CS 173 Lecture 7: Arithmetic (II)

Transcription

1 CS 173 Lecture 7: Arithmetic (II) José Meseguer University of Illinois at Urbana-Champaign 1 The Fundamental Theorem of Arithmetic (Part II) Fundamental Theorem of Arithmetic (Part II). Every natural number greater than or equal to 2 has a unique factorization as a product of primes in the following sense. If Π k2 j 0 qmj j n Π k1 i 0 pni i with all the p i and q j primes, p 0 ă... ă p k1, n i ě 1, 0 ď i ď k 1, q 0 ă... ă q k2, m j ě 1, 0 ď j ď k 2, then: k 1 k 2, p i q i, n i m i, 0 ď i ď k 1. Proof: By contradiction. Suppose that there is an n ě 2 such that n has two different prime factorizations. Then there will be a smallest possible n 0, n 0 ě 2 having two such different factorizations, Π k2 j 0 qmj j n 0 Π k1 i 0 pni i. We now reason by cases: Case 1. tp 0,..., p k1 u tq 0,..., q k2 u. Then we must either have some q j R tp 0,..., p k1 u, or some p i R tq 0,..., q k2 u. Since the cases are entirely symmetric, let us assume without loss of generality (WLOG) that q j R tp 0,..., p k1 u. Then we have q j p 0 pp n0 1 q i 1 pni i But by Corollary 1 in Lecture 6, since q j is prime and q j does not divide p 0 we must have some r P N such that q j r p n0 1 i 1 pni i But this is false, since n 0 ą p n0 1 i 1 pni i, and by n 0 being the smallest number greater than or equal to 2 not having a unique factorization, since q j R tp 0,..., p k1 u, we would have two different prime factorizations, one the above p n0 1 i 1 pni i, and another prime factorization for q j r having q j as one of its primes, and obtained as either q j itself if r 1, or as q j Πi k sli i, where r Πk i sli i is the prime factorization of r if r ě 2. Case 2. tp 0,..., p k1 u tq 0,..., q k2 u. Then we must have some i, 1 ď i ď k 1 such that either m i ą n i or n i ą m i. Since the cases are symmetric, we can assume WLOG that m i ą n i. Now divide n 0 by p ni i. We get: p n pni 1 pni`1 i 1 i`1... pni k 1 p m p mi 1 pmi ni i 1 i p mi`1 i`1... p mi k 1

2 2 J. Meseguer but this is false, since n 0 ą n 0 {p ni i ě 2, so that n 0 {p ni i has a unique prime factorization. But the above equality shows that n 0 {p ni i has two different prime factorizations, one in which the prime p i appears (on the right) and one in which p i does not appear (on the left). This finishes the proof of FTA-II. As a corollary of FTA-II we get the following important theorem due to Euclid: Euclid s Theorem. The set of prime numbers is infinite. Proof: By contradiction. Suppose the set of prime numbers is finite, say, the set tp 0,..., p k u with p 0 ă... ă p k. Then by FTA-II we have a unique prime factorization pp 0... p k q ` 1 p n0 j 0... p n k 1 j k 1 with p 0 ď p j0 ă... p jk 1 ď p k, and n i ě 1, 0 ď i ď k 1. But this means that p j0 pp 0... p k q ` 1 which is false, since remppp 0... p k q`1, p j0 q 1. This finishes the proof of Euclid s Theorem. 2 Modular Arithmetic Given a non-zero natural number n P N, n ě 1, and given integers a, b P Z, we call a and b congruent modulo n, denoted: a b pmod nq if and only if n pa bq. Notation. In what follows, a b pmod nq will be abbreviated as: a n b. Lemma b P Z, a n b iff rempa, nq rempb, nq. Proof: Divide a and b by n, so that we get a q 1 n ` r 1 and a q 1 n ` r 2. Proof of pðq: If r 1 r 2, the a b npq 1 q 2 q and therefore a n b. Proof of pñq: Suppose a n b so that n pa bq. Then we also have n pa bq, i.e., n pb aq. We may assume WLOG that r 1 ě r 2 [otherwise we will have r 2 ą r 1 and we can swap the roles of a and b using the fact that n pb aq]. We get: a b npq 1 q 2 q ` pr 1 r 2 q but 0 ď pr 1 r 2 q ď r 1 ă n. But since n pa bq, dividing pa bq by n we must have pr 1 r 2 q 0, i.e., r 1 r 2. This finishes the proof of the Lemma.

3 Arithmetic (II) 3 Corollary P Z, a n rempa, nq. Proof: By Lemma 1 this will hold iff rempa, nq remprempa, nq, nq but remprempa, nq, nq rempa, nq. This finishes the proof of the Corollary. 2.1 Equivalence Relation and Congruence Properties We shall see below that n behaves as an equality relation, in the sense that we view two numbers a and b as equal modulo n iff rempa, nq rempb, nq. Equivalence Relation Lemma b, c P Z the following three properties hold: 1. Reflexivity. a n a 2. Symmetry. a n b ñ b n a 3. Transitivity. pa n b ^ b n cq ñ a n c. Proof: Let us show Transitivity. The proofs for Reflexivity and Symmetry are entirely similar. By Lemma 1, a n b iff rempa, nq rempb, nq, and b n c iff rempa, nq rempb, nq. Therefore, since pa n b^b n cq, we have rempa, nq rempc, nq, which, again by Lemma 1, gives us a n c, as desired. This finishes the proof of the Lemma. The above properties (1) (3) make sense not just for n, but of any binary relation R. When any such R satisfies conditions (1) (3) we call R an equivalence relation. Note that the equality relation on the elements of a set (for example, equality on the elements of Z) always satisfies (1) (3), so that equivalence relations generalize equality relations. The above lemma can be summarized by saying that n is an equivalence relation. We will study equivalence relations in full generality later in the course. Congruence Lemma b, a 1, b 1 P Z pa n a 1 ^ b n b 1 q ñ pa ` b n a 1 ` b 1 ^ ab n a 1 b 1 q. Proof: a n a 1 iff pa a 1 q nq for some q. Likewise, b n b 1 iff pb b 1 q nq 1 for some q 1. Therefore, pa ` bq pa 1 ` b 1 q npq ` q 1 q. Therefore, a ` b n a 1 ` b 1. But note that we also have a nq ` a 1 and b nq 1 ` b 1. Therefore, ab n 2 qq 1 ` nqb 1 ` a 1 nq 1 ` a 1 b 1 npnqq 1 ` qb 1 ` aq 1 q ` a 1 b 1 Therefore, n pab a 1 b 1 q and we get ab n a 1 b 1, as desired. This finishes the proof of the Lemma.

4 4 J. Meseguer 2.2 Reminder Arithmetic Let us write Z n to denote the set of possible reminders of dividing a number by n ě 1. That is, Z n t0,..., n 1u It turns out that Z n has a very simple, yet very useful (for example for cryptographic applications) arithmetic, called reminder arithmetic, where we can add and multiply reminders i, j P Z n by operations i `n j and i n j according to the following, simple definitions: i `n j rempi ` j, nq i n j rempi j, nq. The idea is straightforward: we first add (resp.multiply) the reminders i and j in Z as usual, and then compute the reminders of their addition (resp, multiplication) when divided by n as our desired result. The slides of Lecture 7 give a detailed description of the addition and multiplication tables for the reminder arithmetic of Z 5. One very useful property is that for each i P Z n there is another element of Z n that acts as i for the addition operation `n so that i `n p iq 0. Additive Inverse Lemma 4. For any n P N, n ě 1, each i P Z n if i 0 has 0 as its additive inverse, and otherwise has n i as its additive inverse, in the sense that i `n pn iq 0. Therefore, 0 0, and for i 0 we can write n i as i in Z n. Proof: Of course, 0 `n 0 0, and for i 0, i `n pn iq rempn, nq 0. This finishes the proof. Multiplicative Inverse Lemma 5. For any n P N, n ě 2, each i P t1,..., n 1u has a multiplicative inverse i 1 P t1,..., n 1u such that i n i 1 1 if and only if gcdpi, nq 1. Proof: Let us first prove the pðq implication. Assume gcdpi, nq 1. By Bezout s Lemma in Lecture 6, there are k, k 1 P Z such that 1 ik ` nk 1 But this means that ik n 1, and since k n rempk, nq, by the Congruence Lemma 3, this means that irempk, nq n 1. Therefore we have i n rempk, nq rempirempk, nq, nq 1 proving that rempk, nq is the multiplicative inverse of i, as desired. We can prove the pñq implication by proving its contrapositive. That is, assuming that gcdpi, nq ą 1 we need to show that i has no multiplicative inverse. But

5 Arithmetic (II) 5 if gcdpi, nq j ą 1, then n jq 1 and i jq 2 with 1 ď q 1, q 2 ă n. Therefore iq 1 jq 1 q 2 nq 2 n 0. Therefore, q 1 n i 0. But then i cannot have a multiplicative inverse i 1 P t1,..., n 1u, since this would give us q 1 q 1 n i n i 1 0 n i 1 0 which is false. This finishes the proof of the Lemma. Corollary 2. If p is a prime number, then each i P t1,..., p 1u Z p has a multiplicative inverse i 1 P t1,..., p 1u Z p such that i p i 1 1. Proof: Let i P Z p. Then divpiq X divppq divpiq X t p, 1, 1, pu t 1, 1u. Therefore, gcdpi, pq 1 and the result follows form the Multiplicative Inverse Lemma 5. This finishes the proof of the Corollary. 2.3 Homomorphism Lemma Homomorphism Lemma 6. For any a, b P Z and n P N with n ě 1 the following two eqalities hold: 1. rempa ` b, nq rempa, nq `n rempb, nq 2. rempab, nq rempa, nq n rempb, nq. Proof: Let i rempa, nq and j rempb, nq. Then we have a n i and b n j. Therefore by the Congruence Lemma 3 we get: which proves (1) above, and a ` b n i ` j n rempi ` j, nq def i `n j ab n ij n rempij, nq def i n j which proves (2) above. This finishes the proof of the Lemma. The above lemma is calle the Homomorphism Lemma because the function ρ : Z Ñ Z n where ρpmq rempm, nq satisfies by the Homomorphism Lemma: 1. ρpa ` bq ρpaq `n ρpbq 2. ρpabq ρpaq n ρpbq That is, ρ preserves both ` and. A function that preserves some given operations is called a homomorphism. Therefore, the above function ρ is called a homomorphism precisely because it preserves the addition and multiplication operations as proved in the Homomorphism Lemma.