Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Similar documents
Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

Lecture 7: Fingerprinting. David Woodruff Carnegie Mellon University

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

1. Algebra 1.7. Prime numbers

Cryptography: Joining the RSA Cryptosystem

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Applied Cryptography and Computer Security CSE 664 Spring 2018

CPSC 467b: Cryptography and Computer Security

CSC 373: Algorithm Design and Analysis Lecture 30

Lecture 31: Miller Rabin Test. Miller Rabin Test

CPSC 467b: Cryptography and Computer Security

THE SOLOVAY STRASSEN TEST

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Ma/CS 6a Class 4: Primality Testing

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Advanced Algorithms and Complexity Course Project Report

Primality Testing- Is Randomization worth Practicing?

Lecture 2: Randomized Algorithms

CSCI Honor seminar in algorithms Homework 2 Solution

Factorization & Primality Testing

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

1 Rabin Squaring Function and the Factoring Assumption

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Lecture 11 - Basic Number Theory.

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

Lecture 6: Deterministic Primality Testing

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Discrete Math, Fourteenth Problem Set (July 18)

Ma/CS 6a Class 4: Primality Testing

Primality testing: then and now

THE MILLER RABIN TEST

10 Concrete candidates for public key crypto

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Primes and Factorization

The running time of Euclid s algorithm

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

CSE 521: Design and Analysis of Algorithms I

Basic Algorithms in Number Theory

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

EFFICIENTLY CERTIFYING NON-INTEGER POWERS

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

About complexity. Number theoretical algorithms

The power and weakness of randomness (when you are short on time) Avi Wigderson Institute for Advanced Study

Introduction to Public-Key Cryptosystems:

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Algorithms (II) Yu Yu. Shanghai Jiaotong University

Primality testing: then and now

Chapter 1 Divide and Conquer Algorithm Theory WS 2016/17 Fabian Kuhn

Correctness, Security and Efficiency of RSA

Theoretical Cryptography, Lecture 13

About complexity. We define the class informally P in the following way:

conp = { L L NP } (1) This problem is essentially the same as SAT because a formula is not satisfiable if and only if its negation is a tautology.

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Mid-term Exam Answers and Final Exam Study Guide CIS 675 Summer 2010

Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Lecture 6: Cryptanalysis of public-key algorithms.,

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

PRIME NUMBERS YANKI LEKILI

Randomized Complexity Classes; RP

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

PAC Learning. prof. dr Arno Siebes. Algorithmic Data Analysis Group Department of Information and Computing Sciences Universiteit Utrecht

The Geometric Distribution

The Complexity Classes NP-Hard, BPP.

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture Examples of problems which have randomized algorithms

Introduction to Cryptology. Lecture 20

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

CSE525: Randomized Algorithms and Probabilistic Analysis April 2, Lecture 1

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

Chapter 1 Divide and Conquer Polynomial Multiplication Algorithm Theory WS 2015/16 Fabian Kuhn

(x 1 +x 2 )(x 1 x 2 )+(x 2 +x 3 )(x 2 x 3 )+(x 3 +x 1 )(x 3 x 1 ).

Uncertainty can be Better than Certainty:

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

IRREDUCIBILITY TESTS IN F p [T ]

HMMT February 2018 February 10, 2018

Problem Set 2. Assigned: Mon. November. 23, 2015

A Monad For Randomized Algorithms

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Lecture Prelude: Agarwal-Biswas Probabilistic Testing

Theoretical Cryptography, Lecture 10

Elliptic curves: Theory and Applications. Day 3: Counting points.

CPSC 467b: Cryptography and Computer Security

Needles, haystacks and optimal designs

U.C. Berkeley CS174: Randomized Algorithms Lecture Note 12 Professor Luca Trevisan April 29, 2003

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

Great Theoretical Ideas in Computer Science

Introduction to Modern Cryptography. Benny Chor

Postmodern Primality Proving

Space Complexity of Algorithms

Transcription:

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Randomization Randomized Algorithm: An algorithm that uses (or can use) random coin flips in order to make decisions We will see: randomization can be a powerful tool to Make algorithms faster Make algorithms simpler Make the analysis simpler Sometimes it s also the opposite Allow to solve problems (efficiently) that cannot be solved (efficiently) without randomization True in some computational models (e.g., for distributed algorithms) Not clear in the standard sequential model Algorithm Theory, WS 2017/18 Fabian Kuhn 2

Contention Resolution A simple starter example (from distributed computing) Allows to introduce important concepts and to repeat some basic probability theory Setting: n processes, 1 resource (e.g., communication channel, shared database, ) There are time slots 1,2,3, In each time slot, only one client can access the resource All clients need to regularly access the resource If client i tries to access the resource in slot t: Successful iff no other client tries to access the resource in slot t Algorithm Theory, WS 2017/18 Fabian Kuhn 3

Algorithm Algorithm Ideas: Accessing the resource deterministically seems hard need to make sure that processes access the resource at different times or at least: often only a single process tries to access the resource Randomized solution: In each time slot, each process tries with probability p. Analysis: How large should p be? How long does it take until some process i succeeds? How long does it take until all processes succeed? What are the probabilistic guarantees? Algorithm Theory, WS 2017/18 Fabian Kuhn 4

Analysis Events: A x,t : process x tries to access the resource in time slot t Complementary event: A x,t P A x,t = p, P A x,t = 1 p S x,t : process x is successful in time slot t S x,t = A x,t ሩ y x A y,t Success probability (for process x): Algorithm Theory, WS 2017/18 Fabian Kuhn 5

Fixing p P S x,t = p 1 p n 1 is maximized for p = 1 P S n x,t = 1 n 1 1 n n 1. Asymptotics: For n 2: 1 4 1 1 n n < 1 e < 1 1 n n 1 1 2 Success probability: 1 en < P S x,t 1 2n Algorithm Theory, WS 2017/18 Fabian Kuhn 6

Time Until First Success Random Variable T i : T i = t if proc. i is successful in slot t for the first time Distribution: T i is geometrically distributed with parameter q = P S i,t = 1 n 1 1 n Expected time until first success: n 1 > 1 en. E T i = 1 q < en Algorithm Theory, WS 2017/18 Fabian Kuhn 7

Time Until First Success Failure Event F x,t : Process x does not succeed in time slots 1,, t The events S x,t are independent for different t: P F x,t = P ሩ t r=1 S x,r t t = P S x,r = 1 P S x,r r=1 We know that P S x,r > 1 Τen: P F x,t < 1 1 en t < e t en Algorithm Theory, WS 2017/18 Fabian Kuhn 8

Time Until First Success No success by time t: P F x,t < e t Τen t = en : P F x,t < 1 Τe Generally if t = Θ(n): constant success probability t en c ln n: P F x,t < 1 e c ln n = 1 Τn c For success probability 1 1 Τn c, we need t = Θ(n log n). We say that i succeeds with high probability in O(n log n) time. Algorithm Theory, WS 2017/18 Fabian Kuhn 9

Time Until All Processes Succeed Event F t : some process has not succeeded by time t n F t = ራ x=1 Union Bound: For events E 1,, E k, F x,t k k P ራ E x P E x x x Probability that not all processes have succeeded by time t: n P F t = P ራ x=1 F x,t n x=1 P F x,t < n e t en. Algorithm Theory, WS 2017/18 Fabian Kuhn 10

Time Until All Processes Succeed Claim: With high probability, all processes succeed in the first O n log n time slots. Proof: P F t < n e t/en Set t = en c + 1 ln n Remark: Θ n log n time slots are necessary for all processes to succeed with reasonable probability Algorithm Theory, WS 2017/18 Fabian Kuhn 11

Expected Time Until All Processes Succeed Claim: In expectation, the time until all processes succeed at least once is Θ n log n. Proof: Random variables T i : time until exactly 0 i n different processes have succeeded Goal: Compute E[T n ] Random variable Δ i T i T i 1 Δ i measures the number of rounds needed for the i th process to succeed after exactly i 1 processes have succeeded We can express T n as a function of the Δ i random variables: T n = Δ 1 + Δ 2 + + Δ n Algorithm Theory, WS 2017/18 Fabian Kuhn 12

Expected Time Until All Processes Succeed Claim: In expectation, the time until all processes succeed at least once is Θ n log n. Distribution of Δ i? Recall that 1 en < P S x,t 1 2n Event S t : some new process is successful in round t Assume that exactly i 1 processes have been successful so far q i P S t "exactly i 1 succ. proc. before round t" Algorithm Theory, WS 2017/18 Fabian Kuhn 13

Expected Time Until All Processes Succeed Claim: In expectation, the time until all processes succeed at least once is Θ n log n. Distribution of Δ i? q i P S t "exactly i 1 succ. proc. before round t" Δ i is geometrically distributed with parameter q i Algorithm Theory, WS 2017/18 Fabian Kuhn 14

Expected Time Until All Processes Succeed Claim: In expectation, the time until all processes succeed at least once is Θ n log n. Recall we need E T n, where T n = Δ 1 + Δ 2 + + Δ n Algorithm Theory, WS 2017/18 Fabian Kuhn 15

Primality Testing Problem: Given a natural number n 2, is n a prime number? Simple primality test: 1. if n is even then 2. return n = 2 3. for i 1 to Τ n 2 do 4. if 2i + 1 divides n then 5. return false 6. return true Running time: O n Algorithm Theory, WS 2017/18 Fabian Kuhn 16

A Better Algorithm? How can we test primality efficiently? We need a little bit of basic number theory Square Roots of Unity: In Z p, where p is a prime, the only solutions of the equation x 2 1 (mod p) are x ±1 (mod p) If we find an x ±1 (mod n) such that x 2 1 (mod n), we can conclude that n is not a prime. Algorithm Theory, WS 2017/18 Fabian Kuhn 17

Algorithm Idea Claim: Let p > 2 be a prime number such that p 1 = 2 s d for an integer s 1 and some odd integer d 3. Then for all a Z p, a d 1 mod p or a 2rd 1 mod p for some 0 r < s. Proof: Fermat s Little Theorem: Given a prime number p, a Z p : a p 1 1 (mod p) Algorithm Theory, WS 2017/18 Fabian Kuhn 18

Primality Test We have: If n is an odd prime and n 1 = 2 s d for an integer s 1 and an odd integer d 3. Then for all a {1,, n 1}, a d 1 mod n or a 2rd 1 mod n for some 0 r < s. Idea: If we find an a {1,, n 1} such that a d 1 mod n and a 2rd 1 mod n for all 0 r < s, we can conclude that n is not a prime. For every odd composite n > 2, at least 3 Τ4 of all possible a satisfy the above condition How can we find such a witness a efficiently? Algorithm Theory, WS 2017/18 Fabian Kuhn 19

Miller-Rabin Primality Test Given a natural number n 2, is n a prime number? Miller-Rabin Test: 1. if n is even then return n = 2 2. compute s, d such that n 1 = 2 s d; 3. choose a {2,, n 2} uniformly at random; 4. x a d mod n; 5. if x = 1 or x = n 1 then return probably prime; 6. for r 1 to s 1 do 7. x x 2 mod n; 8. if x = n 1 then return probably prime; 9. return composite; Algorithm Theory, WS 2017/18 Fabian Kuhn 20

Analysis Theorem: If n is prime, the Miller-Rabin test always returns true. If n is composite, the Miller-Rabin test returns false with probability at least 3 Τ4. Proof: If n is prime, the test works for all values of a If n is composite, we need to pick a good witness a Corollary: If the Miller-Rabin test is repeated k times, it fails to detect a composite number n with probability at most 4 k. Algorithm Theory, WS 2017/18 Fabian Kuhn 21

Running Time Cost of Modular Arithmetic: Representation of a number x Z n : O(log n) bits Cost of adding two numbers x + y mod n: Cost of multiplying two numbers x y mod n: It s like multiplying degree O(log n) polynomials use FFT to compute z = x y Algorithm Theory, WS 2017/18 Fabian Kuhn 22

Running Time Cost of exponentiation x d mod n: Can be done using O(log d) multiplications log d Base-2 representation of d: d = σ i=0 di 2 i Fast exponentiation: 1. y 1; 2. for i log d to 0 do 3. y y 2 mod n; 4. if d i = 1 then y y x mod n; 5. return y; Example: d = 22 = 10110 2 Algorithm Theory, WS 2017/18 Fabian Kuhn 23

Running Time Theorem: One iteration of the Miller-Rabin test can be implemented with running time O log 2 n log log n log log log n. 1. if n is even then return n = 2 2. compute s, d such that n 1 = 2 s d; 3. choose a {2,, n 2} uniformly at random; 4. x a d mod n; 5. if x = 1 or x = n 1 then return probably prime; 6. for r 1 to s 1 do 7. x x 2 mod n; 8. if x = n 1 then return probably prime; 9. return composite; Algorithm Theory, WS 2017/18 Fabian Kuhn 24

Deterministic Primality Test If a conjecture called the generalized Riemann hypothesis (GRH) is true, the Miller-Rabin test can be turned into a polynomialtime, deterministic algorithm It is then sufficient to try all a 1,, O log 2 n It has long not been proven whether a deterministic, polynomial-time algorithm exists In 2002, Agrawal, Kayal, and Saxena gave an O log 12 n -time deterministic algorithm Has been improved to O log 6 n In practice, the randomized Miller-Rabin test is still the fastest algorithm Algorithm Theory, WS 2017/18 Fabian Kuhn 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback