350 likes | 365 Views
Chapter 1. Algorithms with Numbers. Bases and Logs. How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number we can make: 1x2 k-1 + 1x2 k-2 + … + 1x2 1 + 1x2 0 = 2 k - 1 Example: 1111 = 2 4 – 1 Answer: N = 2 k – 1 and solve for k.
Chapter 1 Algorithms with Numbers
Bases and Logs How many digits does it take to represent the number N >= 0 in base 2? With k digits the largest number we can make: 1x2k-1 + 1x2k-2 + … + 1x21 + 1x20 = 2k - 1 Example: 1111 = 24 – 1 Answer: N = 2k – 1 and solve for k
Bases and Logs Answer: N = 2k – 1 and solve for k N + 1 = 2k Log(N+1) = Log(2k) Log(N+1) = k ┌ Log(N+1) ┐ = k
Bases and Logs • Log N is the power you raise 2 to get N 2Log(N) = N • For large N, Log(N) is much smaller than N • N =1,073,741,834 Log(N) = 30 • Which algorithm is better? O(N2) or O(n Log N)
Bases and Logs • Log N is the number of times you must halve N to get down to 1 • Log N is the number of bits in the binary representation of N (Ceil (Log (N+1))) • Log N is the depth of a complete binary tree with N nodes (Floor(Log n)) • Log N is approximately the sum of 1 + ½ + 1/3 + … + 1/N
Addition of Binary Numbers • Why isn’t binary addition O(1)? Don’t we have hardware operations for that? • The sum of x + y is n + 1 bits at most • Each individual bit gets computed in fixed amount of time • Running time = c0 + c1n = O(n)
Multiplication 1 1 0 1 13 1 0 1 1 11 x _______ x ___ 1 1 0 1 13 1 1 0 1 26 0 0 0 0 0 1 1 0 1 104 _________________ ___ 1 0 0 0 1 1 1 1 143
Al Khwarizmi’s Method 1 1 0 1 11 13 1 0 1 1 5 26 x _______ 2 52 1 1 0 1 1 104 1 1 0 1 _______ 0 0 0 0 143 1 1 0 1 _________________ 1 0 0 0 1 1 1 1
Another Approach X * Y = 2(X * floor(Y/2)) if y is even X + 2(X * floor(Y/2)) if y is odd ----------------------------------------- function multiply(X,Y) if Y = 0: return 0 Z = multiply(X,floor(Y/2)) if Y is even return 2 * Z else: return X + 2 * Z
Let X = 3 (imperative language) Y = 4 Z = X + Y --------------------------------------------------- (let ((X 3)(Y 4)) (+ X Y) ) (Scheme version) 3 X Y (+ x y) 4
Sequence of Lets X = 3 Y = X Z = (+ X Y) --------------------------------------------------- (let ((X 3)) (let ((Y X)) (+ X Y))) (let* ((X 3) (Y X)) (+ X Y))
Sequence of Lets (let ((X 3)) (let ((Y X)) (+ X Y))) 3 X Y (+ X Y) (let* ((X 3) (Y X)) (+ X Y))
Division function divide(x,y) if x = 0: return (q,r) = (0,0) (q,r) = divide(floor(x/2),y) q = 2 q , r = 2 r if x is odd: r = r + 1 if r >= y: r = r – y, q = q + 1 return (q,r)
Modular Exponentiation function modexp(x, y, N) Input: Two n-bit integers x and N, an integer exponent y Output: xy mod N if y = 0: return 1 z = modexp(x, floor(y/2),N) if y is even: return z2 mod N else: return x * z2 mod N
Euclid’s GCD Algorithm function Euclid(a, b) Input: Two integers a and b with a b 0 Output: gcd(a, b) if b = 0: return a return Euclid(b, a mod b) Why is this O(n3)?
Extension to Euclid’s Algorithm • If someone says “d is the gcd(a,b)”, how do we know? • Lemma: if d divides both a and b, and d = ax + by for some integers x and y, then d is the gcd of a and b
Extended GCD Algorithm function Extended-Euclid(a, b) Input: Two positive integers a and b with a ≥ b ≥ 0 Output: Integers x, y, d such that d = gcd(a; b) and ax + by = d if b = 0: return (1, 0, a) (x’, y’ d) = Extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)
Modular Division We say x is the multiplicative inverse of a modulo N if ax ≡ 1 (mod N). Not every integer has such a multiplicative inverse Example 2x ! ≡ 1 (mod 6) for any x. If gcd(a,N) = 1, a and N are relatively prime If a and N are relatively prime, the extended Euclid’s algorithm gives integers x and y such that ax + Ny = 1. (ax + Ny)MOD N = 1 MOD N, ax MOD N = 1 But then x is the multiplicative inverse of a mod N!
Modular Division Theorem • For any a mod N, a has a multiplicative inverse if and only if it is relatively prime to N. When the inverse exists, it can be found in O(n3) time (where n denotes the number of bits in N) by running the extended Euclid algorithm • Example: Compute 11-1 mod 25 Using EEA, 4(25) - 9(11) = 1. Reducing both sides mod 25 we have: -9 (11) ≡ 1 mod 25, so -9 ≡ 16 mod 25 is the inverse of 11 mod 25. In other words, if I want to divide by 11 mod 25, I can instead multiply by 16 mod 25
Another Example • Let p = 17, q = 53 • N = p * q = 17 * 53 = 901 • Choose e relatively prime to (p-1)(q-1) = 16 * 52 = 832, so somewhat arbitrarily let e be 19. The public key is (901,19).
Public key is (901,19). • Let the message be 123. • Encrypting the message involves computing 12319 MOD 901 = 115 • The encrypted message is 115 • To decrypt the message we compute the inverse of 19 MOD (17-1)(53-1) = 19 MOD 832 .
Computing the Inverse of 19 MOD 832 • Using the extended Euclidean algorithm, we see that 219(19) + (-5)(832) = 1 • Taking MOD on both sides we have • (219(19) + (-5)(832)) MOD 832 = 1 MOD 832 and 219(19) = 1 MOD 832, since the addition of multiples of 832 can be removed • In other words, 219 is the multiplicative inverse of 19 MOD 832. • This makes the decryption function x219 MOD 901
Decrypting with x219 MOD 901 • Use modexp to compute the expression • 115219 MOD 901 = 123 • (12319)219 MOD 901 = 123
Implications For division mod N, we can only divide by integers that are relatively prime to N. To divide by s, we multiply by the inverse of s (s-1). To find the inverse of s MOD t, we run EEA on s and t. This produces a(s) + b(t) = 1 if s is relatively prime to t
Implications Applying MOD t results in (a(s) + b(t))MOD t = a(s) MOD t = 1 MOD t In other words, a = s-1 This technique relies heavily on finding large prime numbers p and q
Primality Testing • Factoring is hard, primality is easy. Why? • To test if N is prime, we can try to divide it by 2,3,5,7…, √N (We try to factor it) • This approach still takes lots of time • Fermat’s little theorem: If p is prime, then for every 1 ≤ a ≤ p ap-1 ≡ 1 mod p
Primality Testing Using FLT function primality(N) Input: Positive integer N Output: yes/no Pick a positive integer a < N at random if aN-1 ≡ 1 (mod N): return yes else: return no
Primality Testing There are no guarantees that this works! There are some composite integers that satisfy aN-1 ≡ 1 (mod N) 341 = 11 x 31 is not prime, and yet 2340 ≡ 1 mod 341. Even so, we hope the answer will be correct most of the time. It certainly works if N is prime
Primality Testing Carmichael numbers pass Fermat’s test for all a relatively prime to N For non-Carmichael numbers, a composite integer will fail for at least half the values of a where 1 ≤ a ≤ p If we randomly choose a, we have at least half a chance of the algorithm working correctly
A Primality Algorithm with Low Error Probability function primality2(N) Input: Positive integer N Output: yes/no Pick positive integers a1,a2,…, ak < N at random if aiN-1 ≡ 1 (mod N)for all i = 1,2,… k: return yes else: return no
A Primality Algorithm with Low Error Probability • Pr(Algorithm 1.8 returns yes when N is not prime) ≤ 1/2k • Testing k = 100 values of a makes the probability of failure at most 2-100,which is miniscule: far less, for instance, than the probability that a random cosmic ray will sabotage the computer during the computation!
Generating Primes • Primes are abundant. • A random n-bit number has roughly a one-in-n chance of being prime (actually about 1/(ln 2n) ≈ 1:44/n). • For instance, About 1 in 20 social security numbers is prime!
Generating Primes • Pick a random n-bit number N. • Run a primality test on N. • If it passes the test, output N; else repeat the process.
RSA Summary • Pick any two primes p and q and let N = pq. For any e relatively prime to (p-1)(q -1): 1. The mapping x → x e mod N is a bijection on {0,1,…,N} 2. Moreover, the inverse mapping is easily realized: let d be the inverse of e modulo (p-1)(q -1). Then for all x {0,…,N}, (x e)d ≡ x mod N:
Assignment • Send me a public key (N,e), and I will send you a coded message x e MOD N. Send me the decoded message back in an email. You get to choose N and e. • The message I send will be a number less than N. In a real application the number could be an message in ASCII • Grad Students: Compute two prime numbers p and q with 100 or more digits using Scheme. Generate N = p * q. Choose a suitable e. As before, send me (N, e) but also include your Scheme code for selecting primes.