Described Left to Right Exponentation

diff --git a/algorithmicnumbertheory.pdf b/algorithmicnumbertheory.pdf
new file mode 100644 (file)
index 0000000..b8bac40
Binary files /dev/null and b/algorithmicnumbertheory.pdf differ

diff --git a/report/formal.pdf b/report/formal.pdf
index a45345d..06923ca 100644 (file)
Binary files a/report/formal.pdf and b/report/formal.pdf differ

diff --git a/report/formal.tex b/report/formal.tex
index 9a46f32..72af0e3 100644 (file)
--- a/report/formal.tex
+++ b/report/formal.tex
@@ -6,6 +6,8 @@
 \usepackage{amsmath}
 \usepackage{amsthm}
 \usepackage{amssymb}
+\usepackage{algorithm}
+\usepackage[noend]{algpseudocode}
 \usepackage{listings}
 \usepackage{xcolor}
 \usepackage{textcomp}
@@ -36,7 +38,7 @@ We present a formal verification of algorithms that are used
 in applied Cryptography. Classic cryptographic algorithms rest
 on the mathematical field of number theory, where abstract
 mathematical problems are presented and algorithms to solve
-them are discussed. This mathematical preliminaries are then 
+them are discussed. These mathematical preliminaries are then 
 used to ensure secure encryption of secret messages. We prove 
 formal correctness by considering concrete implementations and 
 use the recently developed verification system {\rm RISCAL} to
@@ -224,7 +226,50 @@ to obtain the same key. The key $K$ can now be used by a 'simpler' crypto-system
 simple displacement chiffre.
 
 \section{The Formal Verification}
-TODO: Describe algorithm Left-To-Right Exponentation
+\subsection{Left-to-Right Exponentation}
+The first algorithm, we are going to formally verify is so called 'Left-to-Right Exponentation'.
+In the RSA-algorithm, we encounter the problem of computing powers (where, for the moment, we
+forget that the powers are computed modulo $n$), which might be desribed recursive
+by
+$$
+c^d \equiv c\cdot c^{d-1}, \qquad c^0 \equiv 1.
+$$
+This 'naive algorithm' requires $d$ multiplications of $c$. The Left-to-Right Exponentation proceeds
+by first representing $d$ in its binary representation, i.e.
+$$
+d = \sum_{i=0}^m a_i\cdot 2^i,\qquad a_i \in \{0,1\}.
+$$
+With that representation of $d$, we immediately obtain 
+$c^d \equiv c^{a_0}\cdot (c^{2})^{a_1} \cdot \ldots (c^{2^m})^{a_m}$.
+But some of the coefficients $a_k$ might be zero, and hence contribute 1 to the
+product. Hence, we are led to the following algorithm:
+\begin{algorithm}[H]
+        \caption{Left-to-Right Exponentation}
+\begin{algorithmic}
+\Require{$c\in\mathbb{Z}$, $d\in\mathbb{N}$}
+\Ensure{$c^d$}
+\State $y \leftarrow 1$;
+\While{$n > 0$}
+\If{$n$ is odd}
+\State $y\leftarrow x\cdot y$;
+\EndIf
+\State $x\leftarrow x^2$;
+\State $n \leftarrow \lfloor n/2\rfloor$;
+\EndWhile
+\Return $y$.
+\end{algorithmic}
+\end{algorithm}
+Let us analyze this in more detail. Formulated as function ${\rm Exp}(x,n)$, 
+it is obvious that the algorithm is equivalent to the recursive description
+$$
+{\rm Exp}(x,n) = 
+\begin{cases}
+ 1,\qquad & n =0\\
+ {\rm Exp}(x^2,n/2),\qquad & n \text{ is even}\\
+ x\cdot {\rm Exp}(x^2,(n-1)/2),\qquad & n \text{ is odd}.
+\end{cases}
+$$
+The binary representation of $d\in\mathbb{N}$ has at most $\lfloor \log_2(d)\rfloor +1$ digits. 
 
 \appendix
 \section{Listing of the developed Theory}