umass lowell computer science 91.503 analysis of algorithms prof. karen daniels spring, 2010
DESCRIPTION
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2010. Tuesday, 27 April Number-Theoretic Algorithms Chapter 31. Chapter Dependencies. Ch 31 Number-Theoretic Algorithms RSA. Math: Number Theory. - PowerPoint PPT PresentationTRANSCRIPT
UMass Lowell Computer Science 91.503
Analysis of Algorithms Prof. Karen Daniels
Spring, 2010
UMass Lowell Computer Science 91.503
Analysis of Algorithms Prof. Karen Daniels
Spring, 2010
Tuesday, 27 AprilTuesday, 27 AprilNumber-Theoretic AlgorithmsNumber-Theoretic Algorithms
Chapter 31Chapter 31
Chapter DependenciesChapter Dependencies
Ch 31Number-Theoretic AlgorithmsRSA
Math: Number Theory
You’re responsible for material in this chapter that we discuss in lecture. (Note that this does not include sections 31.8 or 31.9.)
OverviewOverview
• Motivation: RSAMotivation: RSA• BasicsBasics• Euclid’s GCD AlgorithmEuclid’s GCD Algorithm• Chinese Remainder TheoremChinese Remainder Theorem• Powers of an ElementPowers of an Element• RSA DetailsRSA Details
Motivation: RSA
Motivation: RSA
RSA EncryptionRSA Encryption
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.531.5
MMSP AA ))(( MMPS AA ))((
RSA Digital SignatureRSA Digital Signature
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use
'))'(( MMSP AA
?
RSA CryptosystemRSA Cryptosystem
(31.19)(31.19)**
(31.26)(31.26)
)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)
encodeencode decodedecode
source: 91.503 textbook Cormen et al., 3source: 91.503 textbook Cormen et al., 3 rdrd edition edition
to be explained later….
need efficient ways to compute P(M), S(C)
Assume M < n
(31.20)(31.20)
RSA DependenceRSA Dependence
• Correctness:Correctness:• Euler’s Euler’s Function Function• Fermat’s TheoremFermat’s Theorem• Chinese Remainder TheoremChinese Remainder Theorem
• Efficiency:Efficiency:• Modular ExponentiationModular Exponentiation• Primality TestingPrimality Testing
• Security:Security:• Difficulty of Factoring Large IntegersDifficulty of Factoring Large Integers
)(mod))(())(( nMMSPMPS ed
see chart of result dependencies on next slide (courtesy of Mark Micire)see chart of result dependencies on next slide (courtesy of Mark Micire)
Need to show:Need to show:
)(mod nMM ed
20022002
(Eqn. 31.20)(Eqn. 31.20)
with thanks to Mark Micire
EUCLID GCDEUCLID GCD EXTENDED-EUCLIDEXTENDED-EUCLID
Notes on Primality TestingNotes on Primality Testing
• Efficient primality testing has been goal for > 2,000 Efficient primality testing has been goal for > 2,000 years.years.
• Early attempts required exponential time.Early attempts required exponential time.• Miller-Rabin (Section 31.8) primality test is a Miller-Rabin (Section 31.8) primality test is a
randomized polynomial-time algorithm (1980’s).randomized polynomial-time algorithm (1980’s).• Agrawal, Kayal, Saxena provided a deterministic Agrawal, Kayal, Saxena provided a deterministic
polynomial-time algorithm (2002).polynomial-time algorithm (2002).
Basic Concepts
Basic Concepts
** Indicates that result is on chart of result dependenciesIndicates that result is on chart of result dependencies
Division & RemaindersDivision & Remainders
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.131.1
(3.8)(3.8) **
Equivalence Class Modulo nEquivalence Class Modulo n
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.1)(31.1)
(31.2)(31.2)
Common DivisorsCommon Divisors
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.3)(31.3)
(31.4)(31.4)
(31.5)(31.5)
**
**
Greatest Common DivisorGreatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.6)(31.6)
(31.7)(31.7)
(31.8)(31.8)
(31.9)(31.9)
(31.10)(31.10)
31.231.2
(3.8)(3.8)
(31.4)(31.4)
**
**
Greatest Common DivisorGreatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.331.3
(31.4)(31.4)
31.231.2
31.431.4
**
Relatively Prime IntegersRelatively Prime Integers
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
31.231.2
31.231.2
**
Relatively Prime IntegersRelatively Prime Integers
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.731.7
31.631.6
31.1-631.1-6 **
Greatest Common DivisorGreatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.931.9
(31.5)(31.5)
(3.8)(3.8)
(31.4)(31.4)
(31.3)(31.3)
(31.4)(31.4)
(31.3)(31.3)
(31.5)(31.5) (31.14)(31.14) (31.15)(31.15)
(31.14)(31.14)
(31.15)(31.15)
**
Euclid’s GCD Algorithm
Euclid’s GCD Algorithm
Euclid’s GCD AlgorithmEuclid’s GCD Algorithm
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
**
Also see Java code on course web Also see Java code on course web sitesite
Extended EuclidExtended Euclid
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.16)(31.16)
31.131.1
**
**
Chinese Remainder Theorem
Chinese Remainder Theorem
Modular ArithmeticModular Arithmetic
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
size of this group is 6size of this group is 6 size of this group is 8size of this group is 8
31.231.2
Additive group mod 6Additive group mod 6 Multiplicative group mod 15Multiplicative group mod 15
}1),gcd(:]{[* naZaZ nnn
elements relatively prime to elements relatively prime to nn
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1231.12
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1331.13
31.631.6
31.1231.12
31.2631.26
Euler’s Phi FunctionEuler’s Phi Function
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.19)(31.19) **
Lagrange’s TheoremLagrange’s Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1531.15**
Finite GroupsFinite Groups31.1731.17 **
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1831.18
31.1931.19
**
**
}1:{ )( kaa k
additive subgroup additive subgroup generated by generated by aa
wherewhere
aaaa k )(
kk
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2031.20
(31.4)(31.4)
**
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2231.22
31.1831.18
31.1831.18
31.2231.22
31.2431.24
**
**
'' where,modsolution a as has mod then If :31.23 . 0 nyaxd nx'(b/d) x n)b (axd|bThm
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2631.26
**
**
Chinese Remainder TheoremChinese Remainder Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.23)(31.23)
31.2731.27
(31.23)(31.23)
(31.24)(31.24)
(31.25)(31.25)
(31.26)(31.26)
**
Chinese Remainder TheoremChinese Remainder Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2931.29 **
Corollary 31.28Corollary 31.28. If . If nn11, , nn22, …, , …, nnkk are pairwise relatively prime and are pairwise relatively prime and n = n =
nn11nn22…n…nkk, then, for any integers , then, for any integers aa11, , aa22, …, , …, aakk, the set of simultaneous , the set of simultaneous
equations for equations for i = 1, 2, …, ki = 1, 2, …, k, has a unique solution , has a unique solution
modulo modulo nn for the unknown for the unknown xx..
x ai mod ni ,
04/19/2304/19/23 3636
NumTheoryNumTheory
a 2 mod 5 , a 3 mod 13 ,ExampleExample. .
Given the Given the twotwo equations equations what is what is aa mod 65 mod 65? Note that ? Note that 65 = 5•1365 = 5•13..
The table of moduli wrt 5 and 13 for all integers in The table of moduli wrt 5 and 13 for all integers in ZZ6565..
source: 91.503 textbook Cormen et al. & Prof. Pecellisource: 91.503 textbook Cormen et al. & Prof. Pecelli
Table can be generated diagonally.
04/19/2304/19/23 3737
NumTheoryNumTheory
Knowing that find Knowing that find aa mod 65 mod 65..
We have We have
aa11 = 2, n = 2, n11 = 5 , m = 5 , m11 = n/n = n/n11 = 13, = 13,
aa22 = 3, n = 3, n22 = 13, m = 13, m22 = n/n = n/n22 = 5 = 5..
We can compute: We can compute:
m1 1 13 1 2 mod 5 ; m2
1 5 1 8 mod13 .c1 13 2 mod 5 26; c2 5 8 mod13 40;
a 226 340 mod 65 52 120 mod 65 42 mod 65 .
a 2 mod 5 and a 3 mod13
source: 91.503 textbook Cormen et al. & Prof. Pecellisource: 91.503 textbook Cormen et al. & Prof. Pecelli
Powers of an Element
Powers of an Element
Theorems of Euler & FermatTheorems of Euler & Fermat
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.3031.30
31.3131.31
**
**
31.2031.20
Modular ExponentiationModular Exponentiation
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
**
nab mod
Also see Java code on course web siteAlso see Java code on course web site
RSA Details RSA Details
RSA EncryptionRSA Encryption
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.531.5
MMSP AA ))(( MMPS AA ))((
RSA Digital SignatureRSA Digital Signature
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use
'))'(( MMSP AA
?
RSA CryptosystemRSA Cryptosystem
(31.19)(31.19)
(31.26)(31.26)
)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)
encodeencode decodedecode
source: 91.503 textbook Cormen et al., 3source: 91.503 textbook Cormen et al., 3 rdrd edition edition
need efficient ways to compute P(M), S(C)
(31.20)(31.20)
RSA CorrectnessRSA Correctness
source: 91.503 textbook Cormen et al. 3source: 91.503 textbook Cormen et al. 3 rdrd edition edition
(31.37)(31.37) (31.38)(31.38)
31.31)31.31)
31.2931.29
by Thm 31.31 (Fermat)by Thm 31.31 (Fermat)
)(mod0 :Case pM
)(mod0 :Case pM pp