University of Tokyo: Advanced Algorithms Summer Lecture 4 13 May

Similar documents
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Lecture 13 - Basic Number Theory.

Computer and Network Security

Kevin James. MTHSC 412 Section 2.4 Prime Factors and Greatest Comm

Today s Topics. Primes & Greatest Common Divisors

Factoring & Primality

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Primality - Factorization

Overview of Number Theory Basics. Divisibility

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Cryptography and Network Security Number Theory

Cryptography and Network Security Chapter 8

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

8 Primes and Modular Arithmetic

MATH 289 PROBLEM SET 4: NUMBER THEORY

SUM OF TWO SQUARES JAHNAVI BHASKAR

Public Key Cryptography: RSA and Lots of Number Theory

Lecture 13: Factoring Integers

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS

GREATEST COMMON DIVISOR

Section 4.2: The Division Algorithm and Greatest Common Divisors

An Overview of Integer Factoring Algorithms. The Problem

Factoring Algorithms

8 Divisibility and prime numbers

CS 103X: Discrete Structures Homework Assignment 3 Solutions

RSA and Primality Testing

Applications of Fermat s Little Theorem and Congruences

GCDs and Relatively Prime Numbers! CSCI 2824, Fall 2014!

Basic Algorithms In Computer Algebra

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

Continued Fractions and the Euclidean Algorithm

Integer Factorization using the Quadratic Sieve

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

Primality Testing and Factorization Methods

Chapter. Number Theory and Cryptography. Contents

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

Algebra & Number Theory. A. Baker

Recent Breakthrough in Primality Testing

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Is n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur

Faster deterministic integer factorisation

How To Solve The Prime Factorization Of N With A Polynomials

Lecture 3: Finding integer solutions to systems of linear equations

Winter Camp 2011 Polynomials Alexander Remorov. Polynomials. Alexander Remorov

Public Key Cryptography and RSA. Review: Number Theory Basics

Number Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures

Math 319 Problem Set #3 Solution 21 February 2002

Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

The Chinese Remainder Theorem

Carmichael numbers and pseudoprimes

Homework until Test #2

Groups in Cryptography

The Euclidean Algorithm

Handout NUMBER THEORY

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

How To Know If A Message Is From A Person Or A Machine

Math 453: Elementary Number Theory Definitions and Theorems

r + s = i + j (q + t)n; 2 rs = ij (qj + ti)n + qtn.

Cryptography and Network Security

How To Factoring

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

Test1. Due Friday, March 13, 2015.

The last three chapters introduced three major proof techniques: direct,

The Division Algorithm for Polynomials Handout Monday March 5, 2012

Settling a Question about Pythagorean Triples

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem)

Doug Ravenel. October 15, 2008

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

Algorithms with numbers

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Communications security

Elementary factoring algorithms

Number Theory and Cryptography using PARI/GP

PROBLEM SET 6: POLYNOMIALS

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

2.1 Complexity Classes

Theorem3.1.1 Thedivisionalgorithm;theorem2.2.1insection2.2 If m, n Z and n is a positive

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Factoring integers and Producing primes

Public-key cryptography RSA

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

6.2 Permutations continued

CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

An Efficient RNS to Binary Converter Using the Moduli Set {2n + 1, 2n, 2n 1}

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

Introduction to Programming (in C++) Loops. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC

PROPERTIES OF ELLIPTIC CURVES AND THEIR USE IN FACTORING LARGE NUMBERS

Example. Introduction to Programming (in C++) Loops. The while statement. Write the numbers 1 N. Assume the following specification:

V Quantitative Reasoning: Computers, Number Theory and Cryptography

Elements of Applied Cryptography Public key encryption

Intermediate Math Circles March 7, 2012 Linear Diophantine Equations II

Factoring Polynomials

CIS 5371 Cryptography. 8. Encryption --

(0, 0) : order 1; (0, 1) : order 4; (0, 2) : order 2; (0, 3) : order 4; (1, 0) : order 2; (1, 1) : order 4; (1, 2) : order 2; (1, 3) : order 4.

The cyclotomic polynomials

Introduction to Modern Algebra

Transcription:

University of Tokyo: Advanced Algorithms Summer 2010 Lecture 4 13 May Lecturer: François Le Gall Scribe: Martsinkevich Tatiana Definition: A prime number is an integer p > 1 whose only divisors are 1 and p. For example: 2, 3, 5... Theorem 4.1 (Fundamental Theorem of Arithmetic). Any positive integer n > 1 can be decomposed as n = p 1 a1 p 2 a2.. p k a k, where pi are distinct primes and a i are positive integers. Moreover, the decomposition is unique. There exist two fundamental problems which are: PRIME: given integer n determine if it is a prime number. FACTORING: given n compute its factorization. The first problem is considered to be easy while second - hard. There is a deterministic algorithm solving PRIME in time polynomial in log n, but it s slow. This algorithm is presented in the paper Prime is in P by Agrawal-Kayal-Saxena, 2002. There exists faster and more practical randomized algorithms for PRIME. For FAC- TORING there is no good algorithm as yet: the best known algorithm has time complexity exponential in log n. 4.1 Euclid s Algorithms Notation: we write b a if b divides a, i.e. there exists an integer c so that a = bc. Definition: The greatest common divisor of two integers n and m is the largest positive d such that d m and d n. Then we write d = gcd(m, n). If d = 1 we say that m and n are coprime. e.g.: gcd(12, 30) = 6 gcd(m, n) can be read from the factorizations of m and n. For example, if m = 2 3 3 7 4 11 and n = 2 2 5 7 19, then gcd(m, n) = 2 2 7. Euclid s algorithm computes gcd(m, n) in time O(log m log n). 4-1

e.g.: let s compute gcd(1547, 560) Steps: 1. Divide the largest of the two numbers by the second number. 2. Take the number by which the division was performed and divide it by the remainder just obtained. 3. Repeat Step 2 until getting zero remainder. 4. gcd is the last non-zero remainder. 1547 = 2 560 + 427 560 = 1 427 + 133 427 = 3 133 + 28 133 = 4 28 + 21 28 = 1 21 + 7 21 = 3 7 + 0 The last non-zero remainder is 7 = gcd(1547, 560) = 7 Theorem 4.2. For any integers m and n there exist integers u and v such that gcd(n, m) = un + vm. Moreover u and v can be found in time O(log m logn) by the extended Euclid s algorithm. Let s study example that demonstrates how the algorithm works. We reverse the computation done for the previous example of gcd(1547, 560): 7 = 28 1 21 = 28 1 (133 4 28) = 1 133 + 5 28 = 1 133 + 5 (427 3 133) = 5 427 16 133 = 5 427 16 (560 1 427) = 16 560+21 427 = 16 560+21 (1547 2560) = }{{} 21 u 1547 }{{} 58 v 560 4.2 Computation in Z n Let n be a positive integer. Z n denotes the set of integers {0, 1, 2..n 1}. The function modn maps an integer a to the integer b Z n such that n (b a). e.g.: 11 mod 3 = 2 2 mod 3 = 1 7 mod 5 = 3 Z n with addition modn is an abelian group. 4-2

Addition and substitution in Z n can be done in time O(log n). For example, if a,b Z n, then { a + b if a + b < n a + b mod n = a + b n if a + b n Multiplication can be done in time O((log n) 2 ). Multiplicative inverse Theorem 4.3. Let a be an element of Z n. Then ax mod n = 1 has a solution x if and only if gcd(a, n) = 1. The solution is unique in Z n and can be found in time O((log n) 2 ). Proof (Existence): Suppose there exists a solution x 0 so that ax 0 mod n = 1. Then: ax 0 + cn = 1 for some c = gcd(a, n) 1 = gcd(a, n) = 1. Suppose gcd(a, n) = 1. Then there exist integers u and v such that au + nv = 1. Then au mod n = 1, and x = u is a solution. Notice that also shows that a solution can be computed using the extended Euclid algorithm. Proof (Unicity): Suppose there exists x 0 x 1 Z n so that ax 0 mod n = 1 and ax 1 mod n = 1. Then: a(x 0 x 1 ) mod n = 0 = n a(x 0 x 1 ) = n (x 0 x 1 ) = x 0 x 1 = 0 (since n < x 0 x 1 < n) = x 0 = x 1. Conclusion: each element a Z n with gcd(a, n) = 1 has a multiplicative inverse a 1 such that aa 1 mod n = 1. For any positive integer, define Z n = {a Z n gcd(a, n) = 1}. Then Z n is a multiplicative group (with multiplication modulo n), and Z p, when p is a prime, is a field (with addition and multiplication modulo p). Power algorithm 4-3

Goal: evaluate a e mod n. If we compute each a, a 2, a 3.., this will take time O(e(log n) 2 ), which is not efficient. But there is an observation which we can use: { a e a a e 1 if e is odd = a (e/2)2 if e is even Here is an efficient algorithm for computing powers. POWER(a, e, n) [e 0, n 2, a Z n ] if e = 0 then return(1); else if e is odd then t POWER(a, e 1, n); return(at mod n); else t POWER(a, e/2, n); return(t 2 mod n); Theorem 4.4. POWER(a, e, n) returns a e mod n in time O(log e (log n) 2 ) e.g.: e = 13 P OW ER(a, 13, n) a a 12 = a 13 P OW ER(a, 12, n) (a 6 ) 2 = a 12 P OW ER(a, 6, n) (a 3 ) 2 = a 6 P OW ER(a, 3, n) a a 2 = a 3 P OW ER(a, 2, n) a 2 P OW ER(a, 1, n) 1 a = a P OW ER(a, 0, n) 1 4.3 Euler Theorem Definition: for any positive integer n the Euler function ϕ(n) is defined as ϕ(n) = {1 b n gcd(n, b) = 1}. e.g.: ϕ(1) = 1 if p is a prime, then ϕ(p) = p 1 if p is a prime and α 1, then ϕ(p α ) = p α p α 1 4-4

Property: if n = p a 1 1 p a 2 2.. p a k k, where the p i s are distinct prime, then ϕ(n) = ϕ(p a 1 1 ) ϕ(p a 2 2 ) ϕ(p a k k ). In other words, if we know the factorization of n, we can compute ϕ(n). Theorem 4.5 (Euler Theorem). For all positive integers n and all x Z n x ϕ(n) mod n = 1. Proof: Suppose n > 1. Then ϕ(n) = Z n. For any finite group G and any g G we have g G = 1 (we have it from elementary group theory: Lagrange theorem). Special case of the Euler Theorem: if n = p prime then, for any x Z p, x p 1 mod p = 1. This is called Fermat s Little Theorem and it will be used for checking if p is prime. 4-5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information