This preview shows page 1. Sign up to view the full content.
Unformatted text preview: UMass Lowell Computer Science 91.503 Analysis of Algorithms
Prof. Karen Daniels
Spring, 2011 i Friday, 22 April NumberNumberTheoretic Algorithms Chapter 31 Overview Motivation: RSA M i i Basics Euclid's GCD Algorithm Chinese Remainder Theorem Powers of an Element RSA D il Details Motivation: RSA RSA Encryption PA 31.5 PA ( S A ( M )) = M S A ( PA ( M )) = M source: 91.503 textbook Cormen et al. RSA Digital Signature
PA ( S A ( M ' )) = M '
? 31.6 assume Alice also sends her name so Bob knows whose public key to use
source: 91.503 textbook Cormen et al. RSA Cryptosystem
source: 91.503 textbook Cormen et al., 3rd edition to be explained later.... (31.20) (31.19)* (31.19)* (31.26) P ( M ) = M e (mod n)
encode (31.37) Assume domain Zn S (C ) = C d (mod n)
decode (31.38) need efficient ways to compute P(M), S(C) RSA Dependence Correctness: C S ( P( M )) = P( S ( M )) = M ed (mod n)
Need to show: Euler's Function Fermat's Theorem Chinese Remainder Theorem Modular Exponentiation Primality Testing M ed M (mod n) Efficiency: Security: Difficulty of Factoring Large Integers y g g g see chart of result dependencies on next slide (courtesy of Mark Micire) EUCLID GCD EXTENDEDEXTENDEDEUCLID (Ex. 31.17) 31.1 (Eqn. 31.20) 2002 with thanks to Mark Micire Notes on Primality Testing Efficient primality testing has been goal for > 2,000 years. Early attempts required exponential time. MillerMillerRabin (Section 31.8) primality test is a 31 8) randomized polynomialtime algorithm (1980's). polynomialAgrawal, Kayal, Agrawal, Kayal, Saxena provided a deterministic polynomialpolynomialtime algorithm (2002). Basic Concepts * Indicates that result is on chart of result dependencies Division & Remainders
31.1 (3.8) * source: 91.503 textbook Cormen et al. Equivalence Class Modulo n (31.1) (31.2) source: 91.503 textbook Cormen et al. Common Divisors (31.3) (31 3) (31.4) ( ) * * (31.5) (31 5) source: 91.503 textbook Cormen et al. Greatest Common Divisor
(31.6) (31.7) (31.8) (31.9) (31.10)
31.2 * *
(3.8) (31.4) source: 91.503 textbook Cormen et al. Greatest Common Divisor
3 3 31.3 *
(31.4) 31.2 31.4 source: 91.503 textbook Cormen et al. Relatively Prime Integers
31.6 * 31.2 31.2 31 2 source: 91.503 textbook Cormen et al. Relatively Prime Integers 31.7 31.6 31.131.17 * source: 91.503 textbook Cormen et al. Greatest Common Divisor
*
31.9 (31.5) (3.8) (31.4) (31.3) (31 3) (31.14) (31.4) (31.3) (31.15) (31.5) (31.14) (31.15) source: 91.503 textbook Cormen et al. Euclid's GCD Algorithm Euclid's GCD Algorithm * Also see Java code on course web site source: 91.503 textbook Cormen et al., 2nd edition al., Extended Euclid (31.16) * * 31.1 source: 91.503 textbook Cormen et al. Chinese Remainder Theorem Modular Arithmetic source: 91.503 textbook Cormen et al. Finite Groups
Additive group mod 6 Multiplicative group mod 15 31.2 size of this group is 6 size of this group is 8 Z n * = {[ a ]n Z n : gcd(a, n) = 1}
elements relatively prime to n source: 91.503 textbook Cormen et al. Finite Groups
31.12 source: 91.503 textbook Cormen et al. Finite Groups
31.13 31 13 31.6 31.12 31.26 31 26 source: 91.503 textbook Cormen et al. Euler's Phi Function (31.20) * source: 91.503 textbook Cormen et al. Lagrange's Theorem 31.15 31 15 * source: 91.503 textbook Cormen et al. Finite Groups
31.17 * additive subgroup generated by a a = {a ( k ) : k 1}
31.18 * where a (k ) = a a L a
31.19 * k source: 91.503 textbook Cormen et al. Solving Modular Linear Eq
31.20 *
(31.26) (31.4) ( ) source: 91.503 textbook Cormen et al. Solving Modular Linear Eq
31.22 31 22 * 31.18 Thm. 31.23 : If db then ax b ( mod n) has as a solution x0 = x'(b/d) mod n, where d = ax'+ ny '
31.24 * 31.18 31.22 source: 91.503 textbook Cormen et al. Solving Modular Linear Eq
* 31.26 * source: 91.503 textbook Cormen et al. Chinese Remainder Theorem
31.27 *
(31.27) (31.23) (31.28) (31.29) 31 29) (31.30) source: 91.503 textbook Cormen et al. Chinese Remainder Theorem
Corollary 31.28. If n1, n2, ..., nk are pairwise relatively prime and n = y 31.28. , p yp n1n2...nk, then, for any integers a1, a2, ..., ak, the set of simultaneous equations x ai (mod n i ), for i = 1, 2, ..., k, has a unique solution k, modulo n f th unknown x. d l for the k 31.29 * source: 91.503 textbook Cormen et al. Chinese Remainder Theorem
Example: Example: Given the two equations a 2 (mod 5), a 3 (mod 13), what is a mod 65? Note that 65 = 513. 65? 513.
source: 91.503 textbook Cormen et al. & Prof. Pecelli Table can be generated diagonally.
4/23/2011 The table of moduli w.r.t. 5 and 13 for all integers in Z65. w.r.t. 35 Chinese Remainder Theorem
source: 91.503 textbook Cormen et al. & Prof. Pecelli Knowing that a 2 (mod 5) and a 3 (mod 13) find a mod 65. 65. We have a1 = 2, n1 = 5 , m1 = n/n1 = 13, 2 13 5. a2 = 3, n2 = 13, m2 = n/n2 = 5. We can compute:
1 m1 = 131 2 (mod 5); m1 = 51 8 (mod 13). 2 c1 = 13 (2 mod 5) = 26; c 2 = 5 (8 mod 13) = 40; a 2 26 + 3 40 42
4/23/2011 (mod 65) 52 + 120 (mod 65)
36 (mod 65). Powers of an Element Theorems of Euler & Fermat
31.30 * 31.31 * 31.21 source: 91.503 textbook Cormen et al. Modular Exponentiation
a b mod n * Also see Java code on course web site source: 91.503 textbook Cormen et al., 2nd edition al., RSA Details SA il RSA Encryption PA 31.5 PA ( S A ( M )) = M S A ( PA ( M )) = M source: 91.503 textbook Cormen et al. RSA Digital Signature
PA ( S A ( M ' )) = M '
? 31.6 assume Alice also sends her name so Bob knows whose public key to use
source: 91.503 textbook Cormen et al. RSA Cryptosystem
source: 91.503 textbook Cormen et al., 3rd edition (31.19) (31.20) (31.26) P ( M ) = M e (mod n)
encode (31.37) S (C ) = C d (mod n)
decode (31.38) need efficient ways to compute P(M), S(C) RSA Correctness
(31.37) (31.38) 31.31) 31 31) Case : M 0(mod p ) p by Thm 31.31 (Fermat) Case : M 0(mod p ) q
31.29 31 29 source: 91.503 textbook Cormen et al. 3rd edition ...
View Full
Document
 Spring '11
 Staff
 Algorithms

Click to edit the document details