# Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Size: px
Start display at page:

Download "Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography"

Transcription

1 Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins Contents 9 Introduction to Number Theory Subgroups of the Integers Greatest Common Divisors The Euclidean Algorithm Prime Numbers The Fundamental Theorem of Arithmetic The Infinitude of Primes Congruences Computing Powers in Modular Arithmetic The Chinese Remainder Theorem A Theorem of Fermat The Mathematics underlying the RSA cryptographic system. 76 i

2 9 Introduction to Number Theory 9.1 Subgroups of the Integers A subset S of the set Z of integers is a subgroup of Z if 0 S, x S and x + y S for all x S and y S. It is easy to see that a non-empty subset S of Z is a subgroup of Z if and only if x y S for all x S and y S. Let m be an integer, and let mz = {mn : n Z}. Then mz (the set of integer multiples of m) is a subgroup of Z. Then S = mz for some non- Theorem 9.1 Let S be a subgroup of Z. negative integer m. Proof If S = {0} then S = mz with m = 0. Suppose that S {0}. Then S contains a non-zero integer, and therefore S contains a positive integer (since x S for all x S). Let m be the smallest positive integer belonging to S. A positive integer n belonging to S can be written in the form n = qm + r, where q is a positive integer and r is an integer satisfying 0 r < m. Then qm S (because qm = m + m + + m). But then r S, since r = n qm. It follows that r = 0, since m is the smallest positive integer in S. Therefore n = qm, and thus n mz. It follows that S = mz, as required. 9.2 Greatest Common Divisors Definition Let a 1, a 2,..., a r be integers, not all zero. A common divisor of a 1, a 2,..., a r is an integer that divides each of a 1, a 2,..., a r. The greatest common divisor of a 1, a 2,..., a r is the greatest positive integer that divides each of a 1, a 2,..., a r. The greatest common divisor of a 1, a 2,..., a r is denoted by (a 1, a 2,..., a r ). Theorem 9.2 Let a 1, a 2,..., a r be integers, not all zero. Then there exist integers u 1, u 2,..., u r such that (a 1, a 2,..., a r ) = u 1 a 1 + u 2 a u r a r. where (a 1, a 2,..., a r ) is the greatest common divisor of a 1, a 2,..., a r. Proof Let S be the set of all integers that are of the form n 1 a 1 + n 2 a n r a r for some n 1, n 2,..., n r Z. Then S is a subgroup of Z. It follows that S = mz for some non-negative integer m (Theorem 9.1). Then m is a 63

3 common divisor of a 1, a 2,..., a r, (since a i S for i = 1, 2,..., r). Moreover any common divisor of a 1, a 2,..., a r is a divisor of each element of S and is therefore a divisor of m. It follows that m is the greatest common divisor of a 1, a 2,..., a r. But m S, and therefore there exist integers u 1, u 2,..., u r such that (a 1, a 2,..., a r ) = u 1 a 1 + u 2 a u r a r, as required. Definition Let a 1, a 2,..., a r be integers, not all zero. If the greatest common divisor of a 1, a 2,..., a r is 1 then these integers are said to be coprime. If integers a and b are coprime then a is said to be coprime to b. (Thus a is coprime to b if and only if b is coprime to a.) Corollary 9.3 Let a 1, a 2,..., a r be integers that are not all zero. Then a 1, a 2,..., a r are coprime if and only if there exist integers u 1, u 2,..., u r such that 1 = u 1 a 1 + u 2 a u r a r. Proof If a 1, a 2,..., a r are coprime then the existence of the required integers u 1, u 2,..., u r follows from Theorem 9.2. On the other hand, if there exist integers u 1, u 2,..., u r with the required property then any common divisor of a 1, a 2,..., a r must be a divisor of 1, and therefore a 1, a 2,..., a r must be coprime. 9.3 The Euclidean Algorithm Let a and b be positive integers with a > b. Let r 0 = a and r 1 = b. If b does not divide a then let r 2 be the remainder on dividing a by b. Then a = q 1 b + r 2, where q 1 and r 2 are positive integers and 0 < r 2 < b. If r 2 does not divide b then let r 3 be the remainder on dividing b by r 2. Then b = q 2 r 2 + r 3, where q 2 and r 3 are positive integers and 0 < r 3 < r 2. If r 3 does not divide r 2 then let r 4 be the remainder on dividing r 2 by r 3. Then r 2 = q 3 r 3 + r 4, where q 3 and r 4 are positive integers and 0 < r 4 < r 3. Continuing in this fashion, we construct positive integers r 0, r 1,..., r n such that r 0 = a, r 1 = b and r i is the remainder on dividing r i 2 by r i 1 for i = 2, 3,..., n. Then r i 2 = q i 1 r i 1 + r i, where q i 1 and r i are positive integers and 0 < r i < r i 1. The algorithm for constructing the positive integers r 0, r 1,..., r n terminates when r n divides r n 1. Then r n 1 = q n r n for some positive integer q n. (The algorithm must clearly terminate in a finite number of steps, since r 0 > r 1 > r 2 > > r n.) We claim that r n is the greatest common divisor of a and b. 64

4 Any divisor of r n is a divisor of r n 1, because r n 1 = q n r n. Moreover if 2 i n then any common divisor of r i and r i 1 is a divisor of r i 2, because r i 2 = q i 1 r i 1 + r i. If follows that every divisor of r n is a divisor of all the integers r 0, r 1,..., r n. In particular, any divisor of r n is a common divisor of a and b. In particular, r n is itself a common divisor of a and b. If 2 i n then any common divisor of r i 2 and r i 1 is a divisor of r i, because r i = r i 2 q i 1 r i 1. It follows that every common divisor of a and b is a divisor of all the integers r 0, r 1,..., r n. In particular any common divisor of a and b is a divisor of r n. It follows that r n is the greatest common divisor of a and b. There exist integers u i and v i such that r i = u i a + v i b for i = 1, 2,..., n. Indeed u i = u i 2 q i 1 u i 1 and v i = v i 2 q i 1 v i 1 for each integer i between 2 and n, where u 0 = 1, v 0 = 0, u 1 = 0 and v 1 = 1. In particular r n = u n a+v n b. The algorithm described above for calculating the greatest common divisor (a, b) of two positive integers a and b is referred to as the Euclidean algorithm. It also enables one to calculate integers u and v such that (a, b) = ua + vb. Example We calculate the greatest common divisor of 425 and 119. Now 425 = = = = It follows that 17 is the greatest common divisor of 425 and 119. Moreover 17 = = 68 (119 68) = = 2 ( ) 119 = Example We calculate the greatest common divisor of 90, 126, 210, and express it in the form 90u + 126v + 210w for appropriate integers u, v and w. First we calculate the greatest common divisor of 90 and 126 using the Euclidean algorithm. Now 126 = = =

5 It follows that 18 is the greatest common divisor of 90 and 126. Moreover 18 = = 90 2 (126 90) = Now any common divisor d of 90, 126 and 210 is a common divisor of 90 and 126, and therefore divides the greatest common divisor of 90 and 126. Thus d divides 18. But d also divides 210. It follows that any common divisor of 90, 126 and 210 is a common divisor of 18 and 210, and therefore divides the greatest common divisor of 18 and 210. We calculate this greatest common divisor using the Euclidean algorithm. Now 210 = = = 2 6. It follows that 6 is the greatest common divisor of 18 and 210. Moreover 6 = = 18 ( ) = But 18 = It follows that 6 = The number 6 divides 90, 126 and 210. Moreover any common divisor of 90, 126 and 210 must also divide 6. Therefore 6 is the greatest common divisor of 90, 126 and 210. Also 6 = 90u + 126v + 210w where u = 36, v = 24 and w = 1. Remark Let a 1, a 2,..., a r be non-zero integers, where r > 2. Suppose we wish to compute the greatest common divisor d of a 1, a 2,..., a r, and express it in the form d = u 1 a 1 + u 2 a u r a r. where u 1, u 2,..., u r are integers. Let d be the greatest common divisor of a 1, a 2,..., a r 1. Then any common divisor of a 1, a 2,..., a r divides both d and a r, and therefore divides the greatest common divisor (d, a r ) of d and a r. In particular d divides (d, a r ). But (d, a r ) divides a i for i = 1, 2,..., r. It follows that d = (d, a r ). Thus (a 1, a 2,..., a r ) = ((a 1, a 2,..., a r 1 ), a r ). 66

6 for any non-zero integers a 1, a 2,..., a r. Moreover there exist integers p and q such that d = pd + qa r. These integers p and q may be computed using the Euclidean algorithm, given d and a r. Let v 1, v 2,..., v r 1 be integers for which d = v 1 a 1 + v 2 a v r 1 a r 1. Then d = u 1 a 1 + u 2 a u r a r, where u i = pv i for i = 1, 2,..., r 1 and u r = q. Therefore successive applications of the Euclidean algorithm will enable us to compute the greatest common divisor (a 1, a 2,..., a r ) of a 1, a 2,..., a r and express it in the form (a 1, a 2,..., a r ) = u 1 a 1 + u 2 a u r a r for appropriate integers u 1, u 2,..., u r. Indeed we may proceed by computing successively the greatest common divisors (a 1, a 2 ), (a 1, a 2, a 3 ), (a 1, a 2, a 3, a 4 ),..., representing each quantity (a 1, a 2,..., a k ) by an expression of the form (a 1, a 2,..., a k ) = where the quantities v ki are integers. k v ki a i, i=1 9.4 Prime Numbers Definition A prime number is an integer p greater than one with the property that 1 and p are the only positive integers that divide p. Let p be a prime number, and let x be an integer. Then the greatest common divisor (p, x) of p and x is a divisor of p, and therefore either (p, x) = p or else (p, x) = 1. It follows that either x is divisible by p or else x is coprime to p. Theorem 9.4 Let p be a prime number, and let x and y be integers. If p divides xy then either p divides x or else p divides y. Proof Suppose that p divides xy but p does not divide x. Then p and x are coprime, and hence there exist integers u and v such that 1 = up + vx (Corollary 9.3). Then y = upy + vxy. It then follows that p divides y, as required. 67

7 Corollary 9.5 Let p be a prime number. If p divides a product of integers then p divides at least one of the factors of the product. Proof Let a 1, a 2,..., a k be integers, where k > 1. Suppose that p divides a 1 a 2 a k. Then either p divides a k or else p divides a 1 a 2 a k 1. The required result therefore follows by induction on the number k of factors in the product. 9.5 The Fundamental Theorem of Arithmetic Lemma 9.6 Every integer greater than one is a prime number or factors as a product of prime numbers. Proof Let n be an integer greater than one. Suppose that every integer m satisfying 1 < m < n is a prime number or factors as a product of prime numbers. If n is not a prime number then n = ab for some integers a and b satisfying 1 < a < n and 1 < b < n. Then a and b are prime numbers or products of prime numbers. Thus if n is not itself a prime number then n must be a product of prime numbers. The required result therefore follows by induction on n. An integer greater than one that is not a prime number is said to be a composite number. Let n be an composite number. We say that n factors uniquely as a product of prime numbers if, given prime numbers p 1, p 2,..., p r and q 1, q 2,..., q s such that n = p 1 p 2 p r = q 1 q 2... q s, the number of times a prime number occurs in the list p 1, p 2,..., p r is equal to the number of times it occurs in the list q 1, q 2,..., q s. (Note that this implies that r = s.) Theorem 9.7 (The Fundamental Theorem of Arithmetic) Every composite number greater than one factors uniquely as a product of prime numbers. Proof Let n be a composite number greater than one. Suppose that every composite number greater than one and less than n factors uniquely as a product of prime numbers. We show that n then factors uniquely as a product of prime numbers. Suppose therefore that n = p 1 p 2 p r = q 1 q 2..., q s, 68

8 where p 1, p 2,..., p r and q 1, q 2,..., q s are prime numbers, p 1 p 2 p r and q 1 q 2 q s. We must prove that r = s and p i = q i for all integers i between 1 and r. Let p be the smallest prime number that divides n. If a prime number divides a product of integers then it must divide at least one of the factors (Corollary 9.5). It follows that p must divide p i and thus p = p i for some integer i between 1 and r. But then p = p 1, since p 1 is the smallest of the prime numbers p 1, p 2,..., p r. Similarly p = q 1. Therefore p = p 1 = q 1. Let m = n/p. Then m = p 2 p 3 p r = q 2 q 3 q s. But then r = s and p i = q i for all integers i between 2 and r, because every composite number greater than one and less than n factors uniquely as a product of prime numbers. It follows that n factors uniquely as a product of prime numbers. The required result now follows by induction on n. (We have shown that if all composite numbers m satisfying 1 < m < n factor uniquely as a product of prime numbers, then so do all composite numbers m satisfying 1 < m < n + 1.) 9.6 The Infinitude of Primes Theorem 9.8 (Euclid) The number of prime numbers is infinite. Proof Let p 1, p 2,..., p r be prime numbers, let m = p 1 p 2 p r + 1. Now p i does not divide m for i = 1, 2,..., r, since if p i were to divide m then it would divide m p 1 p 2 p r and thus would divide 1. Let p be a prime factor of m. Then p must be distinct from p 1, p 2,..., p r. Thus no finite set {p 1, p 2,..., p r } of prime numbers can include all prime numbers. 9.7 Congruences Let m be a positive integer. Integers x and y are said to be congruent modulo m if x y is divisible by m. If x and y are congruent modulo m then we denote this by writing x y (mod m). The congruence class of an integer x modulo m is the set of all integers that are congruent to x modulo m. Let x, y and z be integers. Then x x (mod m). Also x y (mod m) if and only if y x (mod m). If x y (mod m) and y z (mod m) then x z (mod m). Thus congruence modulo m is an equivalence relation on the set of integers. 69

9 Lemma 9.9 Let m be a positive integer, and let x, x, y and y be integers. Suppose that x x (mod m) and y y (mod m). Then x + y x + y (mod m) and xy x y (mod m). Proof The result follows immediately from the identities (x + y) (x + y ) = (x x ) + (y y ), xy x y = (x x )y + x (y y ). Lemma 9.10 Let x, y and m be integers with m 0. Suppose that m divides xy and that m and x are coprime. Then m divides y. Proof There exist integers a and b such that 1 = am + bx, since m and x are coprime (Corollary 9.3). Then y = amy + bxy, and m divides xy, and therefore m divides y, as required. Lemma 9.11 Let m be a positive integer, and let a, x and y be integers with ax ay (mod m). Suppose that m and a are coprime. Then x y (mod m). Proof If ax ay (mod m) then a(x y) is divisible by m. But m and a are coprime. It therefore follows from Lemma 9.10 that x y is divisible by m, and thus x y (mod m), as required. Lemma 9.12 Let x and m be non-zero integers. Suppose that x is coprime to m. Then there exists an integer y such that xy 1 (mod m). Moreover y is coprime to m. Proof There exist integers y and k such that xy + mk = 1, since x and m are coprime (Corollary 9.3). Then xy 1 (mod m). Moreover any common divisor of y and m must divide xy and therefore must divide 1. Thus y is coprime to m, as required. Lemma 9.13 Let m be a positive integer, and let a and b be integers, where a is coprime to m. Then there exist integers x that satisfy the congruence ax b (mod m). Moreover if x and x are integers such that ax b (mod m) and ax b (mod m) then x x (mod m). Proof There exists an integer c such that ac 1 (mod m), since a is coprime to m (Lemma 9.12). Then ax b (mod m) if and only if x cb (mod m). The result follows. 70

10 Lemma 9.14 Let a 1, a 2,..., a r be integers, and let x be an integer that is coprime to a i for i = 1, 2,..., r. Then x is coprime to the product a 1 a 2 a r of the integers a 1, a 2,..., a r. Proof Let p be a prime number which divides the product a 1 a 2 a r. Then p divides one of the factors a 1, a 2,..., a r (Corollary 9.5). It follows that p cannot divide x, since x and a i are coprime for i = 1, 2,..., r. Thus no prime number is a common divisor of x and the product a 1 a 2 a r. It follows that the greatest common divisor of x and a 1 a 2 a r is 1, since this greatest common divisor cannot have any prime factors. Thus x and a 1 a 2 a r are coprime, as required. Let m be a positive integer. For each integer x, let [x] denote the congruence class of x modulo m. If x, x, y and y are integers and if x x (mod m) and y y (mod m) then xy x y (mod m). It follows that there is a well-defined operation of multiplication defined on congruence classes of integers modulo m, where [x][y] = [xy] for all integers x and y. This operation is commutative and associative, and [x][1] = [x] for all integers x. If x is an integer coprime to m, then it follows from Lemma 9.12 that there exists an integer y coprime to m such that xy 1 (mod m). Then [x][y] = [1]. Therefore the set Z m of congruence classes modulo m of integers coprime to m is an Abelian group (with multiplication of congruence classes defined as above). 9.8 Computing Powers in Modular Arithmetic Let m be a positive integer, and let a be an integer. Suppose that one wishes to calculate the value of a n modulo m, where n is some large positive integer. It is not computationally efficient to calculate the value of a n for a large value of n and then reduce the value of this integer modulo m. Instead one may proceed by calculating a sequence a 0, a 1, a 2, a 3,... of integers, where a 0 a (mod m) 0 a i < m and a i+1 a 2 i (mod m) for i = 0, 1, 2, 3,.... Now a 2i+1 = (a 2i ) 2 for all non-negative integers i. It then follows from Lemma 9.9 and the Principle of Mathematical Induction that a 2i a i (mod m) for all non-negative integers i. Thus the members of the sequence a 0, a 1, a 2, a 3,... are congruent modulo m to those values of a n for which n is a non-negative power of 2. Now any positive integer may be expressed as a sum of powers of two. Indeed let n be a positive integer, and let the digits in the standard binary 71

11 representation of n, read from right to left, be e 0, e 1,..., e r, where e 0 is the least significant digit, e r is the most significant digit, and e i is equal either to 0 or to 1 for i = 0, 1,..., r. Then n = k e i 2 i, and thus n is the sum of those powers 2 i of two for which e i = 1. Let n = 2 k k km, where k 1, k 2,..., k m are distinct non-negative integers. Then a n = a 2k 1 a 2k2 a 2km. It then follows from Lemma 9.9 that a n a k1 a k2 a km (mod m), where 0 a i < m and a i a 2i (mod m) for all non-negative integers i. i=0 Example We calculate 58 n (mod 221) where n = = Let a 0 = 58 and let 0 a i+1 < 221 and a i+1 a 2 i (mod 221) for all non-negative integers i. Then a 0 = 58, a 1 = 49, a 2 = 191, a 3 = 16, a 4 = 35, a 5 = 120, a 6 = 35. Note that a 4 = a 6. The definition of the numbers a i then ensures that a 4+j = a 6+j for all non-negative integers. It follows from this that a i = 35 when i is even and i 4, and a i = 120 when i is odd and i 5. In particular 58 n 35 (mod 221) when n = 2 176, since 58 n a 176 (mod 221) and a 176 = 35. Let m be a positive integer, let a be an integer satisfying 0 a < m, and let the infinite sequence a 0, a 1, a 2, a 3,... of integers be defined such that a 0 = a, 0 a i+1 < m and a i+1 a 2 i (mod m) for all non-negative integers i. Now the integers a i can only take on m possible values. It follows that there must exist a non-negative integer r and a strictly positive integer p such that a r = a r+p. But it then follows from the definition of the integers a i that a r+j = a r+p+j for all non-negative integers j. A straightforward proof by induction on k shows that a r+kp+j = r r+j for all non-negative integers j and k. Thus the values of the sequence a r, a r+1, a r+2,... are periodic, with period equal to or dividing p, and therefore the values of a i for i r are completely determined by the values of a i for r i < r + p. Example We consider the value of 1234 n (mod 13039) for some large integer values of n. We define a sequence a 0, a 1, a 2, a 3,... of integers satisfying 0 a i < 13039, where a 0 = 1234 and a i+1 a 2 i (mod 13039). Calculations show that a 4 = a 32 = However a i when 4 < i < 32. Therefore the sequence of values a i for i 4 is periodic, with period 28, so that a i+28k = a i 72

12 for all non-negative integers i and k with i 4. The values of a i for all non-negative integers i are thus determined by the values of a i for which 0 i < 32. We now calculate the value of 1234 n (mod 13039) when n = Now n = It follows that 1234 n a 47 a 63 a 74 (mod 13039). Moreover a 47 = a 19 = 11935, a 63 = a 7 = 3758 and a 74 = a 18 = Now (mod 13039). We conclude therefore that 1234 n (mod 13039). We note also 1234 n > 2 10n. It is not feasable to write out or print the binary or decimal representation of such a large number! 9.9 The Chinese Remainder Theorem Let I be a set of integers. The integers belonging to I are said to be pairwise coprime if any two distinct integers belonging to I are coprime. Proposition 9.15 Let m 1, m 2,..., m r be non-zero integers that are pairwise coprime. Let x be an integer that is divisible by m i for i = 1, 2,..., r. Then x is divisible by the product m 1 m 2 m r of the integers m 1, m 2,..., m r. Proof For each integer k between 1 and r let P k be the product of the integers m i with 1 i k. Then P 1 = m 1 and P k = P k 1 m k for k = 2, 3,..., r. Let x be a positive integer that is divisible by m i for i = 1, 2,..., r. We must show that P r divides x. Suppose that P k 1 divides x for some integer k between 2 and r. Let y = x/p k 1. Then m k and P k 1 are coprime (Lemma 9.14) and m k divides P k 1 y. It follows from Lemma 9.10 that m k divides y. But then P k divides x, since P k = P k 1 m k and x = P k 1 y. On successively applying this result with k = 2, 3,..., r we conclude that P r divides x, as required. Theorem 9.16 (Chinese Remainder Theorem) Let m 1, m 2,..., m r be pairwise coprime positive integers. Then, given any integers x 1, x 2,..., x r, there exists an integer z such that z x i (mod m i ) for i = 1, 2,..., r. Moreover if z is any integer satisfying z x i (mod m i ) for i = 1, 2,..., r then z z (mod m), where m = m 1 m 2 m r. Proof Let m = m 1 m 2 m r, and let s i = m/m i for i = 1, 2,..., r. Note that s i is the product of the integers m j with j i, and is thus a product of integers coprime to m i. It follows from Lemma 9.14 that m i and s i are 73

13 coprime for i = 1, 2,..., r. Therefore there exist integers a i and b i such that a i m i + b i s i = 1 for i = 1, 2,..., r (Corollary 9.3). Let u i = b i s i for i = 1, 2,..., r. Then u i 1 (mod m i ), and u i 0 (mod m j ) when j i. Thus if z = x 1 u 1 + x 2 u 2 + x r u r then z x i (mod m i ) for i = 1, 2,..., r. Now let z be an integer with z x i (mod m i ) for i = 1, 2,..., r. Then z z is divisible by m i for i = 1, 2,..., r. It follows from Proposition 9.15 that z z is divisible by the product m of the integers m 1, m 2,..., m r. Then z z (mod m), as required. Example Suppose we seek an integer x such that x 3 (mod 5), x 7 (mod 11) and x 4 (mod 17). (Note that 5, 11 and 17 are prime numbers, and are therefore pairwise coprime.) There should exist such an integer x that is of the form x = 3u 1 + 7u 2 + 4u 3, where u 1 1 (mod 5) u 1 0 (mod 11), u 1 0 (mod 17), u 2 0 (mod 5) u 2 1 (mod 11), u 2 0 (mod 17), u 3 0 (mod 5) u 3 0 (mod 11), u 3 1 (mod 17). Now u 1 should be divisible by both 11 and 17. Moreover 11 and 17 are coprime. It follows that u 1 should be divisible by the product of 11 and 17, which is 187. Now (mod 5), and we are seeking an integer u 1 for which u 1 1 (mod 5). However 3 2 = 6 and 6 1 (mod 5), and = 561. It follows from standard properties of congruences that if we take u 1 = 561, then u 1 satisfies all the required congruences. And one can readily check that this is the case. Similarly u 2 should be a multiple of 85, given that 85 = But 85 8 (mod 11), 7 8 = 56, 56 1 (mod 11), and 7 85 = 595, so if we take u 2 = 595 then u 2 should satisfy all the required congruences, and this is the case. The same method shows that u 3 should be a multiple of 55. But 55 4 (mod 17), 13 4 = 52, 52 1 (mod 17) and = 715, and thus if u 3 = 715 then u 3 should satisfy the required congruences, which it does. An integer x satisfying the congruences x 3 (mod 5), x 7 (mod 11) and x 4 (mod 17), is then given by x = =

14 Now the integers y satisfying the required congruences are those that satisfy the congruence y x (mod 935), since 935 = The smallest positive value of y with the required properties is A Theorem of Fermat Theorem 9.17 (Fermat) Let p be a prime number. Then x p x (mod p) for all integers x. Moreover if x is coprime to p then x p 1 1 (mod p). We shall give two proofs of this theorem below. Lemma 9.18 Let p be a prime number. Then the binomial coefficient is divisible by p for all integers k satisfying 0 < k < p. ( ) p k ( ) p p! Proof The binomial coefficient is given by the formula = k (p k)!k!. ( ) p Thus if 0 < k < p then = pm (p 1)!, where m =. Thus if 0 < k < p k k! (p k)! then k! divides pm. Also k! is coprime to p. It follows ( ) that k! divides m p (Lemma 9.10), and therefore the binomial coefficient is a multiple of k p. First Proof of Theorem 9.17 Let p be prime number. Then (x + 1) p = p k=0 ( ) p x k. k It then follows from Lemma 9.18 that (x + 1) p x p + 1 (mod p). Thus if f(x) = x p x then f(x + 1) f(x) (mod p) for all integers x, since f(x + 1) f(x) = (x + 1) p x p 1. But f(0) 0 (mod p). It follows by induction on x that f(x) 0 (mod p) for all integers x. Thus x p x (mod p) for all integers x. Moreover if x is coprime to p then it follows from Lemma 9.11 that x p 1 1 (mod p), as required. Second Proof of Theorem 9.17 Let x be an integer. If x is divisible by p then x 0 (mod p) and x p 0 (mod p). Suppose that x is coprime to p. If j is an integer satisfying 1 j p 1 then j is coprime to p and hence xj is coprime to p. It follows that there exists a unique integer u j such that 1 u j p 1 and xj u j (mod p). If j and k are integers between 1 and p 1 and if j k then u j u k. It follows that each 75

15 integer between 1 and p 1 occurs exactly once in the list u 1, u 2,..., u p 1, and therefore u 1 u 2 u p 1 = (p 1)!. Thus if we multiply together the left hand sides and right hand sides of the congruences xj u j (mod p) for j = 1, 2,..., p 1 we obtain the congruence x p 1 (p 1)! (p 1)! (mod p). But then x p 1 1 (mod p) by Lemma 9.11, since (p 1)! is coprime to p. But then x p x (mod p), as required The Mathematics underlying the RSA cryptographic system Theorem 9.19 Let p and q be distinct prime numbers, let m = pq and let s = (p 1)(q 1). Let j and k be positive integers with the property that j k (mod s). Then x j x k (mod m) for all integers x. Proof We may order j and k so that j k. Let x be an integer. Then either x is divisible by p or x is coprime to p. Let us first suppose that x is coprime to p. Then Fermat s Theorem (Theorem 9.17) ensures that x p 1 1 (mod p). But then x r(p 1) 1 (mod p) for all non-negative integers r (for if two integers are congruent modulo p, then so are the rth powers of those integers). In particular x ns 1 (mod p) for all non-negative integers n, where s = (p 1)(q 1). Now j and k are positive integers such that j k and j k (mod s). It follows that there exists some nonnegative integer n such that k = ns + j. But then x k = x ns x j, and therefore x k x j (mod p). We have thus shown that the congruence x j x k (mod p) is satisfied whenever x is coprime to p. This congruence is also satisfied when x is divisible by p, since in that case both x k and x j are divisible by p and so are congruent to zero modulo p. We conclude that x j x k (mod p) for all integers x. On interchanging the roles of the primes p and q we find that x j x k (mod q) for all integers x. Therefore, given any integer x, the integers x k x j is divisible by both p and q. But p and q are distinct prime numbers, and are therefore coprime. It follows that x k x j must be divisible by the product m of p and q (see Proposition 9.15). Therefore every integer x satisfies the congruence x j x k (mod m), as required. The RSA encryption scheme works as follows. In order to establish the necessary public and private keys, one first chooses two distinct large prime numbers p and q. Messages to be sent are to be represented by integers n satisfying 0 n < m, where m = pq. Let s = (p 1)(q 1), and let e be any positive integer that is coprime to s. Then there exists a positive integer d such that ed 1 (mod s) (see Lemma 9.12). Indeed there exist integers d and t such that ed st = 1 (Corollary 9.3), and appropriate values for d and 76

16 t may by found using the Euclidean algorithm. Moreover d and t may be chosen such that d > 1, for if d and t satisfy the equation ed st = 1, and if d = d + ks and t = t + ke for some integer k, then ed st = 1. Thus, once a positive integer e is chosen coprime to s, standard algorithms enable one to calculate a positive integer d such that ed 1 (mod s). Now suppose that p, q, m, s, e and d have been chosen such that p and q are distinct prime numbers, m = pq, s = (p 1)(q 1), e and d are coprime to s and ed 1 (mod s). Let I = {n Z : 0 n < m}. Then for each integer x belonging to the set I, there exists a unique integer E(x) that belongs to I and satisfies the congruence E(x) x e (mod m). Similarly, for each integer y belonging to the set I, there exists a unique integer D(y) that belongs to I and satisfies the congruence D(y) y d (mod m). Now it follows from standard properties of congruences (Lemma 9.9) that if y and z are integers, and if y z (mod m), then y d z d (mod m). It follows that D(E(x)) D(x e ) x ed (mod m) for all integers x belonging to I. But ed 1 (mod s), where s = (p 1)(q 1). It follows from Theorem 9.19 that x ed x (mod m). We conclude therefore that D(E(x)) x (mod m) for all x I. But every congruence class modulo m is represented by a single integer in the set I. It follows that that D(E(x)) = x for all x I. On reversing the roles of the numbers e and d, we find that E(D(y)) = y for all y I. Thus E: I I is an invertible function whose inverse is D: I I. On order to apply the RSA cryptographic method one determines integers p, q, m, s, e and d. The pair (m, e) of integers represents the public key and determines the encryption function E: I I. The pair (m, d) of integers represents the corresponding private key and determines the decryption function D: I I. The messages to be sent are represented as integers belonging to I, or perhaps as strings of such integers. If Alice publishes her public key (m, e), but keeps secret her private key (m, d), then Bob can send messages to Alice, encrypting them using the encryption function E determined by Alice s public key. When Alice receives the message from Bob, she can decrypt it using the decryption function D determined by her private key. Note that if the value of the integer s is known, where s = (p 1)(q 1), then a private key can easily be calculated by means of the Euclidean algorithm. Obviously once the values of p and q are known, then so are the values of m and s. Conversely if the values of m and s are known, then p and q can easily be determined, since these prime numbers are the roots of the polynomial x 2 + (s m 1)x + m. Thus knowledge of s corresponds 77

17 to knowledge of the factorization of the composite number m as a product of prime numbers. There are known algorithms for factoring numbers as products of primes, but one can make sure that the primes p and q are chosen large enough to ensure that massive resources are required in order to factorize their product pq using known algorithms. The security of RSA also rests on the assumption that there is no method of decryption that requires less computational resources than are required for factorizing the product of the prime numbers determining the public key. It remains to discuss whether it is in fact feasable to do the calculations involved in encrypting messages using RSA. Now, in order determine the value of E(x) for any non-negative integer x less than m, one needs to determine the congruence class of x e modulo m. Now e could be a very large number. However, in order to determine the congruence class of x e modulo m, it is not necessary to determine the value of the integer x e itself. For given any non-negative integer x less than m, we can determine a sequence a 0, a 1, a 2, a 3,... of non-negative integers less than m such that a 0 = x and a i+1 a 2 i (mod m) for each non-negative integer i. Then a i x 2i for all non-negative integers i. Any positive integer e may then be expressed in the form e = e 0 + 2e e e 3 + where e i has the value 0 or 1 for each non-negative integer i. (These numbers e i are of course the digits in the binary representation of the number e.) Then x e is then congruent to the product of those integers a i for which e k = i. The execution time required to calculate E(x) by this method is therefore determined by the number of digits in the binary expansion of e, and is therefore bounded above by some constant multiple of log m (assuming that e has been chosen so that it is less than s, and thus less than m). Moreover the execution time required by the Euclidean algorithm, when applied to natural numbers that are less than m is also bounded above by some constant multiple of log m. For in order to apply the Euclidean algorithm, one is required to calculate a decreasing sequence r 0, r 1, r 2, r 3,... such that, for k 2, the non-negative integer r k is the remainder obtained on dividing r k 2 by r k 1 in integer arithmetic, and therefore satisfies the inequality r k 1r 2 k 2. (To see this, consider separately what happens in the two cases when r k 1 1r 2 k 2 and r k 1 > 1r 2 k 2.) Problems 1. (a) Compute the greatest common divisor d 2 of 462 and 770 using the Euclidean Algorithm, and find integers u 1 and u 2 such that d 2 = 78

18 462u u 2. (b) Compute the greatest common divisor d 3 of 462, 770 and 546 using the Euclidean Algorithm (and the result of (a)), and find integers v 1, v 2 and v 3 such that d 3 = 462v v v 3. (c) Compute the greatest common divisor d 4 of 462, 770, 546 and 119 using the Euclidean Algorithm (and the result of (b)), and find integers w 1, w 2, w 3 and w 4 such that d 4 = 462w w w w Calculate 123 n modulo 1961, where n = = [A computer-assisted calculation is envisaged.] 79

### Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

### Ma/CS 6a Class 2: Congruences

Ma/CS 6a Class 2: Congruences 1 + 1 5 (mod 3) By Adam Sheffer Reminder: Public Key Cryptography Idea. Use a public key which is used for encryption and a private key used for decryption. Alice encrypts

### Carmen s Core Concepts (Math 135)

Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat

### Mathematics for Cryptography

Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1

### Topics in Cryptography. Lecture 5: Basic Number Theory

Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating

### Discrete Mathematics GCD, LCM, RSA Algorithm

Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common

### Ma/CS 6a Class 2: Congruences

Ma/CS 6a Class 2: Congruences 1 + 1 5 (mod 3) By Adam Sheffer Reminder: Public Key Cryptography Idea. Use a public key which is used for encryption and a private key used for decryption. Alice encrypts

### Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,

### Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Number theory Myrto Arapinis School of Informatics University of Edinburgh October 9, 2014 1/29 Division Definition If a and b are integers with a 6= 0, then a divides b if there exists an integer c such

### Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot

### Public Key Cryptography

Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood

### Congruence of Integers

Congruence of Integers November 14, 2013 Week 11-12 1 Congruence of Integers Definition 1. Let m be a positive integer. For integers a and b, if m divides b a, we say that a is congruent to b modulo m,

### Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

The first exam will be on Monday, June 8, 202. The syllabus will be sections. and.2 in Lax, and the number theory handout found on the class web site, plus the handout on the method of successive squaring

### Number Theory. Modular Arithmetic

Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic

### Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not

### Finite Fields and Error-Correcting Codes

Lecture Notes in Mathematics Finite Fields and Error-Correcting Codes Karl-Gustav Andersson (Lund University) (version 1.013-16 September 2015) Translated from Swedish by Sigmundur Gudmundsson Contents

### Number Theory and Group Theoryfor Public-Key Cryptography

Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography

### A Readable Introduction to Real Mathematics

Solutions to selected problems in the book A Readable Introduction to Real Mathematics D. Rosenthal, D. Rosenthal, P. Rosenthal Chapter 7: The Euclidean Algorithm and Applications 1. Find the greatest

### Mathematical Foundations of Public-Key Cryptography

Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical

### OWO Lecture: Modular Arithmetic with Algorithmic Applications

OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2

### Basic elements of number theory

Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a

### Basic elements of number theory

Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation

### Elementary Number Theory Review. Franz Luef

Elementary Number Theory Review Principle of Induction Principle of Induction Suppose we have a sequence of mathematical statements P(1), P(2),... such that (a) P(1) is true. (b) If P(k) is true, then

### 2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

2 Arithmetic This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}. (See [Houston, Chapters 27 & 28]) 2.1 Greatest common divisors Definition 2.16. If a, b are integers, we say

### 1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number

### YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We

### Simple Math: Cryptography

1 Introduction Simple Math: Cryptography This section develops some mathematics before getting to the application. The mathematics that I use involves simple facts from number theory. Number theory is

### = 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

8. p-adic numbers 8.1. Motivation: Solving x 2 a (mod p n ). Take an odd prime p, and ( an) integer a coprime to p. Then, as we know, x 2 a (mod p) has a solution x Z iff = 1. In this case we can suppose

### Notes on Systems of Linear Congruences

MATH 324 Summer 2012 Elementary Number Theory Notes on Systems of Linear Congruences In this note we will discuss systems of linear congruences where the moduli are all different. Definition. Given the

### NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication,

### A Guide to Arithmetic

A Guide to Arithmetic Robin Chapman August 5, 1994 These notes give a very brief resumé of my number theory course. Proofs and examples are omitted. Any suggestions for improvements will be gratefully

### 3 The fundamentals: Algorithms, the integers, and matrices

3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers

### INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

INTEGERS PETER MAYR (MATH 2001, CU BOULDER) In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. 1. Divisibility Definition. Let a, b

### CS483 Design and Analysis of Algorithms

CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments

### basics of security/cryptography

RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)

### Part IA Numbers and Sets

Part IA Numbers and Sets Theorems Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)

### Introduction to Number Theory

INTRODUCTION Definition: Natural Numbers, Integers Natural numbers: N={0,1,, }. Integers: Z={0,±1,±, }. Definition: Divisor If a Z can be writeen as a=bc where b, c Z, then we say a is divisible by b or,

### Mathematics of Cryptography

Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 (see http://gauss.ececs.uc.edu/courses/c472/java/fermat/fermat.html)

### Introduction to Cryptography. Lecture 6

Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:

### 4 Number Theory and Cryptography

4 Number Theory and Cryptography 4.1 Divisibility and Modular Arithmetic This section introduces the basics of number theory number theory is the part of mathematics involving integers and their properties.

### ICS141: Discrete Mathematics for Computer Science I

ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by

### Lecture Notes, Week 6

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several

### Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each

### Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications

### Integers and Division

Integers and Division Notations Z: set of integers N : set of natural numbers R: set of real numbers Z + : set of positive integers Some elements of number theory are needed in: Data structures, Random

### Elementary Number Theory MARUCO. Summer, 2018

Elementary Number Theory MARUCO Summer, 2018 Problem Set #0 axiom, theorem, proof, Z, N. Axioms Make a list of axioms for the integers. Does your list adequately describe them? Can you make this list as

### MATH 361: NUMBER THEORY FOURTH LECTURE

MATH 361: NUMBER THEORY FOURTH LECTURE 1. Introduction Everybody knows that three hours after 10:00, the time is 1:00. That is, everybody is familiar with modular arithmetic, the usual arithmetic of the

### Chapter 5. Modular arithmetic. 5.1 The modular ring

Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence

### Chapter 5: The Integers

c Dr Oksana Shatalov, Fall 2014 1 Chapter 5: The Integers 5.1: Axioms and Basic Properties Operations on the set of integers, Z: addition and multiplication with the following properties: A1. Addition

### 10 Modular Arithmetic and Cryptography

10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and

### MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences. Congruences Let n be a postive integer. The integers a and b are called congruent modulo n if they have the same

### The Fundamental Theorem of Arithmetic

Chapter 1 The Fundamental Theorem of Arithmetic 1.1 Primes Definition 1.1. We say that p N is prime if it has just two factors in N, 1 and p itself. Number theory might be described as the study of the

### 9 Knapsack Cryptography

9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and

### Math 109 HW 9 Solutions

Math 109 HW 9 Solutions Problems IV 18. Solve the linear diophantine equation 6m + 10n + 15p = 1 Solution: Let y = 10n + 15p. Since (10, 15) is 5, we must have that y = 5x for some integer x, and (as we

### Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī

### Number theory (Chapter 4)

EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?

### Cryptography. P. Danziger. Transmit...Bob...

10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of

### CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n

### Chapter 8 Public-key Cryptography and Digital Signatures

Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital

### Ma/CS 6a Class 3: The RSA Algorithm

Ma/CS 6a Class 3: The RSA Algorithm By Adam Sheffer Reminder: Putnam Competition Signup ends Wednesday 10/08. Signup sheets available in all Sloan classrooms, Math office, or contact Kathy Carreon, kcarreon@caltech.edu.

### ECE596C: Handout #11

ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying

### Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

CS 70 Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6 1 Modular Arithmetic In several settings, such as error-correcting codes and cryptography, we sometimes

### Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,

### CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA

### Lecture 1: Introduction to Public key cryptography

Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means

### 1 Overview and revision

MTH6128 Number Theory Notes 1 Spring 2018 1 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction

### 2 More on Congruences

2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever

### An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Chapter 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p. If n > 1

### PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

PUTNAM TRAINING NUMBER THEORY (Last updated: December 11, 2017) Remark. This is a list of exercises on Number Theory. Miguel A. Lerma Exercises 1. Show that the sum of two consecutive primes is never twice

### CRYPTOGRAPHY AND NUMBER THEORY

CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We

### ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

ALGEBRA CHRISTIAN REMLING 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers by Z = {..., 2, 1, 0, 1,...}. Given a, b Z, we write a b if b = ac for some

### during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit

### Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures

### CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS

CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS JEREMY BOOHER Continued fractions usually get short-changed at PROMYS, but they are interesting in their own right and useful in other areas

### Introduction to Modern Cryptography. Benny Chor

Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the

### Mathematics Course 111: Algebra I Part I: Algebraic Structures, Sets and Permutations

Mathematics Course 111: Algebra I Part I: Algebraic Structures, Sets and Permutations D. R. Wilkins Academic Year 1996-7 1 Number Systems and Matrix Algebra Integers The whole numbers 0, ±1, ±2, ±3, ±4,...

### Part II. Number Theory. Year

Part II Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2017 Paper 3, Section I 1G 70 Explain what is meant by an Euler pseudoprime and a strong pseudoprime. Show that 65 is an Euler

### Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu

### Lecture Notes. Advanced Discrete Structures COT S

Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-13 Recap Divisibility Prime Number Theorem Euclid s Lemma Fundamental Theorem of Arithmetic Euclidean Algorithm Basic Notions - Section

### Chapter 1 : The language of mathematics.

MAT 200, Logic, Language and Proof, Fall 2015 Summary Chapter 1 : The language of mathematics. Definition. A proposition is a sentence which is either true or false. Truth table for the connective or :

### MATH 145 Algebra, Solutions to Assignment 4

MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178

### Public-key Cryptography: Theory and Practice

Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 2: Mathematical Concepts Divisibility Congruence Quadratic Residues

### 5: The Integers (An introduction to Number Theory)

c Oksana Shatalov, Spring 2017 1 5: The Integers (An introduction to Number Theory) The Well Ordering Principle: Every nonempty subset on Z + has a smallest element; that is, if S is a nonempty subset

### NOTES ON SIMPLE NUMBER THEORY

NOTES ON SIMPLE NUMBER THEORY DAMIEN PITMAN 1. Definitions & Theorems Definition: We say d divides m iff d is positive integer and m is an integer and there is an integer q such that m = dq. In this case,

### Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

CS 70 Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5 Modular Arithmetic In several settings, such as error-correcting codes and cryptography, we sometimes wish to work over a

### LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS 1. The Chinese Remainder Theorem We now seek to analyse the solubility of congruences by reinterpreting their solutions modulo a composite

### MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY In this meeting we go through the foundations of modular arithmetic. Before the meeting it is assumed that you have watched the videos and worked

### Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

CS 70 Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3 Modular Arithmetic In several settings, such as error-correcting codes and cryptography, we sometimes wish to work over a smaller

### Coding Theory ( Mathematical Background I)

N.L.Manev, Lectures on Coding Theory (Maths I) p. 1/18 Coding Theory ( Mathematical Background I) Lector: Nikolai L. Manev Institute of Mathematics and Informatics, Sofia, Bulgaria N.L.Manev, Lectures

2 CRYPTOGRAPHY AND NUMBER THEORY 2.1 CRYPTOGRAPHY AND MODULAR ARITHMETIC Pages 54 to 56 Problem 1 Problem 2 Problem 3 Problem 4 14 mod 9 = 5; 1 mod 9 = 8; 11 mod 9 = 7. KHUH LV D PHVVDJH. EBOB FP X JBPPXDB.

### Congruences and Residue Class Rings

Congruences and Residue Class Rings (Chapter 2 of J. A. Buchmann, Introduction to Cryptography, 2nd Ed., 2004) Shoichi Hirose Faculty of Engineering, University of Fukui S. Hirose (U. Fukui) Congruences

### CPSC 467b: Cryptography and Computer Security

Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael

### Math.3336: Discrete Mathematics. Mathematical Induction

Math.3336: Discrete Mathematics Mathematical Induction Instructor: Dr. Blerina Xhabli Department of Mathematics, University of Houston https://www.math.uh.edu/ blerina Email: blerina@math.uh.edu Fall 2018

### CHAPTER 3. Congruences. Congruence: definitions and properties

CHAPTER 3 Congruences Part V of PJE Congruence: definitions and properties Definition. (PJE definition 19.1.1) Let m > 0 be an integer. Integers a and b are congruent modulo m if m divides a b. We write

### CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots

MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic

### ALG 4.0 Number Theory Algorithms:

Algorithms Professor John Reif ALG 4.0 Number Theory Algorithms: (a) GCD (b) Multiplicative Inverse (c) Fermat & Euler's Theorems (d) Public Key Cryptographic Systems (e) Primality Testing Greatest Common

### Mathematics of Cryptography

UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms