View
33
Download
0
Category
Preview:
DESCRIPTION
UMass Lowell Computer Science 91.503 Analysis of Algorithms Prof. Karen Daniels Fall, 2006. Wednesday, 29 November Number-Theoretic Algorithms Chapter 31. Chapter Dependencies. Ch 31 Number-Theoretic Algorithms RSA. Math: Number Theory. - PowerPoint PPT Presentation
Citation preview
UMass Lowell Computer Science 91.503
Analysis of Algorithms Prof. Karen Daniels
Fall, 2006
UMass Lowell Computer Science 91.503
Analysis of Algorithms Prof. Karen Daniels
Fall, 2006
Wednesday, 29 NovemberWednesday, 29 NovemberNumber-Theoretic AlgorithmsNumber-Theoretic Algorithms
Chapter 31 Chapter 31
Chapter DependenciesChapter Dependencies
Ch 31Number-Theoretic AlgorithmsRSA
Math: Number Theory
You’re responsible for material in this chapter that we discuss in lecture. (Note that this does not include sections 31.8 or 31.9.)
OverviewOverview
Motivation: RSAMotivation: RSA BasicsBasics Euclid’s GCD AlgorithmEuclid’s GCD Algorithm Chinese Remainder TheoremChinese Remainder Theorem Powers of an ElementPowers of an Element RSA DetailsRSA Details
Motivation: RSA
Motivation: RSA
RSA EncryptionRSA Encryption
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.531.5
MMSP AA ))(( MMPS AA ))((
RSA Digital SignatureRSA Digital Signature
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use
'))'(( MMSP AA
?
RSA CryptosystemRSA Cryptosystem
(31.19)(31.19)
(31.26)(31.26)
)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)
encodeencode decodedecode
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
to be explained later….
need efficient ways to compute P(M), S(C)
RSA DependenceRSA Dependence
Correctness:Correctness: Euler’s Euler’s Function Function Fermat’s TheoremFermat’s Theorem Chinese Remainder TheoremChinese Remainder Theorem
Efficiency:Efficiency: Modular ExponentiationModular Exponentiation Primality TestingPrimality Testing
Security:Security: Difficulty of Factoring Large IntegersDifficulty of Factoring Large Integers
)(mod))(())(( nMMSPMPS ed
see chart of result dependencies on next slide (courtesy of Mark Micire)…see chart of result dependencies on next slide (courtesy of Mark Micire)…
Need to show:Need to show:
)(mod nMM ed
Basic Concepts
Basic Concepts
** Indicates that result is on chart of result dependenciesIndicates that result is on chart of result dependencies
Division & RemaindersDivision & Remainders
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.131.1
(3.8)(3.8) **
Equivalence Class Modulo nEquivalence Class Modulo n
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.1)(31.1)
(31.2)(31.2)
Common DivisorsCommon Divisors
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.3)(31.3)
(31.4)(31.4)
(31.5)(31.5)
**
**
Greatest Common DivisorGreatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.6)(31.6)
(31.7)(31.7)
(31.8)(31.8)
(31.9)(31.9)
(31.10)(31.10)
31.231.2
(3.8)(3.8)
(31.4)(31.4)
**
**
Greatest Common DivisorGreatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.331.3
(31.4)(31.4)
31.231.2
31.431.4
**
Relatively Prime IntegersRelatively Prime Integers
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
31.231.2
31.231.2
**
Relatively Prime IntegersRelatively Prime Integers
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.731.7
31.631.6
31.1-631.1-6 **
Greatest Common Divisor
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.931.9
(31.5)(31.5)
(3.8)(3.8)
(31.4)(31.4)
(31.3)(31.3)
(31.4)(31.4)
(31.3)(31.3)
(31.5)(31.5) (31.14)(31.14) (31.15)(31.15)
(31.14)(31.14)
(31.15)(31.15)
**
Euclid’s GCD Algorithm
Euclid’s GCD Algorithm
Euclid’s GCD AlgorithmEuclid’s GCD Algorithm
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
**
Also see Java code on course web Also see Java code on course web sitesite
Extended EuclidExtended Euclid
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.16)(31.16)
31.131.1
**
**
Chinese Remainder Theorem
Chinese Remainder Theorem
Modular ArithmeticModular Arithmetic
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
size of this group is 6size of this group is 6 size of this group is 8size of this group is 8
31.231.2
Additive group mod 6Additive group mod 6 Multiplicative group mod 15Multiplicative group mod 15
}1),gcd(:]{[* naZaZ nnn
elements relatively prime to nelements relatively prime to n
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1231.12
Finite GroupsFinite Groups
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1331.13
31.631.6
31.1231.12
31.2631.26
Euler’s Phi FunctionEuler’s Phi Function
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.19)(31.19) **
Lagrange’s TheoremLagrange’s Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1531.15**
Finite GroupsFinite Groups31.1731.17 **
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.1831.18
31.1931.19
**
**
}1:{ )( kaa k
additive subgroup additive subgroup generated by generated by aa
wherewhere
aaaa k )(
kk
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2031.20
(31.4)(31.4)
**
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2231.22
31.1831.18
31.1831.18
31.2231.22
31.2431.24
**
**
Solving Modular Linear EqSolving Modular Linear Eq
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2631.26
**
**
Chinese Remainder TheoremChinese Remainder Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.23)(31.23)
31.2731.27
(31.23)(31.23)
(31.24)(31.24)
(31.25)(31.25)
(31.26)(31.26)
**
Chinese Remainder TheoremChinese Remainder Theorem
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.2931.29 **
Powers of an Element
Powers of an Element
Theorems of Euler & FermatTheorems of Euler & Fermat
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.3031.30
31.3131.31
**
**
Modular ExponentiationModular Exponentiation
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
**
nab mod
Also see Java code on course web siteAlso see Java code on course web site
RSA Details RSA Details
RSA EncryptionRSA Encryption
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.531.5
MMSP AA ))(( MMPS AA ))((
RSA Digital SignatureRSA Digital Signature
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
31.631.6
assume Alice also sends her name so Bob knows whose public key to useassume Alice also sends her name so Bob knows whose public key to use
'))'(( MMSP AA
?
RSA CryptosystemRSA Cryptosystem
(31.19)(31.19)
(31.26)(31.26)
)(mod)( nMMP e )(mod)( nCCS d(31.35)(31.35) (31.36)(31.36)
encodeencode decodedecode
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
need efficient ways to compute P(M), S(C)
RSA CorrectnessRSA Correctness
source: 91.503 textbook Cormen et al.source: 91.503 textbook Cormen et al.
(31.35)(31.35) (31.36)(31.36)
31.3131.31
31.2931.29
by Thm 31.31 (Fermat)by Thm 31.31 (Fermat)
Recommended