Addition

How fast can you add A+B

Addition

How fast can you add A+B

Addition

How fast can you add A+B

Addition

How fast can you add A+B

Addition

How fast can you add A+B

Addition

n-bit numbers time = O(n)

How fast can you add A+B

Multiplication

How fast can you multiply A*B

Multiplication

How fast can you multiply A*B

Multiplication

How fast can you multiply A*B

n-bit numbers time = O(n2)

Karatsuba-Offman

a=2n/2 a1 + a0

b=2n/2 b1 + b0

ab=(2n/2a1+a0)(2n/2b1+b0) = 2n a1 b1 + 2n/2 (a1 b0 + a0 b1) + a0 b0

Karatsuba-Offman

a=2n/2 a1 + a0

b=2n/2 b1 + b0Multiply(a,b,n) if n=1 return a*b else R1 Multiply(a1,b1,n/2) R2 Multiply(a0,b1,n/2) R3 Multiply(a1,b0,n/2) R4 Multiply(a0,b0,n/2) return 2n R1+ 2n/2 (R2+R3) + R4

Karatsuba-OffmanMultiply(a,b,n) if n=1 return a*b else R1 Multiply(a1,b1,n/2) R2 Multiply(a0,b1,n/2) R3 Multiply(a1,b0,n/2) R4 Multiply(a0,b0,n/2) return 2n R1+ 2n/2 (R2+R3) + R4

Recurrence?

Karatsuba-OffmanMultiply(a,b,n) if n=1 return a*b else R1 Multiply(a1,b1,n/2) R2 Multiply(a0,b1,n/2) R3 Multiply(a1,b0,n/2) R4 Multiply(a0,b0,n/2) return 2n R1+ 2n/2 (R2+R3) + R4

Recurrence?

T(n) = 4T(n/2) + O(n)

Karatsuba-Offman

T(n) = 4T(n/2) + O(n)

T(n)=O(n2)

Karatsuba-Offmanab=(2n/2a1+a0)(2n/2b1+b0) = 2n a1 b1 + 2n/2 (a1 b0 + a0 b1) + a0 b0

Can compute in less than 4 multiplications?

Karatsuba-Offmanab=(2n/2a1+a0)(2n/2b1+b0) = 2n a1 b1 + 2n/2 (a1 b0 + a0 b1) + a0 b0

Can compute using 3 multiplications:

(a0+a1)(b0+b1) = a0b0 + (a1 b0 + a0 b1) + a1 b1

Karatsuba-OffmanMultiply(a,b,n) if n=1 return a*b else R1 Multiply(a1,b1,n/2) R2 Multiply(a0,b0,n/2) R3 Multiply(a1+a0,b1+b0,n/2+1) R4 R3 – R2 – R1

return 2n R1+ 2n/2 R3 + R2

Recurrence?

Karatsuba-OffmanMultiply(a,b,n) if n=1 return a*b else R1 Multiply(a1,b1,n/2) R2 Multiply(a0,b0,n/2) R3 Multiply(a1+a0,b1+b0,n/2+1) R4 R3 – R2 – R1

return 2n R1+ 2n/2 R3 + R2

Recurrence?

T(n) = 3T(n/2) + O(n)

Karatsuba-Offman

T(n) = 3T(n/2) + O(n)

T(n)=O(nC)

C=log2 3 1.58

Integer Division

a,b q,r

a = q*b + r0 r < b

Can be done in O(n2) time.

r=a mod b

d divides a

DEFINITION: d divides a (denoted d | a) if there exists b such that b*d = a 3|63|0 0|30|0

d divides a

DEFINITION: d divides a (denoted d | a) if there exists b such that b*d = a 3|6 yes, b=23|0 yes, b=0 0|3 no0|0 yes, b=?

d divides a

3|6 yes, b=23|0 yes, b=0 0|3 no0|0 yes, b=?

d | a a | c d | c

Proof: a = b*d, c=b’*a c=(b*b’)*d

Divisibility poset

1

2 3

4

5

6

7

8

9 10

0

GCD

GCD (a,b) “largest” d such that d|a, d|b

GCD

GCD (a,b) “largest” d such that d|a, d|b

d|a, d|b(c; c|a,c|b) : c|d

GCD(3,6)GCD(0,8)GCD(0,0)

GCD

GCD (a,b) “largest” d such that d|a, d|b

d|a, d|b(c; c|a,c|b) : c|d

GCD(3,6) = 3GCD(0,8) = 8GCD(0,0) = 0

GCD

How quickly can we computeGCD (a,b) ?

GCD

How quickly can we computeGCD (a,b) ?

Euclid GCD(a,b) = GCD(b,a mod b)

GCD

GCD(a,b) if b=0 then return a else return GCD(b,a mod b)

wlog a>b

Running time?

GCD

GCD(a,b) if b=0 then return a else return GCD(b,a mod b)

wlog a>b

Running time?

(a,b)(b,a mod b)(a mod b, ?)(a mod b) < a/2

GCD

(a,b)(b,a mod b)(a mod b, ?)(a mod b) < a/2

2(log2 a)=O(n) iterations

each mod O(n2) time O(n3) time total

Modular exponentiation

(a,b,m) ab mod m

Modular exponentiation

(a,b,m) ab mod m

a mod ma2 mod m a4 mod ma8 mod ma16 mod m...

b = 10101

ab mod m

Modular exponentiation

(a,b,m) ab mod mmod-ex(a,b,m) if b=0 then RETURN 1 else if b mod 2 = 0 then RETURN mod-ex(a,b/2,m)2 mod m else RETURN a*mod-ex(a,(b-1)/2,m)2 mod m

Algorithms so far

addition a+b O(n) timemultiplication a*b O(n1.58) timedivision a/b,a mod b O(n2) timegcd(a,b) O(n3) timeab mod m O(n3) time

a,b,m n-bit integers

GROUP(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

Modular arithmetic modulo m

G = {0,...,m-1} = Zm

ab = a+b mod m

(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

Modular arithmetic modulo m

G = {0,...,m-1} = Zm

ab = a+b mod m

(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

IS A GROUP

Modular arithmetic modulo m

G = {0,...,m-1} = Zm

ab = a*b mod m

(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

Modular arithmetic modulo m

G = {0,...,m-1} = Zm

ab = a*b mod m

(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

b; ab=1 [mod m]

GCD(a,m)=1

Modular arithmetic modulo m

G = Z*m ={a | GCD(a,m)=1 }

ab = a*b mod m

(G,) is a group if

GG G (ab)c = a(bc)exists G (aG) a = aa a-1

aa-1=

IS A GROUP

Fermat’s little Theorem

ap-1 = 1 [mod p]

p a prime

{ak | k Z} is a subgroup of Z*p

Fermat’s little Theorem

m) = | Z*m |

a(m)=1 [mod m]

m=p1a1 p2

a2 ... pkak

m) = (1-1/p1) ... (1-1/pk) m

Fermat’s little Theorem

m=p1a1 p2

a2 ... pkak

m) = (1-1/p1) ... (1-1/pk) m

E.g. if m=pq p,q primes (m)=

Fermat’s little Theorem

m=p1a1 p2

a2 ... pkak

m) = (1-1/p1) ... (1-1/pk) m

E.g. if m=pq p,q primes (m)=(p-1)(q-1)

Fermat’s little Theorem

E.g. if m=pq p,q primes (m)=(p-1)(q-1)

a(p-1)(q-1) =1 [mod pq]

RSA1) choose primes p,q2) let n pq3) choose e4) compute d=e-1 [mod (p-1)(q-1)]5) announce n,e

RSA1) choose primes p=13,q=172) let n pq3) choose e4) compute d=e-1 [mod (p-1)(q-1)]5) announce n,e

RSA1) choose primes p=13,q=172) let n pq=2213) choose e4) compute d=e-1 [mod (p-1)(q-1)]5) announce n,e

RSA1) choose primes p=13,q=172) let n pq=2213) choose e=54) compute d=e-1 [mod (p-1)(q-1)]5) announce n,e

RSA1) choose primes p=13,q=172) let n pq=2213) choose e=54) compute 77=d=e-1 [mod (p-1)(q-1)]5) announce n,e

RSA1) choose primes p=13,q=172) let n pq=2213) choose e=54) compute 77=d=e-1 [mod (p-1)(q-1)]5) announce n,e

n=221e=5

d = 77

RSA

n=221e=5

ENCODE: x xe mod nDECODE: x xd mod n

d = 77

n=221e=5

d = 77RSA

m=42

ENCODE: x xe mod nDECODE: x xd mod n

n=221e=5

d = 77RSA

m=42

9

ENCODE: x xe mod nDECODE: x xd mod n

425 (mod 221) = 9

n=221e=5

d = 77RSA

m=42

9

ENCODE: x xe mod nDECODE: x xd mod n

425 (mod 221) = 9 977 (mod 221) = 42

m=42

Primality testing