Administrative HW 1 HW 2 due Th Sep

Administrative HW 1 HW 2 due Th, Sep. 20, before class due Today, before class QUIZ 1 Tu, Sep. 18 number theory/cryptography, pages 1 -44 of DPV problem session: Fr, Sep. 14, 8 am, CSB 601

I was great at Geometry. If I wanted to train someone as a comedian, I would make them do lots of proofs. That's what comedy is: a kind of bogus proof. You set up a fallacious premise and then prove it with rigorous logic. It just makes people laugh. You'll find that most of my stuff is based on that system. . . You must think rationally on a completely absurd plane.

Cryptography – public key - RSA 1. pick two large primes p, q, let N=pq 2. pick e such that gcd(e, p-1)=1, gcd(e, q-1)=1 3. find d such that e. d 1 mod (p-1)(q-1) 4. announce e, N, keep p, q, d secret ENCODE(x) = xe mod N DECODE(y) = yd mod N

Fermat’s little Theorem Let p be a prime. Let a {1, . . . , p-1}. Then p-1 a 1 (mod p) good for computing inverses? good for primality testing?

good for primality testing? if 2 x-1 1 (mod x) say PRIME else say COMPOSITE

good for primality testing? pick random a {1, . . . , x-1} if ax-1 1 (mod x) say PRIME else say COMPOSITE

good for primality testing? pick random a {1, . . . , x-1} if ax-1 1 (mod x) say PRIME else say COMPOSITE GOOD NEWS! if ax-1 1 (mod x) bx-1 1 (mod x) then (ab)x-1 1 (mod x) (a-1)x-1 1 (mod x) Zx*

BAD NEWS! Carmichael numbers a Z 561* a 560 1 (mod 561) 561 = 3*11*17 4 560 = 2 * 5 * 7

GOOD NEWS! can be fixed: main idea (informally): 1 has only 2 square roots modulo a prime 1 has at least 4 square roots modulo an odd composite what are the square roots of 1 mod 15?

GOOD NEWS! 1 has at least 4 square roots modulo an odd composite Chinese Remainder Theorem Let M, N be such that gcd(M, N)=1. Let a, b be two integers. Then x a (mod M) x b (mod N) has a unique solution in {0, . . . , MN-1}

Rabin-Miller Primality Test pick random a {1, . . . , x-1} if ax-1 1 (mod x) say COMPOSITE x-1=2 k. y e: =x-1 for j from 1 to k do e: =e/2; if 2 e 1 (mod x) then if 2 e -1 (mod x) then PRIME else COMPOSITE PRIME where y is odd

Primality testing co-RP RP ZPP P co-RP = Miler-Rabin (1976 -1980) RP = Adleman-Huang (1992) P = Agrawal, Saxena, Kayal (2002)

Primality testing co-NP NP P Pratt’ 1975

Ok so I can test for primality, how do I get a random prime? ? ?

What else can I use random primes for?

Group set S, with a binary operation : S S S 1) is associative a (b c) = (a b) c 2) neutral element ( e S)( x S) e x = x e = x 3) inverse ( x S)( y S) x y = y x = e

Lagrange’s theorem Let G be finite. Let H G. Then |H| divides |G|. DEFINITION: we say H is a subgroup of G (denoted H G) if for all x, y H we have x y H, and for all x H we have x-1 H