Lecture 14. Outline. 1. Finish Polynomials and Secrets. 2. Finite Fields: Abstract Algebra 3. Erasure Coding

Similar documents
3x + 1 (mod 5) x + 2 (mod 5)

Today. Polynomials. Secret Sharing.

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Note 8

Today. Wrapup of Polynomials...and modular arithmetic. Coutability and Uncountability.

Reed-Solomon code. P(n + 2k)

Error Correction. Satellite. GPS device. 3 packet message. Send 5. 3 D 2 B 1 A 1 E. Corrupts 1 packets. 3 D 2 B 1 E 1 A

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Note 7

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6A Solution

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 6

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 11. Error Correcting Codes Erasure Errors

Lecture 21: Midterm 2 Review.

Winter 2011 Josh Benaloh Brian LaMacchia

Modular Arithmetic Inverses and GCD

Great Theoretical Ideas in Computer Science

Chapter 4 Finite Fields

Continuing discussion of CRC s, especially looking at two-bit errors

Secure Computation. Unconditionally Secure Multi- Party Computation

Benny Pinkas. Winter School on Secure Computation and Efficiency Bar-Ilan University, Israel 30/1/2011-1/2/2011

2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!

Modular numbers and Error Correcting Codes. Introduction. Modular Arithmetic.

Lecture 04: Secret Sharing Schemes (2) Secret Sharing

EECS150 - Digital Design Lecture 21 - Design Blocks

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6B Solution

3.4. ZEROS OF POLYNOMIAL FUNCTIONS

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

CS 70 Discrete Mathematics and Probability Theory Summer 2016 Dinh, Psomas, and Ye Discussion 8A Sol

Introduction to Modern Cryptography Lecture 11

Commutative Rings and Fields

4. What is the probability that the two values differ by 4 or more in absolute value? There are only six

Introduction to Cryptography Lecture 13

19. Coding for Secrecy

Complex Numbers: Definition: A complex number is a number of the form: z = a + bi where a, b are real numbers and i is a symbol with the property: i

EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs)

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Error Detection & Correction

Secret Sharing CPT, Version 3

Algebra I. Course Outline

Honors Advanced Mathematics November 4, /2.6 summary and extra problems page 1 Recap: complex numbers

Efficient Conversion of Secret-shared Values Between Different Fields

SELECTED APPLICATION OF THE CHINESE REMAINDER THEOREM IN MULTIPARTY COMPUTATION

Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures

EECS Components and Design Techniques for Digital Systems. Lec 26 CRCs, LFSRs (and a little power)

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Sect Introduction to Rational Expressions

Part IA Numbers and Sets

ZEROS OF POLYNOMIAL FUNCTIONS ALL I HAVE TO KNOW ABOUT POLYNOMIAL FUNCTIONS

Midterm 1. Name: TA: U.C. Berkeley CS70 : Algorithms Midterm 1 Lecturers: Anant Sahai & Christos Papadimitriou October 15, 2008

Mathematical Foundations of Cryptography

CPSC 467: Cryptography and Computer Security

1 Operations on Polynomials

Lecture Notes. Advanced Discrete Structures COT S

SCORE BOOSTER JAMB PREPARATION SERIES II

Algebra for error control codes

Midterm 2. Your Exam Room: Name of Person Sitting on Your Left: Name of Person Sitting on Your Right: Name of Person Sitting in Front of You:

MA 180 Lecture. Chapter 0. College Algebra and Calculus by Larson/Hodgkins. Fundamental Concepts of Algebra

Modular Multiplication in GF (p k ) using Lagrange Representation

Discrete Mathematics and Probability Theory Summer 2014 James Cook Midterm 1 (Version B)

Introduction to Cybersecurity Cryptography (Part 5)

8 Elliptic Curve Cryptography

Optimizing MPC for robust and scalable integer and floating-point arithmetic

Assume that the follow string of bits constitutes one of the segments we which to transmit.

COMP424 Computer Security

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

Chapter 10 Elliptic Curves in Cryptography

MATH 103 Pre-Calculus Mathematics Test #3 Fall 2008 Dr. McCloskey Sample Solutions

Introduction to Cryptology. Lecture 19

Encryption: The RSA Public Key Cipher

CPSC 467b: Cryptography and Computer Security

RSA. Ramki Thurimella

Basics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018

CIS 551 / TCOM 401 Computer and Network Security

MATH98 Intermediate Algebra Practice Test Form A

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Bounding the number of affine roots

Applied Cryptography and Computer Security CSE 664 Spring 2018

Review: complex numbers

Section 0.2 & 0.3 Worksheet. Types of Functions

1. Algebra 1.7. Prime numbers

Lecture 10 - MAC s continued, hash & MAC

Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring

Finite Fields. Mike Reiter

Spring Nikos Apostolakis

Chapter 4 Mathematics of Cryptography

A number that can be written as, where p and q are integers and q Number.

Clock Arithmetic. 1. If it is 9 o clock and you get out of school in 4 hours, when do you get out of school?

Outline. EECS Components and Design Techniques for Digital Systems. Lec 18 Error Coding. In the real world. Our beautiful digital world.

Section 6.6 Evaluating Polynomial Functions

Semester Review Packet

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Lecture 6: Introducing Complexity

A new security notion for asymmetric encryption Draft #8

Linear Feedback Shift Registers (LFSRs) 4-bit LFSR

Chapter 6: Rational Expr., Eq., and Functions Lecture notes Math 1010

1 Number Theory Basics

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

x 2 + 6x 18 x + 2 Name: Class: Date: 1. Find the coordinates of the local extreme of the function y = x 2 4 x.

Discrete Mathematics and Probability Theory Fall 2017 Ramchandran and Rao Midterm 2 Solutions

MATH 2400 LECTURE NOTES: POLYNOMIAL AND RATIONAL FUNCTIONS. Contents 1. Polynomial Functions 1 2. Rational Functions 6

cse 311: foundations of computing Fall 2015 Lecture 11: Modular arithmetic and applications

Transcription:

Lecture 14. Outline. 1. Finish Polynomials and Secrets. 2. Finite Fields: Abstract Algebra 3. Erasure Coding

Modular Arithmetic Fact and Secrets Modular Arithmetic Fact: There is exactly 1 polynomial of degree d with arithmetic modulo prime p that contains d + 1 pts. Note: The points have to have different x values! Shamir s k out of n Scheme: Secret s {0,...,p 1} 1. Choose a 0 = s, and random a 1,...,a k 1. 2. Let P(x) = a k 1 x k 1 + a k 2 x k 2 + a 0 with a 0 = s. 3. Share i for i 1 is point (i,p(i) mod p). Robustness: Any k shares gives secret. Knowing k pts, find unique P(x), evaluate P(0). Secrecy: Any k 1 shares give nothing. Knowing k 1 pts, any P(0) is possible.

There exists a polynomial... Modular Arithmetic Fact: Exactly 1 degree d polynomial with arithmetic modulo prime p contains d + 1 pts. Proof of at least one polynomial: Given points: (x 1,y 1 );(x 2,y 2 ) (x d+1,y d+1 ). Numerator is 0 at x j x i. Denominator makes it 1 at x i. And.. i (x) = j i(x x j ) j i (x i x j ). P(x) = y 1 1 (x) + y 2 2 (x) + + y d+1 d+1 (x). hits points (x 1,y 1 );(x 2,y 2 ) (x d+1,y d+1 ). Degree d polynomial! Construction proves the existence of a polynomial!

Reiterating Examples. i (x) = j i (x x j ) j i (x i x j ). Degree 1 polynomial, P(x), that contains (1,3) and (3,4)? Work modulo 5. 1 (x) contains (1,1) and (3,0). 1 (x) = (x 3) 1 3 = x 3 2 = 2(x 3) = 2x 6 = 2x + 4 (mod 5). For a quadratic, a 2 x 2 + a 1 x + a 0 hits (1,3);(2,4);(3,0). Work modulo 5. Find 1 (x) polynomial contains (1,1);(2,0);(3,0). 1 (x) = (x 2)(x 3) (1 2)(1 3) = (x 2)(x 3) 2 = 3(x 2)(x 3) = 3x 2 + 1 (mod 5) Put the delta functions together.

Simultaneous Equations Method. For a line, a 1 x + a 0 = mx + b contains points (1,3) and (2,4). P(1) = m(1) + b m + b 3 (mod 5) P(2) = m(2) + b 2m + b 4 (mod 5) Subtract first from second.. m + b 3 (mod 5) m 1 (mod 5) Backsolve: b 2 (mod 5). Secret is 2. And the line is... x + 2 mod 5.

Quadratic For a quadratic polynomial, a 2 x 2 + a 1 x + a 0 hits (1,2);(2,4);(3,0). Plug in points to find equations. P(1) = a 2 + a 1 + a 0 2 (mod 5) P(2) = 4a 2 + 2a 1 + a 0 4 (mod 5) P(3) = 4a 2 + 3a 1 + a 0 0 (mod 5) a 2 + a 1 + a 0 2 (mod 5) 3a 1 + 2a 0 1 (mod 5) 4a 1 + 2a 0 2 (mod 5) Subtracting 2nd from 3rd yields: a 1 = 1. a 0 = (2 4(a 1 ))2 1 = ( 2)(2 1 ) = (3)(3) = 9 4 (mod 5) a 2 = 2 1 4 2 (mod 5). So polynomial is 2x 2 + 1x + 4 (mod 5)

In general.. Given points: (x 1,y 1 );(x 2,y 2 ) (x k,y k ). Solve... a k 1 x k 1 1 + + a 0 y 1 (mod p) a k 1 x k 1 2 + + a 0 y 2 (mod p)... a k 1 x k 1 k + + a 0 y k (mod p) Will this always work? As long as solution exists and it is unique! And... Modular Arithmetic Fact: Exactly 1 polynomial of degree d with arithmetic modulo prime p contains d + 1 pts.

Summary. Modular Arithmetic Fact: Exactly 1 polynomial of degree d with arithmetic modulo prime p contains d + 1 pts. Existence: Lagrange Interpolation. Uniqueness: (proved last time) At most d roots for degree d polynomial.

Finite Fields Proof works for reals, rationals, and complex numbers...but not for integers, since no multiplicative inverses. Arithmetic modulo a prime p has multiplicative inverses....and has only a finite number of elements. Good for computer science. Arithmetic modulo a prime p is a finite field denoted by F p or GF (p). Intuitively, a field is a set with operations corresponding to addition, multiplication, and division.

Secret Sharing Revisited Modular Arithmetic Fact: Exactly one polynomial degree d over GF (p), P(x), that hits d + 1 points. Shamir s k out of n Scheme: Secret s {0,...,p 1} 1. Choose a 0 = s, and random a 1,...,a k 1. 2. Let P(x) = a k 1 x k 1 + a k 2 x k 2 + a 0 with a 0 = s. 3. Share i is point (i,p(i) mod p). Robustness: Any k knows secret. Knowing k pts, only one P(x), evaluate P(0). Secrecy: Any k 1 knows nothing. Knowing k 1 pts, any P(0) is possible. Efficiency:???

Efficiency. Need p > n to hand out n shares: P(1)...P(n). For b-bit secret, must choose a prime p > 2 b. Theorem: There is always a prime between n and 2n. Working over numbers within 1 bit of secret size. Minimal! With k shares, reconstruct polynomial, P(x). With k 1 shares, any of p values possible for P(0)! (Within 1 bit of) any b-bit string possible! (Within 1 bit of) b-bits are missing: one P(i). Within 1 of optimal number of bits.

Runtime. Runtime: polynomial in k, n, and logp. 1. Evaluate degree n 1 polynomial n + k times using logp-bit numbers. O(kn log 2 p). 2. Reconstruct secret by solving system of n equations using logp-bit arithmetic. O(n 3 log 2 p). 3. Matrix has special form so O(n logn log 2 p) reconstruction. Faster versions in practice are almost as efficient.

A bit of counting. What is the number of degree d polynomials over GF(m)? m d+1 : d + 1 coefficients from {0,...,m 1}. m d+1 : d + 1 points with y-values from {0,...,m 1} Infinite number for reals, rationals, complex numbers!

Erasure Codes. Satellite 3 packet message. So send 6! 1 2 3 1 2 3 Lose 3 out 6 packets. 1 2 3 1 2 3 GPS device Gets packets 1,1,and 3.

Problem: Want to send a message with n packets. Channel: Lossy channel: loses k packets. Question: Can you send n + k packets and recover message? Solution Idea: Use Polynomials!!!

Solution Idea. n packet message, channel that loses k packets. Must send n + k packets! Any n packets should allow reconstruction of n packet message. Any n point values allow reconstruction of degree n 1 polynomial which has n coefficients! Alright!!! Use polynomials.

Problem: Want to send a message with n packets. Channel: Lossy channel: loses k packets. Question: Can you send n + k packets and recover message? A degree n 1 polynomial determined by any n points! Erasure Coding Scheme: message = m 0,m 1,m 2,...,m n 1. Each m i is a packet. 1. Choose prime p > 2 b for packet size b (size = number of bits). 2. P(x) = m n 1 x n 1 + m 0 (mod p). 3. Send P(1),...,P(n + k). Any n of the n + k packets gives polynomial...and message!

Erasure Codes. Satellite n packet message. So send n + k! 1 2 n + k 1 2 n + k Lose k packets. GPS device Any n packets is enough! n packet message. Optimal.

Comparison with Secret Sharing. Comparing information content: Secret Sharing: each share is size of whole secret. Coding: Each packet has size 1/n of the whole message.

Erasure Code: Example. Send message of 1,4, and 4. up to 3 erasures. n = 3,k = 3 Make polynomial with P(1) = 1, P(2) = 4, P(3) = 4. How? Lagrange Interpolation. Linear System. Work modulo 5. P(x) = x 2 (mod 5) P(1) = 1,P(2) = 4,P(3) = 9 = 4 (mod 5) Send (0,P(0))...(5,P(5)). 6 points. Better work modulo 7 at least! Why? (0,P(0)) = (5,P(5)) (mod 5)

Example Make polynomial with P(1) = 1, P(2) = 4, P(3) = 4. Modulo 7 to accommodate at least 6 packets. Linear equations: P(1) = a 2 + a 1 + a 0 1 (mod 7) P(2) = 4a 2 + 2a 1 + a 0 4 (mod 7) P(3) = 2a 2 + 3a 1 + a 0 4 (mod 7) 6a 1 + 3a 0 = 2 (mod 7), 5a 1 + 4a 0 = 0 (mod 7) a 1 = 2a 0. a 0 = 2 (mod 7) a 1 = 4 (mod 7) a 2 = 2 (mod 7) P(x) = 2x 2 + 4x + 2 P(1) = 1, P(2) = 4, and P(3) = 4 Send Packets: (1,1),(2,4),(3,4),(4,7),(5,2),(6,0) Notice that packets contain x-values.

Summary: Polynomials are useful!..give Secret Sharing...give Erasure Codes. Next time: correct broader class of errors!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback