Lecture 21: Midterm 2 Review. Modular Arithmetic Inverses and GCD Example: p = 7, q = 11. Professor Walrand. x has inverse modulo m if and only if gcd ( x , m ) = 1 . N = 77 . Wrapping up his lectures for other course this week. ( p − 1 )( q − 1 ) = 60 Will take over lectures next week. Group structures more generally. Choose e = 7, since gcd ( 7 , 60 ) = 1. Rao will continue co-teaching. Proof Idea: Office hours. egcd(7,60). { 0 x ,..., ( m − 1 ) x } are distinct modulo m if and only if gcd ( x , m ) = 1. See you on Piazza. By email. Finding gcd. gcd ( x , y ) = gcd ( y , x − y ) = gcd ( y , x ( mod y )) . 7 ( 0 )+ 60 ( 1 ) = 60 Miterm Prep. Notes 7-12. 7 ( 1 )+ 60 ( 0 ) = 7 Give recursive Algorithm! Base Case? gcd ( x , 0 ) = x . Modular Arithmetic. 7 ( − 8 )+ 60 ( 1 ) = 4 Extended-gcd( x , y ) returns ( d , a , b ) RSA/Cryptography. d = gcd ( x , y ) and d = ax + by 7 ( 9 )+ 60 ( − 1 ) = 3 Polynomials. 7 ( − 17 )+ 60 ( 2 ) = 1 Multiplicative inverse of ( x , m ) . Secret Sharing. egcd ( x , m ) = ( 1 , a , b ) Erasure Resistant Encoding. a is inverse! 1 = ax + bm = ax ( mod m ) . Error Correction. Idea: egcd. Confirm: − 119 + 120 = 1 Counting. gcd produces 1 d = e − 1 = − 17 = 43 = ( mod 60 ) Countability. by adding and subtracting multiples of x and y Computability. Fermat from Bijection. RSA RSA, Public Key, and Signatures. Fermat’s Little Theorem: For prime p , and a �≡ 0 ( mod p ) , a p − 1 ≡ 1 ( mod p ) . RSA: RSA: N = p , q Proof: Consider T = { a · 1 ( mod p ) ,..., a · ( p − 1 ) ( mod p ) } . N = p , q e with gcd ( e , ( p − 1 )( q − 1 )) = 1. e with gcd ( e , ( p − 1 )( q − 1 )) . T is range of function f ( x ) = ax mod ( p ) for set S = { 1 ,..., p − 1 } . d = e − 1 ( mod ( p − 1 )( q − 1 )) . d = e − 1 ( mod ( p − 1 )( q − 1 )) . Invertible function: one-to-one. Theorem: x ed = x ( mod N ) T ⊆ S since 0 �∈ T . Public Key Cryptography: p is prime. Proof: D ( E ( m , K ) , k ) = ( m e ) d mod N = m . = ⇒ T = S . x ed − x is divisible by p and q = ⇒ theorem! Product of elts of T = Product of elts of S . x ed − x = x k ( p − 1 )( q − 1 )+ 1 − x = x (( x k ( q − 1 ) ) p − 1 − 1 ) Signature scheme: ( a · 1 ) · ( a · 2 ) ··· ( a · ( p − 1 )) ≡ 1 · 2 ··· ( p − 1 ) mod p , S ( C ) = D ( C ) . If x is divisible by p , the product is. Otherwise ( x k ( q − 1 ) ) p − 1 = 1 ( mod p ) by Fermat. Since multiplication is commutative. Announce ( C , S ( C )) ⇒ ( x k ( q − 1 ) ) p − 1 − 1 divisible by p . a ( p − 1 ) ( 1 ··· ( p − 1 )) ≡ ( 1 ··· ( p − 1 )) mod p . = Verify: Check C = E ( C ) . Similarly for q . E ( D ( C , k ) , K ) = ( C d ) e = C ( mod N ) Each of 2 ,... ( p − 1 ) has an inverse modulo p , mulitply by inverses to get... a ( p − 1 ) ≡ 1 mod p .
Polynomials Applications. Welsh-Berlekamp Idea: Error locator polynomial of degree k with zeros at errors. Property 2: There is exactly 1 polynomial of degree ≤ d with arithmetic modulo prime p that contains any d + 1: For all points i = 1 ,..., i , n + 2 k , P ( i ) E ( i ) = R ( i ) E ( i ) ( mod p ) ( x 1 , y 1 ) ,..., ( x d + 1 , y d + 1 ) with x i distinct. Property 1: Any degree d polynomial over a field has at most d roots. since E ( i ) = 0 at points where there are errors. Let Q ( x ) = P ( x ) E ( x ) . Secret Sharing: k out of n people know secret. Proof Idea: Q ( x ) = a n + k − 1 x n + k − 1 + ··· a 0 . Scheme: degree n − 1 polynomial, P ( x ) . Any polynomial with roots r 1 ,..., r k . Secret: P ( 0 ) Shares: ( 1 , P ( 1 )) ,... ( n , P ( n )) . E ( x ) = x k + b k − 1 x k − 1 + ··· b 0 . written as ( x − r 1 ) ··· ( x − r k ) Q ( x ) . Recover Secret: Reconstruct P ( x ) with any k points. using polynomial division. Gives system of n + 2 k linear equations. Degree at least the number of roots. Erasure Coding: n packets, k losses. a n + k − 1 + ... a 0 ≡ R ( 1 )( 1 + b k − 1 ··· b 0 ) ( mod p ) Scheme: degree n − 1 polynomial, P ( x ) . Reed-Solomon. a n + k − 1 ( 2 ) n + k − 1 + ... a 0 R ( 2 )(( 2 ) k + b k − 1 ( 2 ) k − 1 ··· b 0 ) ( mod p ) Property 2: There is exactly 1 polynomial of degree ≤ d with ≡ Message: P ( 0 ) = m 0 , P ( 1 ) = m 1 ,... P ( n − 1 ) = m n − 1 arithmetic modulo prime p that contains any d + 1: . . Send: ( 0 , P ( 0 )) ,... ( n + k − 1 , P ( n + k − 1 )) . . ( x 1 , y 1 ) ,..., ( x d + 1 , y d + 1 ) with x i distinct. Recover Message: Any n packets are cool by property 2. a n + k − 1 ( m ) n + k − 1 + ... a 0 R ( m )(( m ) k + b k − 1 ( m ) k − 1 ··· b 0 ) ( mod p ) ≡ Proof Ideas: Corruptions Coding: n packets, k corruptions. Lagrange Interpolation gives existence. ..and n + 2 k unknown coefficients of Q ( x ) and E ( x ) ! Scheme: degree n − 1 polynomial, P ( x ) . Reed-Solomon. Property 1 gives uniqueness. Message: P ( 0 ) = m 0 , P ( 1 ) = m 1 ,... P ( n − 1 ) = m n − 1 Solve for coefficients of Q ( x ) and E ( x ) . Send: ( 0 , P ( 0 )) ,... ( n + 2 k − 1 , P ( n + 2 k − 1 )) . Recovery: P ( x ) is only consistent polynomial with n + k points. Find P ( x ) = Q ( x ) / E ( x ) . Property 2 and pigeonhole principle. Counting Example: visualize. Example: visualize First rule: n 1 × n 2 ···× n 3 . Product Rule. Second rule: when order doesn’t matter divide..when possible. First rule: n 1 × n 2 ···× n 3 . Product Rule. Second rule: when order doesn’t matter divide..when possible. ... ∆ ... ... ∆ ... First Rule ... ... Second Rule ... ... Stars/Bars 3 card Poker deals: 52 × 51 × 50 = 52 ! Common Scenarios: Sampling, Balls in Bins. 49 ! . First rule. Poker hands: ∆ ? Sum Rule. Inclusion/Exclusion. Orderings of ANAGRAM? Hand: Q , K , A . Combinatorial Proofs. Ordered Set: 7! First rule. Deals: Q , K , A , Q , A , K , K , A , Q , K , A , Q , A , K , Q , A , Q , K . A’s are the same! ∆ = 3 × 2 × 1 First rule again. What is ∆ ? 52 ! Total: 49 ! 3 ! Second Rule! ANAGRAM A 1 NA 2 GRA 3 M , A 2 NA 1 GRA 3 M , ... Choose k out of n . n ! ∆ = 3 × 2 × 1 = 3 ! First rule! Ordered set: ( n − k )! 7 ! = ⇒ Second rule! What is ∆ ? k ! First rule again. 3 ! n ! = ⇒ Total: ( n − k )! k ! Second rule.
Summary. Balls in bins. Simple Inclusion/Exclusion “ k Balls in n bins” ≡ “ k samples from n possibilities.” Sum Rule: For disjoint sets S and T , | S ∪ T | = | S | + | T | k Samples with replacement from n items: n k . “indistinguishable balls” ≡ “order doesn’t matter” Example: How many permutations of n items start with 1 or 2? n ! Sample without replacement: ( n − k )! 1 × ( n − 1 )! + 1 × ( n − 1 )! “only one ball in each bin” ≡ “without replacement” � n n ! Inclusion/Exclusion Rule: For any S and T , � Sample without replacement and order doesn’t matter: = ( n − k )! k ! . 5 balls into 10 bins k | S ∪ T | = | S | + | T |−| S ∩ T | . “ n choose k ” 5 samples from 10 possibilities with replacement (Count using first rule and second rule.) Example: 5 digit numbers. Example: How many 10-digit phone numbers have 7 as their first or second digit? 5 indistinguishable balls into 52 bins only one ball in each bin � k + n − 1 Sample with replacement and order doesn’t matter: � . n − 1 S = phone numbers with 7 as first digit. | S | = 10 9 5 samples from 52 possibilities without replacement Count with stars and bars: Example: Poker hands. T = phone numbers with 7 as second digit. | T | = 10 9 . how many ways to add up n numbers to get k . 5 indistinguishable balls into 3 bins S ∩ T = phone numbers with 7 as first and second digit. | S ∩ T | = 10 8 . Each number is number of samples of type i which adds to total, k . 5 samples from 3 possibilities with replacement and no order Answer: | S | + | T |−| S ∩ T | = 10 9 + 10 9 − 10 8 . Dividing 5 dollars among Alice, Bob and Eve. Combinatorial Proofs. Countability Isomorphism principle. � n � n + 1 � n � � � Theorem: = + . k k k − 1 � n + 1 Given a function, f : D → R . � Proof: How many size k subsets of n + 1? . k One to One: How many size k subsets of n + 1? For all ∀ x , y ∈ D , x � = y = ⇒ f ( x ) � = f ( y ) . Isomporphism principle. How many contain the first element? or Example. Chose first element, need to choose k − 1 more from remaining n ∀ x , y ∈ D , f ( x ) = f ( y ) = ⇒ x = y . Countability. elements. � n Diagonalization. Onto: For all y ∈ R , ∃ x ∈ D , y = f ( x ) . = ⇒ � k − 1 f ( · ) is a bijection if it is one to one and onto. How many don’t contain the first element ? Need to choose k elements from remaining n elts. Isomorphism principle: � n � = ⇒ If there is a bijection f : D → R then | D | = | R | . k � n � n � n + 1 So, � + � = � . k − 1 k k
Recommend
More recommend
