Search results
Results from the WOW.Com Content Network
Modular exponentiation is efficient to compute, even for very large integers. On the other hand, computing the modular discrete logarithm – that is, finding the exponent e when given b, c, and m – is believed to be difficult. This one-way function behavior makes modular exponentiation a candidate for use in cryptographic algorithms.
Here, complexity refers to the time complexity of performing computations on a multitape Turing machine. [1] See big O notation for an explanation of the notation used. Note: Due to the variety of multiplication algorithms, () below stands in for the complexity of the chosen multiplication algorithm.
Some variants are commonly referred to as square-and-multiply algorithms or binary exponentiation. These can be of quite general use, for example in modular arithmetic or powering of matrices. For semigroups for which additive notation is commonly used, like elliptic curves used in cryptography , this method is also referred to as double-and-add .
Regardless of the specific algorithm used, this operation is called modular exponentiation. For example, consider Z 17 ×. To compute 3 4 in this group, compute 3 4 = 81, and then divide 81 by 17, obtaining a remainder of 13. Thus 3 4 = 13 in the group Z 17 ×. The discrete logarithm is just the inverse operation.
Complexity [ edit ] Using fast algorithms for modular exponentiation and multiprecision multiplication, the running time of this algorithm is O ( k log 2 n log log n ) = Õ ( k log 2 n ) , where k is the number of times we test a random a , and n is the value we want to test for primality; see Miller–Rabin primality test for details.
The modular inverse of aR mod N is REDC((aR mod N) −1 (R 3 mod N)). Modular exponentiation can be done using exponentiation by squaring by initializing the initial product to the Montgomery representation of 1, that is, to R mod N, and by replacing the multiply and square steps by Montgomery multiplies.
Modular exponentiation can be done in polynomial time. Inverting this function requires computing the discrete logarithm . Currently there are several popular groups for which no algorithm to calculate the underlying discrete logarithm in polynomial time is known.
This can be accomplished via modular exponentiation, which is the slowest part of the algorithm. The gate thus defined satisfies U r = I {\displaystyle U^{r}=I} , which immediately implies that its eigenvalues are the r {\displaystyle r} -th roots of unity ω r k = e 2 π i k / r {\displaystyle \omega _{r}^{k}=e^{2\pi ik/r}} .