Post on 27-Dec-2015
CS 312: Algorithm Analysis
Lecture #3: Algorithms for Modular Arithmetic,
Modular Exponentiation
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
Slides by: Eric Ringger, with contributions from Mike Jones, Eric Mercer, Sean Warnick
Announcements
HW #1 Due Now Always start of class
Always show work
FERPA protects your student record Need waiver to return graded work without
cover sheet
Objectives
Add the Max Rule to your asymptotic analysis toolbox
Review modular arithmetic
Discuss and analyze algorithms for: modular arithmetic modular exponentiation
Max. rule
Another useful rule for Asymptotic analysis.
O( f(n) + g(n) ) = O( max( f(n), g(n) ) )
Examples:
Goal for Ch. 1
Appreciate the role of theoretical analysis in the security of RSA.
Requires: Solve, analyze, and use (!) two important and related problems: Factoring: Given a number N, express it as a product of
its prime numbers Primality Testing: Given a number N, determine
whether it is prime
Which one is harder?
Algorithms for Integer Arithmetic
Computing Device: Binary operations are constant time Arithmetic operations on arbitrary length integers
may require more time
For an integer , we talk about its representation in bits:
Pad length of to the next power of 2 (using 0s) if necessary.
Algorithms for Integer Arithmetic
Addition
Multiplication
Division
Algorithms for Integer Arithmetic
Addition:
Multiplication:
Division:
Modular Arithmetic
Congruency
An important distinction
Congruency
Equality, using the modulus operator
Properties
Associativity:
Commutativity:
Distributivity:
Substitution Rule
Useful Consequence
xy (x mod z)y (mod z)
xy mod z = (x mod z)y mod z Example:
Modular Addition
Modular Multiplication
Goal: Modular Exponentiation
We need to compute
xy mod N
for values of x, y, and N that are several hundred bits long.
Can we do so quickly?
Sequential Exponentiation
function seqexp (x, y)
Input: An n-bit integer x and a non-negative integer exponent y (arbitrarily large)
Output: xy
if y=0: return 1
r = x
for i = 1 to y-1 do
r = r x
return r
Describe a simple algorithm for doing exponentiation:
Analysis of Sequential Exponentiation
function seqexp (x, y)Input: An n-bit integer x and a non-negative
integer exponent y (arbitrarily large)Output: xy
if y=0: return 1r = xfor i = 1 to y-1 do
r = r xreturn r
Modular Exponentiation, Take I
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative integer exponent y (arbitrarily large)
Output: xy mod N
if y=0: return 1
r = x mod N
for i = 1 to y-1 do
r = (r x) mod N
return r
Modular Exponentiation, Take I
function modexp (x, y, N)
Input: Two n-bit integers x and N, a non-negative integer exponent y (arbitrarily large)
Output: xy mod N
if y=0: return 1
r = x mod N
for i = 1 to y-1 do
r = (r x) mod N
return r
New Ideas
Represent y (the exponent) in binary
Then break down xy into factors using the non-zero bits of y
Also: compute the factors using repeated squaring
Reduce factors using substitution rule
Modular Exponentiation, Take II
function modexp (x, y, N)Input: Two n-bit integers x and N, a non-negative integer
exponent y (arbitrarily large)Output: xy mod N
if y=0: return 1z = modexp(x, floor(y/2), N)if y is even:
return z2 mod Nelse:
return x z2 mod NRight shift
Multiplication
Recursive call
Analysis of Modular Exponentiation
Each multiplication is Q(n2) Each modular reduction is Q(n2) There are log(y)=m of them Thus, modular exponentiation is in Q(n2 log y) = Q(n2 m)
function modexp (x, y, N)if y=0: return 1z = modexp(x, floor(y/2), N)if y is even:
return z2 mod Nelse:
return x z2 mod N
Modular Exponentiation (II),Iterative Formulation
function modexp (x, y, N)Input: Two n-bit integers x and N, a non-negative integer
exponent y (arbitrarily large)Output: xy mod N
if y = 0: return 1i = y; r = 1; z = x mod Nwhile i > 0
if i is odd: r = r z mod Nz = z2 mod Ni = floor(i/2)
return r
Modular Exponentiation
xy mod N Key Insights:
1. Exponent y can be represented in binary
2. Problem can be factored into one factor per binary digit
3. Each factor can be reduced mod N (substitution rule)
ExampleWe’re employingsame insights and a little morecleverness than thealgorithm.
Example #210
2
2
2
3 mod10
3, 10, 10
10, 1, 3mod10 3
3 mod10 9
5
1 9 mod10 9
9 mod10 81mod10 1
2
1 mod10 1
1
9 1mod10 9
1
0
return 9
x y N
i r z
z
i
r
z
i
z
i
r
z
i
function modexp (x, y, N)Input: Two n-bit integers x and N, an integer
exponent y (arbitrarily large)Output: xy mod N
if y = 0: return 1i = y; r = 1; z = x mod Nwhile i > 0
if i is odd: r = r z mod Nz = z2 mod Ni = floor(i/2)
return r
Strictly tracing the algorithm.
Example #210
2
2
2
3 mod10
3, 10, 10
10, 1, 3mod10 3
3 mod10 9
5
1 9 mod10 9
9 mod10 81mod10 1
2
1 mod10 1
1
9 1mod10 9
1
0
return 9
x y N
i r z
z
i
r
z
i
z
i
r
z
i
function modexp (x, y, N)Input: Two n-bit integers x and N, an integer
exponent y (arbitrarily large)Output: xy mod N
if y = 0: return 1i = y; r = 1; z = x mod Nwhile i > 0
if i is odd: r = r z mod Nz = z2 mod Ni = floor(i/2)
return r
Example
203 mod 10
Needed: two volunteers:
Volunteer A: use our final modexp() to compute it.
Volunteer B: compute 320 then reduce mod 10
Efficiency
The key point is that xy mod N is easy modexp is in Q(n2 log y)
In fact, it requires about 1.5 log2 y multiplications for typical y seqexp required y-1 multiplications When x, y, and N are 200 digit numbers
Assume 1 multiplication of two 200 digit numbers takes 0.001 seconds
modexp typically takes about 1 second seqexp would require 10179 times the Age of the Universe!
Only works when y is an integer.
Assignment
Read: Section 1.4
HW #2: Problem 1.25 using modexp, Then redo 1.25 but replace 125 with 126 for
the exponent Implement modular exponentiation now as a
step toward finishing Project #1
Next
Primality Testing