Download Extended Euclidean Algorithm

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Mathematics of radio engineering wikipedia, lookup

List of prime numbers wikipedia, lookup

Large numbers wikipedia, lookup

Collatz conjecture wikipedia, lookup

Addition wikipedia, lookup

Quadratic reciprocity wikipedia, lookup

Factorization of polynomials over finite fields wikipedia, lookup

Proofs of Fermat's little theorem wikipedia, lookup

Elementary mathematics wikipedia, lookup

Transcript
Extended Euclidean
Algorithm
Presented by
Lidia Abrams
Anne Cheng
Euclidean Algorithm
THEOREM
If m and n are any integers, not both
zero, then the Greatest Common
Divisor of m and n, denoted gcd(m,n)
is the largest of the common divisors
of m and n.
2
FORMULA
To compute the gcd of two numbers m
and n, let r0 = m, let r1 = n, and compute
successive quotients and remainders
ri-1 = qi+1 x ri + ri+1
for i = 1,2,…until some remainder rn+1 is 0.
The last nonzero remainder rn is then the
greatest common divisor of m and n.
3
FLOWCHART
Ensure m ≥ n
Find remainder
Is
r=0
No
Interchange
Yes
Terminate
5
ALGORITHM
//Computes gcd(m, n) by Euclid’s algorithm
//Input: Two nonnegative, not-both-zero integers
m and n
//Output: Greatest common divisor of m and n
//*****************************************************
1. If m < n, exchange m and n
2. If n = 0, return m, terminate; else step 3.
3. Divide m by n and let r be the remainder.
(0 ≤ r < n)
4. If r = 0, terminate; n is the answer.
5. Set m = n, n = r, and go back to step 3.
6
ALGORITHM -- Pseudocode
Euclid(m , n)
1. If n = 0
2. then return m
3. else return Euclid(n, m mod n)
7
EXAMPLE
Calculate:
gcd(22, 60) = gcd(60,22)
60 = 2 x 22 + 16
= Euclid(22,16)
22 = 1 x 16 + 6
= Euclid(16,6)
16 = 2 x 6 + 4
= Euclid(6,4)
6=1x4+2
gcd
= Euclid(4,2)
4=2x2+0
= Euclid(2,0)
= 2.
8
Extended Euclid’s Algorithm
THEOREM
If m and n are any positive integers, not
both zero, gcd(m, n) is the smallest
positive element of the set
{am + bn: a,b in Z} of linear combinations
of m and n.
Thus:
am + bn = gcd(m, n) = d
9
FLOWCHART
Start
S1: m > 0, n >0
a=0 a’=1 c=m
b=1 b’=0 d=n
S2: c = m > 0, d = n > 0, a = b’= 0,
a’b = 1.
S3: am+bn = d, a’m+b’n = c = qd + r,
0 ≤ r < d, gcd(c,d) = gdc(m,n)
q=quotient(c%d)
r=remainder(c%d)
Yes
r = 0?
No
c = d, d = r
t=a’, a’=a, a= t - qa;
t=b’, b’=b, b=t - qb;
S4: am + bn = f = gcd(m, n).
Stop
S5: am+bn = d, a’m+b’n = c = qd + r,
0 < r < d m gcd(c,d) = gcd(m,n).
S6: am+bn = d, a’m+b’n = c, d > 0,
gcd(c,d) = gcd(m,n)
10
ALGORITHM
//Input: Two positive integers m and n
//Output: Greatest common divisor d and two integers a
and b, such that am + bn = d
//*****************************************************
1.
2.
3.
4.
Set a’ = b = 1, a = b’ = 0, c = m, d = n.
Let q, r be the quotient and remainder, respectively, of
c divided by d. (We have c = qd + r, 0 ≤ r < d)
If r = 0, terminate; we have in this case am + bn = d as
desired.
Set c = d, d = r,
t = a’, a’ = a, a = t – qa,
t = b’, b’ = b, b = t – qb, and go back to step 2.
11
ALGORITHM – Pseudocode
Extended-Euclid(m, n)
1 If n = 0
2
then return (m, 1, 0)
3 (d’, a’, b’) = Extended-Euclid(n, m mod n)
4 (d , a , b) = (d’, b’, a’ – floor(a/b)b’)
5 return (d, a, b)
12
EFFICIENCY
The number of recursive calls made in
Euclid is equal to the number of recursive
calls made in Extended-Euclid, the running
times of both algorithms are the same, to
within a constant factor.
For a > b > 0, the number of recursive
calls is O(logn).
13
EXAMPLE
m = 2 x n + 16
n = 1 x 16 + 6
16 = 2 x 6 + 4
6=1x4+2
4=2x2+0
16 = m – 2n
6 = n – 1 x 16
= n – 1 x (m – 2n)
= -m + 3n
4 = 16 – 2 x 6
= (m – 2n) – 2 x ( -m + 3n)
= (3m – 8n)
2= 6–1x4
= (-m + 3n) – 1 x (3m – 8n)
=
-4m + 11n
14
Example – cont.
m
n
r
q
a
b
-
-
-
-
1
0
60
22
16
2
0
1
a = 1 - 2*0 = 1
22
16
6
1
1
-2
b = 0 - 2*1 = -2
16
6
4
2
6
4
2
1
4
2
0
2
Next a = next-to-last a - q*(last a)
Next b = next-to-last b - q*(last b)
15
Example – cont.
m
n
r
q
a
b
-
-
-
-
1
0
60
22
16
2
0
1
22
16
6
1
1
-2
a = 0 - 1*1 = -1
16
6
4
2
-1
3
b = 1 - 1*(-2) = 3
6
4
2
1
4
2
0
2
16
Example – cont.
m
n
r
q
a
b
-
-
-
-
1
0
60
22
16
2
0
1
22
16
6
1
1
-2
16
6
4
2
-1
3
a = 1 - 2*(-1) = 3
6
4
2
1
3
-8
b = -2 - 2*3 = -8
4
2
0
2
17
Example – cont.
m
n
r
q
a
b
-
-
-
-
1
0
60
22
16
2
0
1
22
16
6
1
1
-2
16
6
4
2
-1
3
6
4
2
1
3
-8
a = -1 - 1*3 = -4
4
2
0
2
-4
11
b = 3 - 1*(-8) = 11
18
Euclid’s Game !!
The game is really very simple. It helps clarify the Euclid's
algorithm and the notion of the Greatest Common Divisor
of two integers. The difference of any two numbers is
divisible by their gcd. Assuming the two original numbers
are N and M and N>M (In the applet they are never equal.)
Then the only numbers that could be obtained by taking
differences are the multiples of gcd(N,M). Furthermore, all
such numbers will eventually appear on the board
regardless of the sequence of moves (why?). Therefore,
the total number of integers that will be written on the board
equals N/gcd(N,M). From here you may calculate whether
it's preferable to start or let the computer make the first
move.
http://www.cut-the-knot.com/blue/EuclidAlg.shtml
19
CRYPTOGRAPHY-- RSA
Background: RSA was developed by 3 MIT researchers:
Ronald Rivest, Adi Shamir, and Leonard Adleman
Searching for a more complete Public Key Cryptography
approach than Diffie-Hellman.
Published in 1977 and Patented in September 2000.
2 sets of keys, public and private keys.
Strength of RSA comes from the difficulty of factoring
large prime numbers.
RSA algorithm is based on the fact that there is no
efficient way to factor very large numbers. Deducing an
RSA key, therefore, requires an extraordinary amount of
computer processing power and time.
RSA PROVING: http://www.di-
mgt.com.au/rsa_theory.html
20
RSA Concepts
M = message
Encryption::
P(M)– public key pair
(e,n)
C = P(M), where C =
Me mod n
e = public exponent,
which is relative prime
number to (p-1)(q-1)
C = encrypted message
Decryption::
S(m)– private key pair
(d,n).
S(C ) = M, where M =
Cd mod n
d = private exponent,
which is any integer
satisfies (ed-1)/ (p1)(q-1) is an integer.
21
RSA– Steps to encrypt data
1) Select 2 prime numbers: p & q.
2) Find the n = p*q, where n is the public and
private key pairs
3) Find e. e must be relative prime to (p-1)(q-1)
4) Find d. d must be chosen so (ed-1)/(p-1)(q-1)
is an integer by using Extended Euclidean
Algorithm. If d satisfies the equation, then d will
be the multiplicative inverse of e.
5) Discard p and q. only the public key(e,n) and
private(d,n) are needed now.
22
How to get Key pairs???
1)
2)
3)
4)
Select 2 prime numbers: p = 11, q = 3
Find n = p*q : n = 11*3=33
Find e, relative prime, to (11-1)*(3-1) = 20: e = 3
Find d, making (ed-1)/(p-1)(q-1) is an integer.
 (3d-1)/10 = k, where k is an integer  become
 3d -1 = 10k  3d + (-10) k = 1 using Extended Euclidean
Algorithm to find integer d, k  d = 7 k = 2, it satisfies the eqn
 (3*7-1)/10 = 2 (=k) is an integer.
5)
Discard p,q: public pair(e,n) vs. private pair(d,n)
 public(3,33) vs. private(7,33)
23
How to encrypt data “G” now???
Since we have the public key pairs(3,33)
and private key pairs(7,33), we can
encrypt our data now. For example, we
want to encrypt “GO.” In alphabet, G = 7
and O = 15. First, we encrypt “G.” We
know: C = P(M) = encrypted data. Thus,
M = 7 and find C?
C = P(7) = Me mod n = 73 mod 33 = 13
C = 13
24
How to decrypt data “G” now??
Since we have C = 13 and private key pair is
(7,33), M = S( C)= Cd mod n.We can apply:
M = 137 mod 33 =  M = 7. Then, according to
alphabet , M = 7 is the location of “G”
Note: a = bc mod n = (b mod n) * (c mod n)
25
To encrypt vs. decrypt “O”
Public(e,n) = public(3,33)
Private(d,n) = private(7,33)
To encrypting: C = Me mod n
O = 15  M
C = P(M) = P(15) = 153 mod 33 = 9
To decrypting: M = Cd mod n
M = 97 mod 33 = 15.
http://sci.vu.edu.au/~drw/scriptlets/r
sa.html
26
Issue??
The n is 33. there are 0-32 n’s maps to a unique
code C in the same range in a sort of random
manner. In this case, we have 9 values of m to
the same value of C – these are know as
unconcealed message.
We always have the issue of M=0 or M = 1 no
matter how large n is . However, in practice,
higher values shouldn’t be a problem when we
use large values of n.
27
RSA Conclusion
Bigger is Better: In practice, large values for p and q
should be used to create keys of about 100 digits, or
even more. The larger the key strings are, the more
difficult
By convenient accident, the program doesn’t echo the
values of p and q. That is just as well, because those two
numbers must never be revealed. After you have your
key numbers, you no longer need p and q, so all traces
of those two numbers can and probably should be
erased.
To do the encryption (C = me mod n) is very easy, but it
is very difficult to decrypt M = cd mod n.
28
QUESTIONS
&
ANSWERS
29