UMass Lowell Computer Science 91.503
Analysis of Algorithms
Prof. Karen Daniels
Fall, 2006
Wednesday, 29 November
Number-Theoretic Algorithms
Chapter 31
Chapter Dependencies
Math: Number
Theory
Ch 31
Number-Theoretic Algorithms
RSA
You’re responsible for material in
this chapter that we discuss in
lecture. (Note that this does not
include sections 31.8 or 31.9.)
Overview
Motivation: RSA
 Basics
 Euclid’s GCD Algorithm
 Chinese Remainder Theorem
 Powers of an Element
 RSA Details

Motivation: RSA
RSA Encryption
31.5
PA (S A (M ))  M
S A ( PA (M ))  M
source: 91.503 textbook Cormen et al.
RSA Digital Signature
PA (S A (M ' ))  M '
?
31.6
assume Alice also sends her name so Bob knows whose public key to use
source: 91.503 textbook Cormen et al.
RSA Cryptosystem
source: 91.503 textbook Cormen et al.
to be explained later….
(31.19)
(31.26)
P( M )  M e (mod n)
encode
(31.35)
S (C )  C d (mod n)
need efficient ways to compute P(M), S(C)
decode
(31.36)
RSA Dependence

Correctness:




Euler’s f Function
Fermat’s Theorem
Chinese Remainder Theorem
Need to show:
M ed  M (mod n)
Efficiency:



S ( P(M ))  P(S (M ))  M ed (mod n)
Modular Exponentiation
Primality Testing
Security:

Difficulty of Factoring Large Integers
see chart of result dependencies on next slide (courtesy of Mark Micire)…
Basic Concepts
* Indicates that result is on chart of result dependencies
Division & Remainders
31.1
(3.8)
*
source: 91.503 textbook Cormen et al.
Equivalence Class Modulo n
(31.1)
(31.2)
source: 91.503 textbook Cormen et al.
Common Divisors
(31.3)
(31.4)
*
(31.5)
*
source: 91.503 textbook Cormen et al.
Greatest Common Divisor
(31.6)
(31.7)
(31.8)
(31.9)
*
(31.10)
31.2
*
(3.8)
(31.4)
source: 91.503 textbook Cormen et al.
Greatest Common Divisor
31.3
*
(31.4)
31.2
31.4
source: 91.503 textbook Cormen et al.
Relatively Prime Integers
31.6
*
31.2
31.2
source: 91.503 textbook Cormen et al.
Relatively Prime Integers
31.7
31.6
31.1-6
*
source: 91.503 textbook Cormen et al.
Greatest Common Divisor
*
31.9
(31.5)
(3.8)
(31.4)
(31.3)
(31.14)
(31.4)
(31.3)
(31.15)
(31.5)
(31.14)
(31.15)
source: 91.503 textbook Cormen et al.
Euclid’s GCD Algorithm
Euclid’s GCD Algorithm
*
Also see Java code on course web site
source: 91.503 textbook Cormen et al.
Extended Euclid
(31.16)
*
*
31.1
source: 91.503 textbook Cormen et al.
Chinese Remainder Theorem
Modular Arithmetic
source: 91.503 textbook Cormen et al.
Finite Groups
Additive group mod 6
Multiplicative group mod 15
31.2
size of this group is 6
size of this group is 8
source: 91.503 textbook Cormen et al.
Z n *  {[ a]n  Z n : gcd( a, n)  1}
elements relatively prime to n
Finite Groups
31.12
source: 91.503 textbook Cormen et al.
Finite Groups
31.13
31.6
31.12
31.26
source: 91.503 textbook Cormen et al.
Euler’s Phi Function
(31.19)
*
source: 91.503 textbook Cormen et al.
Lagrange’s Theorem
31.15
*
source: 91.503 textbook Cormen et al.
Finite Groups
31.17
*
additive subgroup
generated by a
a  {a( k ) : k  1}
31.18
*
where
a(k )  a  a    a
31.19
k
*
source: 91.503 textbook Cormen et al.
Solving Modular Linear Eq
31.20
*
(31.4)
source: 91.503 textbook Cormen et al.
Solving Modular Linear Eq
31.22
*
31.24
*
31.18
31.18
31.22
source: 91.503 textbook Cormen et al.
Solving Modular Linear Eq
*
31.26
*
source: 91.503 textbook Cormen et al.
Chinese Remainder Theorem
31.27
*
(31.23)
(31.23)
(31.24)
(31.25)
(31.26)
source: 91.503 textbook Cormen et al.
Chinese Remainder Theorem
31.29
*
source: 91.503 textbook Cormen et al.
Powers of an Element
Theorems of Euler & Fermat
31.30
31.31
*
*
source: 91.503 textbook Cormen et al.
Modular Exponentiation
a b mod n
*
Also see Java code on course web site
source: 91.503 textbook Cormen et al.
RSA Details
RSA Encryption
31.5
PA (S A (M ))  M
S A ( PA (M ))  M
source: 91.503 textbook Cormen et al.
RSA Digital Signature
PA (S A (M ' ))  M '
?
31.6
assume Alice also sends her name so Bob knows whose public key to use
source: 91.503 textbook Cormen et al.
RSA Cryptosystem
source: 91.503 textbook Cormen et al.
(31.19)
(31.26)
P( M )  M e (mod n)
encode
(31.35)
S (C )  C d (mod n)
need efficient ways to compute P(M), S(C)
decode
(31.36)
RSA Correctness
(31.35)
(31.36)
31.31
by Thm 31.31 (Fermat)
31.29
source: 91.503 textbook Cormen et al.