CS40, Wim van Dam, UCSB CS40, Fall 2005 Wim van Dam Room 5109, Engr. I [email protected] vandam

CS40, Wim van Dam, UCSB

CS40, Fall 2005

Wim van Dam

Room 5109, Engr. I

[email protected]

http://www.cs.ucsb.edu/~vandam/


This Week

• This is the last week before the Final.• Today: Applications of the material of the course• Thursday: Overview of Final material and Q&A

Final = ¼ Pre Midterm + ¾ Post Midterm material.

Also:• SP’s office hours: Thursday 3–5pm (Phelps 1413)• Homework will be returned this Thursday in class.


Applications of Mod n Math

Modular arithmetic often combines the discreteness of the integers Z with the easiness of the reals R.

Especially when we are dealing with Zp with p a prime, equations mod p are very “friendly”: just like in R, each nonzero number xZp, has an inverse x–1Zp.

2 applications: RSA cryptography and error correction.


RSA Cryptography

RSA encryption uses mod ncomputations with n=pq and p and q two big, secret primes.

In public, I announce the product n=pq, and another integer e that is co-prime with (p–1)(q–1).

The public can now send me a message x{0,1,…,n–1}encrypted as y = xe (mod n) with y{0,1,…,n–1} (easy).

Knowing p and q, I can recover the original x from y,but if you don’t know p and q, this is very, very hard.


Example of RSA (small case)

Let your secret primes be p=31 and q=41, in combination with the secret exponent d=701.

“Joe public” knows pq=1271 and exponent e=101.

If Joe wants to send you the message “M=57”using your RSA keys, then he sends to you in public:Encr(M) = Me = 57101 = 1246 (mod 1271)

You, on your side, use the secret exponent d=701,to decrypt the received message “1246”: Decr(Encr(M)) = (Encr(M))d = 1246701 = 57 (mod 1271).


Why RSA Works

If it is easy to factorize integers, then RSA is not a secure way of encrypting information.

With pq=n, for all mZn we have m(p–1)(q–1)+1 = m mod n.

Given the encryption me mod n, the secret decryption exponent d is such that (me)d = m mod n for all m(which holds if ed = 1 mod ((p–1)(q–1)).

If you know the primes p and q, then it is easy to findthe d for a given e: decryption is as easy as encryption.Solution: use d = e–1 mod (n–p–q+1)


More Cryptography

Something has to be “difficult in a reliable way” to enable safe encryption.

RSA encryption relies on the computational hardness of factorization of n=pq for ‘arbitrary’ primes p and q.

Other examples: The discrete logarithm problem: Given g and x (mod M), determine r = logg(x) such that gr = x mod M

Also: Elliptic Curve Cryptography


Quantum Computing

Peter Shor (1994): On a working ‘quantum computer’, factorizing and calculating discrete logarithms is easy (= can be done in polynomial time).

The laws of quantum mechanicsare different from the classical laws of logic that are implementedin current computers. The quantumphenomena like interference can be used to perform computations that appear to be very hard on classical computers.


Current Quantum Computing

Making a quantum computer is very difficult: They are very susceptible to noise and errors.

But the pay-off would be significant: breaking cryptographic messages (of the past) is worth a lot to a lot of people.

Currently, the best that hasbe done is factoring 15:(IBM 2001)


Error Correction

How to make reliable devices in an imperfect world?

Example of sending a data stream: How do we check if it has arrived okay?What to do if it has not? (Resending the whole string might be expensive and cost too much time.)

Information theory to the rescue: If we vrite down the infomation in redundent way, then we can deal with a certan amount of erors.


Polynomial Equations Mod p

Calculus: take a degree d polynomial F:F(X) = ad Xd + ad–1Xd–1 + … + a1 X +a0.

Fact for polynomials over R: If I know d+1 different (X,F(X)) values, then I can reliably ‘reconstruct’ F ~ (ad,…,a0).

This also holds for polynomials mod p (with p big enough).

Idea: If I want to send the d+1 values ad,…,a0 Zp,then I can do that by sending d+1 different values F(X).


Dealing with Erasure Errors

Setting: I want to send the d+1 values ad,…,a0 Zp, but sometimes some of the data gets lost in transmission.Instead of (a0, a1, a2, a3) you end up with: (a0, _, a2, a3).

Idea: Encode the a values in a polynomial and send the d+1+e function values: F(0),F(1),F(2),…,F(d+e) Zp

If no more than e values get erased in transmission, then the receiver still has d+1 values F(X) from which she can reconstruct F and hence the desired values ad,…,a0 Zp.

Error correction is closely related with data compression…


Data Compression

Imagine long data strings with (predictable) regularities like pictures, music or written English.

The predictability of English is due to its redundancy, which in turn allows us to compress it:“Imgine long dta strins wth (predctble reglarties)like picures, musc or writtn English.”

Claude Shannon (1948):The Mathematical Theory of Communication


Simple Data Compression à la

A bit string with a ratio of (p,1–p) “0”s and “1”scan be compressed (lossless) to a factor of S(p) = –plog2p – (1–p)log2(1–p) (= entropy).

If the string has (50%,50%) “0”s and “1”s, then no compression is possible: S(½) = 1.

Similar: A string of four symbols “A”, “B”, “C” and “D”, with frequencies (1/2, 1/4, 1/8, 1/8) can be compressed to 7/4 = 1.75 bits per symbol (instead of 2 bits).Take: “A” = “0”, “B”=“10”, “C”=“110” and “D”=“111”


Errors + Compression

Often error correction and data compression are combined. First one compresses the string (lossy or lossless), after which an error correcting scheme is applied.

Examples: audio files (AAC), on-line images (JPEG), space communication (Spirit Rover 2004), and so on.

Behind the use of error correction and compression lies a lot of probability theory and advanced combinatorics.

Documents

CS40, Wim van Dam, UCSB CS40, Fall 2005 Wim van Dam Room 5109, Engr. I [email protected] vandam