Algorithms - Introduction to Cryptography - Lecture Notes, Study notes of Cryptography and System Security

Lecture notes from Introduction to Cryptography. This lecture includes: Algorithms, Polynomial Time, Asymptotic, Concrete Complexity, Randomized Algorithms, Prime, Squares

Typology: Study notes

2013/2014

Uploaded on 01/29/2014

sundar
sundar 🇮🇳

4.7

(9)

104 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Recommended Reading.
Goldreich, 1.3.
KatzLindell 8.1, 8.2.
Cormen, Leiserson, Rivest, Stein.
Introduction to Algorithms
(2nd ed), Ch. 13, 5, 31, 34.
Sipser.
Introduction to the Theory of Computation.
(various parts)
1 Algorithms
In this course, we will not use a specic model of computation when talking about algorithms.
An algorithm can be a program for a Turing machine, RAM model, or your favorite model of
computation, as they are roughly equivalent in terms of eciency.
The inputs of an algorithm are strings over an alphabet
Σ
,
Σ
being often
{0,1}
. Hence an
algorithm
A
is a function from
Σ
to
Σ?
.
A
computes
a function
f:{0,1} {0,1}
: on input
x
in
{0,1}
,
A
outputs
f(x) {0,1}
A
decides
a language
L {0,1}
: on input
x
,
A
outputs 1 if
xL
and 0 if
x /L
. (equivalent
to computing a boolean function
f:{0,1} {0,1}
).
A
runs in time
T:NN
: for all
x
,
A(x)
halts after at most
T(kxk)
time units, where
kxk
is the
length
of the string
x
.
A
runs in polynomial time
if it runs in time
O(nc)
for some constant
c
.
Ecient
(or
feasible
) algorithms are ones that run in polynomial time. (Although the con-
stant
c
is important for practical eciency, the polynomial time eciency criterion has the
advantage that it does not depend on the encoding of the data or the model of computation
(given reasonable choices for these).) An algorithm that does not run in polynomial time is
viewed as
infeasible
.
Note that numbers are encoded using their
binary representation
so if the input is an integer
N
, an algorithm that runs in polynomial time should run in time polynomial in
kNk log N
.
2 Polynomial time
The complexity class
P
consists of all problems solvable in polynomial time. (Technically, it is a
class of languages)
problems seen in CS124: sorting, shortest path, maximum ow, linear programming, ...
many arithmetic functions which are important in cryptography.
1
pf3
pf4

Partial preview of the text

Download Algorithms - Introduction to Cryptography - Lecture Notes and more Study notes Cryptography and System Security in PDF only on Docsity!

Recommended Reading.

  • Goldreich, 1.3.
  • KatzLindell 8.1, 8.2.
  • Cormen, Leiserson, Rivest, Stein. Introduction to Algorithms (2nd ed), Ch. 13, 5, 31, 34.
  • Sipser. Introduction to the Theory of Computation. (various parts)

1 Algorithms

In this course, we will not use a specic model of computation when talking about algorithms. An algorithm can be a program for a Turing machine, RAM model, or your favorite model of computation, as they are roughly equivalent in terms of eciency. The inputs of an algorithm are strings over an alphabet Σ, Σ being often { 0 , 1 }. Hence an algorithm A is a function from Σ∗^ to Σ?.

  • A computes a function f : { 0 , 1 }∗^ → { 0 , 1 }∗: on input x in { 0 , 1 }∗, A outputs f (x) ∈ { 0 , 1 }∗
  • A decides a language L ⊂ { 0 , 1 }∗: on input x, A outputs 1 if x ∈ L and 0 if x /∈ L. (equivalent to computing a boolean function f : { 0 , 1 }∗^ → { 0 , 1 }).
  • A runs in time T : N → N: for all x, A(x) halts after at most T (‖x‖) time units, where ‖x‖ is the length of the string x.
  • A runs in polynomial time if it runs in time O(nc) for some constant c. Ecient (or feasible) algorithms are ones that run in polynomial time. (Although the con- stant c is important for practical eciency, the polynomial time eciency criterion has the advantage that it does not depend on the encoding of the data or the model of computation (given reasonable choices for these).) An algorithm that does not run in polynomial time is viewed as infeasible. Note that numbers are encoded using their binary representation so if the input is an integer N , an algorithm that runs in polynomial time should run in time polynomial in ‖N ‖ ≈ log N.

2 Polynomial time

The complexity class P consists of all problems solvable in polynomial time. (Technically, it is a class of languages)

  • problems seen in CS124: sorting, shortest path, maximum ow, linear programming, ...
  • many arithmetic functions which are important in cryptography.

Examples:

  • DIV(x, y) = (q, r) such that x = y · q + r where r < y. The remainder r is also denoted x mod y.
  • GCD(x, y) is dened as the largest z such that z|x and z|y. It can be computed in polynomial time using Euclid's algorithm.
  • exponentiation: EXP(x, y) = xy
  • modular exponentiation: MODEXP(x, y, z) = xy^ mod z

2.1 Problems believed to not be in P

Computational problems which are not solvable in poynomial time are said to be intractable. Here are some examples.

  • A problem provably not in P?
  • The complexity class NP is the class of decision problems (yes/no answer) or languages that have short proofs of membership. More formally: L ∈ NP if there exists a polynomial time verier V and a polynomial q such that x ∈ L ⇐⇒ ∃w : |w| ≤ q(‖x‖) , V (x, w) = 1. The string w is the witness for x. Example: SAT.
  • NP-complete problems are the hardest problems in NP. Formally, problem Π is NP- complete if it is in NP and every problem in NP reduces to Π.

 Satisfiability, Travelling Salesman Problem, and Graph 3-Coloring.  If an NP-complete problem were solvable in polynomial time, then every NP problem would be solvable in polynomial time.  P 6 = NP widely believed (but still unproven).

  • Integer Factorization: given a composite number N , nd a non-trivial (=other than 1 and N ) factor of N.

 Neither known to be in P nor NP-complete.

Some algorithms:

 exhaustive search / trial division  quadratic sieve: this is the best provable algorithm, it runs in time roughly 2

‖N ‖

 number eld sieve: the unproven time bound for this algorithm is roughly 2

√ 3 ‖N ‖

So far, there is no known polynomial-time algorithm.

∗ If gcd(yi, N ) = 1 then compute zi = y

N − 21 i mod^ N  If all the zi's belong to { 1 , N − 1 } and both values 1 and N − 1 occurr, output prime. Otherwise, output composite.

This is a polynomial-time algorithm because the gcd is computed with Euclid's algorithm in polynomial time and the modular exponentiation is computed with the repeated squares and multi- ply algorithm in polynomial time. For this randomized algorithm, the probability is taken over the random choices of yi's. The MillerRabin primality test is analyzed in KatzLindell. One disad- vantage of this algorithm over other primality testing algorithms is that there is a two-sided error. (For the other algorithms, an error occurs only when a composite number is said to be prime)