28
Extended Euclidean Extended Euclidean Algorithm Algorithm Presented by Presented by Lidia Abrams Lidia Abrams Anne Cheng Anne Cheng
Extended Euclidean Extended Euclidean AlgorithmAlgorithm
Presented byPresented by
Lidia AbramsLidia AbramsAnne ChengAnne Cheng
22
Euclidean Algorithm Euclidean Algorithm THEOREMTHEOREMEuclidean Algorithm Euclidean Algorithm THEOREMTHEOREM
If If mm and and nn are any integers, not both are any integers, not both zero, then the Greatest Common zero, then the Greatest Common Divisor of Divisor of mm and and nn, denoted gcd(m,n) , denoted gcd(m,n) is the largest of the common divisors is the largest of the common divisors of of mm and and nn..
33
FORMULAFORMULAFORMULAFORMULA
To compute the gcd of two numbers To compute the gcd of two numbers mm and and nn, let r, let r00 = m, let r = m, let r11 = n, and compute = n, and compute
successive quotients and remainderssuccessive quotients and remainders
rri-1 i-1 = q= qii+1 +1 xx rrii + + rri+1i+1
for i = 1,2,…until some remainder rfor i = 1,2,…until some remainder rn+1n+1 is 0. is 0.
The last nonzero remainder rThe last nonzero remainder rnn is then the is then the
greatest common divisor of greatest common divisor of mm and and nn..
55
FLOWCHARTFLOWCHARTFLOWCHARTFLOWCHART
Ensure m ≥ n
Find remainder
Is r = 0
Interchange
TerminateYes
No
66
ALGORITHMALGORITHMALGORITHMALGORITHM
//Computes gcd(m, n) by Euclid’s algorithm//Computes gcd(m, n) by Euclid’s algorithm//Input: Two nonnegative, not-both-zero integers //Input: Two nonnegative, not-both-zero integers
m and nm and n//Output: Greatest common divisor of m and n//Output: Greatest common divisor of m and n//*****************************************************//*****************************************************1. If m < n, exchange 1. If m < n, exchange mm and and nn2. If n = 0, return 2. If n = 0, return mm, terminate; else step 3., terminate; else step 3.3. Divide 3. Divide mm by by nn and let and let rr be the remainder. be the remainder.
(0 ≤ r < n)(0 ≤ r < n)
4. If r = 0, terminate; 4. If r = 0, terminate; nn is the answer is the answer..5.5. Set m = n, n = r, and go back to step 3.Set m = n, n = r, and go back to step 3.
77
ALGORITHM -- PseudocodeALGORITHM -- PseudocodeALGORITHM -- PseudocodeALGORITHM -- Pseudocode
Euclid(m , n)Euclid(m , n)
1.1. If n = 0If n = 0
2.2. then return then return mm
3.3. else return else return Euclid(n, m mod n)Euclid(n, m mod n)
88
EXAMPLEEXAMPLEEXAMPLEEXAMPLE
Calculate:Calculate: gcd(22, 60) = gcd(60,22) gcd(22, 60) = gcd(60,22)
60 = 2 x 22 + 1660 = 2 x 22 + 16 = Euclid(22,16) = Euclid(22,16)
22 = 1 x 16 + 622 = 1 x 16 + 6 = Euclid(16,6) = Euclid(16,6)
16 = 2 x 6 + 416 = 2 x 6 + 4 = Euclid(6,4) = Euclid(6,4)
6 = 1 x 4 + 2 gcd6 = 1 x 4 + 2 gcd = Euclid(4,2) = Euclid(4,2)
4 = 2 x 2 + 04 = 2 x 2 + 0 = Euclid(2,0) = Euclid(2,0)
= 2.= 2.
99
Extended Euclid’s AlgorithmExtended Euclid’s AlgorithmTHEOREMTHEOREM
If If mm and and nn are any positive integers, not are any positive integers, not both zero, gcd(m, n) is the smallest both zero, gcd(m, n) is the smallest positive element of the setpositive element of the set
{am + bn: a,b in Z} of linear combinations {am + bn: a,b in Z} of linear combinations of of mm and and nn. .
Thus:Thus:
amam + bn = gcd(m, n) = + bn = gcd(m, n) = dd
1010
FLOWCHARTFLOWCHARTFLOWCHARTFLOWCHART
S1: m > 0, n >0
S3: am+bn = d, a’m+b’n = c = qd + r, 0 ≤ r < d, gcd(c,d) = gdc(m,n)
S2: c = m > 0, d = n > 0, a = b’= 0, a’b = 1.
S4: am + bn = f = gcd(m, n).
S5: am+bn = d, a’m+b’n = c = qd + r, 0 < r < d m gcd(c,d) = gcd(m,n).c = d, d = r
t=a’, a’=a, a= t - qa;t=b’, b’=b, b=t - qb;
Start
a=0 a’=1 c=mb=1 b’=0 d=n
q=quotient(c%d)r=remainder(c%d)
r = 0? StopNo
Yes
S6: am+bn = d, a’m+b’n = c, d > 0, gcd(c,d) = gcd(m,n)
1111
ALGORITHMALGORITHMALGORITHMALGORITHM//Input: Two positive integers m and n//Input: Two positive integers m and n//Output: Greatest common divisor d and two integers a //Output: Greatest common divisor d and two integers a
and b, such that am + bn = dand b, such that am + bn = d//*****************************************************//*****************************************************
1.1. Set a’ = b = 1, a = b’ = 0, c = m, d = n.Set a’ = b = 1, a = b’ = 0, c = m, d = n.2.2. Let q, r be the quotient and remainder, respectively, of Let q, r be the quotient and remainder, respectively, of
c divided by d. (We have c = qd + r, 0 ≤ r < d)c divided by d. (We have c = qd + r, 0 ≤ r < d)3.3. If r = 0, terminate; we have in this case am + bn = d as If r = 0, terminate; we have in this case am + bn = d as
desired.desired.4.4. Set c = d, d = r,Set c = d, d = r,
t = a’, a’ = a, a = t – qa,t = a’, a’ = a, a = t – qa,t = b’, b’ = b, b = t – qb, and go back to step 2.t = b’, b’ = b, b = t – qb, and go back to step 2.
1212
ALGORITHM – PseudocodeALGORITHM – PseudocodeALGORITHM – PseudocodeALGORITHM – Pseudocode
Extended-Euclid(m, n)Extended-Euclid(m, n)
11 If n = 0If n = 0
22 then return (m, 1, 0)then return (m, 1, 0)
33 (d’, a’, b’) = Extended-Euclid(n, m mod n)(d’, a’, b’) = Extended-Euclid(n, m mod n)
44 (d , a , b) = (d’, b’, a’ – floor(a/b)b’)(d , a , b) = (d’, b’, a’ – floor(a/b)b’)
55 return (d, a, b)return (d, a, b)
1313
EFFICIENCYEFFICIENCYEFFICIENCYEFFICIENCY
The number of recursive calls made in The number of recursive calls made in EuclidEuclid is equal to the number of recursive is equal to the number of recursive calls made in calls made in Extended-EuclidExtended-Euclid, the running , the running times of both algorithms are the same, to times of both algorithms are the same, to within a constant factor. within a constant factor.
For a > b > 0, the number of recursive For a > b > 0, the number of recursive calls is calls is OO(logn). (logn).
1414
EXAMPLEEXAMPLEEXAMPLEEXAMPLE
m = 2 x n + 16m = 2 x n + 16n = 1 x 16 + 6n = 1 x 16 + 6
16 = 2 x 6 + 416 = 2 x 6 + 4
6 = 1 x 4 + 26 = 1 x 4 + 2
4 = 2 x 2 + 04 = 2 x 2 + 0
16 = m – 2n
6 = n – 1 x 16
= n – 1 x (m – 2n)
= -m + 3n
4 = 16 – 2 x 6
= (m – 2n) – 2 x ( -m + 3n)
= (3m – 8n)
2 = 6 – 1 x 4
= (-m + 3n) – 1 x (3m – 8n)
= -4m + 11n
1515
Example – cont.Example – cont.
-- -- -- -- 11 00
6060 2222 1616 22 00 11
2222 1616 66 11 11 -2-2
1616 66 44 22
66 44 22 11
44 22 00 22
m n r q a b
Next a = next-to-last a - q*(last a)
a = 1 - 2*0 = 1
Next b = next-to-last b - q*(last b)
b = 0 - 2*1 = -2
1616
Example – cont.Example – cont.
-- -- -- -- 11 00
6060 2222 1616 22 00 11
2222 1616 66 11 11 -2-2
1616 66 44 22 -1-1 33
66 44 22 11
44 22 00 22
m n r q a b
a = 0 - 1*1 = -1
b = 1 - 1*(-2) = 3
1717
Example – cont.Example – cont.
-- -- -- -- 11 00
6060 2222 1616 22 00 11
2222 1616 66 11 11 -2-2
1616 66 44 22 -1-1 33
66 44 22 11 33 -8-8
44 22 00 22
m n r q a b
a = 1 - 2*(-1) = 3
b = -2 - 2*3 = -8
1818
Example – cont.Example – cont.
-- -- -- -- 11 00
6060 2222 1616 22 00 11
2222 1616 66 11 11 -2-2
1616 66 44 22 -1-1 33
66 44 22 11 33 -8-8
44 22 00 22 -4-4 1111
m n r q a b
a = -1 - 1*3 = -4
b = 3 - 1*(-8) = 11
1919
Euclid’s Game !!Euclid’s Game !!
The game is really very simple. It helps clarify the Euclid's algorithm and the notion of the Greatest Common Divisor of two integers. The difference of any two numbers is divisible by their gcd. Assuming the two original numbers are N and M and N>M (In the applet they are never equal.) Then the only numbers that could be obtained by taking differences are the multiples of gcd(N,M). Furthermore, all such numbers will eventually appear on the board regardless of the sequence of moves (why?). Therefore, the total number of integers that will be written on the board equals N/gcd(N,M). From here you may calculate whether it's preferable to start or let the computer make the first move.
http://www.cut-the-knot.com/blue/EuclidAlg.shtmlhttp://www.cut-the-knot.com/blue/EuclidAlg.shtml
2020
CRYPTOGRAPHY-- RSACRYPTOGRAPHY-- RSA Background: RSA was developed by 3 MIT researchers: Background: RSA was developed by 3 MIT researchers: Ronald Rivest, Adi Shamir, and Leonard AdlemanRonald Rivest, Adi Shamir, and Leonard AdlemanSearching for a more complete Public Key Cryptography Searching for a more complete Public Key Cryptography approach than Diffie-Hellman.approach than Diffie-Hellman.Published in 1977 and Patented in September 2000.Published in 1977 and Patented in September 2000.2 sets of keys, public and private keys.2 sets of keys, public and private keys.Strength of RSA comes from the difficulty of factoring Strength of RSA comes from the difficulty of factoring large prime numbers.large prime numbers.RSA algorithm is based on the fact that there is no RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of RSA key, therefore, requires an extraordinary amount of computer processing power and time.computer processing power and time.
RSA PROVING: RSA PROVING:
http://www.di-mgt.com.au/rsa_theory.htmlhttp://www.di-mgt.com.au/rsa_theory.html
2121
RSA ConceptsRSA ConceptsM = message M = message C = encrypted message C = encrypted message
Encryption::Encryption::
P(M)– public key pair P(M)– public key pair (e,n)(e,n)
C = P(M), where C = C = P(M), where C = MMee mod n mod n
e = public exponent, e = public exponent, which is relative prime which is relative prime number to (p-1)(q-1)number to (p-1)(q-1)
Decryption::Decryption::
S(m)– private key pair S(m)– private key pair (d,n).(d,n).
S(C ) = M, where M = S(C ) = M, where M = CCdd mod n mod n
d = private exponent, d = private exponent, which is any integer which is any integer satisfies (ed-1)/ (p-1)satisfies (ed-1)/ (p-1)(q-1) is an integer.(q-1) is an integer.
2222
RSA– Steps to encrypt dataRSA– Steps to encrypt data
1)1) Select 2 prime numbers: p & q.Select 2 prime numbers: p & q.2)2) Find the n = p*q, where n is the public and Find the n = p*q, where n is the public and
private key pairsprivate key pairs3)3) Find e. e must be relative prime to (p-1)(q-1)Find e. e must be relative prime to (p-1)(q-1)4)4) Find d. d must be chosen so (ed-1)/(p-1)(q-1) Find d. d must be chosen so (ed-1)/(p-1)(q-1)
is an integer by using Extended Euclidean is an integer by using Extended Euclidean Algorithm. If d satisfies the equation, then d will Algorithm. If d satisfies the equation, then d will be the be the multiplicative inversemultiplicative inverse of e.
5) Discard p and q. only the public key(e,n) and private(d,n) are needed now.
2323
How to get Key pairs???How to get Key pairs???
1)1) Select 2 prime numbers: p = 11, q = 3Select 2 prime numbers: p = 11, q = 3
2)2) Find n = p*q : n = 11*3=33Find n = p*q : n = 11*3=33
3)3) Find e, relative prime, to (11-1)*(3-1) = 20: e = 3Find e, relative prime, to (11-1)*(3-1) = 20: e = 3
4)4) Find d, making (ed-1)/(p-1)(q-1) is an integer.Find d, making (ed-1)/(p-1)(q-1) is an integer. (3d-1)/10 = k, where k is an integer (3d-1)/10 = k, where k is an integer become become 3d -1 = 10k 3d -1 = 10k 3d + (-10) k = 1 3d + (-10) k = 1 using Extended Euclidean using Extended Euclidean
Algorithm to find integer d, k Algorithm to find integer d, k d = 7 k = 2, it satisfies the eqn d = 7 k = 2, it satisfies the eqn (3*7-1)/10 = 2 (=k) is an integer.(3*7-1)/10 = 2 (=k) is an integer.
5)5) Discard p,q: public pair(e,n) vs. private pair(d,n)Discard p,q: public pair(e,n) vs. private pair(d,n) public(3,33) vs. private(7,33)public(3,33) vs. private(7,33)
2424
How to encrypt data “G” now???How to encrypt data “G” now???
Since we have the public key pairs(3,33) Since we have the public key pairs(3,33) and private key pairs(7,33), we can and private key pairs(7,33), we can encrypt our data now. For example, we encrypt our data now. For example, we want to encrypt “GO.” In alphabet, G = 7 want to encrypt “GO.” In alphabet, G = 7 and O = 15. First, we encrypt “G.” We and O = 15. First, we encrypt “G.” We know: C = P(M) = encrypted data. Thus, know: C = P(M) = encrypted data. Thus, M = 7 and find C?M = 7 and find C?C = P(7) = MC = P(7) = Mee mod n = 7 mod n = 733 mod 33 = 13 mod 33 = 13 C = 13C = 13
2525
How to decrypt data “G” now??How to decrypt data “G” now??
Since we have C = 13 and private key pair is Since we have C = 13 and private key pair is (7,33), M = S( C)= C(7,33), M = S( C)= Cdd mod n.We can apply: mod n.We can apply:
M = 13M = 1377 mod 33 = mod 33 = M = 7. Then, according to M = 7. Then, according to alphabet , M = 7 is the location of “G”alphabet , M = 7 is the location of “G”
Note: a = bc mod n = (b mod n) * (c mod n)Note: a = bc mod n = (b mod n) * (c mod n)
2626
To encrypt vs. decrypt “O”To encrypt vs. decrypt “O”Public(e,n) = public(3,33)Public(e,n) = public(3,33)
Private(d,n) = private(7,33)Private(d,n) = private(7,33)
To encrypting: C = MTo encrypting: C = Mee mod n mod n
O = 15 O = 15 M M
C = P(M) = P(15) = 15C = P(M) = P(15) = 1533 mod 33 = 9 mod 33 = 9
To decrypting: M = CTo decrypting: M = Cdd mod n mod n
M = 9M = 977 mod 33 = 15. mod 33 = 15.
http://sci.vu.edu.au/~drw/scriptlets/http://sci.vu.edu.au/~drw/scriptlets/rsa.htmlrsa.html
2727
Issue??Issue??
The n is 33. there are 0-32 n’s maps to a unique The n is 33. there are 0-32 n’s maps to a unique code C in the same range in a sort of random code C in the same range in a sort of random manner. In this case, we have 9 values of m to manner. In this case, we have 9 values of m to the same value of C – these are know as the same value of C – these are know as unconcealed message. unconcealed message.
We always have the issue of M=0 or M = 1 no We always have the issue of M=0 or M = 1 no matter how large n is . However, in practice, matter how large n is . However, in practice, higher values shouldn’t be a problem when we higher values shouldn’t be a problem when we use large values of n.use large values of n.
2828
RSA ConclusionRSA Conclusion
Bigger is Better: In practice, large values for p and q Bigger is Better: In practice, large values for p and q should be used to create keys of about 100 digits, or should be used to create keys of about 100 digits, or even more. The larger the key strings are, the more even more. The larger the key strings are, the more difficultdifficultBy convenient accident, the program doesn’t echo the By convenient accident, the program doesn’t echo the values of p and q. That is just as well, because those two values of p and q. That is just as well, because those two numbers must never be revealed. After you have your numbers must never be revealed. After you have your key numbers, you no longer need p and q, so all traces key numbers, you no longer need p and q, so all traces of those two numbers can and probably should be of those two numbers can and probably should be erased.erased.To do the encryption (C = mTo do the encryption (C = mee mod n) is very easy, but it mod n) is very easy, but it is very difficult to decrypt M = cis very difficult to decrypt M = cdd mod n. mod n.
2929
QUESTIONS &
ANSWERS
