Factorization Factorization’s outputs are non-trivial divisors. Primality test’s output is binary: either PRIME or COMPOSITE COM 5336 Cryptography Lecture 7a

4 Scott CH Huang Naïve Primality Test Input: Integer n > 2 Output: PRIME or COMPOSITE for (i from 2 to n-1){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

5 Scott CH Huang Still Naïve Primality Test Input/Output: same as the naïve test for (i from 1 to ){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

6 Scott CH Huang Sieve of Eratosthenes Input/Output: same as the naïve test Let A be an arry of length n Set all but the first element of A to TRUE for (i from 2 to ){ if (A[i]=TRUE) Set all multiples of i to FALSE } if (A[i]=TRUE) return PRIME else return COMPOSITE COM 5336 Cryptography Lecture 7a

7 Scott CH Huang Primality Testing Two categories of primality tests Probablistic – Miller-Rabin Probabilistic Primality Test – Cyclotomic Probabilistic Primality Test – Elliptic Curve Probabilistic Primality Test Deterministic – Miller-Rabin Deterministic Primality Test – Cyclotomic Deterministic Primality Test – Agrawal-Kayal-Saxena (AKS) Primality Test COM 5336 Cryptography Lecture 7a

8 Scott CH Huang Running Time of Primality Tests Miller-Rabin Primality Test – Polynomial Time Cyclotomic Primality Test – Exponential Time, but almost poly-time Elliptic Curve Primality Test – Don’t know. Hard to Estimate, but looks like poly-time. AKS Primality Test – Poly-time, but only asymptotically good. COM 5336 Cryptography Lecture 7a

9 Scott CH Huang Fermat’s Primality Test It’s more of a “compositeness test” than a primality test. Fermat’s Little Theorem: If p is prime and, then If we can find an a s.t., then n must be a composite. If, for some a, n passes the test, we cannot conclude n is prime. Such n is a pseudoprime. If this pseudoprime n is not prime, then this a is called a Fermat liar. If, for all we have can we conclude n is prime? No. Such n is called a Carmichael number. COM 5336 Cryptography Lecture 7a

10 Scott CH Huang Pseudocode of Fermat’s Primality Test FERMAT(n,t){ INPUT: odd integer n ≥ 3, # of repetition t OUTPUT: PRIME or COMPOSITE for (i from 1 to t){ Choose a random integer a s.t. 2 ≤ a ≤ n-2 Compute if ( ) return COMPOSITE } return PRIME } COM 5336 Cryptography Lecture 7a

11 Scott CH Huang Miller-Rabin Probabilistic Primality Test It’s more of a “compositeness test” than a primality test. It does not give proof that a number n is prime, it only tells us that, with high probability, n is prime. It’s a randomized algorithm of Las Vegas type. COM 5336 Cryptography Lecture 7a

12 Scott CH Huang A Motivating Observation FACT: Let p be an odd prime.. If then Moreover, if, and m is odd. Let. Then either or for some COM 5336 Cryptography Lecture 7a

13 Scott CH Huang Miller-Rabin If and Then a is a strong witness for the compositeness of n. If or for some then n is called a pseudoprime w.r.t. base a, and a is called a strong liar. COM 5336 Cryptography Lecture 7a

14 Scott CH Huang Miller-Rabin: Algorithm Pseudocode MILLER-RABIN(n,t){ INPUT: odd integer n ≥ 3, # of repetition t Compute k & odd m s.t. for ( i from 1 to t ){ Choose a random integer a s.t. Compute if ( or ){ Set while( and ){ Set if ( ) return COMPOSITE } if ( ) return COMPOSITE } return PRIME } COM 5336 Cryptography Lecture 7a

15 Scott CH Huang Miller-Rabin: Example n = = 2*45, s = 1, r = 45 {1,9,10,12,16,17,22,29,38,53,62,69,74, 75,79,81,82,90} are all strong liars. – 9 45 = 1 mod 91 – = 1 mod 91 – …. All other bases are strong witnesses. – 9 7 = 9 mod 91 – 9 8 = 81 mod 91 COM 5336 Cryptography Lecture 7a

16 Scott CH Huang Miller-Rabin: Main Theorem Theorem: Given n > 9. Let B be the number of strong liars. Then If the Generalized Riemann Hypothesis is true, then Miller-Rabin primality test can be made deterministic by running MILLER-RABIN(n, 2log 2 n) COM 5336 Cryptography Lecture 7a


Download ppt "Scott CH Huang COM 5336 Cryptography Lecture 7a COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1."

Similar presentations


Ads by Google