Arithmetic Algorithms, Part 1

Similar documents
Algorithms (II) Yu Yu. Shanghai Jiaotong University

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

CSE20: Discrete Mathematics

Number Theory Basics Z = {..., 2, 1, 0, 1, 2,...} For, b Z, we say that divides b if z = b for some. Notation: b Fact: for all, b, c Z:

Homework 3, solutions

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

8 Primes and Modular Arithmetic

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Ch 4.2 Divisibility Properties

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

The following is an informal description of Euclid s algorithm for finding the greatest common divisor of a pair of numbers:

Greatest Common Divisor MATH Greatest Common Divisor. Benjamin V.C. Collins, James A. Swenson MATH 2730

5: The Integers (An introduction to Number Theory)

Finite Fields. Mike Reiter

NOTES ON SIMPLE NUMBER THEORY

CS483 Design and Analysis of Algorithms

Basic elements of number theory

Basic elements of number theory

The Euclidean Algorithm and Multiplicative Inverses

2. THE EUCLIDEAN ALGORITHM More ring essentials

Mathematics for Computer Science Exercises for Week 10

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Basic Algorithms in Number Theory

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Inverses. Today: finding inverses quickly. Euclid s Algorithm. Runtime. Euclid s Extended Algorithm.

Homework #2 solutions Due: June 15, 2012

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Introduction to Public-Key Cryptosystems:

Induction. Induction. Induction. Induction. Induction. Induction 2/22/2018

An Algorithm for Prime Factorization

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Lecture Notes. Advanced Discrete Structures COT S

Proof 1: Using only ch. 6 results. Since gcd(a, b) = 1, we have

CPSC 467: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

CS250: Discrete Math for Computer Science

CSC 474 Information Systems Security

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

Fall 2017 Test II review problems

MATH FINAL EXAM REVIEW HINTS

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Number Theory Proof Portfolio

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

MONOALPHABETIC CIPHERS AND THEIR MATHEMATICS. CIS 400/628 Spring 2005 Introduction to Cryptography

Mathematical Foundations of Cryptography

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Rings and modular arithmetic

4 Powers of an Element; Cyclic Groups

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

D-MATH Algebra I HS18 Prof. Rahul Pandharipande. Solution 1. Arithmetic, Zorn s Lemma.

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Chapter 5.1: Induction

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Elementary Properties of the Integers

CHAPTER 4: EXPLORING Z

Course: CS1050c (Fall '03) Homework2 Solutions Instructor: Prasad Tetali TAs: Kim, Woo Young: Deeparnab Chakrabarty:

Discrete Mathematics GCD, LCM, RSA Algorithm

Chapter 4 Finite Fields

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

The Fundamental Theorem of Arithmetic

1 Overview and revision

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

2.5 정수와알고리즘 (Integers and Algorithms)

Divisibility in the Fibonacci Numbers. Stefan Erickson Colorado College January 27, 2006

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers

Arithmetic and Algebra

Base-b representations of integers. (b 진법표현 ) Algorithms for computer arithmetic: Euclidean algorithm for finding GCD s.

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Elementary Number Theory Review. Franz Luef

Computational Complexity - Pseudocode and Recursions

Intermediate Math Circles February 26, 2014 Diophantine Equations I

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Numbers. Çetin Kaya Koç Winter / 18

Fall 2015 Lecture 14: Modular congruences. cse 311: foundations of computing

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Chapter 5: The Integers

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Lecture 11: Number Theoretic Assumptions

Lecture 3.1: Public Key Cryptography I

Basic Algorithms in Number Theory

4. Number Theory (Part 2)

Chapter 2. Divisibility. 2.1 Common Divisors

Lecture 8: Number theory

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

18 Divisibility. and 0 r < d. Lemma Let n,d Z with d 0. If n = qd+r = q d+r with 0 r,r < d, then q = q and r = r.

Some Facts from Number Theory

Number theory (Chapter 4)

Lecture 4: Number theory

Lecture 10: HMAC and Number Theory

Introduction to Cryptology. Lecture 19

Transcription:

Arithmetic Algorithms, Part 1 DPV Chapter 1 Jim Royer EECS January 18, 2019 Royer Arithmetic Algorithms, Part 1 1/ 15

Multiplication à la Français function multiply(a, b) // input: two n-bit integers a and b with b 0 // output: a b if b = 0 then return 0 c multiply(a, b/2 ) if b is even then return (2 c) else return (a + 2 c) Correctness A proof by induction on b. Base Case: b = 0. Then multiply(a, b) = 0, which is correct. Induction Step: b > 0. (IH = Induction Hypothesis) IH: multiply(a, b ) = a b for b = 0,..., b 1. By the IH, c = a b/2 Case: b is even. Then: Case: b is odd. Then: (2 c) = 2 (a (b/2)) = a (2 (b/2)). = a b. (a + 2 c) = a + 2 (a b/2 ) = a (2 b/2 + 1) = a b. Royer Arithmetic Algorithms, Part 1 2/ 15

Multiplication à la Français, Continued function multiply(a, b) // input: two n-bit integers a and b with b 0 // output: a b if b = 0 then return 0 c multiply(a, b/2 ) if b is even then return (2 c) else return (a + 2 c) Run-time analysis n recursive calls (b drops by 1-bit in each call). O(n) cost of each step on the recursion. n O(n) = O(n 2 ). (Why?) Royer Arithmetic Algorithms, Part 1 3/ 15

Division Correctness Case a = 0:... Case a even and > 0:... Case a odd:... function divide(a,b) // input: two n-bit integers a and b with a 0 and b > 0 // output: (q, r) where a = q b + r and 0 r < b if a = 0 then return (0, 0) (q, r ) divide( a/2, b) q 2 q r 2 r if a is odd then r r + 1 if r b then r r b; q q + 1 return (q, r) Run-time analysis: Homework problem. On the board. On the board. Exercise for the reader. Royer Arithmetic Algorithms, Part 1 4/ 15

2019-01-18 Arithmetic Algorithms, Part 1 Division Division function divide(a,b) // input: two n-bit integers a and b with a 0 and b > 0 // output: (q, r) where a = q b + r and 0 r < b if a = 0 then return (0, 0) (q, r ) divide( a/2, b) q 2 q r 2 r if a is odd then r r + 1 if r b then r r b; q q + 1 return (q, r) Correctness Case a = 0:... On the board. Case a even and > 0:... On the board. Case a odd:... Exercise for the reader. Run-time analysis: Homework problem. Case a = 0. Then q = r = 0 and a = 0 = 0 b + 0 = q b + r and 0 = r b. Case a > 0 and a is even. Then q = 2q and r = 2r where (q, r ) = divide( a/2, b). IH: For a { 0,..., a 1 }, (q, r ) = divide(a, b) is such that a = q b + r and 0 r < b. Since a/2 < a, the IH applies with a = a/2. Hence, a/2 = q b + r and 0 r < b. Since 2 a/2 = a, a = 2 a/2 = 2q b + 2r and 0 2r < 2b SUBCASE: 2r < b: Then q = 2q and r = 2r and we are done. SUBCASE: 2r b: Then q = 2q + 1 and r = 2r b and we are done.

Modular Arithmetic Definition Suppose a, b, N N. (i) a b def a divides b, i.e., b = k a for some k N. (ii) a b (mod N) def N (a b) a b = k N for some integer k. The substitution rule Suppose a a (mod N) and b b (mod N). Then a + b a + b (mod N) and a b a b (mod N). Modular addition, subtraction, and multiplication Suppose N is n bits long and 0 a, b < N. Then computing (a + b) mod N and (a b) mod N can be done in Θ(n) time. (a b) mod N can be done in Θ(n 2 ) time. Royer Arithmetic Algorithms, Part 1 5/ 15

Modular Exponentiation Exponentiation via repeated squaring 1, if b = 0; a b = (a b/2 ) 2, if b > 0 and even; a (a b/2 ) 2, if b is odd. function modexp(a, b, N) // input: a, b, and N :: three n-bit integers // with 0 a, b and 1 < N // output: a b mod N if b = 0 then return 1 c modexp(a, b/2, N) if b is even then return c 2 mod N else return (a c 2 ) mod N Example: x 1000 via 15 multiplies x 1000 = (x 500 ) 2 x 500 = (x 250 ) 2 x 250 = x (x 125 ) 2 x 125 = x (x 62 ) 2 x 62 = (x 31 ) 2 x 31 = x (x 15 ) 2 x 15 = x (x 7 ) 2 x 7 = x (x 3 ) 2 x 3 = x (x) 2 Royer Arithmetic Algorithms, Part 1 6/ 15

Modular Exponentiation, Continued function modexp(a, b, N) // input: a, b, and N :: three n-bit integers with 0 a, b and 1 < N // output: a b mod N if b = 0 then return 1 c modexp(a, b/2, N) if b is even then return c 2 mod N else return (a c 2 ) mod N Correctness: Easy. Runtime: Let n = the number of bits in max(a, b, N). At most n-many recursive calls. Why? In each call, two or three n-bit numbers are multiplied at cost Θ(n 2 ). n Θ(n 2 ) = Θ(n 3 ). Why? Royer Arithmetic Algorithms, Part 1 7/ 15

Euclid s algorithm for greatest common divisor Definition The greatest common divisor of a and b N is the largest d N such that d divides both a and b. I.E.: gcd(a, b) = max { d d a & d b }. Example 1035 = 3 2 5 23 & 759 = 3 11 23. gcd(1035, 759) = 3 23 = 69. For a > 0, gcd(0, a) = a. gcd(0, 0) = 0 by convention. Euclid s Rule Suppose a, b N +. Then gcd(a, b) = gcd(b, a mod b). Proof on next page Royer Arithmetic Algorithms, Part 1 8/ 15

Euclid s Rule: Suppose a, b N +. Then gcd(a, b) = gcd(b, a mod b). Proof. Recall: gcd(u, v) = def max({ d d u & d v }). Claim 1. If d a & d b, then ( x, y Z) [ d (x a + y b) ]. [Proof on Board] Observe: (a) a = a b b + 1 (a mod b) (b) a mod b = 1 a + ( a b ) b By (a) & Claim 1, gcd(b, a mod b) a. Since gcd(b, a mod b) b, we have: gcd(b, a mod b) gcd(a, b). (Why?) By (b) & Claim 1, gcd(a, b) (a mod b). Since gcd(a, b) b, we have: gcd(a, b) gcd(b, a mod b). (Why?) gcd(a, b) = gcd(b, a mod b). Royer Arithmetic Algorithms, Part 1 9/ 15

Euclid s algorithm, continued Euclid s Rule Suppose a, b N +. Then gcd(a, b) = gcd(b, a mod b). function Euclid(a, b) // Input: integers a and b with a b 0. // Output: the g.c.d. of a and b. if b = 0 then return a else return Euclid(b, a mod b). Correctness. Easy. Royer Arithmetic Algorithms, Part 1 10/ 15

Euclid s algorithm, Runtime analysis function Euclid(a, b) // Input: integers a and b with a b 0. Output: the g.c.d. of a and b. if b = 0 then return a else return Euclid(b, a mod b). Lemma Suppose a b > 0. Then (a mod b) < a/2. Proof. Case: b a/2. Then: (a mod b) < b a/2. Case: b > a/2. Then: (a mod b) = (a b) (a a/2) = a/2. Since Euclid(a, b) = Euclid(b, a mod b) = Euclid(a mod b, b mod (a mod b)) (generally), every two steps the a and b values are at least halved. On n-bit numbers, Euclid stops after 2n recursions. On n-bit numbers, mod (i.e., a division) costs O(n 2 ) 2n O(n 2 ) = O(n 3 ). Royer Arithmetic Algorithms, Part 1 11/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, then gcd(a, b) (xa + yb), Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, then gcd(a, b) (xa + yb), i.e., gcd(a, b) d. Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, then gcd(a, b) (xa + yb), i.e., gcd(a, b) d. Therefore, gcd(a, b) d. Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, then gcd(a, b) (xa + yb), i.e., gcd(a, b) d. Therefore, gcd(a, b) d. Therefore, d = gcd(a, b). Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm Lemma Suppose d a & d b & d = xa + yb for some x, y Z. Then d = gcd(a, b). Proof. Since d a and d b, then d gcd(a, b). Since gcd(a, b) a & gcd(a, b) b, then gcd(a, b) (xa + yb), i.e., gcd(a, b) d. Therefore, gcd(a, b) d. Therefore, d = gcd(a, b). function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Royer Arithmetic Algorithms, Part 1 12/ 15

The extended Euclid algorithm: Base case function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, base case. Base case: b = 0. gcd(a, b) = a & a = 1 a + 0 b. So (1, 0, a) is right. Royer Arithmetic Algorithms, Part 1 13/ 15

The extended Euclid algorithm: Induction Step function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, induction step. Suppose b > 0. IH: extended-euclid(a, b ) is correct for all a and each b = 0,..., b 1. Royer Arithmetic Algorithms, Part 1 14/ 15

The extended Euclid algorithm: Induction Step function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, induction step. Suppose b > 0. IH: extended-euclid(a, b ) is correct for all a and each b = 0,..., b 1. Let (x, y, d) = extended-euclid(b, a mod b). Note: a mod b < b. Royer Arithmetic Algorithms, Part 1 14/ 15

The extended Euclid algorithm: Induction Step function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, induction step. Suppose b > 0. IH: extended-euclid(a, b ) is correct for all a and each b = 0,..., b 1. Let (x, y, d) = extended-euclid(b, a mod b). Note: a mod b < b. So by the IH, gcd(b, a mod b) = d = x b + y (a mod b). Royer Arithmetic Algorithms, Part 1 14/ 15

The extended Euclid algorithm: Induction Step function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, induction step. Suppose b > 0. IH: extended-euclid(a, b ) is correct for all a and each b = 0,..., b 1. Let (x, y, d) = extended-euclid(b, a mod b). Note: a mod b < b. So by the IH, gcd(b, a mod b) = d = x b + y (a mod b). So d = gcd(a, b). (Why?) Royer Arithmetic Algorithms, Part 1 14/ 15

The extended Euclid algorithm: Induction Step function extended-euclid(a, b) // Input: integers a and b with a b 0. // Output: (x, y, d) where d = gcd(a, b) and d = xa + yb. if b = 0 then return (1, 0, a). (x, y, d) = extended-euclid(b, a mod b) return (y, x a/b y, d) Proof of correctness, induction step. Suppose b > 0. IH: extended-euclid(a, b ) is correct for all a and each b = 0,..., b 1. Let (x, y, d) = extended-euclid(b, a mod b). Note: a mod b < b. So by the IH, gcd(b, a mod b) = d = x b + y (a mod b). So d = gcd(a, b). (Why?)... and d = x b + y (a mod b) = x b + y (a a b b) = y a + (x a b y ) b. Royer Arithmetic Algorithms, Part 1 14/ 15

Modular division Definition x is the multiplicative inverse of a mod N when a x 1 (mod N). The inverse might not exist! E.g., 2 1 mod 6 does not exist. Theorem (Modular Division Theorem) Suppose N > 2 and a { 1,..., N 1 }. (a) a has an inverse mod N gcd(a, N) = 1. (b) When a 1 mod N exists, (a 1 mod N) = (x mod N), where (x, y, 1) = extended-euclid(a, N) so that 1 = a x + N y. Royer Arithmetic Algorithms, Part 1 15/ 15

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback