This presentation is the property of its rightful owner.
1 / 28

# April 2006: Mathematics Awareness Month “Mathematics and Internet Security” PowerPoint PPT Presentation

P vs. NP, AKS, RSA: The Acronyms of Mathematics Awareness Month Emily List Wittenberg University s07.elist@wittenberg.edu. April 2006: Mathematics Awareness Month “Mathematics and Internet Security”. Definitions.

April 2006: Mathematics Awareness Month “Mathematics and Internet Security”

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

### Definitions

P: yes or no decision problems that can be solved by an algorithm that runs in polynomial time.

Polynomial time: the number of steps needed to solve a problem can be expressed as a function .

Where x is the size of the input and n is a constant.

### What’s so great about polynomial time?

Current

computer

100 times

faster

1000 times

faster

Ramachandran, Vijaya. P versus NP

Definitions Continued

NP: a problem that can be verified using an algorithm that runs in polynomial time

IMPORTANT: This does not mean “not polynomial time”

P

NP

or

NP

P

### Why is P vs NP important?

Clay Mathematics Institute: \$1,000,000 prize

Internet security implications

• Public Key Encryption

• Whitfield Diffie and Martin Hellman, 1976

• RSA public-key cryptosystem

• Ronald Rivest, Adi Shamir, and

• Leonard Aldeman, 1977

### RSA Encryption

Uses a function that is NP but not known to be P to encrypt information.

Fermat’s Little Theorem: Let a and p be integers such that p is prime and gcd(a, p) =1, then

Proof.

### Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m.

Proof.

ef = (p-1)(q-1)k + 1

By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km.

### Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m.

Proof.

ef = (p-1)(q-1)k + 1

By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km.

Then by Fermat’s little theorem: (m(p-1))(q-1)k 1

(me)fm(p-1)(q-1)kmm (mod p)

### Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m.

Proof.

ef = (p-1)(q-1)k + 1

By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km.

Then by Fermat’s little theorem: (m(p-1))(q-1)k 1

(me)fm(p-1)(q-1)kmm (mod p)

Similarly, (me)fm(p-1)(q-1)kmm (mod q).

### Theorem: If m is an integer, n = pq, p and q are primes, and ef 1 mod ((p-1)(q-1)), then (me)f (mod n) m.

Proof.

ef = (p-1)(q-1)k + 1

By substitution, (me)f = m(p-1)(q-1)k+1 = m(p-1)(q-1)km.

Then by Fermat’s little theorem: (m(p-1))(q-1)k 1

(me)fm(p-1)(q-1)kmm (mod p)

Similarly, (me)fm(p-1)(q-1)kmm (mod q).

Therefore, by the Chinese Remainder Theorem we have (me)f (mod n) m.

### RSA Example

We want to encrypt the number 17:

xe(mod n) 1716(mod 5963) 5064

To decrypt:

5064f (mod 5963) 5064157 17

### Why is RSA secure?

It’s nearly impossible to find f without the factors of n.

Since we do not have an algorithm that runs in polynomial time to find factorizations, finding the factors n is nearly impossible.

### Is this number prime, if so what are it’s factors?

203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123

### Sieve of Eratosthenes

1 2 3 4 5 6 7 8 910

11121314151617181920

21222324252627282930

31323334353637383940

41424344454647484950

51525354555657585960

61626364656667686970

71727374757677787980

81828384858687888990

919293949596979899 100

### Sieve of Eratosthenes

1 2 3 4 5 6 7 8 910

11121314151617181920

21222324252627282930

31323334353637383940

41424344454647484950

51525354555657585960

61626364656667686970

71727374757677787980

81828384858687888990

919293949596979899 100

### Sieve of Eratosthenes

1 2 3 4 5 6 7 8 910

11121314151617181920

21222324252627282930

31323334353637383940

41424344454647484950

51525354555657585960

61626364656667686970

71727374757677787980

81828384858687888990

919293949596979899 100

### Sieve of Eratosthenes

1 2 3 4 5 6 7 8 910

11121314151617181920

21222324252627282930

31323334353637383940

41424344454647484950

51525354555657585960

61626364656667686970

71727374757677787980

81828384858687888990

919293949596979899 100

### Does the Sieve of Eratosthenes run in polynomial time?

NO.

Why not?

For a number with N digits, the number of steps the sieve needs is [10N]1/2 which is exponential.

### “Primes” is in P

• In 2002, Manindra Agrawal, Neeraj Kayal and Nitin Saxena came up with an algorithm that runs in polynomial and give the primality of a number.

“This algorithm is beautiful”

Carl Pomerance

“The proof is simple, elegant and beautiful”

R. Balasubramanian

### AKS Algorithm

From “PRIMES is in P”

### Explanation of AKS

Lemma 2.1 Let a be an integer, n is a natural number, n> 2 and gcd(a,n)=1.

Then n is prime iff (X+ a)nXn +a(mod n).

Proof.

By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i .

### Explanation of AKS

Lemma 2.1 Let a be an integer, n is a natural number, n> 2 and gcd(a,n)=1.

Then n is prime iff (X+ a)nXn +a(mod n).

Proof.

By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i .

Suppose n is prime.

Then 0 (mod n) and hence all of the coefficients are zero.

### Explanation of AKS

Lemma 2.1 Let a be an integer, n is a natural number, n> 2 and gcd(a,n)=1.

Then n is prime iff (X+ a)nXn +a(mod n).

Proof.

By the binomial theorem: the coefficient of xi in ((X+a)n –(Xn +a) is an-i .

Suppose n is prime.

Then 0 (mod n) and hence all of the coefficients are zero.

Suppose n is composite.

Consider a prime q that is a factor of n and let qk divide n, but qk+1 does not.

Then qk does not divide and gcd( an-q, qk) =1

Hence, the coefficient of Xq is not zero (mod n).

Therefore (X+a)nXn +a (mod n).

### Does AKS ruin RSA?

NO!!

Why not?

AKS does not factor a number, it only tells us if it is prime or not. RSA is secure as long as we don’t have an algorithm that can factor in polynomial time.

### Acknowledgements

Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. PRIMES is inP. (http://www.cse.iitk.ac.in/news/primality_v3.ps), Februaruy 2003.

P vs NP Problem. Clay Mathematics Institute, (http://www.claymath.org/millennium/P_vs_NP/)

Ramachandran, Vijaya. P versus NP. University of Texas Lectures on the Millennium Prize Problems, May 2001. (http://www.claymath.org/video/)

Stewart, Ian. Ian Stewart on Minesweeper. Clay Mathematics Institute, (http://www.claymath.org/Popular_Lectures/Minesweeper)

Kaliski, Burt. The Mathematics of the RSA Public-Key Cryptosystem. RSA Laboratories.

Polynomial time. Wikipedia, (http://en.wikipedia.org/wiki/Polynomial _time)