CA622 Advanced Algorithms

1
CA622 Advanced Algorithms
2
Course Overview

• 4 Parts 6 Lectures on each part
• Part I
• Primality Testing
• Factorisation
• Implications to Cryptography
• Part II,III and IV will be taught by another
  lecturer
• Continuous Assessment
• 25
• Groups of 5
• Will be related to part I of the course

3
Course Overview

• Exam
• 8 exam questions, answer 4, one from each part of
  the course
• Therefore there will be two questions on the exam
  relating to the next 6 hours of lectures

4
Course Website

• Notes for part I can be found at
• www.computing.dcu.ie/cwhelan/teaching.html
• although the site is not live just yet

5
Advanced Algorithms Part I

• Lecturer
• Claire Whelan

6
Section 1Primality Testing
7

• 13 3x mod 19

8
Overview

• Since ancient times mathematicians have been
  facinated by problems concerning prime numbers.
  Since the days of Euclid (ca. 270 BC) and
  Eratosthenes (ca. 240BC) prime numbers have been
  the subject of intense mathematical scrutiny.
• Why are they so interesting? Well prime numbers
  are more elusive than they seem. They do not
  follow a set pattern or particular sequence,
  there is no formula that can tell you whether a
  number is definitively prime in a reasonable
  amount of time.
• The Prime pages demonstrates the current
  facination for primes
• The search for primes continues
• http//www.mersenne.org/prime.html
• On September 4th 2006 the most recent Mersenne
  prime was found. The 44th
• known Mersenne prime, 232,582,657 1, a
  9,808,358 digit number. The
• discoverers used 700 PCs as part of a grid
  (PrimeNet) in CMSU, which is networked
• with 70,000 computersto work in parrallel to
  compute 22 trillion calculations per
• second. This would have taken 4000 years on a
  single PC

9
Definition

• A prime number is a positive integer p having
  exactly two positive divisors, 1 and p.
• A composite number is a positive integer n gt 1
  which is not prime.
• i.e. iff it admits a nontrivial factorisation
  n ab, where a and b are integers and between 1
  and n.
• Hence, primality testing and factorisation go
  hand in hand (a field inextricably entwined with
  primes!)

10
Fundamental Theorem of Arithmetic

• For each natural number n there is a unique
  factorisation
• Where ai are positive integers and
• p1 lt p2 lt pk
• are primes.

11
What is Primality Testing?

• Primality testing
• Determining whether a number is prime or not
• Prime factorisation
• Decomposing a number into its constituent prime
  factors

12
Q

• Factorise
• 11364600

13
Testing Primality?

• Obvious approach
• Given an integer n, check if any integer m from 2
  to n-1 divides n. If n is divisible by any m,
  then n is composite, otherwise it is prime.
• An improvement
• Check whether n is divisible by any of the prime
  numbers
• Also can skip all even m except 2, since if any
  even number divides n then 2 does
• Can repeat this for all prime numbers (Sieve of
  Eratosthenes)

14
Sieve of Erratosthenes

• pic

15
Primality Testing

• Two varieties of prime tests
• Probablistic
• Probable prime a false positive, a composite
  number is identified as prime. This will happen
  with very low probablity.
• But much faster than deterministic tests
• Pseudoprime A number which passes a probablistic
  primality test but which is actually composite
• Types
• Fermats Little Theorem
• Miller-Rabin
• Deterministic
• Identifes real prime numbers
• Types
• Lucas-Lehmer
• Elliptic Curve Primality Proving
• AKS

16
Probabilistic Algorithms
17
Fermats Little Theorem

• If p is prime and 1 lt a lt p, then
• a p-1 1 mod p
• To test if n is prime, a number of random as are
  chosen in the interval, and see if the equality
  holds for each value of a.
• a n-1 1 mod n
• However, some composites pass Fermats test, and
  so are falsely identified as prime.Carmichael
  Numbers
• Carmichael numbers are numbers that for all
  values of a for which gcd(a,n) 1 are Fermat
  liars.

18
Modular Exponentiation

• How to calculate ak mod n?
• As will be seen throughout the lecture, modular
  exponentiation is required for use in all
  primality tests

19
Modular ExponentiationSquare and Multiply

• Input a, k
• Set b 1
• If k 0, return b
• Set A a
• If k0 1 then set b a
• For i 1 to t
• Set A A2 mod n
• if ki is 1
• Set b Ab mod n
• Output ak mod n

20
Modular ExponentiationSquare and Multiply

• Example Calculate 5596 mod 1234 1013

21
Miller-Rabin

• Similar to Fermat in that it tests a series of
  equalities that old true for prime values. Then
  see whether they hold for a number we want to
  test.
• First a note about x 2 1 mod p where x in Fp
• x 2 1 mod p and so x sqrt(1) mod p and so x
  -1
• However, (x1)(x-1) 0 mod p and so x can
  neither be or 1.
• Therefore, if a prime cannot divide either of
  these two integers, it cannot divide their
  product.

22
Miller-Rabin

• Let n be an odd prime. We can write n -1 as 2sr,
  where s is an interget and r is odd.
• So for all a in Fp either
• ar 1 mod n
• Or
• -1 mod n

23
Miller-Rabin

• If
• ar ! 1 mod n
• Or
• ! -1 mod n
• For all 0 lt j lt s 1
• Then a is a strong witness to compositeness
• for n.

24
Miller-Rabin

• If
• ar 1 mod n
• Or
• -1 mod n
• For some 0 lt j lt s 1
• Then n is said to be a strong pseudoprime
• to the base a.
• Then a is a strong liar to primality for n.

25
Miller-Rabin Example

• n 91
• 90 245, s 1, r 45
• 1,9,10,12,16,17,22,29,38,53,62,69,74,
  75,79,81,82,90 are all strong liars.
• 945 1 mod 91
• 1045 1 mod 91
• .
• All other bases are strong witnesses.
• 97 9 mod 91
• 98 81 mod 91

26
Miller Rabin

• If n is an odd composite, the number of strong
  liars for n is at most ?(n)/4.
• For example, ?(91)/4 18
• Note ?(n) is the Euler Phi Function

27
Miller-Rabin The Algorithm

• Input An odd integer n and security parameter t
• Write n-1 2sr such that r is odd
• For i to t do
• Choose a random integer a, 2 lt a lt n 2
• Compute y ar mod n
• If y !1 and y ! n 1 then
• j 1
• While j ? s 1 and y ! n 1
• Compute y y2 mod n
• if y 1 then return COMPOSITE
• j j1
• if y ! n-1 then return COMPOSITE
• Output PRIME

28
What is required to compute this?

• Algorithm for modular exponentiation

29

• Deterministic Algorithms

30
Special Primes

• Generally deterministic algorithms are used to
  test prime numbers with a special form, such as
• Mersenne Primes
• A prime of the form 2s - 1
• Solinas Primes
• A prime number with low hamming weight
• Particularly of interest for pairing-based
  cryptography

31
Lucas-Lehmer test for Mersenne Primes

• Input a Mersenne number n 2s 1 for s gt3
• Use trial division to check whether s has any
  factors between 2 and
• Return COMPOSITE
• Set u 4
• For k1 to s-2
• Compute u (u2 2) mod n
• If u 0 Return PRIME
• Else Return COMPOSITE

32
Mersenne Primes
33
Elliptic Curve Primality Proving

• 2004
• 4769 digit number was certified as prime in
  approx. 2000 hours of computation 3 months of
  uninterupted computing time on a 1GHz processor

34
AKS

• The first polynomial time primality test
• In August 2002 a deterministic polynomial time
  primality test was written by Agrawal, Kayal
  Saxena, namely the AKS algorithm
• Ref PRIMES is in P, Agrawal, Kayal and
• Saxena.

35
AKS The Algorithm

• Input An odd integer n gt 1
• If(n is of the form ab, bgt1) Output COMPOSITE
• r 2
• While(r lt n)
• if(gcd(n,r) ! 1) Output COMPOSITE
• if(r is prime)
• let q be the largest prime factpr of r-1
• if((qgt4sqrt(r)log n)(n(r-1)/q!1 mod r))
• break
• r r1
• For(a1 to 2sqrt(r)log n)
• if((x - a)n !(xn - a) mod(n,xr-1)) Output
  COMPOSITE
• Output PRIME

36
Organisation of the AKS algorithm

• Module 1
• Detecting Perfect Powers
• Module 2
• Finding a suitable r value
• Module 3
• Evaluating a prime identity function

37
What is a Perfect Power?

• n is a perfect power if n
• can be written as n ab
• For example,
• 65536 216
• Therefore, need an algorithm to determine whether
  n can be written as an integer to the power of
  another integer.
• A brute force approach is obviously not feasible.
• A method by Dan Bernstein gives an optimised
  approach
• Ref Detecting Perfect Powers in Essentially
  Linear Time, Mathematics of Computation,1998.

38
Bernsteins Detecting Perfect Powers

• Only prime exponents are checked.
• If n ab, then n (am)p xp
• Therefore the following main checks are performed
• n x2
• n 2p
• n xp due to Bernstein

39
Bernsteins Detecting Perfect Powers

• Compute an intermediate value y to help choose an
  appropriate approximation to the p-th root
• An approximate p-th root of n is calculated using
  Newtons method
• This approximate root x is tested to see if n
  xp. If so then x is a perfect power, if not then
  another p value is chosen up to log2n
• The proof for these steps is given in Bernsteins
• paper.

40
Algorithms required to compute Module 1?

• Method to generate square roots
• Method to generate prime numbers
• a bit of a chicken and egg scenario!
• Method to generate the tentative root p and
  finding whether xp n
• Newtons Method
• Obviously, a fast exponentiation algorithm

41
How do we find the correct r?

• r is the value that will be used as the exponent
  of the modulus polynomial xr 1in the prime
  identity function
• The value r must satisfy a number of conditions
• r lt n
• r must be prime
• r is O(log6n)
• r-1 contains a prime factor which is close to the
  size of the square root of r
• Requiring both primality and factorisation
  methods!

42
The Algorithm to find r

• Intermediate primality test
• Factorization method
• Trial Division
• Pollard Rho
• Pollard p-1
• GCD method
• Euclidean Algorithm
• Square Root method
• Log2 method

43
Euclidean Algorithm

• Input Two non negative numbers a and b with agtb
• While b!0
• set r a mod b, a b, b r
• Output a

44
Example

• Find gcd(4864,3458)
• 4864 13458 1406
• 3458 21406 646
• 1406 2646 114
• 646 5114 76
• 114 176 38
• 76 238 0
• Therefore gcd(4864,3458) 38

45
Square Root

• Firstly, use the Legendre Symbol to determine
  whether a square root exists or not
• x y2
• Is x a quadratic residue or a quadratic
  non-residue?
• If it is found that a square root exists, then a
  square root algorithm must be used to find the
  square root.

46
What is the Prime Identity Function?

• The prime identity function is the heart of the
  primality test
• n is prime iff
• for a 1.bound
• (x a)n xn a mod (n, xr-1)
• If LHS RHS, for every value of a
• gt n is prime
• This identity is based on Fermats little theorem

47
Example on board to demonstrate
48
What do we need for this part?

• Knowledge of how operations on polynomials are
  performed a polynomial API?
• Polynomial addition, multiplication, reduction

49
So how good is it?

• Say n 833310469,
• a 1, r 53699
• gt(x-1) 833310469 x 833310469 1
• (mod 833310469, x53699-1)
• This primality test will take a very long time to
  complete
• The number of polynomial operations to be
  performed 833310469 a
• This is without module 1 OR module 2 being
  evaluated
• AND 833310469 is not a big prime number

50
(No Transcript)
51
Implementation

• Have mentioned some of the algorithms which are
  required to implement AKS and other primality
  tests.
• Some libraries will have some of these algorithms
  in built. For example, Javas BigInteger API.

52
BigInteger

• BigInteger in Java provides a probabilistic
  primality test, isProbablePrime().
• To use probable prime a certainty must be passed
  as a parameter.
• The certainty is the amount of error that the
  user is willing to tolerate.
• The higher the certainty, the more probable the
  number is prime.
• public boolean isProbablePrime(int certainty)
• The certainty is calculate from (1-1\2
  certainty), which will dictate the number of
  rounds of tests performed on the input.
• isProbablePrime() uses Miller-Rabin and
  Lucas-Lehmer

53
Summary

• Considering that the last prime found was
  estimated to take 1 PC approximately 4000 years
  to test I think the crypto community will use
  probablistic primality tests.

54
References

• Pomerence
• Prime Numbers, A Computational Perspective
• Bressoud
• Factorisation and Primality Testing
• Koblitz
• A Course in Number Theory and Cryptography
• Wolfram Mathworld, Wikipedia
• The Prime Pages
• http//primes.utm.edu/

55
Task

• Recap on finite field and modular arithmetic
• Implement modular exponentiation
• Implement any of the probabilistic or if you are
  patient deterministic primality test

56
Techniques

• Trial Division
• p-1 Method
• p1 Method
• Pollard Rho Method
• Continued Fraction Method
• Quadratic Sieve
• Elliptic Curve Method
• Number Field Sieve