Embed Size (px)
Citation preview
Announcements:Announcements:1.1. Pass in worksheet on using RSA now.Pass in worksheet on using RSA now.2.2. DES graded soonDES graded soon3.3. Short “pop” quiz on Ch 3 (Thursday at earliest)Short “pop” quiz on Ch 3 (Thursday at earliest)4.4. Term project groups and topics due by FridayTerm project groups and topics due by Friday
1.1. Can use discussion forum to find teammatesCan use discussion forum to find teammates
5.5. HW6 posted, HW6 posted, due date bumped back to next week (and a few due date bumped back to next week (and a few questions added)questions added), but doing what’s there now might help your , but doing what’s there now might help your quiz prep.quiz prep.
Questions? Questions?
This week:This week: Primality testing, factoringPrimality testing, factoring Discrete LogsDiscrete Logs
DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 22Day 22
Miller-RabinMiller-RabinGiven odd n>1, write n-1=2Given odd n>1, write n-1=2kkm, where k >=1. m, where k >=1.
Choose a base a randomly (or just pick a=2)Choose a base a randomly (or just pick a=2)
Let bLet b00=a=amm(mod n)(mod n)If bIf b00=+/-1, stop. n is probably prime by =+/-1, stop. n is probably prime by
FermatFermatFor i = 1..k-1For i = 1..k-1
Compute Compute bbii=b=bi-1i-122..
If bIf bii=1(mod n), stop. n is composite by =1(mod n), stop. n is composite by SRCT, andSRCT, and
gcd(bgcd(bi-1i-1-1,n) is a factor.-1,n) is a factor.If bIf bii=-1(mod n), stop. n is probably =-1(mod n), stop. n is probably prime by Fermat.prime by Fermat.
If bIf bkk=1 (mod n), stop. n is composite by =1 (mod n), stop. n is composite by SRCTSRCT
Else n is composite by Fermat.Else n is composite by Fermat.
2...21
mn aa
So:
k
b0
b1
bk
Big picture: Fermat on steroidsBy doing a little extra work (finding k to change the order of the powermod),we can call some pseudoprimes composite and find some of their factors
Using within a primality testing schemeUsing within a primality testing scheme
Odd?
div by other small primes?
Prime by Factoring/advanced techn.?
n
no
no
yes
yes
prime
Fermat?
(From Day 11)
Using within a primality testing schemeUsing within a primality testing scheme
Finding large probable primesFinding large probable primes
#primes < x = #primes < x =
Density of primes: ~1/ln(x)Density of primes: ~1/ln(x)
For 100-digit numbers, ~1/230.For 100-digit numbers, ~1/230.
So ~1/115 of odd 100-digit numbers So ~1/115 of odd 100-digit numbers are primeare prime
Can start with a random large odd Can start with a random large odd number and iterate, applying M-R number and iterate, applying M-R to remove composites. We’ll soon to remove composites. We’ll soon find one that is a likely prime.find one that is a likely prime.
Maple’s Maple’s nextprime()nextprime() appears to do appears to do this, but also runs the this, but also runs the Lucas testLucas test: : http://www.mathpages.com/home/khttp://www.mathpages.com/home/kmath473.htmmath473.htm
Alternatively, could repeat M-R to get Alternatively, could repeat M-R to get high probability primehigh probability prime
Odd?
div by other small primes?
Prime by Factoring/advanced techn.?
n
no
no
yes
yes
prime
Pass M-R?
)ln()(
x
xx
FactoringFactoring
If you are trying to factor n=pq and know If you are trying to factor n=pq and know that p~q, use that p~q, use Fermat factoringFermat factoring:: Compute n + 1Compute n + 122, n + 2, n + 222, n + 3, n + 322, until you reach , until you reach
a perfect square, say ra perfect square, say r22 = n + k = n + k22
Then n = rThen n = r22 - k - k22 = (r+k)(r-k) = (r+k)(r-k)
The moral of the story? The moral of the story? Choose p and q such that _____Choose p and q such that _____
ExampleExample
Factor Factor nn = 3837523 = 3837523
Concepts we will learn also apply to factoring Concepts we will learn also apply to factoring really big numbers. They are the basis of the really big numbers. They are the basis of the best current methodsbest current methods
All you have to do to win $30,000 is factor a 212 All you have to do to win $30,000 is factor a 212 digit number.digit number.
This is the RSA Challenge: This is the RSA Challenge: http://http://www.rsa.com/rsalabs/node.asp?idwww.rsa.com/rsalabs/node.asp?id=2093#RSA704=2093#RSA704
Quadratic Sieve (1)Quadratic Sieve (1)
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 1Step 1: Pick a : Pick a factor basefactor base, just a set of small factors. , just a set of small factors. In our examples, we’ll use those < 20. In our examples, we’ll use those < 20. There are 8: 2, 3, 5, 7, 11, 13, 17, 19There are 8: 2, 3, 5, 7, 11, 13, 17, 19
)(mod,22 nyxbutyx
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 2:Step 2: We want squares that are congruent to products of We want squares that are congruent to products of factors in the factor base.factors in the factor base.
Our hope:Our hope: Reasonably small numbers are more likely to be Reasonably small numbers are more likely to be products of factors in the factor base.products of factors in the factor base.
1.1. ThenThen which is small as long as k isn’t which is small as long as k isn’t too bigtoo big
2.2. Loop over small Loop over small , lots of k. , lots of k. 3.3. A newer technique, the A newer technique, the number field sieve, number field sieve, is somewhat fasteris somewhat faster
)(mod,22 nyxbutyx
knxwitheapproximatsoknxWant ,2
22 2 knknx
Quadratic Sieve (2a)Quadratic Sieve (2a)
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 2: We want squares that are congruent to products of Step 2: We want squares that are congruent to products of factors in the factor base.factors in the factor base.
Our hope: Reasonably small numbers are more likely to be Our hope: Reasonably small numbers are more likely to be products of factors in the factor base.products of factors in the factor base.
Examples:Examples:
)(mod,22 nyxbutyx
knxwitheapproximatsoknxWant ,2
)(mod195593759398;4239398
)(mod192388077;117807752
2
nn
nn
Quadratic Sieve (2b)Quadratic Sieve (2b)
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 3:Step 3: Want two non-congruent perfect squares Want two non-congruent perfect squares
Example:Example:This is close, but This is close, but all all factors need to be pairedfactors need to be paired
Recall:Recall:
)(mod,22 nyxbutyx
)(mod195593759398
)(mod19238807752
2
n
n
2252 )195(52195192)93988077(
Quadratic Sieve (3)Quadratic Sieve (3)
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 3: Want two non-congruent perfect squaresStep 3: Want two non-congruent perfect squares
Example:Example:This is close, but This is close, but all all factors need to be pairedfactors need to be paired
Generate lots of # and experiment until all factors are paired.Generate lots of # and experiment until all factors are paired.
)(mod,22 nyxbutyx
22
222
222
322
177451147907
13753)142621954(
)(mod137514262
)(mod1331964
n
n
225 )195(52195192)93988077(
Quadratic Sieve (3b)Quadratic Sieve (3b)
So what?
gcd(1147907-17745, n)=1093
Other factor = n/1093=3511
Factor n = 3837523Factor n = 3837523Want x,y:Want x,y: gcd(x-y, n) is a factor gcd(x-y, n) is a factor
Step 4: Want to get 2 non-congruent perfect squaresStep 4: Want to get 2 non-congruent perfect squares
Example:Example:This is close, but This is close, but all all factors need to be pairedfactors need to be paired
Generate lots of # and experiment until all factors are paired.Generate lots of # and experiment until all factors are paired.To automate this search:To automate this search:
Can write each example are a row in a matrix, where each Can write each example are a row in a matrix, where each column is a prime in number basecolumn is a prime in number baseThen search for dependencies among rows mod 2.Then search for dependencies among rows mod 2.May need extra rows, since sometimes we get x=+/-y. May need extra rows, since sometimes we get x=+/-y.
)(mod,22 nyxbutyx
225 )195(52195192)93988077(
Quadratic Sieve (3b)Quadratic Sieve (3b)
Factor n = 3837523Factor n = 3837523To automate this search:To automate this search:
Each row in the matrix is a Each row in the matrix is a squaresquare
Each column is a prime in the Each column is a prime in the number basenumber base
Search for dependencies Search for dependencies among rows mod 2.among rows mod 2.
For last one (green)For last one (green)
So we can’t use the square root So we can’t use the square root compositeness theoremcompositeness theorem
)191352(
)339780779398(33
My codeMy code
Sum: 0 2 2 2 0 4 0 0Sum: 8 4 6 0 2 4 0 2Sum: 6 0 6 0 0 2 0 2
