About complexity. Number theoretical algorithms

Similar documents
About complexity. We define the class informally P in the following way:

1. Algebra 1.7. Prime numbers

Factorization & Primality Testing

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Advanced Algorithms and Complexity Course Project Report

ECEN 5022 Cryptography

Ma/CS 6a Class 4: Primality Testing

Applied Cryptography and Computer Security CSE 664 Spring 2018

Public Key Encryption

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Primality Testing- Is Randomization worth Practicing?

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

CPSC 467: Cryptography and Computer Security

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Analyzing and Optimizing the Combined Primality test with GCD Operation on Smart Mobile Devices

A Few Primality Testing Algorithms

The running time of Euclid s algorithm

Sorting algorithms. Sorting algorithms

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

Lecture 2: Randomized Algorithms

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

CSE 521: Design and Analysis of Algorithms I

8 Primes and Modular Arithmetic

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Chapter 8. Introduction to Number Theory

CPSC 467b: Cryptography and Computer Security

Ma/CS 6a Class 4: Primality Testing

Lecture 11 - Basic Number Theory.

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

The RSA cryptosystem and primality tests

CPSC 467b: Cryptography and Computer Security

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

CS Asymptotic Notations for Algorithm Analysis

Randomized algorithms. Inge Li Gørtz

OWO Lecture: Modular Arithmetic with Algorithmic Applications

1 Overview and revision

Lecture 1: Introduction to Public key cryptography

A Guide to Arithmetic

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

IRREDUCIBILITY TESTS IN F p [T ]

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Basic Algorithms in Number Theory

Lecture 8: Number theory

Space Complexity of Algorithms

Randomness and non-uniformity

Discrete Math, Fourteenth Problem Set (July 18)

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

CSCI 1590 Intro to Computational Complexity

Basic elements of number theory

Basic elements of number theory

ALG 4.0 Number Theory Algorithms:

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

CPSC 467b: Cryptography and Computer Security

Aspect of Prime Numbers in Public Key Cryptosystem

KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist

CRC Press has granted the following specific permissions for the electronic version of this book:

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Number Theory. Zachary Friggstad. Programming Club Meeting

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

Data Structures and Algorithms

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Module 1: Analyzing the Efficiency of Algorithms

Part II. Number Theory. Year

Quicksort algorithm Average case analysis

Computational Complexity

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Basic Algorithms in Number Theory

PRIME NUMBERS YANKI LEKILI

Cryptography IV: Asymmetric Ciphers

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Primes and Factorization

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

CS 491 CAP Mathematics

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Algorithms (II) Yu Yu. Shanghai Jiaotong University

CS Asymptotic Notations for Algorithm Analysis Outline

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Maths Probability Problems. Maths. League of Programmers. ACA, IIT Kanpur. October 22, 2012

Number Theory Math 420 Silverman Exam #1 February 27, 2018

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

CIS 551 / TCOM 401 Computer and Network Security

3 The fundamentals: Algorithms, the integers, and matrices

THE MILLER RABIN TEST

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

CSC 373: Algorithm Design and Analysis Lecture 30

Introduction to Cryptology. Lecture 19

Divide and Conquer algorithms

Transcription:

Page 1 About complexity We define the class informally P in the following way: P = The set of all problems that can be solved by a polynomial time algorithm, i.e., an algorithm that runs in time O(n k ) in the worst case, where k is some integer and n is the size of the input. We can contrast this class with EXP=The set of all problems that can be solved by an exponential time algorithm, i.e., an algorithm that runs in time O(c nk ) in the worst case, where k is some integer, c>1 some real number and n is the size of the input. It is universally agreed that an algorithm is efficient if and only if it is polynomial. This makes it critical to define the size of the input in a correct way. For instance, we must be careful if we have numbers as input. The Miller -Rabin algorithm is an example of probabilistic algorithms. The general with probabilistic algorithms are that they use a certain amount of randomness, usually from a pseudo-random generator. We will look at a more general definition of probabilistic algorithms. The probabilistic algorithms are closely related to randomized algorithms. The difference is that the randomized algorithms usually are deterministic but nevertheless, use random steps in the computation. What is uncertain is the running time rather than the result. An example is the famous Quick sort algorithm (ormoreexactly,therandomizedversionofit). Number theoretical algorithms Number theoretical algorithms are algorithms handling problems such as deciding if a number is a prime, finding greatest common divisor and so on. Input to the algorithms are integers. The natural measure of the size of the input is the logarithm of the numbers. Ex: Test if a number is a prime. PRIME(n) (1) for i 2 to n (2) if i n (3) return Not prime (4) return Prime This algorithm has complexity O( n). It is to slow for large numbers. We would like to have an algorithm that runs in time O((log n) k ) for some k.

Page 2 Greatest Common Divisor Greatest common divisor: gcd(a, b) =is the largest integer that divides both a and b. Euclides algorithm: The gcd(a, b) can be computed by the following method: r 1 = a mod b r 2 = b mod r 1 r 3 = r 1 mod r 2... r n+1 = r n 1 mod r n =0 Then gcd(a, b) =r n. It is easy to verify that r i+2 < ri 2 for all i. This means that the algorithm stops after O(log n) steg. So the algorithm is efficient. The algorithm can be implemented recursively. EUKLIDES(a, b) (1) if b =0 (2) return a (3) return EUKLIDES( b, a mod b) If gcd(a, b) = d there are integers x, y such that ax + by = d. (x, y can be negative). In fact, d is the smallest integer > 0 on that form. The integers x, y can be found by a modified version of Euclides algorithm: MOD-EUKLIDES(a, b) (1) if b =0 (2) return (a,1, 0) (3) (d,x,y ) MOD-EUKLIDES(b, a mod b) (4) (d, x, y) (d,y x [ a b ]y ) (5) return (d, x, y) Finding the inverse: If gcd(a, n) =1there are integers x, y such that ax+ny = 1. Then x = a 1 mod n. Sowecanfinda 1 by using MOD-EUKLIDES(a, n).

Page 3 Modular exponentiation In cryptography it is important to be able to compute a b mod n for very large numbers in an efficient way. The following simple algorithm is not efficient: POT(a, b, n) (1) d 1 (2) for i 2 to b (3) d d a mod n (4) return d The following modified algorithm, though, is efficient: MOD-EXP(a, b, n) (1) d 1 (2) Let (b k,b k 1,...,b 0 ) be the binary representation off b (3) for i k to 0 (4) d d d mod n (5) if b i =1 (6) d d a mod n (7) return d To decide if a number is a prime Fermat s Theorem: If p is a prime and a is an integer such that a n then a p 1 1( modp). We can set a =2. If n is such that 2 n 1 1( modn) then n cannot be a prime. Therefore, we can use the following algorithm to test if n is a prime: FERMAT(n) (1) k MOD-EXP(2,n 1,n) (2) if k 1( mod n) (3) return FALSE (4) return TRUE If FERMAT returns FALSE we know for sure that n is not a prime. But unfortunately, FERMAT might return TRUE even if n is not a prime. For instance, 2 340 1 mod 341 but 341 is not a prime. We can use a so probabilistic algorithm which randomly choses a number a in [2,n 1] and does a Fermat test with a. PROB-FERMAT(n, s) (1) for j 1 to s (2) a RANDOM(2,n 1) (3) k MOD-EXP(a, n 1,n) (4) if k 1( mod n) (5) return FALSE (6) return TRUE

Page 4 The algorithm is probabilistic in the sense that it can give different answers at different times even if it starts with the same input. The following must, however, be true: if n is a prime then the algorithm must return TRUE. This means that the algorithm returns FALSE then we know that n is not a prime. So FALSE is the only definite answer we can get. P (n is not prime The algorithm returns FALSE )=1 What about the probability P (n Is prime The algorithm returns TRUE )? It can be shown that for almost all non-prime n we get: P ( The algorithm returns FALSE ) > 1 2. (For primes n we have P ( The algorithm returns TRUE )=1.) Problem are caused by so called Carmichael numbers. Carmichael numbers : A Carmichael number is a non-prime integer n such that a n 1 1( modn) for all a [2,n 1]. The smallest Carmichael number is 341. P ( The algorithm returns TRUE n is a Carmichael number )=1. In order to handle Carmichael numbers we can use the following algorithm: WITNESS(a, n) (1) Let n 1=2 t u, t 1, where u is odd (2) x 0 MOD-EXP(a, u, n) (3) for i 1 to t (4) x i x 2 i 1 mod n (5) if x i =1och x i 1 1och x i 1 n 1 (6) return TRUE (7) if x t 1 (8) return TRUE (9) return FALSE The following can be shown for WITNESS: P ( WITNESS returns TRUE n Is not prime ) > 1 2 for all n. If you make repeated calls to WITNESS can get arbitrarily high probability for a correct answer. This version of the algorithm is called Miller - Rabin s Test.

Page 5 MILLER-RABIN(n, s) (1) for j 1 to s (2) a RANDOM(1,n 1) (3) if WITNESS(a, n) (4) return Not prime (5) return Prime Here P ( The algorithm returns Prime n is prime) =1. P ( The algorithm returns Not prime n is not prime ) > 1 1 2 s. It is, of course, also interesting to study the reversed conditional probabilities: P (n is not prime The algorithm returns Not prime) =1. The probability P (n is prime The algorithm returns Prime ) is trickier. It can be computed as P (n is prime and the algorithm returns Prime) P ( The algorithm returns Prime) = P (n is prime) P ( The algorithm returns Prime) But then we need to know P (n is prime). If we know that the probability is α we can use Bayes law to show that P (n is prime The algorithm returns Prime ) > 2 s 2 s +( 1 α 1). Since August 2002 it is known that there is an algorithms that decides primality (in the usual non-probabilistic sense) in polynomial time. This algorithm is much more complicated and slower than Miller-Rabin s algorithm.

Page 6 Quick sort QuickSort(v[i..j]) (1) if i<j (2) m Partition(v[i..j],i,j) (3) QuickSort(v[i..m]) (4) QuickSort(v[m +1..j]) The complexity analysis is more complicated than it is for Merge sort. It can nevertheless be shown that the complexity is O(n log n) in the mean. Sorting in linear time Sorting algorithms that only uses comparisons between elements can never be faster than Θ(n log n). But there are algorithms which use extra information about the elements. For instance, if we want to sort integers we might know upper and lower bounds for the integers. Then it is possible to sort in linear time. Counting sort Assume that we have n objects A[1..n] with keys which are integers in [1,k]. The following algorithm sorts in time O(n + k): CountingSort(A, B, k) (1) for i =1to k (2) C[i] 0 (3) for i =1to n (4) C[A[i]] C[A[i]] + 1 (5) for i =2to k (6) C[i] C[i 1] + C[i] (7) for j =1to n (8) B[C[A[j]]] A[j] (9) C[A[j]] C[A[j]] 1 When the algorithm ends, the array B is A in sorted order.

Page 7 Finding the median If we have an array v[1...n] the problem of finding the median is the problem of finding an element v[i] such that exactly n 2 elements are smaller than v[i]. We can obviously find the median in time O(n log n). Butifweuseaprobabilistic algorithm we can find the median in time O(n) in the mean.wedefineafunction Select(v[i...j],k) which finds the kth element (in sorted order) in the subarray v[i...j]. (Weassumethatk j i +1.) Then Select(v[1...n], n 2 ) will give us the median. Select(v[i...j],k) (1) if i = j (2) Return v[i] (3) p Partition(v[i..j]) (4) q p i +1 (5) if q = k (6) Return v[p] (7) if k<q (8) Return Select(v[i...p 1],k) (9) Return Select(v[p +1...j],k q) It can be shown that if E(T (n)) is the mean value of the time complexity, whe have E(T (n)) 2 n 1 n k= n 2 E(T (k)) + O(n). Fromthis,wecanprovethat T (n) O(n). Ex: Is the polynomial Probabilistic algorithms f(x, y) =(x 3y)(xy 5x) 2 10x 3 y + 25x 3 +3x 2 y 3 + 30x 2 y 2 75x 2 y identically equal to 0? Test: Chose some values x i,y i randomly and test if f(x i,y i )=0. Two possibilities: 1. f(x i,y i ) 0. Then f 0. 2. f(x i,y i )=0for all chosen values x i,y i.whatisthentheprobabilityfor f =0? Theorem: If f(x 1,...,x m ) is not identically equal to 0 and each variable occurs with degree at most d and M is an integer, then the number of zeros in the set {0, 1,...,M 1} m is at most mdm m 1. This gives us: P [ Arandomintegerin{0, 1,...,M 1} m is a zero] = 1 mdm m 1 = δ. This means that if we have done k tests indicating f =0,thenP [f = 0] (1 δ) k.

Page 8 Monte Carlo algorithms Suppose that we have a decision problem, i.e. a problem with yes/no as answer. We say that F is a Yes-based Monte Carlo algorithm for solving the problem if F is polynomial and: 1. If the answer to the problem is yes, then F (x) =Yeswith probability > 1 2. 2. If the answer to the problem is no, then F (x) =No with probability 1. No-based Monte Carlo algorithms are defined in the obvious, symmetrical way. Definition: The class RP is the set of all problems that can be solved by a Yes-based Monte Carlo algorithm. It is easily seen that P RP.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback