Cs 312 algorithm analysis
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

CS 312: Algorithm Analysis PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License . CS 312: Algorithm Analysis. Lecture #4: Primality Testing, GCD. Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick. Announcements. HW #2 Due Now

Download Presentation

CS 312: Algorithm Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cs 312 algorithm analysis

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.

CS 312: Algorithm Analysis

Lecture #4: Primality Testing, GCD

Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick


Announcements

Announcements

  • HW #2 Due Now

  • Homework: Required to show your work

  • Project #1

    • Today we’ll work through the rest of the math

    • Early: this Wednesday, 1/16

    • Due: Friday, 1/18

  • Bonus help session on Proof by Induction

    • Tuesday, 4pm, 1066 TMCB


Practice

Practice

  • Key points:

  • Represent exponent in binary

  • Break up the problem into factors (one per binary digit)

  • Use the substitution rule


Objectives

Objectives

  • Part 1:

    • Introduce Fermat’s Little Theorem

    • Understand and analyze the Fermat primality tester

  • Part 2:

    • Discuss GCD and Multiplicative Inverses, modulo N

    • Prepare to Introduce Public Key Cryptography

  • This adds up to a lot of ideas!


Part 1 primality testing

Part 1: Primality Testing


Fermat s little theorem

Fermat’s Little Theorem

If p is prime, then a p-1  1 (mod p)

for any a such that

Examples:

How do you wish you could use this theorem?

p = 3, a = 2

p = 7, a = 4


Logic review

Logic Review

a  b (a implies b)

Which is equivalent to the above statement?

  • b  a

  • ~a  ~b

  • ~b  ~a


Logic review1

Logic Review

a  b (a implies b)

Which is equivalent to the above statement?

  • b  aThe Converse

  • ~a  ~bThe Inverse

  • ~b  ~aThe Contrapositive


Contrapositive of fermat s little theorem

Contrapositive of Fermat’s Little Theorem

If pand a are integers such that and a p-1 mod p 1, then p is not prime.


First prime number test

First Prime Number Test

function primality(N)

Input: Positive integer N

Output: yes/no

// a is random positive integer between 1 and N-1

a = uniform(1..N-1)

//

if (modexp(a, N-1, N) == 1):

return “possibly prime”

else:return “not prime” // certain


False witnesses

False Witnesses

  • If primality(N) returns “possibly prime”, then N might or might not be prime, as the answer indicates

  • Consider 15:

    • 414 mod 15 = 1

    • but 15 clearly isn’t prime!

    • 4 is called a false witness of 15

  • Given a non-prime N, we call a number a where an-1 mod N = 1 a “false witness” (to the claim that N is prime)


Relatively prime

Relatively Prime

  • Two numbers, a and N, are relatively prime if their greatest common divisor is 1.

    • 3 and 5?

    • 4 and 8?

    • 4 and 9?

  • Consider the Carmichael numbers:

    • They pass the test (i.e., an-1 mod N = 1) for all a relatively prime to N.


False witnesses1

False Witnesses

  • Ignoring Carmichael numbers,

  • How common are false witnesses?

    • Lemma: If an-1 mod n = 1 for some a relatively prime to n, then it must hold for at least half the choices of a < n


State of affairs

State of Affairs

  • Summary:

    • If n is prime, then an-1 mod n = 1 for all a < n

    • If n is not prime, then an-1 mod n = 1 for at most half the values of a < n

  • Allows us to put a bound on how often our primality() function is wrong.


Correctness

Correctness

  • Question #1: Is the “Fermat test” correct?

    • No

  • Question #1’: How correct is the Fermat test?

    • The algorithm is ½-correct with one-sided error.

      • The algorithm has 0.5 probability of saying “yes N is prime” when N is not prime.

      • But when the algorithm says “no N is not prime”, then N must not be prime (by contrapositive of Fermat's Little Theorem)


Amplification

Amplification

  • Repeat the test

    • Decrease the probability of error:

      C = Composite; P = Prime

  • Amplification of stochastic advantage


P correct

P(Correct)

  • k trials gives 1/(2k) probability of being incorrect when the answer is "prime“

    P(Correct) =


Modified primality test

Modified Primality Test

function primality2(N)

Input: Positive integer N

Output: yes/no

for i = 1 to k do:

a = uniform(1..N-1)

if (modexp(a, N-1, N) == 1):

// possibly prime; do nothing

else:return “not prime”

return yes


2 greatest common divisor

2. Greatest Common Divisor


Greatest common divisor

Greatest Common Divisor

  • Euclid’s rule:

    • gcd(x, y) = gcd (x mod y, y) = gcd(y, x mod y)

  • Can compute gcd(x,y) for large x, y by modular reduction until we reach the base case!

    function Euclid (a,b)

    Input: Two integers a and b with a  b  0 (n-bit integers)

    Output: gcd(a,b)

    if b=0: return a

    return Euclid(b, a mod b)


Example

Example

  • gcd(25, 11)


3 questions

3 Questions

  • 1. Is it Correct?

  • 2. How long does it take?

  • 3. Can we do better?


Analysis

Analysis

function Euclid (a,b)

Input: Two integers a and b with a  b  0 (n-bit integers)

Output: gcd(a,b)

if b=0: return a

return Euclid(b, a mod b)


Bezout s identity

Bezout’s Identity

  • For two integers a, band their GCD d, there exist integers x and y such that:


Extended euclid algorithm

Extended Euclid Algorithm

function extended-Euclid (a, b)

Input: Two positive integers a & b with a  b  0 (n-bits)

Output: Integers x, y, d such that d = gcd(a, b)and ax + by = d

if b=0: return (1,0,a)

(x’, y’, d) = extended-Euclid(b, a mod b)

return (y’, x’ – floor(a/b)y’, d)


Example1

Example

  • Note: there’s a great worked example of how to use the extended-Euclid algorithm on Wikipedia here:

    http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm

  • And another linked from the reading column on the schedule for today


Multiplicative inverses

Multiplicative Inverses

  • In the rationals, what’s the multiplicative inverse of a?

  • In modular arithmetic (modulo N), what is the multiplicative inverse?


Multiplicative inverses1

Multiplicative Inverses

  • In the rationals, what’s the multiplicative inverse of a?

  • In modular arithmetic (modulo N), what is the multiplicative inverse?


Finding multiplicative inverses modulo n

Finding Multiplicative Inverses(Modulo N)

  • Modular division theorem: For any a mod N, a has a multiplicative inverse modulo N if and only if it is relatively prime to N.

  • Significance of extended-Euclid algorithm:

    • When two numbers, and , are relatively prime

    • extended-Euclid algorithm produces and such that

    • Thus,

      • Because for all integers

    • Then is the multiplicative inverse of modulo

  • i.e., I can use extended-Euclid to compute the multiplicative inverse of mod


Multiplicative inverses2

Multiplicative Inverses

  • The multiplicative inverse mod is exactly what we will need for RSA key generation

  • Notice also: when and are relatively prime, we can perform modular division in this way


Cs 312 algorithm analysis

Next

  • RSA


Assignment

Assignment

  • Read and Understand: Section 1.4

  • HW #3: 1.9, 1.18, 1.20

  • Finish your project #1 early!

    • Submit on Wednesday by 5pm


  • Login