Download Modular Arithmetic

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
Document related concepts

Large numbers wikipedia , lookup

List of first-order theories wikipedia , lookup

Wiles's proof of Fermat's Last Theorem wikipedia , lookup

List of prime numbers wikipedia , lookup

Factorization wikipedia , lookup

Algorithm wikipedia , lookup

Factorization of polynomials over finite fields wikipedia , lookup

Addition wikipedia , lookup

Collatz conjecture wikipedia , lookup

Proofs of Fermat's little theorem wikipedia , lookup

Arithmetic wikipedia , lookup

Quadratic reciprocity wikipedia , lookup

Elementary mathematics wikipedia , lookup

Transcript 
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
CS 312: Algorithm Design &
Analysis
Lecture #3: Algorithms for
Modular Arithmetic,
Modular Exponentiation
Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick
Announcements
 Homework: Always show work
 FERPA protects your student record
 Need your consent to return graded work
without cover sheet
Objectives
 Add the Max Rule to your asymptotic
analysis toolbox
 Review modular arithmetic
 Discuss and analyze algorithms for:
 modular arithmetic
 modular exponentiation
Max. Rule
 Another useful rule for Asymptotic analysis.
𝑂 𝑓 𝑛 + 𝑔 𝑛
= 𝑂 max 𝑓 𝑛 , 𝑔 𝑛
 Upper bound / Big-O only!
 Example:
Max. Rule
Goal for Ch. 1
 Demonstrate that algorithm analysis is useful!
 Specifically, understand how theoretical analysis
of algorithms justifies the security of RSA.
 Requires: Solve, analyze, and use solutions to two
important and related problems:
 Factoring: Given a number 𝑁, express it as a product
of its prime numbers
 Primality Testing: Given a number 𝑁, determine
whether it is prime
 Which one is harder?
Algorithms for Integer Arithmetic
 Computing Device:
 Bit-level arithmetic operations are constant
time
 Arithmetic operations on arbitrary length
integers depend on length of input
Algorithms for Integer Arithmetic
 For an integer 𝑥, we talk about its length in
terms of the number of bits.
 How many bits are needed for some value 𝑥?
 In general, 𝑛 = ⌈log 2 (𝑥 + 1)⌉
Algorithms for Integer Arithmetic
 Addition
 Multiplication
 Division
Modular Arithmetic
Congruency
An important distinction
 The modulus operator
 The congruency modulo N relation
 Equivalent to:
Properties
 Associative Property:
 𝑥 + 𝑦 + 𝑧 ≡ 𝑥 + 𝑦 + 𝑧 𝑚𝑜𝑑 𝑁
 𝑥 ⋅ 𝑦 ⋅ 𝑧 ≡ 𝑥 ⋅ 𝑦 ⋅ 𝑧 𝑚𝑜𝑑 𝑁
 Commutative Property:
 𝑥 + 𝑦 ≡ 𝑦 + 𝑥 𝑚𝑜𝑑 𝑁
 𝑥 ⋅ 𝑦 ≡ 𝑦 ⋅ 𝑥 𝑚𝑜𝑑 𝑁
 Distributive Property:
 𝑥 𝑦 + 𝑧 ≡ 𝑥𝑦 + 𝑥𝑧 𝑚𝑜𝑑 𝑁
Substitution Rule
Useful Consequence
If 𝑥 ≡ 𝑥 ′ (𝑚𝑜𝑑 𝑧), then:
𝑥 𝑦  𝑥’ 𝑦 (𝑚𝑜𝑑 𝑧)
Equivalently:
𝑥 𝑦 ≡ 𝑥%𝑧 𝑦 (𝑚𝑜𝑑 𝑧)
 Example:
Modular Addition
Modular Multiplication
CS 312
Remainder of Lecture #3:
Modular Exponentiation
Goal: Modular Exponentiation
 We need to compute
xy mod N
for values of x, y, and N that are several
hundred bits long.
 Can we do so quickly?
Sequential Exponentiation
Describe a simple algorithm for doing exponentiation:
function seqexp (x, y)
Input: An n-bit integer x and a non-negative integer
exponent y (arbitrarily large)
Output: xy
if y=0: return 1
r=x
for i = 1 to y-1 do
r=r⋅x
return r
Analysis of Sequential
Exponentiation
function seqexp (x, y)
Input: An n-bit integer x and a non-negative
integer exponent y (arbitrarily large)
Output: xy
if y=0: return 1
r=x
for i = 1 to y-1 do
r=rx
return r
Analysis of Sequential
Exponentiation
function seqexp (x, y)
Input: An n-bit integer x and a non-negative
integer exponent y (arbitrarily large)
Output: xy
if y=0: return 1
r=x
for i = 1 to y-1 do
r=rx
return r
Analysis of Sequential
Exponentiation
function seqexp (x, y)
Input: An n-bit integer x and a non-negative
integer exponent y (arbitrarily large)
Output: xy
if y=0: return 1
r=x
for i = 1 to y-1 do
r=rx
return r
Modular Exponentiation, Take I
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative
integer exponent y (arbitrarily large)
Output: xy mod N
if y=0: return 1
r = x mod N
for i = 1 to y-1 do
r = (r ⋅ x) mod N
return r
Modular Exponentiation, Take I
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative
integer exponent y (arbitrarily large)
Output: xy mod N
if y=0: return 1
r = x mod N
for i = 1 to y-1 do
r = (r ⋅ x) mod N
return r
New Ideas
 Represent y (the exponent) in binary
 Then break down xy into factors using the non-zero bits
of y
 Also: compute the factors using repeated squaring
 Reduce factors using substitution rule
Modular Exponentiation, Take II
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative
integer exponent y (arbitrarily large)
Output: xy mod N
Recursive call
if y=0: return 1
z = modexp(x, floor(y/2), N)
if y is even:
return z2 mod N
else:
return x ⋅ z2 mod N
Right shift
Modular reduction
Multiplication
Analysis of Modular Exponentiation




Each multiplication is Q(n2)
Each modular reduction is Q(n2)
There are log(y)=m of them
Thus, modular exponentiation is in
Q(n2 log y) = Q(n2 m)
function modexp (x, y, N)
if y=0: return 1
z = modexp(x, floor(y/2), N)
if y is even:
return z2 mod N
else:
return x z2 mod N
Modular Exponentiation (II),
Iterative Formulation
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative
integer exponent y (arbitrarily large)
Output: xy mod N
if y = 0: return 1
i = y; r = 1; z = x mod N
while i > 0
if i is odd: r = r ⋅ z mod N
z = z2 mod N
i = floor(i/2)
return r
Modular Exponentiation
 xy mod N
 Key Insights:
1. Exponent y can be represented in binary
2. Problem can be factored into one factor per
binary digit equal to 1
3. Factors can be computed by repeated
squaring
4. Each factor can be reduced mod N
(substitution rule)
Example
We’re employing
same insights and a little more
cleverness than the
algorithm.
Example #2
function modexp (x, y, N)
Input: Two n-bit integers x and N, an integer
exponent y (arbitrarily large)
Output: xy mod N
if y = 0: return 1
i = y; r = 1; z = x mod N
while i > 0
if i is odd: r = r z mod N
z = z2 mod N
i = floor(i/2)
return r
310 mod10
x  3, y  10, N  10
i  10, r  1, z  3mod10  3
z  32 mod10  9
i5
r  1 9 mod10  9
z  92 mod10  81mod10  1
i2
z  12 mod10  1
i 1
r  9  1mod10  9
z 1
i0
return 9
Strictly tracing the
algorithm.
Example #2
function modexp (x, y, N)
Input: Two n-bit integers x and N, an integer
exponent y (arbitrarily large)
Output: xy mod N
if y = 0: return 1
i = y; r = 1; z = x mod N
while i > 0
if i is odd: r = r z mod N
z = z2 mod N
i = floor(i/2)
return r
310 mod10
x  3, y  10, N  10
i  10, r  1, z  3mod10  3
z  32 mod10  9
i5
r  1 9 mod10  9
z  92 mod10  81mod10  1
i2
z  12 mod10  1
i 1
r  9  1mod10  9
z 1
i0
return 9
Example
20
3 mod 10
Needed: two volunteers:
Volunteer A: use our final modexp() to compute it.
Volunteer B: compute 320 then reduce mod 10
Efficiency
 The key point is that xy mod N is easy
 modexp is in Q(n2 log y)
 In fact, it requires about 1.5 log2 y multiplications for typical y
 seqexp required y-1 multiplications
 When x, y, and N are 200 digit numbers
 Assume 1 multiplication of two 200 digit numbers takes 0.001
seconds
 modexp typically takes about 1 second
 seqexp would require 10179 times the Age of the Universe!
 Only works when y is an integer.
Assignment
 HW #2:
 Problem 1.25 using modexp,
 Then redo 1.25 but replace 125 with 126 for
the exponent
 Implement modular exponentiation now as a
step toward finishing Project #1
Next
 Primality Testing
Related documents
Name: Math 4150 – Introduction to Number Theory Spring 2010 Test
Name: Math 4150 – Introduction to Number Theory Spring 2010 Test
REVIEW SENTENCE, FRAGMENT, RUN
REVIEW SENTENCE, FRAGMENT, RUN
Solving Linear Congruence
Solving Linear Congruence
Modular Arithmetic - svmoore
Modular Arithmetic - svmoore
MAS144 – Computational Mathematics and Statistics A (Statistics)
MAS144 – Computational Mathematics and Statistics A (Statistics)
Determine the number of odd binomial coefficients in the expansion
Determine the number of odd binomial coefficients in the expansion
UNIFORM RANDOM NUMBER GENERATION Chapter 7 (first half)
UNIFORM RANDOM NUMBER GENERATION Chapter 7 (first half)
RATIONAL ROOTS Let f(x) = x 0 be a polynomial with integer
RATIONAL ROOTS Let f(x) = x 0 be a polynomial with integer
Fall 2016 Midterm
Fall 2016 Midterm
SOLUTIONS FOR THE TRAINING FINAL Remember : the final exam
SOLUTIONS FOR THE TRAINING FINAL Remember : the final exam
2006 exam questions
2006 exam questions
Fermat*s Little Theorem (2/24)
Fermat*s Little Theorem (2/24)