1 / 32

CS 312: Algorithm Analysis

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. CS 312: Algorithm Analysis. Lecture #4: Primality Testing, GCD. Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick. Objectives. Part 1:

wilton
Download Presentation

CS 312: Algorithm Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. CS 312: Algorithm Analysis Lecture #4: Primality Testing, GCD Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick

  2. Objectives • Part 1: • Introduce Fermat’s Little Theorem • Understand and analyze the Fermat primality tester • Part 2: • Discuss GCD and Multiplicative Inverses, modulo N • Prepare to Introduce Public Key Cryptography • This adds up to a lot of ideas!

  3. Part 1: Primality Testing

  4. Fermat’s Little Theorem If p is prime, then a p-1  1 (mod p) for any a such that 1 a < p Examples: How do you wish you could use this theorem? p = 3, a = 2 p = 7, a = 4

  5. Logic Review a  b (a implies b) Which is equivalent to the above statement? • b  a • ~a  ~b • ~b  ~a

  6. Logic Review a  b (a implies b) Which is equivalent to the above statement? • b  a The Converse • ~a  ~b The Inverse • ~b  ~a The Contrapositive

  7. Contrapositive of Fermat’s Little Theorem If pand a are integers such that 1 a < p and a p-1 mod p 1, then p is not prime.

  8. First Prime Number Test function primality(N) Input: Positive integer N Output: yes/no // a is random positive integer between 1 and N-1 a = uniform(1..N-1) // if (modexp(a, N-1, N) == 1): return yes else: return no Do we really mean yes?

  9. False Witnesses • If primality(N) returns “yes”, then N might or might not be prime. • Consider 15: • 414 mod 15 = 1 • but 15 clearly isn’t prime! • 4 is called a false witness of 15

  10. Relatively Prime • Two numbers, a and N, are relatively prime if their greatest common divisor is 1. • 3 and 5? • 4 and 8? • 4 and 9?

  11. False Witnesses • If primality(N) returns “yes”, then N might or might not be prime. • Consider the Carmichael numbers: • They pass the test (i.e., an-1 mod N= 1) for all a relatively prime to N.

  12. False Witnesses • Ignoring Carmichael numbers, • How common are false witnesses? • Lemma: If for some a relatively prime to n, then it (Fermat test) must hold (be correct) for at least half the choices of a < n • False witnesses occur than half the time!

  13. State of Affairs • Summary: • If n is prime, then an-1 mod n = 1 for all a < n • If n is not prime, then an-1 mod n = 1 for at most half the values of a < n • Allows us to put a bound on how often primality() is wrong.

  14. Correctness • Question #1: Is the “Fermat test” correct? • No • Question #1’: how correct is the Fermat test? • The algorithm is ½-correct with one-sided error. • The algorithm has 0.5 probability of saying “yes N is prime” when N is not prime. • But when the algorithm says “no N is not prime”, then N must not be prime (by contrapositive of Fermat's Little Theorem)

  15. Amplification • Repeat the test • Decrease the probability of error: C = Composite; P = Prime • Amplification of stochastic advantage

  16. P(Correct) • When k trials all say the answer is "prime“

  17. Modified Primality Test function primality2(N) Input: Positive integer N Output: yes/no for i = 1 to k do: a = uniform(1..N-1) if (modexp(a, N-1, N) == 1): // yes; do nothing else: return no return yes

  18. Modified Primality Test • Is it correct? • Yes, with probability • Analysis • Depends how accurate you want to be

  19. Randomized Algorithms • We’ll close the loop and revisit these again at the end of the semester.

  20. 2. Greatest Common Divisor

  21. Greatest Common Divisor • Euclid’s rule: • gcd(x, y) = gcd (x mod y, y) • Can compute gcd(x,y) for large x, y by modular reduction until we reach the base case! function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

  22. Example • gcd(25, 11)

  23. 3 Questions • 1. Is it Correct? • 2. How long does it take? • 3. Can we do better?

  24. Analysis function Euclid (a,b) Input: Two integers a and b with a  b  0 (n-bit integers) Output: gcd(a,b) if b=0: return a return Euclid(b, a mod b)

  25. Bezout’s Identity • For two integers a, band their GCD d, there exist integers x and y such that:

  26. Extended Euclid Algorithm function extended-Euclid (a, b) Input: Two positive integers a & b with a  b  0 (n-bits) Output: Integers x, y, d such that d = gcd(a, b)and ax + by = d if b=0: return (1,0,a) (x’, y’, d) = extended-Euclid(b, a mod b) return (y’, x’ – floor(a/b)y’, d)

  27. Example • Note: there’s a great worked example of how to use the extended-Euclid algorithm on Wikipedia here: http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm • And another linked from the reading column on the schedule for today

  28. Multiplicative Inverses • In the rationals, what’s the multiplicative inverse of a? • In modular arithmetic (modulo N), what is the multiplicative inverse?

  29. Finding Multiplicative Inverses • Modular division theorem: For any a mod N, a has a multiplicative inverse modulo N if and only if it is relatively prime to N. • Significance of extended-Euclid algorithm: • When two numbers, a and N, are relatively prime, extended-Euclid produces x and y such that ax+ Ny = 1 • Thus, ax 1 (mod N) • Because Ny (mod N) = 0 for all integers y • Then x is the multiplicative inverse of a modulo N • i.e., I can use extended-Euclid to compute the multiplicative inverse of a mod N

  30. Multiplicative Inverses • The multiplicative inverse mod N is exactly what we will need for RSA key generation • Notice also: when a and N are relatively prime, we can perform modular division in this way

  31. Next • RSA • Divide & Conquer

  32. Assignment • Read and Understand: Sections 1.4, 2.1, 2.2 • HW #3: 1.9, 1.18, 1.20 • Finish your project #1 early! • Submit on Thursdayby midnight

More Related