Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Similar documents
Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

1. Algebra 1.7. Prime numbers

Lecture 7: Fingerprinting. David Woodruff Carnegie Mellon University

Cryptography: Joining the RSA Cryptosystem

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

CSC 373: Algorithm Design and Analysis Lecture 30

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Applied Cryptography and Computer Security CSE 664 Spring 2018

THE SOLOVAY STRASSEN TEST

Lecture 31: Miller Rabin Test. Miller Rabin Test

CPSC 467b: Cryptography and Computer Security

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Factorization & Primality Testing

Ma/CS 6a Class 4: Primality Testing

CPSC 467b: Cryptography and Computer Security

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Advanced Algorithms and Complexity Course Project Report

Lecture 11 - Basic Number Theory.

Lecture 6: Deterministic Primality Testing

Primality Testing- Is Randomization worth Practicing?

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

Primality testing: then and now

1 Rabin Squaring Function and the Factoring Assumption

Lecture 2: Randomized Algorithms

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Primes and Factorization

The running time of Euclid s algorithm

CSE 521: Design and Analysis of Algorithms I

Discrete Math, Fourteenth Problem Set (July 18)

THE MILLER RABIN TEST

The power and weakness of randomness (when you are short on time) Avi Wigderson Institute for Advanced Study

Ma/CS 6a Class 4: Primality Testing

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

10 Concrete candidates for public key crypto

Lecture 6: Cryptanalysis of public-key algorithms.,

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Introduction to Public-Key Cryptosystems:

Primality testing: then and now

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

EFFICIENTLY CERTIFYING NON-INTEGER POWERS

CSCI Honor seminar in algorithms Homework 2 Solution

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

conp = { L L NP } (1) This problem is essentially the same as SAT because a formula is not satisfiable if and only if its negation is a tautology.

Correctness, Security and Efficiency of RSA

Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

Randomized Complexity Classes; RP

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

Basic Algorithms in Number Theory

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

PAC Learning. prof. dr Arno Siebes. Algorithmic Data Analysis Group Department of Information and Computing Sciences Universiteit Utrecht

About complexity. We define the class informally P in the following way:

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

The Complexity Classes NP-Hard, BPP.

Algorithms (II) Yu Yu. Shanghai Jiaotong University

About complexity. Number theoretical algorithms

Needles, haystacks and optimal designs

Theoretical Cryptography, Lecture 13

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Katz, Lindell Introduction to Modern Cryptrography

The Geometric Distribution

CSE525: Randomized Algorithms and Probabilistic Analysis April 2, Lecture 1

Chapter 1 Divide and Conquer Polynomial Multiplication Algorithm Theory WS 2015/16 Fabian Kuhn

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

IRREDUCIBILITY TESTS IN F p [T ]

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

WXML Final Report: AKS Primality Test

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

Mid-term Exam Answers and Final Exam Study Guide CIS 675 Summer 2010

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Chapter 1 Divide and Conquer Algorithm Theory WS 2016/17 Fabian Kuhn

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

FERMAT S TEST KEITH CONRAD

Uncertainty can be Better than Certainty:

A Monad For Randomized Algorithms

Public Key Cryptography

1 Number Theory Basics

Number Theory A focused introduction

Great Theoretical Ideas in Computer Science

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Lecture Examples of problems which have randomized algorithms

(x 1 +x 2 )(x 1 x 2 )+(x 2 +x 3 )(x 2 x 3 )+(x 3 +x 1 )(x 3 x 1 ).

Primes go Quantum: there is entanglement in the primes

Cryptography IV: Asymmetric Ciphers

Randomness. What next?

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

PRIME NUMBERS YANKI LEKILI

Aspect of Prime Numbers in Public Key Cryptosystem

CS483 Design and Analysis of Algorithms

Postmodern Primality Proving

Transcription:

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Randomization Randomized Algorithm: An algorithm that uses (or can use) random coin flips in order to make decisions We will see: randomization can be a powerful tool to Make algorithms faster Make algorithms simpler Make the analysis simpler Sometimes it s also the opposite Allow to solve problems (efficiently) that cannot be solved (efficiently) without randomization True in some computational models (e.g., for distributed algorithms) Not clear in the standard sequential model Algorithm Theory, WS 2012/13 Fabian Kuhn 2

Contention Resolution A simple starter example (from distributed computing) Allows to introduce important concepts and to repeat some basic probability theory Setting: processes, 1 resource (e.g., shared database, communication channel, ) There are time slots 1,2,3, In each time slot, only one client can access the resource All clients need to regularly access the resource If client tries to access the resource in slot : Successful iff no other client tries to access the resource in slot Algorithm Theory, WS 2012/13 Fabian Kuhn 3

Algorithm Algorithm Ideas: Accessing the resource deterministically seems hard need to make sure that processes access the resource at different times or at least: often only a single process tries to access the resource Randomized solution: In each time slot, each process tries with probability. Analysis: How large should be? How long does it take until some process succeeds? How long does it take until all processes succeed? What are the probabilistic guarantees? Algorithm Theory, WS 2012/13 Fabian Kuhn 4

Analysis Events:, : process tries to access the resource in time slot Complementary event:, P,, P, 1, : process is successful in time slot,,, Success probability (for process ): Algorithm Theory, WS 2012/13 Fabian Kuhn 5

Fixing P, 1 is maximized for P, 1 11. Asymptotics: For 2: 1 4 11 1 11 1 2 Success probability: P, Algorithm Theory, WS 2012/13 Fabian Kuhn 6

Time Until First Success Random Variable : if proc. is successful in slot for the first time Distribution: is geometrically distributed with parameter P, 1 11 Expected time until first success: 1. Algorithm Theory, WS 2012/13 Fabian Kuhn 7

Time Until First Success Failure Event, : Process does not succeed in time slots 1,, The events, are independent for different : P, P, P, 1 1 11 We know that P, : P, 1 1 Algorithm Theory, WS 2012/13 Fabian Kuhn 8

Time Until First Success No success by time : P, : P, Generally if Θ: constant success probability ln: P, For success probability 1, we need Θ log. We say that succeeds with high probability in log time. Algorithm Theory, WS 2012/13 Fabian Kuhn 9

Time Until All Processes Succeed Event : some process has not succeeded by time, Union Bound: For events,,, P P Probability that not all processes have succeeded by time : P P, P,. Algorithm Theory, WS 2012/13 Fabian Kuhn 10

Time Until All Processes Succeed Claim: With high probability, all processes succeed in the first log time slots. Proof: P / Set 1 ln Remark: Θ log time slots are necessary for all processes to succeed with reasonable probability Algorithm Theory, WS 2012/13 Fabian Kuhn 11

Primality Testing Problem: Given a natural number 2, is a prime number? Simple primality test: 1. if is even then 2. return 2 3. for 1to 2 do 4. if 2 1 divides then 5. return false 6. return true Running time: Algorithm Theory, WS 2012/13 Fabian Kuhn 12

A Better Algorithm? How can we test primality efficiently? We need a little bit of basic number theory Square Roots of Unity: In, where is a prime, the only solutions of the equation 1 mod are 1 mod If we find an 1 mod such that 1 mod, we can conclude that is not a prime. Algorithm Theory, WS 2012/13 Fabian Kuhn 13

Algorithm Idea Claim: Let 2be a prime number such that 12 for an integer 0and some odd integer 3. Then for all, 1 mod 1 mod for some 0. Proof: Fermat s Little Theorem: Given a prime number, : 1 mod Algorithm Theory, WS 2012/13 Fabian Kuhn 14

Primality Test We have: If is an odd prime and 12 for an integer 0 and an odd integer 3. Then for all 1,,1, 1 mod 1 mod for some 0. Idea: If we find an 1,,1such that 1 mod 1 mod for all 0, we can conclude that is not a prime. For every odd composite 2, at least of all possible satisfy the above condition How can we find such a witness efficiently? Algorithm Theory, WS 2012/13 Fabian Kuhn 15

Miller Rabin Primality Test Given a natural number 2, is a prime number? Miller Rabin Test: 1. if is even then return 2 2. compute, such that 12 ; 3. choose 2,,2uniformly at random; 4. mod ; 5. if 1or 1then return true; 6. for 1to 1do 7. mod ; 8. if 1then return true; 9. return false; Algorithm Theory, WS 2012/13 Fabian Kuhn 16

Analysis Theorem: If is prime, the Miller Rabin test always returns true. If is composite, the Miller Rabin test returns false with probability at least. Proof: If is prime, the test works for all values of If is composite, we need to pick a good witness Corollary: If the Miller Rabin test is repeated times, it fails to detect a composite number with probability at most 4. Algorithm Theory, WS 2012/13 Fabian Kuhn 17

Running Time Cost of Modular Arithmetic: Representation of a number : log bits Cost of adding two numbers mod : Cost of multiplying two numbers mod : It s like multiplying degree log polynomials use FFT to compute Algorithm Theory, WS 2012/13 Fabian Kuhn 18

Running Time Cost of exponentiation mod : Can be done using log multiplications Base 2 representation of : 2 Fast exponentiation: 1. 1; 2. for logto 0 do 3. mod ; 4. if 1then mod ; 5. return ; Example: 22 10110 Algorithm Theory, WS 2012/13 Fabian Kuhn 19

Running Time Theorem: One iteration of the Miller Rabin test can be implemented with running time log log log log log log. 1. if is even then return 2 2. compute, such that 12 ; 3. choose 2,,2uniformly at random; 4. mod ; 5. if 1or 1then return true; 6. for 1to 1do 7. mod ; 8. if 1then return true; 9. return false; Algorithm Theory, WS 2012/13 Fabian Kuhn 20

Deterministic Primality Test If a conjecture called the generalized Riemann hypothesis (GRH) is true, the Miller Rabin test can be turned into a polynomialtime, deterministic algorithm It is then sufficient to try all 1,, log It has long not been proven whether a deterministic, polynomial time algorithm exist In 2002, Agrawal, Kayal, and Saxena gave an log time deterministic algorithm Has been improved to log In practice, the randomized Miller Rabin test is still the fastest algorithm Algorithm Theory, WS 2012/13 Fabian Kuhn 21

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback