Survey

# Download Extended Euclidean Algorithm

Document related concepts

Mathematics of radio engineering wikipedia, lookup

List of prime numbers wikipedia, lookup

Large numbers wikipedia, lookup

Collatz conjecture wikipedia, lookup

Quadratic reciprocity wikipedia, lookup

Factorization of polynomials over finite fields wikipedia, lookup

Transcript

Extended Euclidean Algorithm Presented by Lidia Abrams Anne Cheng Euclidean Algorithm THEOREM If m and n are any integers, not both zero, then the Greatest Common Divisor of m and n, denoted gcd(m,n) is the largest of the common divisors of m and n. 2 FORMULA To compute the gcd of two numbers m and n, let r0 = m, let r1 = n, and compute successive quotients and remainders ri-1 = qi+1 x ri + ri+1 for i = 1,2,…until some remainder rn+1 is 0. The last nonzero remainder rn is then the greatest common divisor of m and n. 3 FLOWCHART Ensure m ≥ n Find remainder Is r=0 No Interchange Yes Terminate 5 ALGORITHM //Computes gcd(m, n) by Euclid’s algorithm //Input: Two nonnegative, not-both-zero integers m and n //Output: Greatest common divisor of m and n //***************************************************** 1. If m < n, exchange m and n 2. If n = 0, return m, terminate; else step 3. 3. Divide m by n and let r be the remainder. (0 ≤ r < n) 4. If r = 0, terminate; n is the answer. 5. Set m = n, n = r, and go back to step 3. 6 ALGORITHM -- Pseudocode Euclid(m , n) 1. If n = 0 2. then return m 3. else return Euclid(n, m mod n) 7 EXAMPLE Calculate: gcd(22, 60) = gcd(60,22) 60 = 2 x 22 + 16 = Euclid(22,16) 22 = 1 x 16 + 6 = Euclid(16,6) 16 = 2 x 6 + 4 = Euclid(6,4) 6=1x4+2 gcd = Euclid(4,2) 4=2x2+0 = Euclid(2,0) = 2. 8 Extended Euclid’s Algorithm THEOREM If m and n are any positive integers, not both zero, gcd(m, n) is the smallest positive element of the set {am + bn: a,b in Z} of linear combinations of m and n. Thus: am + bn = gcd(m, n) = d 9 FLOWCHART Start S1: m > 0, n >0 a=0 a’=1 c=m b=1 b’=0 d=n S2: c = m > 0, d = n > 0, a = b’= 0, a’b = 1. S3: am+bn = d, a’m+b’n = c = qd + r, 0 ≤ r < d, gcd(c,d) = gdc(m,n) q=quotient(c%d) r=remainder(c%d) Yes r = 0? No c = d, d = r t=a’, a’=a, a= t - qa; t=b’, b’=b, b=t - qb; S4: am + bn = f = gcd(m, n). Stop S5: am+bn = d, a’m+b’n = c = qd + r, 0 < r < d m gcd(c,d) = gcd(m,n). S6: am+bn = d, a’m+b’n = c, d > 0, gcd(c,d) = gcd(m,n) 10 ALGORITHM //Input: Two positive integers m and n //Output: Greatest common divisor d and two integers a and b, such that am + bn = d //***************************************************** 1. 2. 3. 4. Set a’ = b = 1, a = b’ = 0, c = m, d = n. Let q, r be the quotient and remainder, respectively, of c divided by d. (We have c = qd + r, 0 ≤ r < d) If r = 0, terminate; we have in this case am + bn = d as desired. Set c = d, d = r, t = a’, a’ = a, a = t – qa, t = b’, b’ = b, b = t – qb, and go back to step 2. 11 ALGORITHM – Pseudocode Extended-Euclid(m, n) 1 If n = 0 2 then return (m, 1, 0) 3 (d’, a’, b’) = Extended-Euclid(n, m mod n) 4 (d , a , b) = (d’, b’, a’ – floor(a/b)b’) 5 return (d, a, b) 12 EFFICIENCY The number of recursive calls made in Euclid is equal to the number of recursive calls made in Extended-Euclid, the running times of both algorithms are the same, to within a constant factor. For a > b > 0, the number of recursive calls is O(logn). 13 EXAMPLE m = 2 x n + 16 n = 1 x 16 + 6 16 = 2 x 6 + 4 6=1x4+2 4=2x2+0 16 = m – 2n 6 = n – 1 x 16 = n – 1 x (m – 2n) = -m + 3n 4 = 16 – 2 x 6 = (m – 2n) – 2 x ( -m + 3n) = (3m – 8n) 2= 6–1x4 = (-m + 3n) – 1 x (3m – 8n) = -4m + 11n 14 Example – cont. m n r q a b - - - - 1 0 60 22 16 2 0 1 a = 1 - 2*0 = 1 22 16 6 1 1 -2 b = 0 - 2*1 = -2 16 6 4 2 6 4 2 1 4 2 0 2 Next a = next-to-last a - q*(last a) Next b = next-to-last b - q*(last b) 15 Example – cont. m n r q a b - - - - 1 0 60 22 16 2 0 1 22 16 6 1 1 -2 a = 0 - 1*1 = -1 16 6 4 2 -1 3 b = 1 - 1*(-2) = 3 6 4 2 1 4 2 0 2 16 Example – cont. m n r q a b - - - - 1 0 60 22 16 2 0 1 22 16 6 1 1 -2 16 6 4 2 -1 3 a = 1 - 2*(-1) = 3 6 4 2 1 3 -8 b = -2 - 2*3 = -8 4 2 0 2 17 Example – cont. m n r q a b - - - - 1 0 60 22 16 2 0 1 22 16 6 1 1 -2 16 6 4 2 -1 3 6 4 2 1 3 -8 a = -1 - 1*3 = -4 4 2 0 2 -4 11 b = 3 - 1*(-8) = 11 18 Euclid’s Game !! The game is really very simple. It helps clarify the Euclid's algorithm and the notion of the Greatest Common Divisor of two integers. The difference of any two numbers is divisible by their gcd. Assuming the two original numbers are N and M and N>M (In the applet they are never equal.) Then the only numbers that could be obtained by taking differences are the multiples of gcd(N,M). Furthermore, all such numbers will eventually appear on the board regardless of the sequence of moves (why?). Therefore, the total number of integers that will be written on the board equals N/gcd(N,M). From here you may calculate whether it's preferable to start or let the computer make the first move. http://www.cut-the-knot.com/blue/EuclidAlg.shtml 19 CRYPTOGRAPHY-- RSA Background: RSA was developed by 3 MIT researchers: Ronald Rivest, Adi Shamir, and Leonard Adleman Searching for a more complete Public Key Cryptography approach than Diffie-Hellman. Published in 1977 and Patented in September 2000. 2 sets of keys, public and private keys. Strength of RSA comes from the difficulty of factoring large prime numbers. RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of computer processing power and time. RSA PROVING: http://www.di- mgt.com.au/rsa_theory.html 20 RSA Concepts M = message Encryption:: P(M)– public key pair (e,n) C = P(M), where C = Me mod n e = public exponent, which is relative prime number to (p-1)(q-1) C = encrypted message Decryption:: S(m)– private key pair (d,n). S(C ) = M, where M = Cd mod n d = private exponent, which is any integer satisfies (ed-1)/ (p1)(q-1) is an integer. 21 RSA– Steps to encrypt data 1) Select 2 prime numbers: p & q. 2) Find the n = p*q, where n is the public and private key pairs 3) Find e. e must be relative prime to (p-1)(q-1) 4) Find d. d must be chosen so (ed-1)/(p-1)(q-1) is an integer by using Extended Euclidean Algorithm. If d satisfies the equation, then d will be the multiplicative inverse of e. 5) Discard p and q. only the public key(e,n) and private(d,n) are needed now. 22 How to get Key pairs??? 1) 2) 3) 4) Select 2 prime numbers: p = 11, q = 3 Find n = p*q : n = 11*3=33 Find e, relative prime, to (11-1)*(3-1) = 20: e = 3 Find d, making (ed-1)/(p-1)(q-1) is an integer. (3d-1)/10 = k, where k is an integer become 3d -1 = 10k 3d + (-10) k = 1 using Extended Euclidean Algorithm to find integer d, k d = 7 k = 2, it satisfies the eqn (3*7-1)/10 = 2 (=k) is an integer. 5) Discard p,q: public pair(e,n) vs. private pair(d,n) public(3,33) vs. private(7,33) 23 How to encrypt data “G” now??? Since we have the public key pairs(3,33) and private key pairs(7,33), we can encrypt our data now. For example, we want to encrypt “GO.” In alphabet, G = 7 and O = 15. First, we encrypt “G.” We know: C = P(M) = encrypted data. Thus, M = 7 and find C? C = P(7) = Me mod n = 73 mod 33 = 13 C = 13 24 How to decrypt data “G” now?? Since we have C = 13 and private key pair is (7,33), M = S( C)= Cd mod n.We can apply: M = 137 mod 33 = M = 7. Then, according to alphabet , M = 7 is the location of “G” Note: a = bc mod n = (b mod n) * (c mod n) 25 To encrypt vs. decrypt “O” Public(e,n) = public(3,33) Private(d,n) = private(7,33) To encrypting: C = Me mod n O = 15 M C = P(M) = P(15) = 153 mod 33 = 9 To decrypting: M = Cd mod n M = 97 mod 33 = 15. http://sci.vu.edu.au/~drw/scriptlets/r sa.html 26 Issue?? The n is 33. there are 0-32 n’s maps to a unique code C in the same range in a sort of random manner. In this case, we have 9 values of m to the same value of C – these are know as unconcealed message. We always have the issue of M=0 or M = 1 no matter how large n is . However, in practice, higher values shouldn’t be a problem when we use large values of n. 27 RSA Conclusion Bigger is Better: In practice, large values for p and q should be used to create keys of about 100 digits, or even more. The larger the key strings are, the more difficult By convenient accident, the program doesn’t echo the values of p and q. That is just as well, because those two numbers must never be revealed. After you have your key numbers, you no longer need p and q, so all traces of those two numbers can and probably should be erased. To do the encryption (C = me mod n) is very easy, but it is very difficult to decrypt M = cd mod n. 28 QUESTIONS & ANSWERS 29