Continuing discussion of CRC s, especially looking at two-bit errors

Similar documents
Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Lecture 11 - Basic Number Theory.

Review/Outline Frobenius automorphisms Other roots of equations. Counting irreducibles Counting primitive polynomials

Integers and Division

Lecture 6: Introducing Complexity

Commutative Rings and Fields

Clock Arithmetic. 1. If it is 9 o clock and you get out of school in 4 hours, when do you get out of school?

Fermat s Last Theorem for Regular Primes

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Algebra 1: Hutschenreuter Chapter 10 Notes Adding and Subtracting Polynomials

3 The fundamentals: Algorithms, the integers, and matrices

8 Primes and Modular Arithmetic

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

STEP Support Programme. Hints and Partial Solutions for Assignment 17

Algorithms (II) Yu Yu. Shanghai Jiaotong University

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

SECTION 9.2: ARITHMETIC SEQUENCES and PARTIAL SUMS

Basic elements of number theory

Section September 6, If n = 3, 4, 5,..., the polynomial is called a cubic, quartic, quintic, etc.

Basic elements of number theory

4 Number Theory and Cryptography

CS March 17, 2009

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

The degree of a function is the highest exponent in the expression

Divisibility, Factors, and Multiples

1: Please compute the Jacobi symbol ( 99

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 4 Finite Fields

Applied Cryptography and Computer Security CSE 664 Spring 2018

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Information redundancy

Math101, Sections 2 and 3, Spring 2008 Review Sheet for Exam #2:

Winter Camp 2009 Number Theory Tips and Tricks

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

A Guide to Arithmetic

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

CHAPTER 3. Congruences. Congruence: definitions and properties

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

1. Prove that the number cannot be represented as a 2 +3b 2 for any integers a and b. (Hint: Consider the remainder mod 3).

Math 016 Lessons Wimayra LUY

ORDERS OF UNITS IN MODULAR ARITHMETIC

Part 2 - Beginning Algebra Summary

Discrete Mathematics GCD, LCM, RSA Algorithm

THE CUBIC PUBLIC-KEY TRANSFORMATION*

Modular Arithmetic Instructor: Marizza Bailey Name:

Numbers. Çetin Kaya Koç Winter / 18

Introduction to Cryptology. Lecture 19

1. multiplication is commutative and associative;

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

Chapter 1- Polynomial Functions

CPSC 467b: Cryptography and Computer Security

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Today. Wrapup of Polynomials...and modular arithmetic. Coutability and Uncountability.

2-2: Evaluate and Graph Polynomial Functions

Math 3 Variable Manipulation Part 3 Polynomials A

Table of Contents. 2013, Pearson Education, Inc.

Lecture 14. Outline. 1. Finish Polynomials and Secrets. 2. Finite Fields: Abstract Algebra 3. Erasure Coding

Chapter 3: Section 3.1: Factors & Multiples of Whole Numbers

Arithmetic in Integer Rings and Prime Fields

Reed-Solomon code. P(n + 2k)

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

MATH 115, SUMMER 2012 LECTURE 12

MA094 Part 2 - Beginning Algebra Summary

Finite Fields. Mike Reiter

19. Coding for Secrecy

How does the computer generate observations from various distributions specified after input analysis?

An Invitation to Mathematics Prof. Sankaran Vishwanath Institute of Mathematical Sciences, Chennai. Unit I Polynomials Lecture 1A Introduction

cse 311: foundations of computing Fall 2015 Lecture 11: Modular arithmetic and applications

MATH 361: NUMBER THEORY FOURTH LECTURE

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

MODULAR ARITHMETIC KEITH CONRAD

Some math for embedded algorithms

Getting Connected. Chapter 2, Part 2. Networking CS 3470, Section 1 Sarah Diesburg

Error Detection & Correction

CSCE 564, Fall 2001 Notes 6 Page 1 13 Random Numbers The great metaphysical truth in the generation of random numbers is this: If you want a function

Topics in Computer Mathematics

Cyclic codes: overview

Fast Fraction-Integer Method for Computing Multiplicative Inverse

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

MATH Dr. Halimah Alshehri Dr. Halimah Alshehri

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

Today. Polynomials. Secret Sharing.

+ 1 3 x2 2x x3 + 3x 2 + 0x x x2 2x + 3 4

CPSC 467: Cryptography and Computer Security

MODULAR ARITHMETIC I

Cryptography Lecture 3. Pseudorandom generators LFSRs

Chapter 1- Polynomial Functions

Definition For a set F, a polynomial over F with variable x is of the form

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Mathematics of Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

9 Modular Exponentiation and Square-Roots

Encryption: The RSA Public Key Cipher

Transcription:

Continuing discussion of CRC s, especially looking at two-bit errors The definition of primitive binary polynomials Brute force checking for primitivity A theorem giving a better test for primitivity Fast modular exponentiation algorithm for integers Fast modular exponentiation algorithm for polynomials 1

Example: Find a 2-bit error that could occur in the message 10100011001100 that would be undetected by the CRC with generating polynomial coefficients (from highest to lowest) 110011. The specific message 10100011001100 doesn t matter, except that it is long enough to have two bit-errors sufficiently separated so that the CRC fails to detect them. As noted in class and in the book, since the constant coefficient of the generator is 1, a failure to detect two biterrors depends only upon their distance apart in the message, not their locations. For CRC with generator 110011 to fail to detect a pair of bit errors a distance n apart, it is necessary and sufficient that the generating polynomial x 5 + x 4 + x + 1 (made from 110011 by taking coefs in descending order) divide x n 1 with remainder 0. Test whether 110011 divides x t 1 with t = 5, 5 + 1, 5 + 2.... 2

The remainder dividing x 5 + 1 by x 5 + x 4 + x + 1 is x 4 + x 0. So try x 6 + 1: the remainder dividing x 6 + 1 by x 5 + x 4 + x + 1 is x 4 + x 2 0. Try x 7 + 1: the remainder dividing x 7 + 1 by x 5 + x 4 + x + 1 is x 4 + x 3 0, so try x 8 + 1. At last, the remainder dividing x 8 + 1 by x 5 + x 4 + x + 1 is 0. Thus, any two single-bit errors a distance of 8 apart will not be detected by this CRC. Remark: This brute force approach is good for small examples, and is ok if no other approach is available, but does not scale upward well. For bigger examples use fast modular exponentiation (below). 3

Primitive polynomials Some CRCs can catch any two bit-errors in very long strings because their generating polynomials are primitive, in the sense below. Keep in mind: with two bit errors, at m th and n th positions (with m < n), the error is e(x) = x m + x n undetected if and only if g(x) divides e(x) = x m + x n x m (1 + x n m ) If g(x) has constant term 1, then g has no factor of x and then a two-bit error distance N apart is undetected if and only if g(x) divides x N + 1. It turns out (!) that the best performance possible is with N = 2 d 1 where d = deg g(x). 4

Definition: A polynomial of degree d with coefficients in F 2 is primitive if the smallest integer N such that the polynomial divides x N 1 is N = 2 d 1. Remark: It is unclear whether there are many such things, how to find them, how to verify the property, etc. Remark: When used in CRCs, a primitive cubic would catch all errors within 2 3 1 = 7 apart. A primitive quartic would catch all errors within 2 4 1 = 15 apart. A primitive quintic would catch all errors within 2 5 1 = 31 apart. A primitive sextic would catch all errors within 2 6 1 = 63 apart. Etc. Remark: The 16-bit CRC above detects all 3- bit errors in data of 32767 bits or less because it is the product of x+1 with a primitive degree 15 polynomial. The primitive degree 15 polynomial detects two-bit errors within distance of 32767 while the x + 1 detects all errors consisting of an odd number of bit errors. 5

Terminology for remainder-upon-divisions: Definition: the reduction modulo M(x) of a polynomial P (x) with respect to a polynomial M(x) is defined to be P (x) % M(x) = remainder dividing P (x) by M(x) The polynomial M(x) is the modulus. Theorem: A binary polynomial g(x) of degree d is primitive if and only if x 2d % g(x) = x and, for every prime integer q dividing 2 d 1, x (2d 1)/q % g(x) 1 Remark: Thus, instead of looking at (x e 1) % g(x) for the possible exponents 1 e 2 d 1 we need only examine a much smaller collection. 6

Example: The binary quartic polynomial g(x) = x 4 + x + 1 is primitive if and only if x 24 % x 4 + x + 1 = x and for every prime q dividing 15 (thus, by trial division, 3 and 5) x (24 1)/q % x 4 + x + 1 1 That is, x 4 + x + 1 is primitive if and only if x 24 % x 4 + x + 1 = x x (24 1)/3 % x 4 + x + 1 1 x (24 1)/5 % x 4 + x + 1 1 We can be a little clever in doing these computations, after some preparation. 7

Fast modular exponentiation Returning for the moment to ordinary integers Z instead of polynomials, Definition: the reduction modulo m of an integer x with respect to an integer m is defined to be reduction of x modulo m = x % m = remainder upon dividing x by m The integer m is the modulus. For example, 5 % 3 = 2 2 % 3 = 2 12 % 4 = 0 13 % 4 = 1 17 % 5 = 2 23 % 10 = 3 119 % 10 = 9 1000 % 11 = 10 8

A type of computation that often arises in practice is something like (5 65 ) % 11 =? Remark: Unless your calculating device has infinite precision integer arithmetic, you must not attempt to evaluate 5 65 first and then divide by 11 to find the remainder. Roundoff error will give you complete nonsense. Not partial nonsense, but a completely worthless result. Instead, there is a hand-executable algorithm fast modular exponentiation which scales upward very nicely. The first observation is that 5 65 = 5 20 +2 6 = 5 (((((5 2 ) 2 ) 2 ) 2 ) 2 ) 2 That is, instead of 64 multiplications, there will be 6 squarings and one multiplication. 9

It is less obvious, but is provably true, and is crucial to this, that in computing 5 65 % 11, we can reduce modulo 11 after each step, rather than wait till the end. That means we do not need to remember any integer larger than 2 digits. The fast modular exponentiation algorithm to compute x e % m (with positive integer e) says: Initialize (X, E, Y ) = (x, e, 1) While E > 0: If E odd: Replace E by E 1 Replace Y by (X Y ) % m Else if E even: Replace E by E/ Replace X by (X X) % m When E = 0, Y = (x e ) % m. This algorithm takes at most 2 log 2 e steps, and uses little memory. 10

To compute 5 65 % 11 Initialize (X, E, Y ) = (5, 65, 1) E = 65 is odd, so replace E = 65 by E 1 = 64 and Y by (X Y ) % m = (5 1) % 11 = 5 E = 64 is even, so replace E = 64 by E/2 = 32 and X = 5 by (X 2 ) % m = 25 % 11 = 3 E = 32 is even, so replace E = 32 by E/2 = 16 and X = 3 by (X 2 ) % m = 9 % 11 = 9 E = 16 is even, so replace E = 16 by E/2 = 8 and X = 9 by (X 2 ) % m = 81 % 11 = 4 E = 8 is even, so replace E = 8 by E/2 = 4 and X = 4 by (X 2 ) % m = 16 % 11 = 5 E = 4 is even, so replace E = 4 by E/2 = 2 and X = 5 by (X 2 ) % m = 25 % 11 = 3 E = 2 is even, so replace E = 2 by E/2 = 1 and X = 3 by (X 2 ) % m = 9 % 11 = 9 E = 1 is odd, so replace E = 1 by E 1 = 0 and Y by (X Y ) % m = (9 5) % 11 = 45 % 11 = 1 Now E = 0 so 5 65 % 11 = 1, the value of Y 11

The same algorithm can be applied in many other situations, for example to polynomials. The reduction idea is just the remainder after division we already discussed in the context of CRCs. For example, all with coefficients in F 2 x 2 + x + 1 % x + 1 = 1 x 2 + x + 1 % x 2 + 1 = x x 3 + x + 1 % x + 1 = 1 x 3 + x + 1 % x 2 + 1 = 1 Remark: These computations are less familiar than integer computations. 12

Example: To check whether or not x 4 + x + 1 with coefficients in F 2 ) is primitive, an efficient approach is to invoke the theorem and ehcek that x 24 % x 4 + x + 1 = x and that for any prime q dividing 2 4 1 = 3 5 x (24 1)/q % x 4 + +x + 1 1 We practice doing exponentiations by fast modular exponentiation. The primes dividing 15 are 3 and 5 (trial division), so we must verify that x 15/3 % x 4 + x + 1 1 and x 15/5 % x 4 + x + 1 1 13

Initialize (X, E, Y ) = (x, 16, 1). E=16 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x 2, 8, 1) E=8 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x + 1, 4, 1) E=4 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x 2 + 1, 2, 1) E=2 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x, 1, 1) E=1 is odd, so multiply Y by X and reduce mod m = x 4 + x + 1, and subtract 1 from E, giving (X, E, Y ) = (x, 0, x) Now E is 0, so Y = x is the desired x 16 % x 4 + x + 1. Now the other two conditions: 14

To compute x 15/3 % x 4 + x + 1: initialize (X, E, Y ) = (x, 5, 1). E=5 is odd, so multiply Y by X and reduce mod m = x 4 + x + 1, subtract 1 from E, giving (X, E, Y ) = (x, 4, x) E=4 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x 2, 2, x) E=2 is even, so square X and reduce mod m = x 4 + x + 1 and divide E by 2, giving (X, E, Y ) = (x + 1, 1, x) E=1 is odd, so multiply Y by X and reduce mod m = x 4 + x + 1, and subtract 1 from E, giving (X, E, Y ) = (x + 1, 0, x 2 + x) Now E is 0, so Y = x 2 + x 1 is the desired x 5 % x 4 + x + 1. More simply, x 15/5 % x 4 + x + 1 = x 3 1, so, x 4 + x + 1 is primitive. 15

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback