Discrete mathematics I - Number theory

Transcription

1 Discrete mathematics I - Number theory Emil Vatai <vatai@inf.elte.hu> (based on hungarian slides by László Mérai) 1 January 31, Financed from the financial support ELTE won from the Higher Education Restructuring Fund of the Hungarian Government.

2 Number theory Divisibility Divisibility If a and b are rational numbers, the division a/b can always be performed (and the result is a rational number). If a and b are integers, the division a/b can not always be performed (the quotient will not always be an integer). Definition (Divisibility) The integer a is a divisor of the integer b: a b, if there exists an integer c for which a c = b (that is b/a is an integer if a 0). Example (Divisibility) 1 13, because 1 13 = 13; 1 n, because 1 n = n; 6 12, because 6 2 = 12; 6 12, because ( 6) ( 2) = 12. The definition can be extended to Gaussian-integers: {a + bi : a, b Z}. i 13, because i ( 13i) = i 2, because (1 + i) (1 i) = 2.

3 Number theory Divisibility Properties of divisibility Properies For each a, b, c, Z 1. a a; 2. a b b c a c; 3. a b b a a = ±b; 4. a b a b aa bb ; 5. a b ac bc; 6. ac bc c 0 a b; 7. a b 1,..., a b k a c 1 b c k b k 8. a 0, since a 0 = 0; 9. 0 a a = 0; Example (Divisibility) ; ; = ±3; ; ; ; , c 1 +9c 2 for each c 1, c a 0, since a 0 = 0; 9. 0 a 0 c = a;

4 Number theory Divisibility Units The factor ±1 is irrelevant for divisibility. Definition (Unit) If an ε is a divisor of every other number, then ε is called a unit. Proposition There are two units in the set of integers: 1, 1. Proof. ±1 are clearly units. Conversely, if ε is a unit, then 1 = ε q for some integer q. Because ε 1, q 1 ε = 1, that is ε = ±1. Example (Unit) In the set of Gaussian-integers i is a unit: a + bi = i(b ai).

5 Number theory Divisibility Associated elements The integers 12 and 12 are the same from the perspective of divisibility. Definition (Associated elements) Two numbers are associated if they are each others divisors. Remark a and b are associated if and only if a b and b a. Definition (Trivial divisor) Trivial divisors of n are the numbers associated with n and the units. Other divisors are proper divisors. Example (Divisor of 6) The divisors: {±1, ±2, ±3, ±6} Trivial divisors are: {±1, ±6}

6 Number theory Primes, irreducible elements Primes, irreducible elements Definition (Irreducible) A nonzero and non-unit number is irreducible if it has only trivial divisors. Example (Irreducible elements) Integers 2, 2, 3, 3, 5, 5 are irreducible; 6 is not irreducible, because 6 = 2 3. Definition (Prime) A non-zero, non-unit p number is a prime number, if p ab (p a p b) (for any a, b). Example (Primes) 2, 2, 3, 3, 5, 5 are prime; 6 is not a prime number, because but 6 2 and 6 3.

7 Number theory Primes, irreducible elements Primes, irreducibles Theorem (Primes and irreducbles) Each prime number is irreducible. Proof. Let p be a prime number and let p = ab be a factorization. We have to prove, that a or b is a unit. Because p = ab, p ab, which means e.g. p a. Then a = pk = a(bk), i.e. bk = 1, implying that b and k are units. Remark The converse is not always true: In the set Z it is true, (see later); The set {a + bi 5 : a, b Z} it is not true.

8 Number theory Euclidean division Euclidean division Theorem (Euclidean division) For all integers a, b 0 there exist unique integers q and r for which a = bq + r 0 r < b. (1) Proof. This proof for non-negative numbers can be applied to all integers. 1. Existence: induction by a. If a < b, then a = b 0 + a (q = 0, r = a). If a b, then suppose that numbers less than a can be written as (1). Let a b = bq + r. Then a = b(q + 1) + r and let q = q + 1, r = r. 2. Uniqueness: Let a = bq + r = bq + r. Then b(q q ) = r r. This can be only if q = q and r = r.

9 Number theory Euclidean division Euclidean division Definition (mod) Let a and b be integers (b 0). Let a = b q + r (0 r < b ). Then a mod b = r. Remark: q = a/b, if b > 0, and q = a/b, if b < 0. Example (mod) 123 mod 10 = 3, 123 mod 100 = 23, 123 mod 1000 = 123; 123 mod 10 = 3, mod 10 = 7, 123 mod 100 = 77, 123 mod 1000 = 877; 123 mod 10 = 7,...

10 Number theory Euclidean division Euclidean division Example (mod) If it is 9 o clock now, what time will it be after 123 hours? Let us divide 123 by 24: 123 = = 12: noon! If it is 9 o clock now, what time will it be after 116 hours? Let us divide 116 by 24: 116 = So = 29. We have a reduction again: 29 = : it will be 5 A.M.! Which day of the week will the 10th of November be next year? Which day of the week was the 14th of September before two years? Mon= 0, Tue= 1, Wed= 2, Thu= 3, Fri= 4, Sat= 5, Sun= 6 Divide 365 by 7: 365 = Monday + 1 day = = 1 = Tuesday Divide ( ) (2012 was a leap year) by 7: 731 = 7 ( 105) + 4.

11 Number theory Euclidean division Numeral systems In the base 10 numeral system the number 123: 123 = = In the base 2 numeral system the number 123: (2) = = (10) Theorem (Representation of numbers) Let q > 1 be a fixed integer. Then each non-negative integer n can uniquely be written in the form n = k i=0 a i q i, where 0 a i < q is an integer, a k This expression is the number n written in the base q num. sys. 2. q is the base of the numeral system. 3. a 0,..., a k are the digits of n.

12 Number theory Euclidean division Numeral systems n written in the base q numeral system: n = k i=0 a i q i. Proof. The proof is by induction. 1. For n = 0 the theorem is true. 2. Suppose each integer less than n can be written uniquely in a base q numeral system. Because of the Euclidean division theorem, there exists a unique integer 0 a 0 < q, for which n = cq + a 0, that is, q n a 0. Because of the induction hypothesis we can express n a 0 q = k i=1 a i q i 1 (in a base q numeral system), and this expression is unique. Then n = k i=0 a i q i.

13 Number theory Euclidean division Numeral systems The previous proof provides a method to express the numbers: Example (Representation) Let us write in base 2 numeral system the number n = 123 (expressed in base 10). n a i i n n mod 2 2 Digits

14 Number theory Euclidean algorithm Greatest common divisor Definition (Greatest common divisor) The integer d is the greatest common divisor (or gcd) of integers a and b if: d a, d b, and if c a, c b then c d. The integer d is the gcd of integers a 1, a 2,..., a n (n N + ) if: d a 1, d a 2,... d a n, and if c a 1, c a 2,... c a n then c d. Least common multiple The least common multiple (or lcm) of numbers a and b is m if: a m, b m, and a c, b c m c. The lcm of numbers a 1, a 2,..., a n (n N + ) is m if: a 1 m, a 2 m,..., a n m and if a 1 c, a 2 c,..., a n c then m c. Notation Let (a, b) = gcd(a, b) be the non-negative greatest common divisor! Let [a, b] = lcm(a, b) be the non-negative least common multiple!

15 Number theory Euclidean algorithm Greatest common divisor Definition (Relative prime) The numbers a and b are relative prime if (a, b) = 1. The numbers a 1, a 2,..., a n are relative prime if (a 1, a 2,..., a n ) = 1 (i.e. if their greatest common divisor is one). The numbers a 1, a 2,..., a n are mutually (or pairwise) relative prime, if i j implies (a i, a j ) = 1. Remarks Attention! The greatest does not refer to the usual ordering: 3 is also the greatest common divisor of 12 and 9. The greatest common divisor is unique disregarding association.

16 Number theory Euclidean algorithm Euclidean algorithm Theorem (Euclidean algorithm) Each pair of integers has a greatest common divisor and it can be determined using the euclidean algorithm. Proof. If one of the numbers is 0, then the other one will be the gcd. Let a and b be non-zero integers. Let us do the following divisions: a = bq 1 + r 1, 0 < r 1 < b, b = r 1 q 2 + r 2, 0 < r 2 < r 1, r 1 = r 2 q 3 + r 3, 0 < r 3 < r 2,. r n 2 = r n 1 q n + r n, 0 < r n < r n 1, r n 1 = r n q n+1

17 Number theory Euclidean algorithm Proof (continued).

18 Number theory Euclidean algorithm a = bq 1 + r 1, 0 < r 1 < b, b = r 1 q 2 + r 2, 0 < r 2 < r 1, r 1 = r 2 q 3 + r 3, 0 < r 3 < r 2,. r n 2 = r n 1 q n + r n, 0 < r n < r n 1, r n 1 = r n q n+1 The algorithm terminates after a finite number of steps: b > r 1 > r 2 >.... The remainder r n is a common divisor: r n r n 1 r n r n 1 q n + r n = r n 2... r n b r n a. r n is the greatest common divisor: let c a, c b c a bq 1 = r 1 c b r 1 q 2 = r 2... c r n 2 r n 1 q n = r n.

19 Number theory Euclidean algorithm Calculating the GCD, euclidean algorithm Example (Euclidean algorithm) Let us calculate the value of (172, 62). i r i q i r i 2 = r i 1 q i + r i = = = = = The greatest common divisor: (172, 62) = 2

20 Number theory Euclidean algorithm Calculating the GCD using recursion Theorem (Theorem) Let a 0. If b = 0, then (a, b) = a. If b 0, then (a, b) = ( b, a mod b ). Proof. If b = 0, the theorem is trivial. Since (a, b) = ( a, b ), we can suppose that a, b > 0. If b 0, let us divide a by b : a = b q + (a mod b ). This is the first line of the euclidean alg. Example ((172,62)) (a, b) a mod b (172, 62) 48 (62, 48) 14 (48, 14) 6

21 Number theory Euclidean algorithm GCD, further observations Similarly, we can define the greatest common divisor of multiple numbers (HW): (a 1, a 2,..., a n ). Proposition (HW) Each collection a 1, a 2,..., a n of integers, has (there exists) a greatest common divisor (a 1, a 2,..., a n ) and (a 1, a 2,..., a n ) = ((... (a 1, a 2 ),... a n 1 ), a n ). Proposition (HW) For each a, b, c integer (ca, cb) = c(a, b) is true.

22 Number theory Euclidean algorithm Extended euclidean algorithm Theorem (Extended euclidean algorithm) For each a, b integer there exist integers x, y, so that (a, b) = x a + y b. Proof. Let q i, r i be the quotient and the remainder obtained by the euclidean algorithm. Let x 1 = 1, x 0 = 0 and for i 1 let x i = x i 2 q i x i 1. Similarly let y 1 = 0, y 0 = 1 and for i 1 let y i = y i 2 q i y i 1. Then for i 1, x i a + y i b = r i. Suppose for all j < i, x j a + y j b = r j is true. r i = r i 2 r i 1 q i, so r i = x i 2 a + y i 2 b (x i 1 a + y i 1 b)q i after rearranging, r i = x i a + y i b. Ergo x n a + y n b = r n = (a, b).

23 Number theory Euclidean algorithm Extended euclidean algorithm Algorithm: r i 2 = r i 1, q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1 y 1 = 0, y 0 = 1, y i = y i 2 q i y i 1 Extended euclidean algorithm Let us calculate (172, 62) and solve the 172x + 62y = (172, 62) equation! i r n q n x i y i r i = 172x i + 62y i = = = ( 2) = 172 ( 1) = ( 11) = 172 ( 9)

24 Number theory Elementary number theory Irreducibles, primes (reminder) t is irreducible: if it has only trivial divisors of the form ε, t, ε t (where ε is a unit). p is prime: if p ab p a or p b. p is prime p is irreducible. On the set of integers the converse is also true. Theorem (Irreducible integers are prime) Every irreducible number is also a prime number. Proof. Let p be an irreducible number, and let p ab. Assume p b. Then p and b are relative prime. Using the extended euclidean algorithm we can obtain x, y integers, so that px + by = 1. Therefore pax + aby = a. Since p divides the left hand side, it also divides the right hand side: p a.

25 Number theory Elementary number theory The fundamental theorem of number theory Theorem (Fundamental theorem of number theory) Every non-zero, non-unit number can uniquely be written as a product of primes ignoring associated elements and order. Proof. The proof is only for non negative integers, but it can be generalized. Existence: Induction: for n = 2, n = 3 it is true (primes). Generally if n is prime, then we are finished, if not, it can be divided into a product in a non-trivial way. The factors are can be factorized base on the induction hypothesis. Uniqueness: Induction: for n = 2, n = 3 it is true (primes). Assume n = p 1 p 2 p k = q 1 q 2 q l, where p 1, p 2, p k, q 1, q 2,..., q l are primes. p 1 divides the left hand side it divides the right hand side, suppose p 1 = q 1. After

26 Number theory Elementary number theory Fundamental theorem of number theory Definition (Canonical form) The canonical form of a non-zero integer n is: n = ±p α 1 1 pα 2 2 pα l l = ± where p 1, p 2,..., p l are positive primes, α 1, α 2,..., α l positive integers. Corollary (HW) Let n, m > 1 positive integers: n = p α 1 1 pα 2 2 pα l m = p β 1 1 pβ 2 2 pβ l l, (where α i, β i 0 non-negative integers!). Then l i=1 p α i i (a, b) = p min{α 1,β 1 } 1 p min{α 2,β 2 } 2 p min{α l,β l } l, max{α 1,β 1 } max{α 2,β 2 } max{α l,β l } l,

27 Number theory Elementary number theory Number of divisors Definition (The τ function) τ(n) is the number of (positive) divisors for an integer n > 1. Calculating τ(n) Let n > 1 be an integer, n = p α 1 1 pα 2 2 pα l l its canonical form. Then τ(n) = (α 1 + 1) (α 2 + 1) (α l + 1). Proof. The possible divisors of n can be obtained by iterating all the β i exponents in the expression d = p β 1 1 pβ 2 2 pβ l l over the set {0, 1,..., α i }. There are α i + 1 choices for each exponent. Example (τ(n)) τ(6) = 4: divisors: 1, 2, 3, 6;τ(96) = 12: divisors: 1, 2, 3, 4, 6,... τ(2 3) = (1 + 1) (1 + 1); τ(2 5 3) = (5 + 1) (1 + 1).

28 Number theory Elementary number theory About primes Theorem (Euclid s theorem) There are infinitely many primes. Proof. Indirect. Assume there are finite many primes. Let them be p 1,..., p k. Consider the integer n = p 1 p k + 1. This is not divisible by either prime p 1,..., p k, so the factorization of n has to contain an additional prime. Theorem (Dirichlet s theorem) If a, d are integers, d > 0, (a, d) = 1, then there are infinitely many primes of the form ak + d.

29 Number theory Elementary number theory About primes Theorem (Prime number theorem) The number of primes x is x ln x x Number of primes x/ ln x , , , , 73 Sieve of Eratosthenes How to find all the primes up to the integer n. Start with all the integers from 2 to n. 2 is prime. The (non-trivial) multiples of 2 are not prime, so they are eliminated. The next number is 3 which is also a prime. The (non-trivial) multiples of 3 are not prime, so

30 For questions about divisibility, often only the remainder from the euclidean division is important: days of the week; number of hours,... Example (Equal remainders) 16 mod 3 = 1, 4 mod 3 = 1: for division by 3 we have 16 = 4. Definition (Congruence) Let a, b, m be integers. If m a b, then we say a is congruent to b with modulus m (or a and b are congruent modulo m) written as a b (mod m). If a and b are not congruent (with some modulus m) then they are incongruent.

31 Equivalent formulation Alternative notation The following all mean m a b a b (mod m), a b mod m, a b (m). Equivalent formulation: a b (mod m) a mod m = b mod m, that is we get the same remainder when dividing by m. Example () 16 4 (mod 3) since mod 3 = 1 = 4 mod 3; 16 4 (mod 2) since mod 2 = 0 = 4 mod 2; 16 4 (mod 5) since mod 5 = 1 4 = 4 mod 5.

32 Properties of congruence Theorem (Properties of congruence) 1. a a (mod m) (reflexivity); 2. a b (mod m) b a (mod m) (symmetry); 3. a b (mod m) b c (mod m) a c (mod m) (transitivity); Ergo, the congruence modulo m is an equivalence relation. Proof. 1. m 0 = a a; 2. m a b m b a = (a b); 3. m a b m b c m a c = (a b) + (b c);

33 Properties of congruence Theorem (Properties of congruence) 1. a b (mod m) m m a b (mod m ); 2. a b (mod m) c d (mod m) a + c b + d (mod m); 3. a b (mod m) c d (mod m) ac bd (mod m). Proof. 1. m m a b m a b; 2. m a b m c d m (a+c) (b+d) = (a b)+(c d); 3. a = q 1 m + b c = q 2 m + d ac = (q 1 m + b)(q 2 m + d) = m(q 1 q 2 m + q 1 d + q 2 b) + bd.

34 Properties of congruence Example (Properties of congruences) What is 345 mod 7 =? 345 = = = 9 2 (mod 7). Reminder: a b (mod m), c d (mod m) ac bd (mod m) Corollary If a b (mod m) then ac bc (mod m). Example (Properties of congruence) 14 6 (mod 8) then (mod 8) The converse is not true! (mod 8) but 7 3 (mod 8).

35 Divisibility and relative primes Theorem (Statement) a, b, c Z : (a bc (a, b) = 1 = a c) Proof. Using the extended Euclidean algorithm to obtain x and y, such that ax + by = 1, so c = xac + ybc = (xc)a + y(bc). Using the statement about the divisibility of linear combinations we have a c.

36 The converse is not true Theorem (Division) Let a, b, c, m be integers. Then ac bc (mod m) a b (mod m (c,m) ) Corollary ac bc (mod m), (c, m) = 1 a b (mod m). Example (Division) (mod 8) 7 3 (mod 8 2 ). Proof. Let d = (c, m). Then m c(a b) m d c ( m d (a b). Since d, c d we have m d (a b) a b (mod m d ). ) = 1,

37 Linear congruences Linear congruences Let us solve the congruence 2x 5 (mod 7). If x is a solution of x y (mod 7), then y is also a solution. Let us find the solution in the set {0, 1,..., 6}. x = 0 2x = 0 5 (mod 7); x = 1 2x = 2 5 (mod 7); x = 2 2x = 4 5 (mod 7); x = 3 2x = 6 5 (mod 7); x = 4 2x = (mod 7); x = 5 2x = (mod 7); x = 6 2x = 12 5 (mod 7). The solution of the congruence: {6 + 7k : k Z}. Is there a better method? Let us solve the congruence 23x 4 (mod 211). Do we need 211 tries?

38 Linear congruences Linear congruences Theorem (Solution of linear congruences) Let a, b, m be integers with m > 1. Then if there is a solution for ax b (mod m) (a, m) b. If this is the case, the number of incongruent solutions modulo m equals (a, m). Proof. ax b (mod m) ax + my = b for some y integer. (a, m) a and (a, m) m (a, m) ax + my = b. If d = (a, m) b let a = a/d, b = b/d, m = m/d: a x + m y = b Since (a, m ) = 1 using the extended euclidean algorithm we can calculate x 0, y 0, so a x 0 + m y 0 = 1 a (b x 0 ) + m (b y 0 ) = b, that is x 1 = b x 0, y 1 = b y 0 will be the solutions. Number of solutions: let (x, y) be a (pair of) solutions. Subtracting the equations equations a x + m y = b and

39 Linear congruences Linear 1. ax b (mod m) ax + my = b. 2. Let us solve the ax + my = (a, m) equation (ext. euc. alg.). 3. If (a, m) b a solution exists. 4. The solution: x i = b (a,m) x + k m (a,m): k = 0, 1,..., (a, m) 1. Example (Solving congruences) i r n q n x i Example (23x 4 (211)) r i 2 = r i 1 q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1 GCD: (23, 211) = 1 4 One solution: x = 4( 55) 202 (mod 211). All solutions: { k : k Z}. These are solutions:

40 Linear congruences Linear congruences Example (Solving congruences) Solve the 10x 8 (mod 22) congruence! i r n q n x i The algorithm: r i 2 = r i 1 q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1, y 1 = 0, y 0 = 1, y i = y i 2 q i y i 1 GCD: (10, 22) = 2 8 A pair of solutions: x 1 = 4( 2) 14 (mod 22), x 2 = 4( 2) (mod 22). All solutions: { k : k Z} {3 + 22k : k Z}.

41 Linear congruences Linear Diophantine equations Linear Diophantine equations Definition: equations with integer solutions. Linear Diophantine equations: ax + by = c, where a, b, c Z. This is equivalent with the ax c (mod b), or by c (mod a) congruence. ax + by = c can be solved if and only if (a, b) c, and then the solutions can be obtained using the extended euclidean algorithm. Other Diophantine equations x 2 + y 2 = 4: Doesn t have (real) solutions. x 2 4y 2 = 3: doesn t have integer solutions, because the remainders (mod 4) is: x 2 3 (mod 4). But this can not be, because the Squares (mod 4) x x 2 mod 4 4k 0 4k k k + 3 1

42 Simultaneous congruences Simultaneous congruences We want to find an integer x, which simultaneously satisfies the following congruences: 2x 1 (mod 3) 4x 3 (mod 5) The solution for the congruences separately: x 2 (mod 3) x 2 (mod 5) We can see x = 2 will be a solution! 2, 17, 32,...,2 + 15k; Other solutions? How do we solve the general case: x 2 (mod 3) x 3 (mod 5)

43 Simultaneous congruences Simultaneous congruences Problem: Solve the following system of congruences: a 1 x b 1 (mod m 1 ) a 2 x b 2 (mod m 2 ). a n x b n (mod m n ) The congruences a i x b i (mod m i ) can be solved separately: x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n )

44 Simultaneous congruences Simultaneous congruences Problem: Solve the following system of congruences: x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n ) We can assume that m 1, m 2..., m n are relative prime. If e.g. m 1 = m 1 d, m 2 = m 2 d, the first two congruences can be substituted with the following (Proof later) x c 1 (mod m 1) x c 1 (mod d) x c 2 (mod m 2) x c 2 (mod d)

45 Simultaneous congruences Chinese remainder theorem Theorem (Chinese remainder theorem) Let 1 < m 1, m 2..., m n be relative prime numbers, c 1, c 2,..., c n integers. Then the x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n ) system of congruences can be solves, and the solutions are congruent to each other modulo m 1 m 2 m n.

46 Simultaneous congruences Chinese remainder theorem x c 1 (mod m 1 ), x c 2 (mod m 2 ),..., x c n (mod m n ). x =? Proof. Let m = m 1 m 2. Using the extended euclidean algorithm solve the m 1 x 1 + m 2 x 2 = 1 equation. Let c 1,2 = m 1 x 1 c 2 + m 2 x 2 c 1. Then c 1,2 c j (mod m j ) (j = 1, 2). If x c 1,2 (mod m), then x is the solution of the first two congruences. Converse: if x is a solution of the first two congruences, then m 1 and m 2 are divisors of x c 1,2, therefore their product is also a divisor: x c 1,2 (mod m). This gives us an equivalent system of congruences to the original: x c 1,2 (mod m 1 m 2 ) x c 3 (mod m 3 ). x c n (mod m n )

47 Simultaneous congruences Simultaneous congruences Example (Simultaneous congruences) Solve the following system of congruences: x 2 (mod 3) x 3 (mod 5) Let us solve the 3x 1 + 5x 2 = 1 equation. The solution: x 1 = 3, x 2 = 2 c 1,2 = 3 ( 3) = = 7. All the solutions: { k : k Z} = {8 + 15k : k Z}.

48 Simultaneous congruences Simultaneous congruences Example (Example) x 2 (mod 3) { c 1,2 =8 x 8 (mod 15) x 3 (mod 5) = x 4 (mod 7) x 4 (mod 7) Example (Example) Let us solve the 15x 1,2 + 7x 3 = 1 equation. Solutions: x 1,2 = 1, x 3 = 2. c 1,2,3 = ( 2) 8 = = 52. All the solutions: { l : l Z} = { l : l Z}.

49 Residue classes Residue classes Often, the solution is not just one integer (family of integers), but an entire set (set of families): 2x 5 (mod 7), sol.: {6 + 7k : k Z} 10x 8 (mod 22), sol.: { k : k Z}, {3 + 22k : k Z}. Definition (Residue classes) For a fixed modulus m and integer a, the integers congruent to a constitute the residue (or congruence) class represented by a: a = {x Z : x a (mod m)} = {a + km : k Z}. The set of all residue classes is denoted by Z m = {a : 0 a < m}. Example (Residue class) The solution of 2x 5 (mod 7): 6 The solution of 10x 8 (mod 22): 14, 3. With modulus m = 7, 2 = 23 = {..., 5, 2, 9, 16, 23, 30,... }

50 Residue classes Complete residue system Definition (Complete residue system) For a fixed modulus m, the complete residue system modulo m is a set containing exactly one element from each congruence class modulo m. Example (CRS) {33, 5, 11, 11, 8} is a complete residue system modulo 5. A popular choices for complete residue systems: Least non-negative residue system modulo m: {0, 1,..., m 1}; Least absolute value residue system modulo m: { } 0, ±1,..., ± m 1 { 2, if 2 m; 0, ±1,..., ± m 2 2, } m 2, if 2 m.

51 Residue classes Reduced residue system Remark If one element of a congruence class is relative prime to the modulus, then all the elements are too:: (a + lm, m) = (a, m) = 1. Definition (Reduced residue system) For a fixed modulus m, the reduced residue system modulo m is a set containing exactly one element from all the congruence classes with elements relative prime to m. For a fixed modulus m, if (a, m) = 1, then the residue class a represented by a is a reduced residue class. The set of reduced residue classes is denoted by Z m = {a : 1 a < m, (a, m) = 1}. Example (RRS) {1, 2, 3, 4} is a reduced residue system modulo 5. {1, 1} is a reduced residue system modulo 3. {1, 19, 29, 7} is a reduced residue system modulo 8.

52 Residue classes Operations on residue classes Operations between residue classes can be defined in a natural way: Definition (Addition and multiplication) For a fixed modulus m, and a, b integers let: a + b def = a + b; a b def = a b Proposition This definition is meaningful, because if a = a, b = b, then a + b = a + b, and a b = a b Proof. Since a = a, b = b a a (mod m), b b (mod m) a + b a + b (mod m) a + b = a + b a + b = a + b. Similar proof applies to the multiplication.

53 Residue classes Residue classes Operations between residue classes can be defined in a natural way: a + b = a + b; a b = a b. Definition (Operations) For a fixed modulus m, let Z m be the set of residue classes modulo m. Then addition and multiplication can be defined on this set. Example (Z 3, +) Example (Z 3, )

54 Residue classes Example Example (Z 4, +) Example (Z 4, )

55 Residue classes Residue classes Theorem (Multiplicative group) Let m > 1 be an integer. If 1 < (a, m) < m, then a is a zero divisor in Z m : for a there exists a b 0, so a b = 0 If (a, m) = 1, then a has a reciprocal (multiplicative inverse) in Z m : for a there exists a x, so a x = 1. Ergo, if m is prime, division by any non-zero prime is possible. Example (Zero divisors and multiplicative inverse) Let m = = 18 = 0. (2, 9) = 1, so 2 5 = 10 = 1. Proof. Let d = (a, m). Then a m d = a d m 0 (mod m), which if b = m/d then a b = 0. If (a, m) = 1, then using the ext.euc.alg. we can obtain x, y

56 Remark: ϕ(m) is the number of reduced congruence classes modulo m. Discrete mathematics I - Number theory Euler-Fermat theorem and the totient function Euler s totient ϕ function Definition (Totient function) For a m > 0 integer, let ϕ(m) be the number of positive integers less then and relative prime to m: ϕ(m) = {i : 0 < i < m, (m, i) = 1}. Example (Totient function) ϕ(5) = 4: integers relative prime to 5: 1, 2, 3, 4; ϕ(6) = 2: integers relative prime to 6: 1, 5; ϕ(12) = 4: integers relative prime to 12: 1, 5, 7, 11. ϕ(15) = 8: integers relative prime to 15: 1, 2, 4, 7, 8, 11, 13, 14.

57 Euler-Fermat theorem and the totient function Euler function ϕ(m) = {i : 0 < i < m, (m, i) = 1} Theorem (Calculating the ϕ(n)) Let the factorization of m be m = p e 1 1 pe 2 2 pe l l. Then l ϕ(m) = m (1 1 ) l = pi i=1 i=1 ( p e i i ) p e i 1 i = l i=1 p e i 1 i (p i 1) Example (Calculating the ϕ(n)) ( ) ϕ(5) = = 4; ( ) ( ) ϕ(6) = = 2; ( ) ( ) ϕ(12) = = 4; ( ) ( )

58 Euler-Fermat theorem and the totient function Euler-Fermat theorem Theorem (Euler-Fermat) Let m > 1 be an integer, a an integer for which (a, m) = 1. Then a ϕ(m) 1 (mod m). Theorem (Fermat) Let p be a prime, p a. Then a p 1 1 (mod p), or if is an arbitrary integer a then a p a (mod p). (A direct consequence of the E-F thm) Example (Euler Fermat theorem) ϕ(6) = = 25 1 (mod 6); ϕ(12) = = (mod 12); 7 4 = (mod 12). Caution! 2 4 = (mod 12), because (2, 12) = 2 1.

59 Euler-Fermat theorem and the totient function The proof of Euler-Fermat theorem Lemma Let m > 1 be an integer, a 1, a 2..., a m a complete residue system modulo m. Then for each integer a, b, if (a, m) = 1, then a a 1 + b, a a 2 + b..., a a m + b is also a complete residue system. Further, if a 1, a 2,..., a ϕ(m) is a reduced residue system modulo m, then a a 1, a a 2..., a a ϕ(m) is also a reduced residue system. Proof. If i j then aa i + b aa j + b (mod m) aa i aa j (mod m). Since (a, m) = 1, we divide by a: a i a j (mod m). So a a 1 + b, a a 2 + b..., a a m + b are pairwise incongruent. Since we have m different numbers, it is a complete residue system. If (a i, m) = 1, then (a, m) = 1 (a a i, m) = 1. Further a a 1, a a 2..., a a ϕ(m) are pairwise incongruent, their number is ϕ(m) reduced residue system.

60 Euler-Fermat theorem and the totient function The proof of Euler-Fermat theorem Theorem (Euler-Fermat) (a, m) = 1 a ϕ(m) 1 (mod m). Proof Let a 1, a 2,..., a ϕ(m) be a reduced residue system modulo m. Since (a, m) = 1 a a 1, a a 2..., a a ϕ(m) is also a reduced residue system. Therefore ϕ(m) a ϕ(m) j=1 a j = ϕ(m) j=1 a a j ϕ(m) j=1 a j (mod m) Because ϕ(m) j=1 a j is relative prime to m, we can simplify: a ϕ(m) 1 (mod m)

61 Euler-Fermat theorem and the totient function Euler-Fermat theorem Theorem (Euler-Fermat) (a, m) = 1 a ϕ(m) 1 (m) Example (E-F theorem) What is the last digit of in the decimal number system? What is mod 10? ϕ(10) = = = ( 3 4) = 27 7 (10) Solve the 2x 5 (mod 7) congruence! ϕ(7) = 6. Multiply both sides by 2 5. Then x x (mod 7). And now = = 20 6 (mod 7). Solve the 23x 4 (mod 211) congruence! ϕ(211) = 210. Multiply both sides by Then x x (mod 211). And now

62 Euler-Fermat theorem and the totient function Exponentiation by squaring (fast exponentiation) Let m, a, n be positive integers, m > 1. We would like to calculate efficiently the remainder a n mod m. Write n in the base 2 (binary) numeral system: k n = ε i 2 i = (ε k ε k 1... ε 1 ε 0 ) (2) where ε 0, ε 1,..., ε k {0, 1} i=0 Let n j (0 j k) be the number defined by the first j + 1 digits: n j = n/2 k j = (ε k ε k 1... ε k j+1 ) (2) Then for each j the remainder x j a n j (mod m): n 0 = ε 0 = 1, x 0 = a. n j = 2 n j 1 + ε j { x j = a ε j x xj mod m = j 1 mod m, if ε j = 0 a ε j xj 1 2 mod m, if ε j = 0 x k = a n mod m. The correctness follows from the following formula (Proof HW): n k ( 2 i ) εi k i

63 Euler-Fermat theorem and the totient function Fast exponentiation Example (Fast exponentiation) How much is mod 10? (Euler-Fermat 7) 111 (10) = (2) here k = 6, a = 3. j n j x j = a ε j xj 1 2 x j mod x 1 = x 2 = x 3 = x 4 = x 5 = x 6 =

64 209 Discrete mathematics I - Number theory Euler-Fermat theorem and the totient function Fast exponentiation Example (Lin.cong. with fast exponentiation) Let us solve the congruence 23x 4 (mod 211). Euler-Fermat x (mod 211). How much is mod 211? 209 (10) = (2) itt k = 7, a = 23. j n j x j = a ε j xj 1 2 x j mod x 1 = x 2 = x 3 = x 4 = x 5 = x 6 = x 6 =

65 The multiplicative group Generators Theorem (Generating the multiplicative group) Let p be a prime. Then in Z p there exists a generator (primitive root), i.e. there is an integer 1 < g < p, which yields every reduced congruence class when raised to different powers of integer: {g 0 = 1, g, g 2,..., g p 1 } = Z p, i.e. {1 = g 0, g mod p, g 2 mod p,..., g p 1 mod p} = {1, 2,..., p 1}. Example (3 is a generator modulo 7) 3 1 = 3 = = 3 3 mod = 9 = = 9 2 mod = 27 = = 6 6 mod = 81 = = 18 4 mod = 243 = = 12 5 mod = 729 = = 15 1 mod 7

66 The multiplicative group Generator Example (2 mod 11 and mod 7) 2 is a generator modulo 11 n n mod is not a generator modulo 7 n n mod

67 Discrete logarithm Discrete logarithm Definition (Discrete logarithm) Let p be a prime, g a generator modulo p. Then the a Z: (p a) g base discrete logarithm (or index) of a is: log g a = n : a g n mod p, 0 n < p 1. Example (3 is a gen. mod 7) n n n n Example (Discrete logarithm) a log 3 a a log 3 a

68 Discrete logarithm Discrete logarithm Example (a) 2 is a generator modulo 11 n n mod Table of logarithms: a log 2 a Theorem (Properties of the discrete logarithm) Let p be a prime, g a generator p, 1 a, b < p, n Z. Then log g (a b) log g a + log g b (mod p 1) n

69 Applications Applications Field of applications of number theory: Cryptography encryption of messages; digital signatures; authentication and authorization, Code theory

70 Applications Caesar cipher (code) Julius Caesar communicated with his soldiers using the following cipher: Let us match the letters of the (English) alphabet with the set {0, 1,..., 25} : a 0 b 1 c 2. z 25 Example (Caesar - Rot13) Encryption key s {0, 1,..., 25}. Encryption For a {0, 1,..., 25} encrypt a using the a a + s mod 26 map. The encryption is letter-wise. Decryption For b {0, 1,..., 25} decrypt b using the b a s mod 26 map. Decryption is letter-wise. Encryption of hello using s = 13 as the key: hello encryption uryyb

71 Applications Caesar cipher (code) For the key s = 13 we have: Rot13. Encryption and decryption is done with the same key: (mod 26). This cipher is not secure: it can be cracked by analyzing the frequency of occurrence of letters (al-kindi 9 century a.d. ) If we use a different (random) keys at different positions in the message security is mathematically proven. In practice: One Time Pad OTP Message: binary form: m = Key: binary sequence: s = Encryption: bitwise XOR (mod2 addition): m = XOR s = c =

72 RSA Applications Ron Rivest, Adi Shamir and Leonard Adleman suggested the following method in 1977: RSA encryption Generating the keys: Let p, q be two (big, ~1024 bit) primes, n = p q. Let e {1,..., ϕ(n)}, so that (e, ϕ(n)) = 1. Let d be the solution of the congruence ex 1 (mod ϕ(n)). Keys: public key (n, e) and private (secret) key d. Encryption of the message 0 m < n: c = m e mod n. Decryption for an encrypted message 0 c < n: m = c d mod n. Correctness of the algorithm E-F

73 RSA Applications Actually m just a key for another encryption. The procedure is secure, because we can not efficiently factorize the n = p q product. Problem Find the divisors of the following numbers. RSA-100 = RSA-2048 =

74 Applications RSA Factorization of RSA-2048: Trial-division (the sieve of Eratosthenes): for a number n about n divisions are needed: RSA , divisions. For divisions per second /2 30 = seconds are needed to factorise seconds years. The same with 2 computers: years. The same with the best (known) algorithm: years (= 2, ) The age of the universe: 1, years.

75 e and d change rolls (Separate keys are needed for encryption): Discrete mathematics I - Number theory RSA Applications Example (RSA) Generating the keys: Let p = 61, q = 53 and n = = 3233, ϕ(3233) = Let e = 17. Using the extended euclidean algorithm: d = 2753 Public key: (n = 3233, e = 17); Private (secret) key: d = Encryption: Let m = 65. c = (mod 3233) Decryption: If c = 2790: (mod 3233) Digital signature

76 Applications Diffie-Hellman key exchange protocol The first public key cryptography system was developed by Whitfield Diffie and Martin Hellman, and published in Alice Bob chooses: a R {0, 1,..., p 2} chooses: b R {0, 1,..., p 2} g a g b calculates: (g b) a calculates: (g a ) b common key: g ab common key: g ab Public parameters: p (large) prime, g generator modp. Keys: Alice s private key a: 1 a < p 1, public key g a mod p Bob s private key b: 1 a < p 1, public key g b mod p

77 Applications Diffie-Hellman key exchange protocol The protocol is secure, because calculating the discrete logarithm is hard. If p (2048 bits), calculating the discrete logarithm takes years. Example (Diffie-Hellman) Public parameters: Let p = 11, g = 2. Keys: Alice s private key a = 4, public key 2 4 mod p = 5 Bob private key b = 8, public key 2 8 mod p = 3 ( Common key: g b) a = 3 4 mod p = 4, (g a ) b = 5 8 mod = 4.