Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative.

Published byLaurence Solomon French Modified over 8 years ago

Similar presentations

Presentation on theme: "CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative."— Presentation transcript:

1 CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative Commons Attribution-Share Alike 3.0 Unported License Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

2 Practice Key points: Represent exponent in binary Break up the problem into factors (one per binary digit) Use the substitution rule

3 Objectives  Part 1:  Introduce Fermat’s Little Theorem  Understand and analyze the Fermat primality tester  Part 2:  Discuss GCD and Multiplicative Inverses, modulo N  Prepare to Introduce Public Key Cryptography  This adds up to a lot of ideas!

4 Part 1: Primality Testing

5 Fermat’s Little Theorem If p is prime, then a p -1  1 (mod p) for any a such that 1  a < p Examples: p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

6 Fermat’s Little Theorem If p is prime, then a p -1  1 (mod p) for any a such that 1  a < p Examples: p = 3, a = 2 p = 7, a = 4 How do you wish you could use this theorem?

7 Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  a  ~a  ~b  ~b  ~a

8 Logic Review a  b (a implies b) Which is equivalent to the above statement?  b  aThe Converse  ~a  ~bThe Inverse  ~b  ~aThe Contrapositive

9 Contrapositive of Fermat’s Little Theorem If p and a are integers such that 1  a < p and a p -1 mod p  1, then p is not prime.

10 First Prime Number Test Do we really mean yes?

11 First Prime Number Test Do we really mean yes?

12 False Witnesses  If primality(N) returns “yes”, then N might or might not be prime.  Consider 15:  4 14 mod 15 = 1  but 15 clearly isn’t prime!  4 is called a false witness of 15

13 Relatively Prime  Two numbers, a and N, are relatively prime if their greatest common divisor is 1.  3 and 5?  4 and 8?  4 and 9?

14 False Witnesses  If primality(N) returns “yes”, then N might or might not be prime.  Consider the Carmichael numbers:  They pass the test (i.e., a n-1 mod N = 1) for all a relatively prime to N.

15 False Witnesses

16 State of Affairs  Summary:  If n is prime, then a n-1 mod n = 1 for all a < n  If n is not prime, then a n-1 mod n = 1 for at most half the values of a < n  Allows us to put a bound on how often primality() is wrong.

17 False Witnesses  Notes:  Less than 3.3% of the possible witnesses for n < 1000 are false.  Consider 651,693,055,693,681.  Have 99.9965% chance of picking a false witness!

18 Correctness  Question #1: Is the “Fermat test” correct?  No  Question #1’: how correct is the Fermat test?  The algorithm is ½-correct with one-sided error.  The algorithm has 0.5 probability of saying “yes N is prime” when N is not prime.  But when the algorithm says “no N is not prime”, then N must not be prime (by contrapositive of Fermat's Little Theorem)

19 Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runError? Cn/a PC PP

20 Amplification  Repeat the test  Decrease the probability of error: C = Composite; P = Prime  Amplification of stochastic advantage 1 st run2 nd runError? Cn/a PC PP

21 P(Correct)

22 Modified Primality Test function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // yes; do nothing else: return no return yes

23 Modified Primality Test

24 function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // yes; do nothing else: return no return yes

25 Randomized Algorithms  We’ll close the loop and revisit these again at the end of the semester.

26 2. Greatest Common Divisor

27 Greatest Common Divisor  Euclid’s rule:  gcd(x, y) = gcd (x mod y, y)  Can compute gcd(x,y) for large x, y by modular reduction until we reach the base case! function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

28 Example  gcd(25, 11)

29 Example  gcd(25, 11)

30 3 Questions  1. Is it Correct?  2. How long does it take?  3. Can we do better?

31 Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

32 Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

33 Bezout’s Identity

34 Extended Euclid Algorithm function extended-Euclid (a, b) Input: Two positive integers a & b with a  b  0 (n-bits) Output: Integers x, y, d such that d = gcd(a, b) and ax + by = d if b=0: return (1,0,a) (x’, y’, d) = extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

35 Example  Note: there’s a great worked example of how to use the extended-Euclid algorithm on Wikipedia here: http://en.wikipedia.org/wiki/Extended_Euclidean _algorithm  And another linked from the reading column on the schedule for today

36 Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

37 Multiplicative Inverses  In the rationals, what’s the multiplicative inverse of a?  In modular arithmetic (modulo N), what is the multiplicative inverse?

38 Finding Multiplicative Inverses  Modular division theorem: For any a mod N, a has a multiplicative inverse modulo N if and only if it is relatively prime to N.  Significance of extended-Euclid algorithm:  When two numbers, a and N, are relatively prime, extended- Euclid produces x and y such that ax + Ny = 1  Thus, ax  1 (mod N)  Because Ny (mod N) = 0 for all integers y  Then x is the multiplicative inverse of a modulo N  i.e., I can use extended-Euclid to compute the multiplicative inverse of a mod N

39 Multiplicative Inverses  The multiplicative inverse mod N is exactly what we will need for RSA key generation  Notice also: when a and N are relatively prime, we can perform modular division in this way

40 Next  RSA  Divide & Conquer

41 Assignment  Read and Understand: Sections 1.4, 2.1, 2.2  HW #3: 1.9, 1.18, 1.20  Finish your project #1 early!  Submit on Thursday by midnight

Download ppt "CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.Creative."

Similar presentations

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.

Section 4.1: Primes, Factorization, and the Euclidean Algorithm Practice HW (not to hand in) From Barr Text p. 160 # 6, 7, 8, 11, 12, 13.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE 311 1.

CSE 311 Foundations of Computing I Lecture 13 Number Theory Autumn 2012 CSE
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic

CSC2110 Discrete Mathematics Tutorial 5 GCD and Modular Arithmetic
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.

UMass Lowell Computer Science Analysis of Algorithms Prof. Karen Daniels Fall, 2002 Tuesday, 26 November Number-Theoretic Algorithms Chapter 31.
6/20/2015 5:05 AMNumerical Algorithms1 x0123456789 x1x1 1739.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.

CSE 321 Discrete Structures Winter 2008 Lecture 10 Number Theory: Primality.
CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring 2013 1.

CSE 311 Foundations of Computing I Lecture 12 Primes, GCD, Modular Inverse Spring
Divisibility October 8, 2014 1 Divisibility If a and b are integers and a  0, then the statement that a divides b means that there is an integer c such.

Divisibility October 8, Divisibility If a and b are integers and a  0, then the statement that a divides b means that there is an integer c such.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
COMP 170 L2 Page 1 L05: Inverses and GCDs l Objective: n When does have an inverse? n How to compute the inverse? n Need: Greatest common dividers (GCDs)

COMP 170 L2 Page 1 L05: Inverses and GCDs l Objective: n When does have an inverse? n How to compute the inverse? n Need: Greatest common dividers (GCDs)
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
Module :MA3036NI Cryptography and Number Theory Lecture Week 7

Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security

CPSC 3730 Cryptography and Network Security

Similar presentations

Ads by Google