cse 311: foundations of computing Spring 2015 Lecture 13: Primes, - - PowerPoint PPT Presentation

▶

Jun 02, 2023 259 likes •487 views

cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses review: repeated squaring Since a mod m a (mod m) for any a we have a 2 mod m = (a mod m) 2 mod m and a 4 mod m = (a 2 mod m) 2 mod m

SLIDE 1

cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses

SLIDE 2

review: repeated squaring

Since

a mod m ≡ a (mod m) for any a we have a2 mod m = (a mod m)2 mod m and a4 mod m = (a2 mod m)2 mod m and a8 mod m = (a4 mod m)2 mod m and a16 mod m = (a8 mod m)2 mod m and a32 mod m = (a16 mod m)2 mod m

Can compute 𝑏𝑙 mod 𝑛 for 𝑙 = 2𝑗 in only 𝑗 steps

SLIDE 3

review: general algorithm

ModPow(a, k, m) should compute 𝑏𝑙 mod 𝑛. If 𝑙 == 0 then return 1 If (𝑙 mod 2 == 0) then return ModPow(𝑏2 mod 𝑛, 𝑙/2, 𝑛) else return (𝑏 × ModPow(𝑏, 𝑙 − 1, 𝑛)) mod 𝑛

𝑙 = 81453 = 10011111000101101 2 = 216 + 213 + 212 + 211 + 210 + 29 + 25 + 23 + 22 + 20

Total # of arithmetic operations ~ 4 × 16 = 64

SLIDE 4

primality An integer p greater than 1 is called prime if the only positive factors of p are 1 and p. A positive integer that is greater than 1 and is not prime is called composite.

SLIDE 5

An integer p greater than 1 is called prime if the only positive factors of p are 1 and p. A positive integer that is greater than 1 and is not prime is called composite.

pr prima imali lity

SLIDE 6

fundame ament nt al al theore rem m of

f ari

rith thmetic ic

Every positive integer greater than 1 has a unique prime factorization

48 = 2 • 2 • 2 • 2 • 3 591 = 3 • 197 45,523 = 45,523 321,950 = 2 • 5 • 5 • 47 • 137 1,234,567,890 = 2 • 3 • 3 • 5 • 3,607 • 3,803

SLIDE 7

f ac actoriza

rization

ion

If 𝑜 is composite, it has a factor of size at most 𝑜.

SLIDE 8

eucl clid id’s s theor

There are an infinite number of primes. Proof by contradiction:

Suppose that there are only a finite number of primes: 𝑞1, 𝑞2, … , 𝑞𝑜

SLIDE 9

f amous

us algori

gorithmic thmic problems

blems
Primality Testing

– Given an integer 𝑜, determine if 𝑜 is prime – Fermat’s little theorem test: If 𝑞 is prime and 𝑏 ≠ 0, then 𝑏𝑞−1 ≡ 1 (mod 𝑞)

Factoring

– Given an integer 𝑜, determine the prime factorization of 𝑜

SLIDE 10

f ac actoring

ring

Factor the following 232 digit number [RSA768]:

123018668453011775513049495838496272077285 356959533479219732245215172640050726365751 874520219978646938995647494277406384592519 255732630345373154826850791702612214291346 167042921431160222124047927473779408066535 1419597459856902143413

SLIDE 11

123018668453011775513049495838496272077285356959533479219 732245215172640050726365751874520219978646938995647494277 406384592519255732630345373154826850791702612214291346167 042921431160222124047927473779408066535141959745985690214 3413 334780716989568987860441698482126908177047949837 137685689124313889828837938780022876147116525317 43087737814467999489 367460436667995904282446337996279526322791581643 430876426760322838157396665112792333734171433968 10270092798736308917

SLIDE 12

grea eate test st com

mon n di divisor isor

GCD(a, b): Largest integer 𝑒 such that 𝑒 ∣ 𝑏 and 𝑒 ∣ 𝑐

– GCD(100, 125) = – GCD(17, 49) = – GCD(11, 66) = – GCD(13, 0) = – GCD(180, 252) =

SLIDE 13

gcd d and and f ac actoring

ring

a = 23 • 3 • 52 • 7 • 11 = 46,200 b = 2 • 32 • 53 • 7 • 13 = 204,750 GCD(a, b) = 2min(3,1) • 3min(1,2) • 5min(2,3) • 7min(1,1) • 11min(1,0) • 13min(0,1)

Factoring is expensive! Can we compute GCD(a,b) without factoring?

SLIDE 14

usef eful ul GCD D f ac act

If 𝑏 and 𝑐 are positive integers, then gcd 𝑏, 𝑐 = gcd(𝑐, 𝑏 mod 𝑐) Proof: By definition 𝑏 = 𝑏 div 𝑐 • 𝑐 + (𝑏 mod 𝑐) If 𝑒 ∣ 𝑏 and 𝑒 ∣ 𝑐 then 𝑒 ∣ 𝑏 mod 𝑐 . If 𝑒 ∣ 𝑐 and 𝑒 ∣ 𝑏 mod 𝑐 then 𝑒 ∣ 𝑏.

SLIDE 15

eucl clid id’s s al algor

rithm

thm

GCD(660,126) Repeatedly use the GCD fact to reduce numbers until you get GCD 𝑦, 0 = 𝑦.

SLIDE 16

GCD(x, y) = GCD(y, x mod y)

int GCD(int a, int b){ /* a >= b, b > 0 */ int tmp; while (b > 0) { tmp = a % b; a = b; b = tmp; } return a; }

Example: GCD(660, 126)

eucl clid id’s s al algor

rithm

thm

SLIDE 17

Bezout

ut’s

s theorem

If a and b are positive integers, then there exist integers s and t such that gcd(a,b) = sa + tb

SLIDE 18

ex exten tended ded eu eucli clidea dean n algori

rithm

thm

Can use Euclid’s Algorithm to find 𝑡, 𝑢 such that

gcd 𝑏, 𝑐 = 𝑡𝑏 + 𝑢𝑐

e.g. gcd(35,27):

35 = 1 • 27 + 8 35 - 1 • 27 = 8 27= 3 • 8 + 3 27- 3 • 8 = 3 8 = 2 • 3 + 2 8 - 2 • 3 = 2 3 = 1 • 2 + 1 3 - 1 • 2 = 1 2 = 2 • 1 + 0

Substitute back from the bottom

1 = 3 - 1 • 2 = 3 – 1 (8 - 2 • 3) = (-1) • 8 + 3 • 3 = (-1) • 8 + 3 (27- 3 • 8 ) = 3 • 27 + (-10) • 8 =

SLIDE 19

mu mul tiplic iplicative e inv nver erse e mod 𝑛

Suppose GCD 𝑏, 𝑛 = 1 By Bézout’s Theorem, there exist integers 𝑡 and 𝑢 such that 𝑡𝑏 + 𝑢𝑛 = 1. 𝑡 mod 𝑛 is the multiplicative inverse of 𝑏: 1 = 𝑡𝑏 + 𝑢𝑛 mod 𝑛 = 𝑡𝑏 mod 𝑛

SLIDE 20

sol

lving

ing mo modu dula lar r equa uatio ions ns

Solving 𝑏𝑦 ≡ 𝑐 (mod 𝑛) for unknown 𝑦 when gcd 𝑏, 𝑛 = 1.

1. Find 𝑡 such that 𝑡𝑏 + 𝑢𝑛 = 1 2. Compute 𝑏−1 = 𝑡 mod 𝑛, the multiplicative inverse of 𝑏 modulo 𝑛 3. Set 𝑦 = 𝑏−1 ⋅ 𝑐 mod 𝑛

SLIDE 21

cse 311: foundations of computing Spring 2015 Lecture 13: Primes, GCDs, modular inverses

review: repeated squaring

Since

a mod m ≡ a (mod m) for any a we have a2 mod m = (a mod m)2 mod m and a4 mod m = (a2 mod m)2 mod m and a8 mod m = (a4 mod m)2 mod m and a16 mod m = (a8 mod m)2 mod m and a32 mod m = (a16 mod m)2 mod m

Can compute 𝑏𝑙 mod 𝑛 for 𝑙 = 2𝑗 in only 𝑗 steps

review: general algorithm

ModPow(a, k, m) should compute 𝑏𝑙 mod 𝑛. If 𝑙 == 0 then return 1 If (𝑙 mod 2 == 0) then return ModPow(𝑏2 mod 𝑛, 𝑙/2, 𝑛) else return (𝑏 × ModPow(𝑏, 𝑙 − 1, 𝑛)) mod 𝑛

Total # of arithmetic operations ~ 4 × 16 = 64

primality An integer p greater than 1 is called prime if the only positive factors of p are 1 and p. A positive integer that is greater than 1 and is not prime is called composite.

An integer p greater than 1 is called prime if the only positive factors of p are 1 and p. A positive integer that is greater than 1 and is not prime is called composite.

pr prima imali lity

fundame ament nt al al theore rem m of

rith thmetic ic

Every positive integer greater than 1 has a unique prime factorization

48 = 2 • 2 • 2 • 2 • 3 591 = 3 • 197 45,523 = 45,523 321,950 = 2 • 5 • 5 • 47 • 137 1,234,567,890 = 2 • 3 • 3 • 5 • 3,607 • 3,803

f ac actoriza

ion

If 𝑜 is composite, it has a factor of size at most 𝑜.

eucl clid id’s s theor

There are an infinite number of primes. Proof by contradiction:

Suppose that there are only a finite number of primes: 𝑞1, 𝑞2, … , 𝑞𝑜

f amous

gorithmic thmic problems

– Given an integer 𝑜, determine if 𝑜 is prime – Fermat’s little theorem test: If 𝑞 is prime and 𝑏 ≠ 0, then 𝑏𝑞−1 ≡ 1 (mod 𝑞)

– Given an integer 𝑜, determine the prime factorization of 𝑜

f ac actoring

Factor the following 232 digit number [RSA768]:

123018668453011775513049495838496272077285 356959533479219732245215172640050726365751 874520219978646938995647494277406384592519 255732630345373154826850791702612214291346 167042921431160222124047927473779408066535 1419597459856902143413

grea eate test st com

mon n di divisor isor

GCD(a, b): Largest integer 𝑒 such that 𝑒 ∣ 𝑏 and 𝑒 ∣ 𝑐

– GCD(100, 125) = – GCD(17, 49) = – GCD(11, 66) = – GCD(13, 0) = – GCD(180, 252) =

gcd d and and f ac actoring

Factoring is expensive! Can we compute GCD(a,b) without factoring?

usef eful ul GCD D f ac act

If 𝑏 and 𝑐 are positive integers, then gcd 𝑏, 𝑐 = gcd(𝑐, 𝑏 mod 𝑐) Proof: By definition 𝑏 = 𝑏 div 𝑐 • 𝑐 + (𝑏 mod 𝑐) If 𝑒 ∣ 𝑏 and 𝑒 ∣ 𝑐 then 𝑒 ∣ 𝑏 mod 𝑐 . If 𝑒 ∣ 𝑐 and 𝑒 ∣ 𝑏 mod 𝑐 then 𝑒 ∣ 𝑏.

eucl clid id’s s al algor

thm

GCD(660,126) Repeatedly use the GCD fact to reduce numbers until you get GCD 𝑦, 0 = 𝑦.

GCD(x, y) = GCD(y, x mod y)

eucl clid id’s s al algor

thm

Bezout

s theorem

If a and b are positive integers, then there exist integers s and t such that gcd(a,b) = sa + tb

ex exten tended ded eu eucli clidea dean n algori

thm

gcd 𝑏, 𝑐 = 𝑡𝑏 + 𝑢𝑐

35 = 1 • 27 + 8 35 - 1 • 27 = 8 27= 3 • 8 + 3 27- 3 • 8 = 3 8 = 2 • 3 + 2 8 - 2 • 3 = 2 3 = 1 • 2 + 1 3 - 1 • 2 = 1 2 = 2 • 1 + 0

1 = 3 - 1 • 2 = 3 – 1 (8 - 2 • 3) = (-1) • 8 + 3 • 3 = (-1) • 8 + 3 (27- 3 • 8 ) = 3 • 27 + (-10) • 8 =

mu mul tiplic iplicative e inv nver erse e mod 𝑛

Suppose GCD 𝑏, 𝑛 = 1 By Bézout’s Theorem, there exist integers 𝑡 and 𝑢 such that 𝑡𝑏 + 𝑢𝑛 = 1. 𝑡 mod 𝑛 is the multiplicative inverse of 𝑏: 1 = 𝑡𝑏 + 𝑢𝑛 mod 𝑛 = 𝑡𝑏 mod 𝑛

sol

ing mo modu dula lar r equa uatio ions ns

Solving 𝑏𝑦 ≡ 𝑐 (mod 𝑛) for unknown 𝑦 when gcd 𝑏, 𝑛 = 1.

1. Find 𝑡 such that 𝑡𝑏 + 𝑢𝑛 = 1 2. Compute 𝑏−1 = 𝑡 mod 𝑛, the multiplicative inverse of 𝑏 modulo 𝑛 3. Set 𝑦 = 𝑏−1 ⋅ 𝑐 mod 𝑛

example ample

Solve: 7𝑦 ≡ 1 (mod 26)