503_lecture10_S11

503_lecture10_S11 - UMass Lowell Computer Science 91.503...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Spring, 2011 i Friday, 22 April NumberNumber-Theoretic Algorithms Chapter 31 Overview Motivation: RSA M i i Basics Euclid's GCD Algorithm Chinese Remainder Theorem Powers of an Element RSA D il Details Motivation: RSA RSA Encryption PA 31.5 PA ( S A ( M )) = M S A ( PA ( M )) = M source: 91.503 textbook Cormen et al. RSA Digital Signature PA ( S A ( M ' )) = M ' ? 31.6 assume Alice also sends her name so Bob knows whose public key to use source: 91.503 textbook Cormen et al. RSA Cryptosystem source: 91.503 textbook Cormen et al., 3rd edition to be explained later.... (31.20) (31.19)* (31.19)* (31.26) P ( M ) = M e (mod n) encode (31.37) Assume domain Zn S (C ) = C d (mod n) decode (31.38) need efficient ways to compute P(M), S(C) RSA Dependence Correctness: C S ( P( M )) = P( S ( M )) = M ed (mod n) Need to show: Euler's Function Fermat's Theorem Chinese Remainder Theorem Modular Exponentiation Primality Testing M ed M (mod n) Efficiency: Security: Difficulty of Factoring Large Integers y g g g see chart of result dependencies on next slide (courtesy of Mark Micire) EUCLID GCD EXTENDEDEXTENDED-EUCLID (Ex. 31.1-7) 31.1- (Eqn. 31.20) 2002 with thanks to Mark Micire Notes on Primality Testing Efficient primality testing has been goal for > 2,000 years. Early attempts required exponential time. MillerMiller-Rabin (Section 31.8) primality test is a 31 8) randomized polynomial-time algorithm (1980's). polynomialAgrawal, Kayal, Agrawal, Kayal, Saxena provided a deterministic polynomialpolynomial-time algorithm (2002). Basic Concepts * Indicates that result is on chart of result dependencies Division & Remainders 31.1 (3.8) * source: 91.503 textbook Cormen et al. Equivalence Class Modulo n (31.1) (31.2) source: 91.503 textbook Cormen et al. Common Divisors (31.3) (31 3) (31.4) ( ) * * (31.5) (31 5) source: 91.503 textbook Cormen et al. Greatest Common Divisor (31.6) (31.7) (31.8) (31.9) (31.10) 31.2 * * (3.8) (31.4) source: 91.503 textbook Cormen et al. Greatest Common Divisor 3 3 31.3 * (31.4) 31.2 31.4 source: 91.503 textbook Cormen et al. Relatively Prime Integers 31.6 * 31.2 31.2 31 2 source: 91.503 textbook Cormen et al. Relatively Prime Integers 31.7 31.6 31.131.1-7 * source: 91.503 textbook Cormen et al. Greatest Common Divisor * 31.9 (31.5) (3.8) (31.4) (31.3) (31 3) (31.14) (31.4) (31.3) (31.15) (31.5) (31.14) (31.15) source: 91.503 textbook Cormen et al. Euclid's GCD Algorithm Euclid's GCD Algorithm * Also see Java code on course web site source: 91.503 textbook Cormen et al., 2nd edition al., Extended Euclid (31.16) * * 31.1 source: 91.503 textbook Cormen et al. Chinese Remainder Theorem Modular Arithmetic source: 91.503 textbook Cormen et al. Finite Groups Additive group mod 6 Multiplicative group mod 15 31.2 size of this group is 6 size of this group is 8 Z n * = {[ a ]n Z n : gcd(a, n) = 1} elements relatively prime to n source: 91.503 textbook Cormen et al. Finite Groups 31.12 source: 91.503 textbook Cormen et al. Finite Groups 31.13 31 13 31.6 31.12 31.26 31 26 source: 91.503 textbook Cormen et al. Euler's Phi Function (31.20) * source: 91.503 textbook Cormen et al. Lagrange's Theorem 31.15 31 15 * source: 91.503 textbook Cormen et al. Finite Groups 31.17 * additive subgroup generated by a a = {a ( k ) : k 1} 31.18 * where a (k ) = a a L a 31.19 * k source: 91.503 textbook Cormen et al. Solving Modular Linear Eq 31.20 * (31.26) (31.4) ( ) source: 91.503 textbook Cormen et al. Solving Modular Linear Eq 31.22 31 22 * 31.18 Thm. 31.23 : If d|b then ax b ( mod n) has as a solution x0 = x'(b/d) mod n, where d = ax'+ ny ' 31.24 * 31.18 31.22 source: 91.503 textbook Cormen et al. Solving Modular Linear Eq * 31.26 * source: 91.503 textbook Cormen et al. Chinese Remainder Theorem 31.27 * (31.27) (31.23) (31.28) (31.29) 31 29) (31.30) source: 91.503 textbook Cormen et al. Chinese Remainder Theorem Corollary 31.28. If n1, n2, ..., nk are pairwise relatively prime and n = y 31.28. , p yp n1n2...nk, then, for any integers a1, a2, ..., ak, the set of simultaneous equations x ai (mod n i ), for i = 1, 2, ..., k, has a unique solution k, modulo n f th unknown x. d l for the k 31.29 * source: 91.503 textbook Cormen et al. Chinese Remainder Theorem Example: Example: Given the two equations a 2 (mod 5), a 3 (mod 13), what is a mod 65? Note that 65 = 513. 65? 513. source: 91.503 textbook Cormen et al. & Prof. Pecelli Table can be generated diagonally. 4/23/2011 The table of moduli w.r.t. 5 and 13 for all integers in Z65. w.r.t. 35 Chinese Remainder Theorem source: 91.503 textbook Cormen et al. & Prof. Pecelli Knowing that a 2 (mod 5) and a 3 (mod 13) find a mod 65. 65. We have a1 = 2, n1 = 5 , m1 = n/n1 = 13, 2 13 5. a2 = 3, n2 = 13, m2 = n/n2 = 5. We can compute: -1 m1 = 13-1 2 (mod 5); m-1 = 5-1 8 (mod 13). 2 c1 = 13 (2 mod 5) = 26; c 2 = 5 (8 mod 13) = 40; a 2 26 + 3 40 42 4/23/2011 (mod 65) 52 + 120 (mod 65) 36 (mod 65). Powers of an Element Theorems of Euler & Fermat 31.30 * 31.31 * 31.21 source: 91.503 textbook Cormen et al. Modular Exponentiation a b mod n * Also see Java code on course web site source: 91.503 textbook Cormen et al., 2nd edition al., RSA Details SA il RSA Encryption PA 31.5 PA ( S A ( M )) = M S A ( PA ( M )) = M source: 91.503 textbook Cormen et al. RSA Digital Signature PA ( S A ( M ' )) = M ' ? 31.6 assume Alice also sends her name so Bob knows whose public key to use source: 91.503 textbook Cormen et al. RSA Cryptosystem source: 91.503 textbook Cormen et al., 3rd edition (31.19) (31.20) (31.26) P ( M ) = M e (mod n) encode (31.37) S (C ) = C d (mod n) decode (31.38) need efficient ways to compute P(M), S(C) RSA Correctness (31.37) (31.38) 31.31) 31 31) Case : M 0(mod p ) p by Thm 31.31 (Fermat) Case : M 0(mod p ) q 31.29 31 29 source: 91.503 textbook Cormen et al. 3rd edition ...
View Full Document

Ask a homework question - tutors are online