Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number.

Published byAustin Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number."— Presentation transcript:

1 Chapter 1 Algorithms with Numbers

2 Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number we can make: 1x2 k-1 + 1x2 k-2 + … + 1x2 1 + 1x2 0 = 2 k - 1 Example: 1111 = 2 4 – 1 Answer: N = 2 k – 1 and solve for k

3 Bases and Logs Answer: N = 2 k – 1 and solve for k N + 1 = 2 k Log(N+1) = Log(2 k ) Log(N+1) = k ┌ Log(N+1) ┐ = k

4 Bases and Logs Log N is the power you raise 2 to get N 2 Log(N) = N For large N, Log(N) is much smaller than N N =1,073,741,834 Log(N) = 30 Which algorithm is better? O(N 2 ) or O(n Log N)

5 Bases and Logs Log N is the number of times you must halve N to get down to 1 Log N is the number of bits in the binary representation of N (Ceil (Log (N+1))) Log N is the depth of a complete binary tree with N nodes (Floor(Log n)) Log N is approximately the sum of 1 + ½ + 1/3 + … + 1/N

6 Addition of Binary Numbers Why isn’t binary addition O(1)? Don’t we have hardware operations for that? The sum of x + y is n + 1 bits at most Each individual bit gets computed in fixed amount of time Running time = c 0 + c 1 n = O(n)

7 Multiplication 1 1 0 1 13 1 0 1 1 11 x _______ x ___ 1 1 0 1 13 1 1 0 1 26 0 0 0 0 0 1 1 0 1 104 _________________ ___ 1 0 0 0 1 1 1 1 143

8 Al Khwarizmi’s Method 1 1 0 1 11 13 1 0 1 1 5 26 x _______ 2 52 1 1 0 1 1 104 1 1 0 1 _______ 0 0 0 0 143 1 1 0 1 _________________ 1 0 0 0 1 1 1 1

9 Another Approach X * Y = 2(X * floor(Y/2)) if y is even X + 2(X * floor(Y/2)) if y is odd ----------------------------------------- function multiply(X,Y) if Y = 0: return 0 Z = multiply(X,floor(Y/2)) if Y is even return 2 * Z else: return X + 2 * Z

10 Let X = 3 (imperative language) Y = 4 Z = X + Y --------------------------------------------------- (let ((X 3)(Y 4)) (+ X Y) ) (Scheme version) 3 4 XYXY (+ x y)

11 Sequence of Lets X = 3 Y = X Z = (+ X Y) --------------------------------------------------- (let ((X 3)) (let ((Y X)) (+ X Y))) (let* ((X 3) (Y X)) (+ X Y))

12 Sequence of Lets (let ((X 3)) (let ((Y X)) (+ X Y))) X 3 Y (+ X Y) (let* ((X 3) (Y X)) (+ X Y))

13 Division function divide(x,y) if x = 0: return (q,r) = (0,0) (q,r) = divide(floor(x/2),y) q = 2 q, r = 2 r if x is odd: r = r + 1 if r >= y: r = r – y, q = q + 1 return (q,r)

14 Modular Exponentiation function modexp(x, y, N) Input: Two n-bit integers x and N, an integer exponent y Output: x y mod N if y = 0: return 1 z = modexp(x, floor(y/2),N) if y is even: return z 2 mod N else: return x * z 2 mod N

15 Euclid’s GCD Algorithm function Euclid(a, b) Input: Two integers a and b with a b 0 Output: gcd(a, b) if b = 0: return a return Euclid(b, a mod b) Why is this O(n 3 )?

16 Extension to Euclid’s Algorithm If someone says “d is the gcd(a,b)”, how do we know? Lemma: if d divides both a and b, and d = ax + by for some integers x and y, then d is the gcd of a and b

17 Extended GCD Algorithm function Extended-Euclid(a, b) Input: Two positive integers a and b with a ≥ b ≥ 0 Output: Integers x, y, d such that d = gcd(a; b) and ax + by = d if b = 0: return (1, 0, a) (x’, y’ d) = Extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

18 Modular Division We say x is the multiplicative inverse of a modulo N if ax ≡ 1 (mod N). Not every integer has such a multiplicative inverse Example 2x ! ≡ 1 (mod 6) for any x. If gcd(a,N) = 1, a and N are relatively prime If a and N are relatively prime, the extended Euclid’s algorithm gives integers x and y such that ax + Ny = 1. (ax + Ny)MOD N = 1 MOD N, ax MOD N = 1 But then x is the multiplicative inverse of a mod N!

19 Modular Division Theorem For any a mod N, a has a multiplicative inverse if and only if it is relatively prime to N. When the inverse exists, it can be found in O(n 3 ) time (where n denotes the number of bits in N) by running the extended Euclid algorithm Example: Compute 11 -1 mod 25 Using EEA, 4(25) - 9(11) = 1. Reducing both sides mod 25 we have: -9 (11) ≡ 1 mod 25, so -9 ≡ 16 mod 25 is the inverse of 11 mod 25. In other words, if I want to divide by 11 mod 25, I can instead multiply by 16 mod 25

20 Another Example Let p = 17, q = 53 N = p * q = 17 * 53 = 901 Choose e relatively prime to (p-1)(q-1) = 16 * 52 = 832, so somewhat arbitrarily let e be 19. The public key is (901,19).

21 Public key is (901,19). Let the message be 123. Encrypting the message involves computing 123 19 MOD 901 = 115 The encrypted message is 115 To decrypt the message we compute the inverse of 19 MOD (17-1)(53-1) = 19 MOD 832.

22 Computing the Inverse of 19 MOD 832 Using the extended Euclidean algorithm, we see that 219(19) + (-5)(832) = 1 Taking MOD on both sides we have (219(19) + (-5)(832)) MOD 832 = 1 MOD 832 and 219(19) = 1 MOD 832, since the addition of multiples of 832 can be removed In other words, 219 is the multiplicative inverse of 19 MOD 832. This makes the decryption function x 219 MOD 901

23 Decrypting with x 219 MOD 901 Use modexp to compute the expression 115 219 MOD 901 = 123 (123 19 ) 219 MOD 901 = 123

24 Implications For division mod N, we can only divide by integers that are relatively prime to N. To divide by s, we multiply by the inverse of s (s -1 ). To find the inverse of s MOD t, we run EEA on s and t. This produces a(s) + b(t) = 1 if s is relatively prime to t

25 Implications Applying MOD t results in (a(s) + b(t))MOD t = a(s) MOD t = 1 MOD t In other words, a = s -1 This technique relies heavily on finding large prime numbers p and q

26 Primality Testing Factoring is hard, primality is easy. Why? To test if N is prime, we can try to divide it by 2,3,5,7…, √N (We try to factor it) This approach still takes lots of time Fermat’s little theorem: If p is prime, then for every 1 ≤ a ≤ p a p-1 ≡ 1 mod p

27 Primality Testing Using FLT function primality(N) Input: Positive integer N Output: yes/no Pick a positive integer a < N at random if a N-1 ≡ 1 (mod N): return yes else: return no

28 Primality Testing There are no guarantees that this works! There are some composite integers that satisfy a N-1 ≡ 1 (mod N) 341 = 11 x 31 is not prime, and yet 2 340 ≡ 1 mod 341. Even so, we hope the answer will be correct most of the time. It certainly works if N is prime

29 Primality Testing Carmichael numbers pass Fermat’s test for all a relatively prime to N For non-Carmichael numbers, a composite integer will fail for at least half the values of a where 1 ≤ a ≤ p If we randomly choose a, we have at least half a chance of the algorithm working correctly

30 A Primality Algorithm with Low Error Probability function primality2(N) Input: Positive integer N Output: yes/no Pick positive integers a 1,a 2,…, a k < N at random if a i N-1 ≡ 1 (mod N)for all i = 1,2,… k: return yes else: return no

31 A Primality Algorithm with Low Error Probability Pr(Algorithm 1.8 returns yes when N is not prime) ≤ 1/2 k Testing k = 100 values of a makes the probability of failure at most 2 -100,which is miniscule: far less, for instance, than the probability that a random cosmic ray will sabotage the computer during the computation!

32 Generating Primes Primes are abundant. A random n-bit number has roughly a one- in-n chance of being prime (actually about 1/(ln 2 n ) ≈ 1:44/n). For instance, About 1 in 20 social security numbers is prime!

33 Generating Primes Pick a random n-bit number N. Run a primality test on N. If it passes the test, output N; else repeat the process.

34 RSA Summary Pick any two primes p and q and let N = pq. For any e relatively prime to (p-1)(q -1): 1. The mapping x → x e mod N is a bijection on {0,1,…,N} 2. Moreover, the inverse mapping is easily realized: let d be the inverse of e modulo (p-1)(q -1). Then for all x {0,…,N}, (x e ) d ≡ x mod N:

35 Assignment Send me a public key (N,e), and I will send you a coded message x e MOD N. Send me the decoded message back in an email. You get to choose N and e. The message I send will be a number less than N. In a real application the number could be an message in ASCII Grad Students: Compute two prime numbers p and q with 100 or more digits using Scheme. Generate N = p * q. Choose a suitable e. As before, send me (N, e) but also include your Scheme code for selecting primes.

Download ppt "Chapter 1 Algorithms with Numbers. Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number."

Similar presentations

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Cryptography and Network Security

Cryptography and Network Security
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
Data encryption with big prime numbers

Data encryption with big prime numbers
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE 311 1.

CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
and Factoring Integers (I)

and Factoring Integers (I)
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel:03- 5742968, Fax : 886-3-572-3694.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Similar presentations

Ads by Google