6 The Set of Coprimes, Euler s totient
|
|
- Vincent Doyle
- 5 years ago
- Views:
Transcription
1 6 The Set of Coprimes, Euler s totient We now know that when a has an inverse mod n, thatinverseisapowerofa related to the multiplicative order: 9 order v, a v =1 modn ) a 1 = a v 1 mod n. We would like to get our hands on the order v such that a v =1 mod n. Thisislikesolvingamodulo-orderequationbutfortheexponent. The good: if v is such a power that produces a v =1 modn, thenany multiple of v has the same property : a vk =(a v ) k =1 k =1 modn So in general we dont need the smallest order v to get a v =1 anymultiple of v would do the same. We show here that there is such a multiple common for all orders v (works for all a); we call this multiplicative order-for-all '(n) and show it is the size of the coprime set. C n =coprimes-with-n in Z n ={a 2 Z n gcd(a, n) =1} '(n) =numberofcoprimeswithn in Z n = C n. n set C n '(n) prime 2 1 1= n 1 prime 3 1,2 2= n 1 4 1,3 2 prime 5 1,2,3,4 4= n 1 6 1,5 2 prime 7 1:6 6= n 1 8 1,3,5, ,2,4,5,7, ,3,7,9 4 prime 11 1:10 10= n ,2,4,7,8,11,13, ,3,5,7,9,11,13,15 8 prime 17 1:16 16= n ,5,7,11,13,17 6 prime 19 1:18 18= n ,3,7,9,11,13,17,19 8 prime 23 1:22 22= n 1 18
2 THEOREM 7 (Lagrange) COPRIMES SET FACTORIZATION if gcd(a, n) = 1 then the multiplicative order of av= P a divides '(n) = C n In fact, we can factorize the set of coprimes C n into a set-product P a Q a where P a is the set of a-powers like before, and Q a is a set of quotients coprime/a-power as defined below. Once we prove everything, we conclude that the set sizes satisfy C n = P a Q a, which concludes the theorem since v = P a. proof idea. We define formally the quotient set Q a as follows: We start with Q a = {1}. Foreachcoprimec 2 C n, we consider the smallest quotient q c 2 Z n such that c = a k q c for some power k. We add q c to Q a,ifits not already there. So in the end Q a is the set of these smallest quotients obtained as coprime / a-power EXAMPLE: n = 26,a = 9, P a = {9, 9 2 = 3, 9 3 = 1},order = v = 3. We now calculate the smallest quotient of every coprime in C 2 6againstP 9 : coprime /9 /9 2 =3 /9 3 =1 smallest goes to Q Q 9 = {1, 5, 7, 17} NOTE: di erent coprimes c1 6= c 2 might have the same smallest quotient q c1 = q c2, because they use di erent powers of a EXAMPLE: n = 26,a = 5, P a = {5, 5 2 = 1, 5 3 = 5, 5 4 = 25 = 1},order = v = 4. We now calculate the smallest quotient (as positive remainder) of every coprime in C 2 6againstP 5 : 19
3 coprime /5 /5 2 = 1 /5 3 = 5 /5 4 =1 smallest goes to Q = = = = = = = Q 5 = {1, 3, 7} proof idea. To show C n = P a Q a we need three pieces. Proof part 1: any element in C n is also in P a Q a. This is obvious: we constructed Q a such that every coprime has a quotient, that is every c 2 C n can be written as a power of a times an element in Q a Proof part 2: any product obtained from P a Q a is also in C n. That is, if q 2 Q a then q a k is coprime with n. This is true because both q and a k 2 P a are coprime with n so Theorem 1 can be used to prove the contrapositive of part 2. Proof part 3: So far we have proved that as sets these two are the same C n = P a Q a. The only remaining issue is to show that the set sizes work out as we want : P a Q a = P a Q a.inotherwords,theissueistomake sure that making all products P a Q a does not repeat any value. It can be shown by contradiction: lets assume that two of these products are the same value mod n : q a k = t a h for q, t 2 Q a with q<t. Then q = t a h k which means only one (the smallest) of q, t belongs to Q a ;thiscontradicts the construction of quotient set Q a,asthelargerofthetwo(t) wouldnever be added to Q a. 20
4 These parts allows us to conclude that the set sizes satisfy C n = P a Q a or '(n) =order(a) Q a.thusv = order(a) divides'(n) EXAMPLE: n =9,a=4, P a = {4, 4 2 =7, 4 3 =64=1},order = v =3. We now calculate the smallest quotient (as positive remainder) of every coprime in C 9 against P 4 : coprime /4 /4 2 =7 /4 3 =1 smallest goes to Q Q 4 = {1, 2} EXAMPLE: n =15,a =2, P 2 = {2, 2 2 =4, 2 3 =8, 2 4 =1},order = v =4. We now calculate the smallest quotient (as positive remainder) of every coprime in C 1 5againstP 2 : coprime /2 /2 2 =4 /2 3 =8 /2 4 =1 smallest goes to Q Q 2 = {1, 7} 21
5 THEOREM 8 (Euler) if gcd(a, n) =1thena '(n) =1 modn proof This is simply a corollary of Lagrange theorem: if v is the multiplicative order of a (there must be one since a is coprime) and '(n) =v k then a '(n) = a vk =(a v ) k =1 k =1modn INVERSE FROM TOTIENT. The critical consequence is that '(n) acts like an order for any coprime a. The theorem also gives a quick way to compute the inverse a 1,whenthetotient'(n) isknown: a 1 = a '(n) 1 mod n second proof with modulo arithmetic - optional. We have a theorem that says if a, n coprime gcd(a, n) = 1, then multiplying all non-zero remainders (mod n) witha gives back the set of non-zero remainders. {1a, 2a, 3a,..., (n 1)a} mod n = {1, 2, 3,...n 1}. In other words:s = a Z n mod n = {1a, 2a, 3a,..., (n 1)a} mod n = Z n Now we need a version of this theorem, for the coprime remainders set: Lemma. if a, n coprime gcd(a, n) = 1, then multiplying all coprime remainders C n = {u 1,u 2,u 3,...,u '(n) } with a gives back the set of coprime remainders: {au 1, au 2, au 3,..., au '(n) } mod n = {u 1,u 2,u 3,...,u '(n) }. In other words S = a C n mod n = {ua u 2 C n } mod n = C n proof for lemma. To show this result we make a similar argument with the one in the original theorem: the left set S is a subset of C n, because every element in uv 2 S is a product of two coprimes with n (u and a), thus certainly a coprime: we can immediately show that if u 1,a 1 are u and a inverses mod n, thenu 1 a 1 is the inverse of ua, soua 2 C n. Second, S enumerates '(n) elements,andallofthemaredistinctremainders mod n. Supposetherearetwodistinctu 1,u 2 2 C n such that au 1 = au 2 mod n ) n a(u 1 u 2 ) ) n a(u 1 u 2 ). Since (a, n) arecoprime,n must divide the other factor, n (u 1 u 2 ) ) u 1 = u 2 (because n<u 1 u 2 <n) contradiction. So S is a subset of C n with all its '(n) elements.itmeanss = C n. The rest of the proof follows the derivation used to prove Fermat s theorem: if S and C n are the same set, then the product of all elements in S mod n is the same as the product of all elements in C n mod n: 22
6 a Q Cn {C n } = Q {C n } mod n a Q Q '(n) {C n } {Cn } =0 modn (a '(n) 1) Q {C n } =0 modn n (a '(n) 1) Q {C n } Since gcd(n, Q {C n })=1,n must divide the other factor, n (a '(n) 1) ) a '(n) =1 modn. EXAMPLE n =15 coprime set is C 15 = {1, 2, 4, 7, 8, 11, 13, 14} ; '(15) = C 15 =8 Then for every a 2 C 15 we have a 8 =1 mod15: 1 8 =1 mod =(2 4 ) 2 =16 2 =1 2 =1 mod =(4 2 ) 4 =(2 4 ) 4 =1 4 mod =(7 2 ) 4 =49 4 =4 4 =2 8 =1 mod =( 7) 8 =7 8 =1 mod =( 4) 8 =4 8 =1 mod =( 2) 8 =2 8 =1 mod =( 1) 8 =1 mod15 EXERCISE(di culty F) ifn is a power of prime, n = p k,then '(n) =p k 1 (p 1) hint: think of the coprimes as the elements in Z n that are not composite, in other words the ones that are not multiples of p. How many multiples of p are there? 23
7 7 Fermat s Little Theorem n=p prime In here we look at the particular case where n = p is prime. In this case the problem is easier: a known multiple for any order v (for a) isp 1. So p 1 acts as an order for every a (mod p). THEOREM 9 Fermat Let p prime. For any 0 6= a 2 Z p,wehave a p 1 =1modp EXAMPLES p =7,a =5 a p 1 =5 6 =15625= = 1( mod 7) The smallest order v for a =5isp 1=6: noneofthepreviouspowersof a =5gives1mod7: 5, 5 2, 5 3, 5 4, 5 5 6=1 mod7 p =7,a =4 a p 1 =4 6 =(4 2 ) 3 =16 3 =2 3 =1( mod7) The smallest order v for a =4isactuallyv =3,notp p 1mustbeamultipleofv: 4 3 =16 4=2 4=1( mod7) 1=6,butofcourse p =5,a =3 a p 1 =3 4 =81=1( mod5) It turns out that modulo 5, p a v =1 modp 1=4isthesmallestorderv for any a to give p =11,a =3 a p 1 =3 10 =(3 4 ) =81 2 9=4 2 9=5 9=1( mod11) For a =3,smallestorderv mod 11 is actually not p 1=10,but5(a divisor of p 1): 3 5 =243=1( mod11) proof For p=prime, we have '(p) = p 1. Thus applying Euler s theorem for a 6= 0inZ p gives the theorem: a '(p) = a p 1 =1modp 24
8 second proof. Aprevioustheoremstatedthatif(a,p)arecoprimethen these two sets are the same S = {1a, 2a, 3a,..., (p 1)a} = Z p = {1, 2, 3,...,p 1} Then the product of all elements in S mod p is the same as the product of all elements in Z p mod p: a p (p 1) = (p 1) mod p a p 1 (p 1)! = (p 1)! mod p ) p (p 1)!(a p 1 1) Since gcd(p, (p 1)!) = 1, p must divide the other factor, p (a p 1 1) ) a p 1 =1 modp EXERCISE: Given the theorem, show that for any integer a and prime p, we have a p = a (mod p). EXERCISE: Explain why p and (p to prove the theorem. 1)! are coprime, a critical fact used 7.1 Primality test OBSERVATION Fermat s Theorem statement holds sometimes when p is not prime, only for carefully chosen a. Forexamplep =15,a=4wehave =4 14 =(4 2 ) 7 =16 7 =1 7 =1( mod15) Surprisingly for very special non-prime Carmichael numbers Fermat s theorem holds entirely (for any a). So its converse its not true. Try it for p =561. Fermat s Primality Test for number p works like this : pick several random positive integers a<pand check for each a if a p 1 =1 modp. if at least one test (for a particular a) gives NO then we know for sure p is not prime if all tests (for all a) give YES, we are not sure, but with high probability p is prime. 25
9 Carmichael numbers are the numbers n with the following two properties: n is square free, meaning factorization into primes n = p 1 p 2... p t contains each prime exactly once (no exponents e>1) for every prime factor p of n, p 1 n 1 EXAMPLES First few Carmichael numbers are 561= 3*11*17; because 2, 10, 16 divide = 5*13*17; because 4, 12, 16 divide = 7*13*19 ; because 6, 12, 18 divide 1728 Carmichael numbers pass all Fermat s-primality tests but they are not primes! But Carmichael numbers are so rare, that we are OK with them passing incorrectly at primes. EXERCISE(di culty F) ShowthataCarmichaelnumbern that satisfies the definiton properties above, while not prime, passes all Fermat s tests: for every 0 <a<nwe get a n 1 =1 modn. EXERCISE(di culty FF) Anumbern passes all Fermat s tests: for every 0 <a<nwe get a n 1 =1 modn. Showthateitheritisprime,oritis acarmichaelnumber. 26
10 8 RSA : n=p*q product of two primes EXERCISE Show that if n is a prime square n = p 2,then '(n) =p(p 1) EXERCISE: THEOREM 10 RSA EQUATION if n is a product of two primes, n = pq, showthat '(n) =(p 1)(q 1) = pq p q +1 by counting the non-coprimes in Z n \ C n NOTE that in this case Euler s theorem says that for any a<n,andany integer k a '(n)k+1 = a (p 1)(q 1)k+1 = a mod pq. This is the equation that makes RSA cryptosystem work. It uses two prime numbers p, q very large (2048 bits each magnitude) to avoid factorization by brute force with present computational ability (as of year 2016). EXERCISE. Ff n is a product of three primes, n = pqr, showthat '(n) =(p 1)(q 1)(q 1) by counting the non-coprimes in Z n \ C n EXERCISE(di culty F, doneintextbook)ifn is a product of two primes, n = pq, thenweknowfrompreviousexercisethat'(n) =(p 1)(q 1) Prove Euler s theorem in this particular case a (p 1)(q 1) =1 modpq; foranya, n coprimes by following these two steps: use Fermat s theorem for a, separatelymodp and then mod q use the Chinese remainder theorem to get the result of a (p 1)(q 1) mod pq EXERCISE (RSA-1-factor). RSA is hard to break because breaking it comes down to one of the following notoriously di cult problems: Given n = pq (p, q unknown), find p and q; or Given n = pq (p, q unknown) and e, finde s inverse modulo (p 1)(q 1) without finding p and q Suppose one wants to implement an RSA-like cryptosystem based on Fermat s theorem with only one prime n = p. Theequationis a (p 1)k+1 = a mod p. and so encoding and decoding would work correctly with two keys e(public) and e 1 mod p 1 (private). What is wrong with this encryption schema? 27
11 Hint: Finding private key is easy. EXERCISE(di culty F RSA-3-factors). Suppose one wants to implement an RSA-like cryptosystem with three primes n = pqr instead of two. The equation becomes a (p 1)(q 1(r 1)k+1 = a mod pqr. Is it correct? So that encoding and decoding work correctly with two keys e(public) and e 1 mod (p 1)(q 1)(r 1) (private). Is this encryption schema weaker or stronger than the two-factor RSA? 28
12 9 Chinese Reminder Theorem If N = p q r (or more factors) then there is a matching of sizes between (Z p Z q Z r )andz N. THEOREM 11 of Chinese Reminder If the factors are pairwise coprime, i.e. gcd(p, q) =gcd(p, r) =gcd(q, r) =1, The following is a one to one mapping : take any triplet of remainders (a 2 Z p,b 2 Z q,c 2 Z r )intoauniquex2z N,suchthatx mod p = a; x mod q = b; x mod r = c This mapping function h : Z pqr! Z p Z q Z r,givenby h(x) =(x mod p, x mod q, x mod r) is called the Chines-Reminder bijection between Z pqr and (Z p Z q Z r ) EXAMPLE p =3,q =4,r =5;N =3 4 5=60 a =1,b=2,c=1, x =46 a =1,b=2,c=0, x =10 a =1,b=1,c=3, x =13 a =1,b=0,c=2, x =52 a =2,b=2,c=2, x =2 a =0,b=0,c=0, x =0 a =1,b=1,c=1, x =1 a =2,b=1,c=2, x =17 NOTE it is critical that gcd(p, q) =1. Forexampleifp =4andq =6, picking a =2,b =1itwouldbeimpossibletofindx with these remainders mod p and mod q Further, the function h maps the coprimes in Z pqr to triplets of coprimes in (Z p Z q Z r )withrespectivefactors,sameassayingthath is a bijection between C pqr and (C p C q C r ) EXERCISE. it is enough to proof the theorem for only 2 factors N = pq. Once we have that proof we can extend it to 3 factors, then to 4, then 5, and so on. From 2 to 3 factors: Say N = pqr =(pq)r. Since gcd(pq, r) =1thetheorem for two factors gives us the mapping h 1 (x) =(y, c) betweenz pqr and 29
13 (Z pq Z r ); with y 2 Z pq and c 2 Z r. Applying the 2-factor theorem again for p, q we get a second mapping Z pq and (Z p Z q ): h 2 (y) =(a, b) witha 2 Z p,b 2 Z q. Since both h 1,h 2 are bijective (one to one) then we can compound them to obtain the 3-factor theorem x h 1! (y, c) h 2! (a, b, c) proof based on uniqness (no construction of x) forthree-factor(worksfor any number of coprime factors). We want to show that h(x) =(x mod p, x mod q, x mod r) isabijection(one-to-one)betweenz pqr and (Z p Z q Z r ). First h is an injection because for any x 6= y we have h(x) 6= h(y): h(x) =h(y) ) x = y mod p ) p x y. Similarlyq x y, andr x y But p, q, r are pairwise coprime, so then pqr x y ) x = y Second, Z pqr = pqr = Z p Z q Z r (same number of elements). An injection like h between finite sets of equal sizes must be surjective (cover all elements in the result set). Then h is bijective, or one-to-one. second proof : construction of x for two factor. Given a 2 Z p and b 2 Z q we want to find x 2 Z pq such that x mod p = a; x mod q = b. gcd(p, q) = 1 ) 9k, h : pk qh = 1 ) (pk qh)(b a) = b a ) pk(b a) qh(b a) =b a ) pk(b a)+a = qh(b a)+b. Thisisthe integer we are looking for x = pk(b a)+a = qh(b a)+b mod pq because it gives precisely a mod p and b mod q. EXERCISE(di culty F) ifn is a product of two coprimes n = ab with gcd(a, b) =1,then'(n) ='(a)'(b) hint: We ll have to apply the Chinese Reminder to argue that each coprime in C ab maps (corresponds one-to-one) to a pair of coprimes from C a C b THEOREM 12 '(n) formula. Ifn factorizes into primes as n = p e 1 1 p e 2 2 p e p et t 30
14 then '(n) =p e (p 1 1) p e (p 2 1) p e (p 3 1)... p et 1 t (p t 1) = n (1 1/p 1 ) (1 1/p 2 ) (1 1/p 3 )... (1 1/p t ) proof. Since each prime factor p e in n is coprime with the other factors, we can apply repeatedly the previous exercise factorization of '(n) toget '(n) ='(p e 1 1 ) '(p e 2 2 )... '(p et t ) Now we recall an exercise from Euler s Theorem in chapter 6 that stated '() formula for prime powers: '(p k )=p k 1 (p 1) Applying to each factor above we get '(n) =p e (p 1 1) p e (p 2 1) p e (p 3 1)... p et t 1 (p t 1) EXAMPLE: n =48= Verify that '(48) = 2 3 (2 1) 3 0 (3 1) EXAMPLE: n =100= Verifythat '(100) = 2 1 (2 1) 5 1 (5 1) EXAMPLE: n =540= Verify that '(540) = 3 2 (3 1) 2 1 (2 1) 5 0 (5 1) 31
15 10 Group Theory & Lagrange Th - optional In here we show that Euler s totient theorem is a particular application of Lagrange theorem which states that the order of a subgroup divides the order of the group. It is applied with for the group of coprimes C n and the subgroup of powers of a P a DEFINITION A set and an operand like (Z n, mod +) form a group because the following are satisfied: 1) the operand result is always in the set : a, b 2 Z n ) a + b mod n 2 Z n 2) there is a neutral element, 0 + a = a +0=a, 8a 2 Z n 3) associativity holds (a + b)+c = a +(b + c), 8a, b, c 2 Z n 4) every element has an inverse 8a, 9 a, a +( a) = a + a =0 OBSERVATION (Z n, mod ) isnotagroupwithmultiplicative-mod,because 1 would be the neutral element, and then 0 has no inverse. But how about (Z n, mod ) -thatis,thesetofallremaindersexcept0, with multiplicative-mod as operand? Certainly not a group for all n: for example n =10givesZ 10 = {1, 2, 3, 4, 5, 6, 7, 8, 9} where 5 has no inverse (there is no element that multiplied with 5 gives 1 mod 10). EXERCISE Show that conditions 2 and 3 are satisfied for (Z n, mod ) to be a group. EXERCISE Show that conditions 1 and 4 for (Z n, mod ) areveryrelated in the following sense: for any x 2 Z n,eitherthereisaninverse(satisfies condition 4) or there is a particular element y 2 Z n such that x y mod n =0/2 Z n (breaks condition 1), but not both. THEOREM (Z n, mod ) isagroupifandonlyifn is prime. proof EXERCISE EXAMPLE Z 5 = {1, 2, 3, 4} with operand multiplication modulo 5 forms a group: 1) a b mod 5 2 Z 5, 8a, b 2 Z 5 2) 1 is the neutral element 3) (a b) c mod 5 = a (b c) mod 5 in general 4) 1 is its own inverse, 4 is its own inverse, 2 and 3 are eachother s inverse. 32
16 THEOREM Let C n be the set of coprimes n from Z n (listed in the table above for few n). Then (C n, mod ) isagroup. proof Lets look at each of the four rules. 1) if a, b 2 C n then we know ab mod n 2 Z n,theonlyquestionisifab is coprime with n. Sincegcd(a, n) =gcd(b, n) =1,wemusthavegcd(ab, n) =1; otherwise any prime p gcd(ab, n) willhavetobeacommonprimebetween (a, n) orcommonbetween(b, n) contradictingthepremise.soab 2 C n. 2) 1 2 C n is neutral element 3) associativity holds 4) a 2 C n means a has an inverse mod n, a 1 2 Z n.butthismeansa 1 has inverse a, soa 1 is coprime with n, ora 1 2 C n. Subgroup. A group (G, +) has a subgroup (S, +) if the operand + is the same, S G, andthe(s, +) is a group in itself, a.k.a. the four groupproperties hold for (S, +). Then G is a multiple of S (the size of a subgroup divides the size of the group). EXAMPLE (Z 6,mod+) has a subgroup formed by elements S = {0, 2, 4}; we can check the four rules: 1) a, b 2 S ) a + b 2 S: 2+2mod6=4,2+4mod6=0;4+4mod6=2etc 2) 0 is the neutral element 3) associativity holds 4) the inverse of every element in S is also in S, because2and4areeachother s inverse (addition opposite) mod 6. EXAMPLE (Z 7,mod ) isagroupwithmodulo-multiplicationoperand,and has a subgroup formed by elements S = {1, 2, 4} : 1) a, b 2 S ) a b 2 S :2 2 mod 7 = 4;4 4 mod 7 = 2;2 4 mod 7 = 1 2) 1 is the neutral element 3) associativity holds 4) the inverse of every element in S is also in S, because2and4areeachother s inverse (multiplication opposite) mod 7. EXERCISE Another subgroup of (Z 6,mod+) is given by elements S = {0, 3} 33
17 EXERCISE (Z 8,mod+) has subgroups S = {0, 2, 4, 6} and S = {0, 4} EXERCISE (Z 12,mod+) has subgroups S = {0, 2, 4, 6, 8, 10}, S = {0, 4, 8}, S = {0, 3, 6, 9} THEOREM (Lagrange). A group (G, +) has a subgroup (S, +); we use here + as generic operand, can be either addition or multiplication in Z n. Then G is a multiple of S (the size of a subgroup divides the size of the group). proof if S = {a, b, c, d,...} is a subgroup of (G, +) then we ll prove that G can be partitioned into several sets that look like h+s = {h+a, h+b, h+c, h+d...} each corresponding to a key element h 2 G. For h 1 = 0 we get the set S 1 = h 1 + S = S Consider an h 2 that is not in the first set h 1 + S. Then S 2 = h 2 + S will have all brand new elements from G, noneoftheminh 1 + S. Proof by contradiction: suppose 9a, b 2 S and S 2 3 h 2 + a = h 1 + b 2 S. Then h 2 = h 1 +b a. ButS is a group so b a 2 S, which means h 2 2 h 1 +S, contradiction. Note that S 2 = S repeat : if the sets generated so far S 1,S 2,S 3... do not fully cover G, pick next h k in G \ S 1 [ S 2 [ S 3 and repeat the argument from before. The newly generated set S k will have elements di erent than the ones in previous sets, and its size will be the same S k = S At some point the finite G will be covered by these subsets G = S 1 [ S 2 [ S 3 [... [ S k,alldisjointbutallofthesamesize S. Then G = k S EXAMPLE (G = Z 12, mod +) with S = {0, 3, 6, 9}. The sets that partion G are h 1 =0(neutralelement);S 1 = h 1 + S = {0, 3, 6, 9} h 2 =12G \ S 1 ; S 2 = h 2 + S = {1, 4, 7, 10} h 2 =52G \ S 1 \ S 2 ; S 2 = h 2 + S = {5, 8, 11, 2} EXAMPLE (G = Z 7 = {1, 2, 3, 4, 5, 6}, mod ) hassubgroups = {1, 2, 4}. The sets that partion G are h 1 =1(neutralelement);S 1 = h 1 S = {1, 2, 4} h 2 =52 G \ S 1 ; S 2 = h 2 S = {5, 3, 6} 34
18 35
19 THEOREM (Euler) if gcd(a, n) =1thena '(n) =1 modn proof with group theory. Let C n be the set of coprimes-with-n from Z n, and we know that (C n, mod ) isagroup.bydefinition'(n) = C n. Now consider the set of elements in Z n that are powers of a mod n, A = {a 1,a 2,a 3...}. ThissetA is finite, and the last non-repeated value is a v =1 (because the next power would be a). Then A = v A C n (all elements in A are coprime with n) (A, mod ) isagroup,thusasubgroupof(c n, mod ). The previous theorem says A divides C n, or equivalently v '(n) or '(n) =vk which implies a '(n) mod n =(a v ) k mod n =1 k mod n =1 EXAMPLE n =12, C n = {1, 5, 7, 11} )'(n) = mod 12 = mod 12 = 25 2 mod 12 = 1 2 mod 12 = mod 12 = 49 2 mod 12 = 1 2 mod 12 = mod 12 = ( 1) 4 mod 12 = 1 36
20 11 Summary division a to b 2: r = a mod b, a = bq + r; withquotientq and remainder r 2 Z b = {0, 1, 2,...,b 1} n = p e1 1 p e1 1 p e1 1...p et t unique decomposition in to primes gcd(a, b) =allcommon(intersection)primes(eachwithminexponent) lcm(a, b) =unionofprimes(eachwithmaxexponent) ab = all primes together (with sum of exponents) gcm(a, b) lcm(a, b) =ab a b means a divides b same as a is factor of b same as b is multiple of a same as b = ak for some integer k a, b have the same remainder mod n if and only if n divides their difference : a mod n = b mod n, n a b if prime p ab; thenp a _ p b a, b are coprimes (or relatively prime) if they have no common prime factors; then gcd(a, b) =1 if n ab and a, n coprimes gcd(a, n) =1;thenn b if n a and m a and gcd(n, m) =1;thennm a after dividing a, b by their d = gcd(a, b), one gets coprime numbers: gcd( a d, b d )=1 a has multiplicative inverse b = a 1 mod n means ab mod n =1. Thats possible if and only if gcd(a, n) =1 a inverse mod n (if exists) can be found as a v 1 for integer v with property a v = 1 mod n (v =orderofa). Trying powers to obtain the order is ine - cient, not practical for large n. 37
21 gcd-coe cient (k, h) for(a, b) alwaysexisttogivethegcd(a, b) =ak + bh. if a, b coprime, 1 = gcd(a, b) =ak + bh. Thenk, h are the two inverses k = a 1 mod b and h = b 1 mod a Euclid-Extended finds k,h coe cients by transforming the problem(a, b) into problem(b, r) recursively, and then recursively-back computing the coefficients. It is e cient, even for large a, b. Euler totient '(n) isthesizeofthesetc n ={remainders coprime with n}; inotherwords'(n) =numberofcoprimessmallerthann. Euler s theorem : a '(n) =1 modn for any a 2 C n. So we have four ways to find a 1,theinverseofa mod n: 1) Brute force. Try di erent values b<nuntil one works (ab =1 modn) 2) Best in practice. k, h =EuclidExtend(a, n). Then k = a 1 is the inverse. 3) Find order v for a, soa v =1 modn then a v 1 mod n is the inverse of a. Cant do fast exponentiation(v unknown); still usually faster than method 1) 4) Best if '(n) known. '(n) orderfora (a '(n) = 1), so the inverse is a 1 = a '(n) 1.Powermodulon is e cient with fast exponentiation. For primes p, '(p) =p 1sothattheorembecomesFermatstheorem a p 1 =1 modp when (a, p) coprimes Primality Test for n. Tryforseverala<nto see if a n 1 mod n =1. if any of the tests(a) gives NO, then n certainly not prime if all tests(a) gives YES, n is likely prime (rare exceptions: Carmichael numbers) n = pq (two primes) then '(n) =(p 1(q 1); so if a coprime with n then a '(n) = a (p 1)(q 1) =1 modn or a (p 1)(q 1)k+1 = a mod n for any k RSA. if n = pq (two large primes); e and d = e 1 are eachother inverse mod (p 1)(q 1) means ed =1 mod(p 1)(q 1). Then a ed = a (p 1)(q 1)k+1 = a mod n. n is known but the prime factors p, q are not and hard to find. RSA public key for encryption is e. ENCRYPT(a) =a e mod n RSA secret key for decryption is d. DECRYPT(a e )=(a e ) d mod n = a 38
22 RSA signature: verify that one has the correct secret key, by receiving (a, b = a d ) and decrypting b with public key b e =(a d ) e mod n = a Chinese Reminder : if p, q are coprime, any pair of remainders (a 2 Z p,b2 Z q )correspondsuniquelytoaremainderx 2 Z pq such that x mod p = a and x mod q = b 39
Introduction to Number Theory
Introduction to Number Theory CS1800 Discrete Structures; notes by Virgil Pavlu 1 modulo arithmetic All numbers here are integers. The integer division of a at n > 1 means finding the unique quotient q
More informationIntroduction to Number Theory
Introduction to Number Theory CS1800 Discrete Math; notes by Virgil Pavlu; updated October 6, 2017 1 modulo arithmetic All numbers here are integers. The integer division of a at n > 1 means finding the
More informationSome Facts from Number Theory
Computer Science 52 Some Facts from Number Theory Fall Semester, 2014 These notes are adapted from a document that was prepared for a different course several years ago. They may be helpful as a summary
More informationThis is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.
8 Modular Arithmetic We introduce an operator mod. Let d be a positive integer. For c a nonnegative integer, the value c mod d is the remainder when c is divided by d. For example, c mod d = 0 if and only
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More information1 Overview and revision
MTH6128 Number Theory Notes 1 Spring 2018 1 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationPublic Key Encryption
Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition
More informationNumber theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29
Number theory Myrto Arapinis School of Informatics University of Edinburgh October 9, 2014 1/29 Division Definition If a and b are integers with a 6= 0, then a divides b if there exists an integer c such
More informationLecture notes: Algorithms for integers, polynomials (Thorsten Theobald)
Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 11: Introduction to Number Theory Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline What we ve covered so far: symmetric
More informationMATH 145 Algebra, Solutions to Assignment 4
MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationA polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem
A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem Grzegorz Herman and Michael Soltys November 24, 2008 Abstract Although a deterministic polytime algorithm for
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More information2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.
2 Arithmetic This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}. (See [Houston, Chapters 27 & 28]) 2.1 Greatest common divisors Definition 2.16. If a, b are integers, we say
More informationCongruence Classes. Number Theory Essentials. Modular Arithmetic Systems
Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory
More informationSenior Math Circles Cryptography and Number Theory Week 2
Senior Math Circles Cryptography and Number Theory Week 2 Dale Brydon Feb. 9, 2014 1 Divisibility and Inverses At the end of last time, we saw that not all numbers have inverses mod n, but some do. We
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 10 Page 1 of 8 Number theory (Chapter 4) Review Questions: 1. Does 5 1? Does 1 5? 2. Does (129+63) mod 10 = (129 mod 10)+(63 mod 10)? 3. Does (129+63) mod 10 = ((129 mod 10)+(63
More informationCS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II
CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationLecture 4: Number theory
Lecture 4: Number theory Rajat Mittal IIT Kanpur In the next few classes we will talk about the basics of number theory. Number theory studies the properties of natural numbers and is considered one of
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is
More informationLinear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:
Linear Congruences The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence: ax b (mod m), a, b Z, m N +. (1) If x 0 is a solution then so is x k :=
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationCSE 521: Design and Analysis of Algorithms I
CSE 521: Design and Analysis of Algorithms I Randomized Algorithms: Primality Testing Paul Beame 1 Randomized Algorithms QuickSelect and Quicksort Algorithms random choices make them fast and simple but
More informationMath Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions
Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions Warm-up Problems 1. What is a prime number? Give an example of an even prime number and an odd prime number. A prime number
More informationAll variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.
Math 152, Problem Set 2 solutions (2018-01-24) All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. 1. Let us look at the following equation: x 5 1
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationCOMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635
COMP239: Mathematics for Computer Science II Prof. Chadi Assi assi@ciise.concordia.ca EV7.635 The Euclidean Algorithm The Euclidean Algorithm Finding the GCD of two numbers using prime factorization is
More informationElementary Number Theory MARUCO. Summer, 2018
Elementary Number Theory MARUCO Summer, 2018 Problem Set #0 axiom, theorem, proof, Z, N. Axioms Make a list of axioms for the integers. Does your list adequately describe them? Can you make this list as
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCHAPTER 6. Prime Numbers. Definition and Fundamental Results
CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n
More informationPart IA Numbers and Sets
Part IA Numbers and Sets Theorems Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)
More informationChapter 5. Number Theory. 5.1 Base b representations
Chapter 5 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationLECTURE NOTES IN CRYPTOGRAPHY
1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic
More information[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives
[Part 2] Asymmetric-Key Encipherment Mathematics of Cryptography Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. Objectives To introduce prime
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationNUMBER THEORY AND CODES. Álvaro Pelayo WUSTL
NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationBeautiful Mathematics
Beautiful Mathematics 1. Principle of Mathematical Induction The set of natural numbers is the set of positive integers {1, 2, 3,... } and is denoted by N. The Principle of Mathematical Induction is a
More informationPart IA Numbers and Sets
Part IA Numbers and Sets Definitions Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)
More informationALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers
ALGEBRA CHRISTIAN REMLING 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers by Z = {..., 2, 1, 0, 1,...}. Given a, b Z, we write a b if b = ac for some
More informationMATH10040 Chapter 1: Integers and divisibility
MATH10040 Chapter 1: Integers and divisibility Recall the basic definition: 1. Divisibilty Definition 1.1. If a, b Z, we say that b divides a, or that a is a multiple of b and we write b a if there is
More informationA Few Primality Testing Algorithms
A Few Primality Testing Algorithms Donald Brower April 2, 2006 0.1 Introduction These notes will cover a few primality testing algorithms. There are many such, some prove that a number is prime, others
More informationOutline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m
Outline GCD and Euclid s Algorithm AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Modulo Arithmetic Modular Exponentiation Discrete Logarithms
More informationOutline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Instructor: Dr. Kun Sun Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationcse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska
cse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska LECTURE 12 CHAPTER 4 NUMBER THEORY PART1: Divisibility PART 2: Primes PART 1: DIVISIBILITY Basic Definitions Definition Given m,n Z, we say
More informationAn Algorithm for Prime Factorization
An Algorithm for Prime Factorization Fact: If a is the smallest number > 1 that divides n, then a is prime. Proof: By contradiction. (Left to the reader.) A multiset is like a set, except repetitions are
More informationModular Arithmetic and Elementary Algebra
18.310 lecture notes September 2, 2013 Modular Arithmetic and Elementary Algebra Lecturer: Michel Goemans These notes cover basic notions in algebra which will be needed for discussing several topics of
More information1 Summary: Binary and Logic
1 Summary: Biary ad Logic Biary Usiged Represetatio : each 1-bit is a power of two, the right-most is for 2 0 : 0110101 2 = 2 5 + 2 4 + 2 2 + 2 0 = 32 + 16 + 4 + 1 = 53 10 Usiged Rage o bits is [0...2
More informationp = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is
LARGE PRIME NUMBERS 1. Fermat Pseudoprimes Fermat s Little Theorem states that for any positive integer n, if n is prime then b n % n = b for b = 1,..., n 1. In the other direction, all we can say is that
More informationPUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.
PUTNAM TRAINING NUMBER THEORY (Last updated: December 11, 2017) Remark. This is a list of exercises on Number Theory. Miguel A. Lerma Exercises 1. Show that the sum of two consecutive primes is never twice
More informationTheory of RSA. Hiroshi Toyoizumi 1. December 8,
Theory of RSA Hiroshi Toyoizumi 1 December 8, 2005 1 E-mail: toyoizumi@waseda.jp 2 Introduction This is brief introduction of number theory related to the so-called RSA cryptography. This handout is based
More informationIntroduction to Abstract Mathematics
Introduction to Abstract Mathematics Notation: Z + or Z >0 denotes the set {1, 2, 3,...} of positive integers, Z 0 is the set {0, 1, 2,...} of nonnegative integers, Z is the set {..., 1, 0, 1, 2,...} of
More information2.2 Inverses and GCDs
34 CHAPTER 2. CRYPTOGRAPHY AND NUMBER THEORY 2.2 Inverses and GCDs 2.2.1 Inverses mod p In the last section we explored the multiplication in Z n. We saw in the special case with n =12 and a = 4 that if
More information2 More on Congruences
2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever
More informationAlgorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division
Questions/Complaints About Homework? Here s the procedure for homework questions/complaints: 1. Read the solutions first. 2. Talk to the person who graded it (check initials) 3. If (1) and (2) don t work,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationProof 1: Using only ch. 6 results. Since gcd(a, b) = 1, we have
Exercise 13. Consider positive integers a, b, and c. (a) Suppose gcd(a, b) = 1. (i) Show that if a divides the product bc, then a must divide c. I give two proofs here, to illustrate the different methods.
More information3 The fundamentals: Algorithms, the integers, and matrices
3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers
More informationMath 299 Supplement: Modular Arithmetic Nov 8, 2013
Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Numbers modulo n. We have previously seen examples of clock arithmetic, an algebraic system with only finitely many numbers. In this lecture, we make
More information8 Primes and Modular Arithmetic
8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.
More informationCSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms
Computer Science CSC 474 Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography CSC 474 Dr. Peng Ning 1 Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation
More informationdownload instant at
2 CRYPTOGRAPHY AND NUMBER THEORY 2.1 CRYPTOGRAPHY AND MODULAR ARITHMETIC Pages 54 to 56 Problem 1 Problem 2 Problem 3 Problem 4 14 mod 9 = 5; 1 mod 9 = 8; 11 mod 9 = 7. KHUH LV D PHVVDJH. EBOB FP X JBPPXDB.
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationPRACTICE PROBLEMS: SET 1
PRACTICE PROBLEMS: SET MATH 437/537: PROF. DRAGOS GHIOCA. Problems Problem. Let a, b N. Show that if gcd(a, b) = lcm[a, b], then a = b. Problem. Let n, k N with n. Prove that (n ) (n k ) if and only if
More information4 Number Theory and Cryptography
4 Number Theory and Cryptography 4.1 Divisibility and Modular Arithmetic This section introduces the basics of number theory number theory is the part of mathematics involving integers and their properties.
More informationThe Euclidean Algorithm and Multiplicative Inverses
1 The Euclidean Algorithm and Multiplicative Inverses Lecture notes for Access 2009 The Euclidean Algorithm is a set of instructions for finding the greatest common divisor of any two positive integers.
More informationMATH FINAL EXAM REVIEW HINTS
MATH 109 - FINAL EXAM REVIEW HINTS Answer: Answer: 1. Cardinality (1) Let a < b be two real numbers and define f : (0, 1) (a, b) by f(t) = (1 t)a + tb. (a) Prove that f is a bijection. (b) Prove that any
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More information9 Modular Exponentiation and Square-Roots
9 Modular Exponentiation and Square-Roots Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system. 9. Modular Exponentiation
More informationCIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography 1 Review of Modular Arithmetic 2 Remainders and Congruency For any integer a and any positive
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
More informationCS483 Design and Analysis of Algorithms
CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments
More informationCISC-102 Fall 2017 Week 6
Week 6 page 1! of! 15 CISC-102 Fall 2017 Week 6 We will see two different, yet similar, proofs that there are infinitely many prime numbers. One proof would surely suffice. However, seeing two different
More informationCorollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1
4. Primality testing 4.1. Introduction. Factorisation is concerned with the problem of developing efficient algorithms to express a given positive integer n > 1 as a product of powers of distinct primes.
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More information11 Division Mod n, Linear Integer Equations, Random Numbers, The Fundamental Theorem of Arithmetic
11 Division Mod n, Linear Integer Equations, Random Numbers, The Fundamental Theorem of Arithmetic Bezout s Lemma Let's look at the values of 4x + 6y when x and y are integers. If x is -6 and y is 4 we
More informationENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials
ENEE 457: Computer Systems Security Lecture 5 Public Key Crypto I: Number Theory Essentials Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College
More informationCh 4.2 Divisibility Properties
Ch 4.2 Divisibility Properties - Prime numbers and composite numbers - Procedure for determining whether or not a positive integer is a prime - GCF: procedure for finding gcf (Euclidean Algorithm) - Definition:
More informationExercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.
Exercises Exercises 1. Determine whether each of these integers is prime. a) 21 b) 29 c) 71 d) 97 e) 111 f) 143 2. Determine whether each of these integers is prime. a) 19 b) 27 c) 93 d) 101 e) 107 f)
More information