Advanced Algorithms Analysis and Design By Dr. Nazir Ahmad Zafar Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Lecture No. 41 RSA Cryptosystem String Matching Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

Fermat Theorem Statement If p is prime, a is positive integer not divisible by p, ap-1 = 1 mod p OR ap = a mod p Proof Consider the set, Zp = {0,1,…, p –1} Multiplying each element of Zp by “a mod p”, the result is a set, A, of all the elements of Zp with a different sequence, where A = Zp A = {0, a mod p, 2a mod p……(p-1)a mod p} {0, a mod p, 2a mod p……(p-1)a mod p} = {0,1,…, p –1} Since A = Zp Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Fermat Theorem If all the elements are multiplied together, except 0, on both sides we should {a mod p * 2a mod p… *(p-1) a mod p} mod p = 1.2. . . .(p-1) mod p OR a p-1 (p-1)! mod p = (p-1)! mod p Since (p-1)! is relatively prime to p. So It can be cancelled from both sides ap-1 mod p ≡ 1 OR ap-1 ≡ 1 mod p OR ap ≡ a mod p Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Euler’s Theorem: Generalization of Fermat’s Statement If a and n are relatively prime then a(n) + 1 = a mod n OR a(n) = 1 mod n Proof If n = prime, then (n) = n – 1 By Fermat’s Theorem an-1 = a(n) = 1 mod n If n is a positive integer, then (n) = number of positive integers less than n, relatively prime to n. Consider such positive integers as follows: S1 = {x1, x2, . . ., x(n) } Now multiply each element with a mod n S2 = {a x1 mod n, a x2 mod n, . . ., a x(n) mod n} Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Euler’s Theorem The set S2 is a permutation of S1 because: 1. a is relatively prime to n. 2. xi is relatively prime to n. 3. Therefore axi is also relatively prime to n. Hence each axi mod n has value less than n Hence every element of S2 is relatively prime to n and less than n. The number of elements of S2 equal to that of S1 Moreover S2 contains no duplicates. It is because if axi mod n = axj mod n, then xi = xj But S1 has no duplicates Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Euler’s Theorem On multiplying the terms of S1 and S2  ( axi mod n) =  xi OR  (axi) = (  xi ) mod n OR a = 1 mod n OR a = a mod n, Proved Corollary: Given primes p and q. Let m and n are integers such that n = p*q and 0 < m < n then m(n)+1 = m mod n OR m(n) = 1 mod n (n) (n) i=1 i=1 (n) (n) i=1 i=1 (n) (n) + 1 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

RSA Cryptosystem Encryption: Any number m, (m < n), can be encrypted. ciphertext c = me mod n Decryption: cd mod n gives us back m. Proof To prove that cd mod n is equal to m: cd mod n = (me)d mod n = mde mod n Since de = 1 mod (n)  de = k(n) + 1 cd = mde = mk(n) +1 By the above corollary to Euler’s theorem, cd = mde = mk(n) +1 = m mod n = m, since m < n Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Example 7: RSA Cryptosystem Encrypt message STOP using RSA cryptosystem with p = 43, q = 59 and e = 13, n = pq = 2537, Solution gcd(e, (p-1)(q-1)) = 1, encryption can be done Translate STOP in numerical values, blocks of 4 1819 1415 Encrypt C = Me mod 2537 = M13 mod 2537 After computing using fast modular multiplication 181913 mod 2537 = 2081;141513 mod 2537 = 2181 The encrypted message is: 2081 2182 Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

Example 8: RSA Cryptosystem Decrypt 0981 0461 if encrypted using RSA Public key = (e, n) = (13, 43.59 = 2537) Solution p = 43, p-1 = 42, q = 59, q-1 = 58, e = 13 d = e-1 mod (p-1).(q-1) = 13-1 mod 42.58 = 937 Decrypt M = C937 mod 2537 = C937 mod 2537 After computing using fast modular multiplication 0981937 mod 2537 = 0704;0461937 mod 2537 = 1115 The decrypted message is: 0704 1115 Translating back to English: HELP Dr Nazir A. Zafar Advanced Algorithms Analysis and Design

String Matching Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

String Matching Problem We assume that the text is an array T [1 .. n] of length n and that the pattern is an array P[1 .. m] of length m ≤ n. We further assume that the elements of P and T are characters drawn from a finite alphabet Σ. For example, we may have Σ = {0, 1} or Σ = {a, b, . . . , z}. The character arrays P and T are often called strings of characters. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

String Matching Problem We say that pattern P occurs with shift s in text T (or, equivalently, that pattern P occurs beginning at position s + 1 in text T) if 0 ≤ s ≤ n - m and T [s + 1 .. s + m] = P[1 .. m] i.e. T [s + j] = P[ j], for 1 ≤ j ≤ m). If P occurs with shift s in T, we call s a valid shift; otherwise, we call s an invalid shift. String Matching Problem The string-matching problem is “finding all valid shifts with which a given pattern P occurs in a given text T”. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

Example: String Matching Problem 13 Text T a b c a b a a b c a b a c s = 3 Pattern P a b a a Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

Definitions and Notations Terminology Σ* The set of all finite-length strings formed using characters from the alphabet Σ. ε The zero-length empty string, also belongs to Σ*. |x| The length of a string x. xy The concatenation of two strings x and y has length |x| + |y| and consists of the characters from x followed by the characters from y. w  x A string w is a prefix of a string x, if x = wy for some string y  Σ*. If w  x, then |w| ≤ |x|. w  x A string w is a suffix of a string x, if x = yw for some y  Σ*. If w  x that |w| ≤ |x|. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

1. Naive Approach The idea is based on Brute Force Approach. The naive algorithm finds all valid shifts using a loop that checks the condition P[1 .. m] = T[s + 1 .. s + m] for each of the n - m + 1 possible values of s. It can be interpreted graphically as sliding a “template“ containing the pattern over the text, noting for which shifts all of the characters on the template equal the corresponding characters in the text. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

1. Naive String Matching Algorithm NAIVE-STRING-MATCHER(T, P) 1 n ← length[T] 2 m ← length[P] 3 for s ← 0 to n - m 4 do if P[1 .. m] = T[s + 1 .. s + m] 5 then print "Pattern occurs with shift" s Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

Naive String Matching Algorithm Worst case Running Time Outer loop: n – m + 1 Inner loop: m Total ((n - m + 1)m) Best-case: n-m Note Not an optimal procedure for String Matching problem. It has high running time for worst case. The naive string-matcher is inefficient because information gained about the text for one value of s is entirely ignored in considering other values of s. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

2. The Rabin-Karp Algorithm Let us assume that Σ = {0, 1, 2, . . . , 9}, so that each character is a decimal digit. A string of k consecutive characters is viewed as representing a length-k decimal number. Given a pattern P[1 .. m], let p denote its corresponding decimal value and a text T [1 .. n], we let ts denotes the decimal value of the length-m substring T[s + 1 .. s + m], for s = 0, 1, ..., n - m. Now, ts = p if and only if T [s + 1 .. s + m] = P[1 .. m]; thus, s is a valid shift if and only if ts = p. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

2. The Rabin-Karp Algorithm We can compute p in time Θ(m) using Horner's rule p = P[m] + 10 (P[m - 1] + 10(P[m - 2] + · · · + 10(P[2] + 10P[1]) )). Example: Horner's rule “345” = 5 + 10(4 + 10(3)) = 5 + 10(4 + 30) = 5 + 340 = 345 The value t0 can be similarly computed from T [1 .. m] in time Θ(m). To compute the remaining values t1, t2, . . . , tn-m in time Θ(n - m), it suffices to observe that ts+1 can be computed from ts in constant time. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design

2. The Rabin-Karp Algorithm Subtracting 10m-1 T[s + 1] removes the high-order digit from ts, multiplying the result by 10 shifts the number left one position, and adding T [s + m + 1] brings in the appropriate low-order digit. ts+1 = (10(ts – T[s + 1] 10m-1 ) + T[s + m + 1]) The only difficulty with this procedure is that p and ts may be too large to work with conveniently. Fortunately, there is a simple cure for this problem compute p and the ts's modulo a suitable modulus q. Dr. Nazir A. Zafar Advanced Algorithms Analysis and Design