Inverses. Today: finding inverses quickly. Euclid s Algorithm. Runtime. Euclid s Extended Algorithm.

Similar documents
Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Discrete Mathematics and Probability Theory Summer 2017 Course Notes Note 6

Algorithms (II) Yu Yu. Shanghai Jiaotong University

Fall 2015 Lecture 14: Modular congruences. cse 311: foundations of computing

Number Theory Basics Z = {..., 2, 1, 0, 1, 2,...} For, b Z, we say that divides b if z = b for some. Notation: b Fact: for all, b, c Z:

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Arithmetic Algorithms, Part 1

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Applied Cryptography and Computer Security CSE 664 Spring 2017

NOTES ON SIMPLE NUMBER THEORY

Number theory (Chapter 4)

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Mathematical Foundations of Cryptography

Lecture 3.1: Public Key Cryptography I

Chapter 4 Finite Fields

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

Homework #2 solutions Due: June 15, 2012

Introduction to Cryptology. Lecture 19

CS250: Discrete Math for Computer Science

Remainders. We learned how to multiply and divide in elementary

Discrete Mathematics GCD, LCM, RSA Algorithm

Part V. Chapter 19. Congruence of integers

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Finite Fields. Mike Reiter

Greatest Common Divisor MATH Greatest Common Divisor. Benjamin V.C. Collins, James A. Swenson MATH 2730

Notes on Systems of Linear Congruences

1 Overview and revision

CIS 6930/4930 Computer and Network Security. Topic 4. Cryptographic Hash Functions

ALG 4.0 Number Theory Algorithms:

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

a the relation arb is defined if and only if = 2 k, k

Lecture 7: Number Theory Steven Skiena. skiena

5: The Integers (An introduction to Number Theory)

CISC-102 Winter 2016 Lecture 11 Greatest Common Divisor

Lecture 7 Number Theory Euiseong Seo

Chapter 5: The Integers

CSE 20 DISCRETE MATH. Winter

CPSC 467b: Cryptography and Computer Security

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Basic elements of number theory

Basic elements of number theory

MATH 215 Final. M4. For all a, b in Z, a b = b a.

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

OWO Lecture: Modular Arithmetic with Algorithmic Applications

The following is an informal description of Euclid s algorithm for finding the greatest common divisor of a pair of numbers:

Senior Math Circles Cryptography and Number Theory Week 2

Solutions Math 308 Homework 9 11/20/2018. Throughout, let a, b, and c be non-zero integers.

The Euclidean Algorithm and Multiplicative Inverses

ECE596C: Handout #11

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

8 Primes and Modular Arithmetic

2.2 Inverses and GCDs

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

22. The Quadratic Sieve and Elliptic Curves. 22.a The Quadratic Sieve

This theorem allows us to describe all integer solutions as follows:

ICS141: Discrete Mathematics for Computer Science I

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

CS 173: Discrete Structures, Fall 2009 Homework 4 Solutions

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CPSC 467: Cryptography and Computer Security

Number Theory and Graph Theory. Prime numbers and congruences.

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Public Key Encryption

Discrete Mathematics and Probability Theory Spring 2014 Anant Sahai Midterm 1

Topics in Cryptography. Lecture 5: Basic Number Theory

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CSE 311: Foundations of Computing. Lecture 12: Two s Complement, Primes, GCD

Introduction to Cryptography. Lecture 6

CISC-102 Fall 2017 Week 6

MATH10040 Chapter 1: Integers and divisibility

1. Factorization Divisibility in Z.

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Elementary Number Theory Review. Franz Luef

2 Elementary number theory

Chapter 5. Number Theory. 5.1 Base b representations

Fall 2017 Test II review problems

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

CSE20: Discrete Mathematics

Number Theory Proof Portfolio

Beautiful Mathematics

Factoring. there exists some 1 i < j l such that x i x j (mod p). (1) p gcd(x i x j, n).

Transcription:

Inverses Today: finding inverses quickly. Euclid s Algorithm. Runtime. Euclid s Extended Algorithm.

Refresh Does 2 have an inverse mod 8? No. Does 2 have an inverse mod 9? Yes. 5 2(5) = 10 = 1 mod 9. Does 6 have an inverse mod 9? No. x has an inverse modulo m if and only if gcd(x,m) > 1? No. gcd(x,m) = 1? Yes. Today: Compute gcd! Compute Inverse modulo m.

Divisibility... Notation: d x means d divides x or x = kd for some integer k. Fact: If d x and d y then d (x + y) and d (x y). Proof: d x and d y or x = ld and y = kd = x y = kd ld = (k l)d = d (x y)

More divisibility Notation: d x means d divides x or x = kd for some integer k. Lemma 1: If d x and d y then d y and d mod (x,y). Proof: mod (x,y) = x x/y y = x s y for integer s = kd sld for integers k,l = (k sl)d Therefore d mod (x,y). And d y since it is in condition. Lemma 2: If d y and d mod (x,y) then d y and d x. Proof...: Similar. Try this at home.. GCD Mod Corollary: gcd(x, y) = gcd(y, mod (x, y)). Proof: x and y have same set of common divisors as x and mod (x,y) by Lemma. Same common divisors = largest is the same.

Euclid s algorithm. GCD Mod Corollary: gcd(x, y) = gcd(y, mod (x, y)). gcd (x, y) if (y = 0) then return x else return gcd(y, mod(x, y)) *** Theorem: Euclid s algorithm computes the greatest common divisor of x and y if x y. Proof: Use Strong Induction. Base Case: y = 0, x divides y and x = x is common divisor and clearly largest. Induction Step: mod (x,y) < y x when x y call in line (***) meets conditions plus arguments smaller and by strong induction hypothesis computes gcd(y, mod (x, y)) which is gcd(x,y) by GCD Mod Corollary.

Excursion: Value and Size. Before discussing running time of gcd procedure... What is the value of 1,000,000? one million or 1,000,000! What is the size of 1,000,000? Number of digits: 7. Number of bits: 21. For a number x, what is its size in bits? n = b(x) log 2 x

GCD procedure is fast. Theorem: GCD uses 2n divisions where n is the number of bits. Is this good? Better than trying all numbers in {2,...y/2}? Check 2, check 3, check 4, check 5..., check y/2. 2 n 1 divisions! Exponential dependence on size! 101 bit number. 2 100 10 30 = million, trillion, trillion divisions! 2n is much faster!.. roughly 200 divisions.

Algorithms at work. Trying everything Check 2, check 3, check 4, check 5..., check y/2. gcd(x, y) at work. gcd(700,568) gcd(568, 132) gcd(132, 40) gcd(40, 12) gcd(12, 4) gcd(4, 0) 4 Notice: The first argument decreases rapidly. At least a factor of 2 in two recursive calls. (The second is less than the first.)

Proof. gcd (x, y) if (y = 0) then return x else return gcd(y, mod(x, y)) Theorem: GCD uses O(n) divisions where n is the number of bits. Proof: Fact: First arg decreases by at least factor of two in two recursive calls. Proof After 2log of Fact: 2 x = O(n) Recall recursive that first calls, argument argument decreases x is 1every bit number. call. Case One more 2: 1: ywill recursive x/2, show first y call > argument x/2 to finish. = is mod(x,y) y x/2. When 1 division = y true > per x/2, inrecursive one thenrecursive call. call; O(n) mod divisions. (x,y) is second argument in next recursive call, and becomes the first argument x in the next one. y = 1, mod (x,y) = x y x = x y x x/2 = x/2 y

Finding an inverse? We showed how to efficiently tell if there is an inverse. Extend Euclid s algo to find inverse.

Euclid s GCD algorithm. gcd (x, y) if (y = 0) then return x else return gcd(y, mod(x, y)) Computes the gcd(x, y) in O(n) divisions. For x and m, if gcd(x,m) = 1 then x has an inverse modulo m.

Multiplicative Inverse. GCD algorithm used to tell if there is a multiplicative inverse. How do we find a multiplicative inverse?

Extended GCD Euclid s Extended GCD Theorem: For any x, y there are integers a,b such that ax + by = gcd(x,y) = d where d = gcd(x,y). Make d out of sum of multiples of x and y. What is multiplicative inverse of x modulo m? By extended GCD theorem, when gcd(x,m) = 1. ax + bm = 1 ax 1 bm 1 (mod m). So a multiplicative inverse of x if gcd(a,x) = 1!! Example: For x = 12 and y = 35, gcd(12,35) = 1. (3)12 + ( 1)35 = 1. a = 3 and b = 1. The multiplicative inverse of 12 (mod 35) is 3.

Make d out of x and y..? gcd(35,12) gcd(12, 11) ;; gcd(12, 35%12) gcd(11, 1) ;; gcd(11, 12%11) gcd(1,0) 1 How did gcd get 11 from 35 and 12? 35 35 12 12 = 35 (2)12 = 11 How does gcd get 1 from 12 and 11? 12 12 11 11 = 12 (1)11 = 1 Algorithm finally returns 1. But we want 1 from sum of multiples of 35 and 12? Get 1 from 12 and 11. 1 = 12 (1)11 = 12 (1)(35 (2)12) = (3)12 + ( 1)35 Get 11 from 35 and 12 and plugin... Simplify. a = 3 and b = 1.

Extended GCD Algorithm. ext-gcd(x,y) if y = 0 then return(x, 1, 0) else (d, a, b) := ext-gcd(y, mod(x,y)) return (d, b, a - floor(x/y) * b) Claim: Returns (d,a,b): d = gcd(a,b) and d = ax + by. Example: a x/y b = 1 11/1 0 = 10 12/11 1 = 11 35/12 ( 1) = 3 ext-gcd(35,12) ext-gcd(12, 11) ext-gcd(11, 1) ext-gcd(1,0) return (1,1,0) ;; 1 = (1)1 + (0) 0 return (1,0,1) ;; 1 = (0)11 + (1)1 return (1,1,-1) ;; 1 = (1)12 + (-1)11 return (1,-1, 3) ;; 1 = (-1)35 +(3)12

Extended GCD Algorithm. ext-gcd(x,y) if y = 0 then return(x, 1, 0) else (d, a, b) := ext-gcd(y, mod(x,y)) return (d, b, a - floor(x/y) * b) Theorem: Returns (d,a,b), where d = gcd(a,b) and d = ax + by.

Correctness. Proof: Strong Induction. 1 Base: ext-gcd(x,0) returns (d = x,1,0) with x = (1)x + (0)y. Induction Step: Returns (d,a,b) with d = Ax + By Ind hyp: ext-gcd(y, mod (x,y)) returns (d,a,b) with d = ay + b( mod (x,y)) ext-gcd(x, y) calls ext-gcd(y, mod (x, y)) so d = d = ay + b ( mod (x,y)) = ay + b (x x y y) = bx + (a x y b)y And ext-gcd returns (d,b,(a y x b)) so theorem holds! 1 Assume d is gcd(x,y) by previous proof.

Review Proof: step. ext-gcd(x,y) if y = 0 then return(x, 1, 0) else (d, a, b) := ext-gcd(y, mod(x,y)) return (d, b, a - floor(x/y) * b) Recursively: d = ay + b(x x y y) = d = bx (a x y b)y Returns (d,b,(a x y b)).

Wrap-up Conclusion: Can find multiplicative inverses in O(n) time! Very different from elementary school: try 1, try 2, try 3... 2 n/2 Inverse of 500,000,357 modulo 1,000,000,000,000? 80 divisions. versus 1,000,000 Internet Security. Public Key Cryptography: 512 digits. 512 divisions vs. (10000000000000000000000000000000000000000000) 5 divisions. Next lecture!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback