Scribd Logo
Upload

Welcome to Scribd!

  • 123crpto Sample PDF

    Uploaded by

    Neeraj Kalra
    15 views4 pages

    Original Title

    123crpto sample.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    15 views4 pages

    123crpto Sample PDF

    Uploaded by

    Neeraj Kalra

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    Fast Exponentiation

    Say n is not a power of 2, e.g.,


    Problem: Given integers a, n, and m with n 0 and 0 a < m, n = 205 = (11001101)2 = 27 +26 +23 +22 +20.
    compute an (mod m).
    Given the computations above, only 4 more modular
    multiplications produce a205 (mod m):
    A simple algorithm is: y = a; 7 6 3 2
    for ( i = 2, 3, ..., n ) a205 = a2 a2 a2 a2 a (mod m).
    y = ya (mod m);
    return y; (We actually reduce mod m after each multiplication.)

    This simple algorithm uses n1 modular multiplications.


    In general, if n = ( k k1 ... 0)2, where k 0 unless k = 0, then
    It is completely impractical if n has, say, several hundred digits. 2k n < 2k+1, and k = lg(n).
    Much of public-key cryptography depends our ability to
    compute an (mod m) fairly quickly for integers n of this size. We can compute an (mod m) using k modular multiplications to
    i
    compute a2 (i k) followed by 0 to k additional modular
    k i
    multiplications to compute i = 0, =1 a2 .
    i
    If n is a power of 2, say n = 2k, there is a much faster way:
    simply square a, k times. For example, we can compute a128 = The total number of modular multiplications is k to 2k, or
    7
    a2 (mod m) using only 7 modular multiplications, like this: lg(n) to 2 lg(n).
    a2 = (a)2 (mod m)
    2 2 i
    a2 = (a2) (mod m) We dont really need an array to store all the a2 (i k).
    3 2 2
    a2 = (a2 ) (mod m)
    24 23 2
    a = (a ) (mod m)
    25 24 2
    a = (a ) (mod m)
    26 25 2
    a = (a ) (mod m)
    27 26 2
    a = (a ) (mod m)
    Here is our first algorithm: Here is a slight reworking of the algorithm that eliminates explicit
    reference to the bits i . It uses a function odd(n) that returns true
    Input: Integers a, n, and m, with n 0 and 0 a < m. exactly when n is odd.
    Output: an (mod m)
    Algorithm: Let n = ( k k1 ... 0)2, where k 0 unless k = 0. Integer fastExp( Integer a, Integer n, Integer m)
    Then k = lg(n) and n = ki =0 i 2i. x = a; // x = a2
    0

    n
    Note i = (n >> i) &1 in C notation. y = (odd(n) ) ? a : 1; // y = a 0
    n' = n / 2;
    For notational purposes, let ni = ( i i1 ... 0)2 for
    while ( n' > 0 )
    i = 0,1, ..., k. i1 i
    x = x2 (mod m); // x = a2 x = a2
    if (odd(n') )
    Integer fastExp( Integer a, Integer n, Integer m) n n
    0 y = (y ==1) ? x : yx (mod m); // y = a i1 y = a i
    x = a; // x = a2
    n n' = n'/ 2;
    y = (0 ==1) ? a : 1; // y = a 0 return y;
    for ( i = 1, 2, ..., k )
    i1 i
    x = x2 (mod m); // x = a2 x = a2
    if ( i == 1 )
    n n
    y = (y==1) ? x : yx (mod m); // y = a i1 y = a i
    return y;
    n n n
    Instead of computing a 0, a 1, ..., a k, where ni = ( i k1 ... 0)2, the Each algorithm performs between lg(n) and 2lg(n) modular
    m m m multiplications. The exact number is
    variation below computes a k, a k1, ..., a 0, where
    mi = ( k k1 ... i)2. lg(n) + |{i : 0 i < k, i = 1}|.

    It uses one less variable. Note mk = 1, mi = 2mi+1 + i for i = For a random n in [2k,2k+1), we would expect half the i to be 1, so
    k1,...,1,0, and m0 = n. the expected number of modular multiplications would be
    3/2 lg(n).

    Integer fastExp2( Integer a, Integer n, Integer m )


    If n has several hundred digits, lg(n) is somewhere around 1000.
    if ( n == 0 )
    We can compute an (mod m) using about 1500 modular
    return 1; multiplications (expected case) and 2000 modular multiplications
    m
    y = a; // y = a 0 (worst case).
    for ( i = k1, k2, ..., 0 )
    if ( i == 0 )
    y = y2 (mod m); What is the running time of fast exponentiation?
    m m
    else // y = a i+1 y = a i
    y = y2 a (mod m); 1) Using the standard method of multiplying integers, we can
    return y; multiply two q-bit integers in (q2) time. (The same applies
    to modular multiplication.)

    The integers multiplied in fast exponentiation are less than m,


    so they have at most lg(m) +1 bits essentially at most
    lg(m) bits.

    This gives a running time for fast exponentiation of


    O(lg(n)(lg(m))2), or O(lg(m)3) if we assume n m.
    2) Later in this course, we will derive a practical faster
    algorithm for multiplying two integers. This algorithm
    multiplies two q-bit integers in (qlg(3)) time, or
    approximately (q1.59) time.

    If we employ this algorithm, the running time of fast


    exponentiation becomes O(lg(n)(lg(m))1.59), or O(lg(m)2.59) if
    we assume n m.

    3) Still faster algorithms for multiplying two integers are


    known. In principle, at least, the running time of fast
    exponentiation can be reduced still further.

    You might also like