More discussion on RSA: primality, powering. What are the individual steps in RSA? Which of these can be executed efficiently? Look at the following three operations related to RSA. (1) Generating two large random primes: How do we perform this? Well, one way to do it is to generate a random number and then test whether it is prime. How do we test whether it is prime? Our naive scheme (that works in time proportional to the square root of the number) is too slow and inefficient. Fortunately, there are faster, efficient, ways to do it. (2) We need to raise a number to a (potentially) large power. The naive algorithm takes time proportional to the value of the power. Again, this is inefficient. Fortunately, there is a faster, efficient way to do it. The time for powering is proportional to log(p), where p is the power. (3) We do not want the number n (used in the RSA private and public key) to be easily factored into its prime factors p and q. The naive algorithm we have discussed earlier takes time proportional to the square root of n. Fortunately, there is *no* efficient way known for this problem. Powering ======== A number x can be raised to the power p by considering the binary representation of p. We can calculate x^{2^i} (where ^ represents exponentiation) by repeatedly squaring x i times. Now x^p can be obtained by multiplying together x^{2^i} for all i such that the binary representation of p has 1 in the ith position. The number of multiplications required for this purpose is at most 2*log(p). Efficiency and size of problems =============================== An algorithm for a problem P is said to be efficient if it can be solved in time proportional to [size(P)]^c for some small constant c. The important thing to keep in mind is the notion of size(P). It is the number of bits it takes to represent P. So for primality and factoring, the size of the problem is not the number n that is given as input; instead, it is log(n) since it takes only log(n) bits to write n. We discussed why the naive algorithms for primality, powering, and factoring are not efficient. And also why the second algorithm (repeatedly squaring) for powering is efficient. Digital Signatures ================== Digital signature is a mechanism for authenticating the sender of a message. The sender signs a message (actually, a digest of the message) with his/her private key. The receiver verifies the signature using the public key of the "presumed sender".