Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Size: px
Start display at page:

Transcription

1 Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures It was already known to Eudoxus (375 BC), and it is described in the Euclid s Elements (300 BC) It is of fundamental importance and occurs in many computational tasks We write a b for integers a, b, if a is a divisor of b, ie, if there exists a k Z with b = k a Definition 11 For two nonnegative integers a, b let gcd(a, b) = max{f : f a and f b} By convention, gcd(0, 0) = 0 If gcd(a 1,, a n ) = 1 then a 1,, a n are called relatively prime or coprime Measure of complexity: log n for an input n (bit-length of n) Euclid s algorithm: Euclid s algorithm provides an efficient (polynomial time) computation of the gcd It is based on a fundamental property of integers: divison with remainder: For integers a, b 0 there exist m, r Z with Euclid s algorithm: a = mb + r and 0 r < b Input: a, b N Output: r j 1 = gcd(a, b) Method: Set r 1 = a, r 0 = b Compute by division with remainder successively r 1,, r j 1 with b > r 1 > > r j 1 > r j = 0, until no remainder occurs Ie, r i+1 is the remainder in the division of r i 1 by r i : with m 1,, m j Z r 1 = m 1 r 0 + r 1, r 0 = m 2 r 1 + r 2, r i 1 = m i+1 r i + r i+1, r j 3 = m j 1 r j 2 + r j 1, r j 2 = m j r j 1, Termination: Since the remainders r i are falling monotonically, the algorithm terminates after finitely many steps 1

2 2 Correctness: r j 1 divides successively r j 2, r j 3,, r 0 = b and r 1 = a (just consider successively the equations r i 1 = m i+1 r i +r i+1 ) If, conversely, z divides both a and b, then z successively also divides r 1,, r j 1 (this results from the equations r i+1 = r i 1 m i+1 r i ) Example For a = 9876, b = 3456 we obtain Ie gcd(9876, 3456) = = , 3456 = , 2964 = , 492 = (+ 0) By substituting r j 1, r j,, r 0 into the expression for r j we also obtain a linear combination of the gcd in terms of the inputs a and b (In the example this yields gcd(9876, 3456) = 12 = ) Theorem 12 For all integers a, b > 0 there exist integers x and y such that gcd(a, b) = ax + by Moreover, the gcd and x and y can be computed in polynomial time Proof The worst-case running time of the algorithm can be bounded by considering a and b for which the maximal numbers of divisions occur Wlog assume a > b > 0 (In case b > a, a and b are swapped in the first step) The smallest pair (a, b) (in the sense (a 1, b 1 ) < (a 2, b 2 ) (b 1 < b 2 or (b 1 = b 2 and a 1 < a 2 ))), for which j divisions are required, is obtained by choosing r j 1 and the m i as small as possible: m 1 = = m j 1 = 1, m j = 2 and r j 1 = 1 (m j = 1 is excluded, since r j = 0 would then imply r j 1 = r j 2 ) The equations r j 1 = 1, r j 2 = 2, r i 1 = r i + r i+1 for i = j 2,, 0 then determine r 1 = a and r 0 = b uniquely This yields a connection to the Fibonacci sequence 0, 1, 1, 2, 3, 5, 8, 13 : For inputs a > b > 0, Euclid s algorithm requires at most c ln(b 5) divisions, with c = (ln ) 1 208

3 2 Z m: INTEGERS MODULO m 3 2 Z m : Integers modulo m When computing with integers it is often advantageous not to operate with the numbers themselves, but instead with the remainders which occur in the division by a fixed modulus m 2 Recall the ring Z m of integers modulo m Definition 21 Let m N and a, b Z a and b are congruent modulo m if m (b a), ie, if a mod m = b mod m Notation: a b (mod m) Let Z m = {0, 1,, m 1} In Z m we can define the addition and multiplication modulo m (Z m, +) forms a group under addition modulo m Let Z m = {x Z m : gcd(x, m) = 1} Then Z m forms a group under multiplication modulo m (Notice that 0 Z m) Q: How to compute the (multiplicative) inverse of an element a Z m in polynomial time? As an application of efficiently computing the inverse we present the following constructive version of the Chinese Remainder Theorem, which allows to decompose computational problems into smaller problems In order to achieve this, an integer a is replaced by a tuple (a 1,, a k ) of integers, which is obtained by considering a modulo k given, pairwise relatively prime moduli m 1,, m k Since computations on a carry over in a canonical way to the a i, we can work with the remainders modulo m i This strategy requires that at the end of a computation one can reconstruct the number back from the remainders An answer to this question of reconstructability is given by the Chinese Remainder Theorem, which in a special case was already known to to Sun Tsu 300 AD Theorem 22 Let m 1,, m k N pairwise relatively prime and m := m 1 m k For any sequence of residues a 1 Z m1,, a k Z mk, there exists a unique x Z m such that x a 1 (mod m 1 ), x a 2 (mod m 2 ),, x a k (mod m k ), Moreover, a can be computed in polynomial time Proof Existence and algorithm: Let e i, 1 i k, be solutions of the system of equations for the special case a i = 1, a j = 0 for j i ( basis solutions ) Set m i := j i m j = m m i Since the moduli m 1,, m k are pairwise coprime, we have gcd(m i, m i) = 1 Hence, there exists an inverse element t i of m i modulo m i, and it can be computed in polynomial time We set e i := m i t i

4 4 Then, by definition of m i, as desired { 1 (mod m i ), e i 0 (mod m j ) for j i The basis solutions can be put together to a solution x = k a i e i i=1 of the original system Uniqueness: Uniqueness of the choice of r follows from a simple counting argument The number of distinct choices of each r i is m i, and so there are exactly m distinct sequences (r i ) By the existence proof each such sequence has at least one associated r Z m, which defines an injective mapping from Z m1 Z mk Z m However, since the cardinalities of the two sets are equal, the mapping must be bijective Example We ask for a solution to the system x 2 (mod 3), x 3 (mod 5), x 4 (mod 7) We have m 1 = 5 7 = 35, m 2 = 3 7 = 21, m 3 = 3 5 = 15 From 1 = gcd(3, 35) = , 1 = gcd(5, 21) = , 1 = gcd(7, 15) = we obtain the basis solutions e 1 = 35, e 2 = 21, e 3 = 15 Consequently, is the solution to the congruence 2 ( 35) = 53 3 Euler s totient function and Fermat s Little Theorem Computing in Z n is of fundamental importance for algorithm design and in modern cryptography (which is essentially based on prime number concepts) Definition 31 Euler s totient function ϕ(n) is defined to be the number of elements of Z n that are coprime to n, ie, ϕ(n) = Z n Example ϕ(6) = 2, ϕ(8) = 4, ϕ(12) = {1, 5, 7, 11} = 4 If the prime factorization of a number n is known, then ϕ(n) can be computed in polynomial time

5 3 EULER S TOTIENT FUNCTION AND FERMAT S LITTLE THEOREM 5 Theorem 32 Let n have the prime factorization p e 1 1 p e 2 2 p er r primes p i and exponents e i > 0 Then ϕ(n) = r i=1 p e i 1 i (p i 1) Proof The proof follows from the following three statements i) For prime p we have ϕ(p) = p 1 with pairwise distinct ii) For prime p and e > 0, ϕ(p e ) = p e 1 (p 1) This follows from the observation that among all numbers in Z n exactly the numbers 0, p, 2p,, (p e 1 1)p do not belong to Z pe, ie, ( ϕ(p e ) = p e p e 1 = p e 1 1 ) p iii) For m and n with gcd(m, n) = 1, ϕ(mn) = ϕ(m)ϕ(n) By the Chinesische Remainder Theorem, the mapping Z m n Z m Z n, a mod (m n) (a mod m, a mod n) is bijective Since gcd(a, mn) = 1 if and only if gcd(a, m) = 1 and gcd(a, n) = 1, the induced mapping is bijective as well Z m Z m Z n, a mod (m n) (a mod m, a mod n) If the prime factorization is not known, then computing ϕ(n) is essentially as hard as factoring Euler s totient function is used, eg, in the RSA coding scheme The following Theorem of Euler is of fundamental importance As usual, we write a n := a } {{ a} n times Theorem 33 (Euler s Theorem) For all n N and a Z n we have a ϕ(n) 1 (mod n) Proof Let Z n =: {a 1,, a ϕ(n) } Further let a Z n arbitrary Bijectivity of the left translation L a : Z n Z n, x ax implies that then {aa 1,, aa ϕ(n) } = Z n as well Multiplication of all elements in the two sets yields a 1 a ϕ(n) in Z n and after cancelling down a ϕ(n) = 1 = aa 1 aa ϕ(n) Corollary 34 (Fermat s Little Theorem) For prime p and x Z p, a p a (mod p)

7 5 PRIMALITY TESTING 7 Corollary 44 For prime p and a Z p it can be decided in polynomial time whether a is a quadratic residue modulo p 5 Primality testing Motivation: eg, generation of large primes for cryptography Primality testing is a fascinating and rich topic, and in 2002 Agrawal, Manindran, and Saxena have succeeded to show that this problem can be decided in polynomial time, see eg, the survey article F Bornemann, Primes is in P: A breakthrough for everyman, Notices of the AMS 05/2003, Many primality tests (also the AKS algorithm) are essentially based on ideas of Fermat s Little Theorem This theorem tells us: Let N N If an a N, 0 < a < N with a N 1 1 (mod N) exists, then N is not prime Definition 51 Let N be a composite number N is called pseudoprime wrt the basis a if N satisfies the property a N 1 1 (mod N) N is called Carmichael number if N is pseudoprime for all a Z N The numbers a Z N which satisfy the Fermat identity constitute a subgroup of Z N The order of this subgroup is either ϕ(n) or (in case of a proper subgroup) at most ϕ(n)/2 Thus: Theorem 52 (r-fold Fermat test) Let N N such that there exists an a Z N with a N 1 1 (mod N) Then for randomly chosen, independent a 1,, a r Z N, Prob ( a N 1 i 1 (mod N) for 1 i r ) 2 r The r-fold Fermat test can recognize the compositeness of a non-carmichael number with probability 1 2 r It cannot recognize the compositeness of a Carmichael number For many practical purposes, the Fermat test is sufficient, since Carmichael numbers occur very seldomly In fact, until the early 90 s it was even unknown if there are infinitely many Carmichael numbers at all The following randomized algorithm (Miller-Rabin test) extends the Fermat test to Carmichael numbers Let N be odd and consider a N 1 for a random a Z N \ {0} If this is not 1, then we have proved that N is composite Otherwise, we keep replacing this (even) power of a by its precomputed square root until the result is something other than ±1 or until we have reduced it to an odd power of a If we reach a square root of 1 other than ±1 then N is composite (because for a prime number N any quadratic residue has exactly two square roots) Otherwise the algorithm claims that N is prime, and this is the only place where it can make an error

8 8 Primality test of Miller-Rabin: Input: Odd number N Output: Prime or Composite (1) Compute r and R such that N 1 = 2 r R, and R is odd (2) Choose a uniformly at random from Z N \ {0} (3) For i = 0 to r compute b i = a 2iR (4) If a N 1 = b r 1 (mod N) then return Composite (5) If a R = b 0 1 (mod N) then return Prime (6) Let j = max{i : b i 1 (mod N)} (7) If b j 1 (mod N) then Return Prime Else Return Composite For prime N, this algorithm always returns Prime Moreover, it can be shown that the algorithm returns Prime on a composite input N with probability at most 1/2: Theorem 53 Let N N be odd and composite, N 1 = 2 r R with R odd Then for random a Z N we have ( ) Prob a R 1 (mod N) or i {0,, r 1} a 2iR 1 (mod N) 1 2 An RP algorithm A for a given problem is a randomized algorithm running in worstcase polynomial time such that (1) for every Yes instance Pr(A yields Yes) 1/2; (2) for every No instance Pr(A yields Yes) = 0 Hence: Theorem 54 The Miller-Rabin test is an RP algorithm for testing compositeness

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n

The Chinese Remainder Theorem

Chapter 5 The Chinese Remainder Theorem 5.1 Coprime moduli Theorem 5.1. Suppose m, n N, and gcd(m, n) = 1. Given any remainders r mod m and s mod n we can find N such that N r mod m and N s mod n. Moreover,

Applied Cryptography and Computer Security CSE 664 Spring 2018

Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Chapter 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p. If n > 1

ECEN 5022 Cryptography

Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,

A Few Primality Testing Algorithms

A Few Primality Testing Algorithms Donald Brower April 2, 2006 0.1 Introduction These notes will cover a few primality testing algorithms. There are many such, some prove that a number is prime, others

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively

A SURVEY OF PRIMALITY TESTS

A SURVEY OF PRIMALITY TESTS STEFAN LANCE Abstract. In this paper, we show how modular arithmetic and Euler s totient function are applied to elementary number theory. In particular, we use only arithmetic

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

CHAPTER 2 INTRODUCTION TO NUMBER THEORY ANSWERS TO QUESTIONS 2.1 A nonzero b is a divisor of a if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of a if there is no remainder

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

4. Primality testing 4.1. Introduction. Factorisation is concerned with the problem of developing efficient algorithms to express a given positive integer n > 1 as a product of powers of distinct primes.

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS 1. The Chinese Remainder Theorem We now seek to analyse the solubility of congruences by reinterpreting their solutions modulo a composite

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,

Number Theory and Group Theoryfor Public-Key Cryptography

Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography

Mathematics for Cryptography

Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1

Lecture 4: Number theory

Lecture 4: Number theory Rajat Mittal IIT Kanpur In the next few classes we will talk about the basics of number theory. Number theory studies the properties of natural numbers and is considered one of

A Guide to Arithmetic

A Guide to Arithmetic Robin Chapman August 5, 1994 These notes give a very brief resumé of my number theory course. Proofs and examples are omitted. Any suggestions for improvements will be gratefully

Basic elements of number theory

Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a

Basic elements of number theory

Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Introduction to Algorithms (CS 482) Cornell University Instructor: Bobby Kleinberg Lecture Notes, 25 April 2008 The Miller-Rabin Randomized Primality Test 1 Introduction Primality testing is an important

Part II. Number Theory. Year

Part II Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2017 Paper 3, Section I 1G 70 Explain what is meant by an Euler pseudoprime and a strong pseudoprime. Show that 65 is an Euler

The running time of Euclid s algorithm

The running time of Euclid s algorithm We analyze the worst-case running time of EUCLID as a function of the size of and Assume w.l.g. that 0 The overall running time of EUCLID is proportional to the number

Notes on Systems of Linear Congruences

MATH 324 Summer 2012 Elementary Number Theory Notes on Systems of Linear Congruences In this note we will discuss systems of linear congruences where the moduli are all different. Definition. Given the

Number Theory and Algebra: A Brief Introduction

Number Theory and Algebra: A Brief Introduction Indian Statistical Institute Kolkata May 15, 2017 Elementary Number Theory: Modular Arithmetic Definition Let n be a positive integer and a and b two integers.

Ma/CS 6a Class 4: Primality Testing

Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

NUMBER THEORY Anwitaman DATTA SCSE, NTU Singapore Acknowledgement: The following lecture slides are based on, and uses material from the text book Cryptography and Network Security (various eds) by William

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Spring 2006 1 / 1 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 2.4 2.6 of Rosen Introduction I When talking

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,

Basic Algorithms in Number Theory

Basic Algorithms in Number Theory Algorithmic Complexity... 1 Basic Algorithms in Number Theory Francesco Pappalardi Discrete Logs, Modular Square Roots & Euclidean Algorithm. July 20 th 2010 Basic Algorithms

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

8 Modular Arithmetic We introduce an operator mod. Let d be a positive integer. For c a nonnegative integer, the value c mod d is the remainder when c is divided by d. For example, c mod d = 0 if and only

LECTURE NOTES IN CRYPTOGRAPHY

1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

LARGE PRIME NUMBERS 1. Fast Modular Exponentiation Given positive integers a, e, and n, the following algorithm quickly computes the reduced power a e % n. (Here x % n denotes the element of {0,, n 1}

2 More on Congruences

2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

8. p-adic numbers 8.1. Motivation: Solving x 2 a (mod p n ). Take an odd prime p, and ( an) integer a coprime to p. Then, as we know, x 2 a (mod p) has a solution x Z iff = 1. In this case we can suppose

IRREDUCIBILITY TESTS IN F p [T ]

IRREDUCIBILITY TESTS IN F p [T ] KEITH CONRAD 1. Introduction Let F p = Z/(p) be a field of prime order. We will discuss a few methods of checking if a polynomial f(t ) F p [T ] is irreducible that are

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline GCD and Euclid s Algorithm AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

AIT 682: Network and Systems Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography Instructor: Dr. Kun Sun Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:

Public Key Encryption

Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition

Some Facts from Number Theory

Computer Science 52 Some Facts from Number Theory Fall Semester, 2014 These notes are adapted from a document that was prepared for a different course several years ago. They may be helpful as a summary

1. Algebra 1.7. Prime numbers

1. ALGEBRA 30 1. Algebra 1.7. Prime numbers Definition Let n Z, with n 2. If n is not a prime number, then n is called a composite number. We look for a way to test if a given positive integer is prime

1 Overview and revision

MTH6128 Number Theory Notes 1 Spring 2018 1 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction

Public-key Cryptography: Theory and Practice

Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 2: Mathematical Concepts Divisibility Congruence Quadratic Residues

Euler s, Fermat s and Wilson s Theorems

Euler s, Fermat s and Wilson s Theorems R. C. Daileda February 17, 2018 1 Euler s Theorem Consider the following example. Example 1. Find the remainder when 3 103 is divided by 14. We begin by computing

Chapter 8. Introduction to Number Theory

Chapter 8 Introduction to Number Theory CRYPTOGRAPHY AND NETWORK SECURITY 1 Index 1. Prime Numbers 2. Fermat`s and Euler`s Theorems 3. Testing for Primality 4. Discrete Logarithms 2 Prime Numbers 3 Prime

Number Theory Alex X. Liu & Haipeng Dai

Number Theory Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University How to compute gcd(x,y) Observation: gcd(x,y) = gcd(x-y, y)

Introduction to Public-Key Cryptosystems:

Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

CSE 521: Design and Analysis of Algorithms I

CSE 521: Design and Analysis of Algorithms I Randomized Algorithms: Primality Testing Paul Beame 1 Randomized Algorithms QuickSelect and Quicksort Algorithms random choices make them fast and simple but

3 The fundamentals: Algorithms, the integers, and matrices

3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers

Chapter 5. Modular arithmetic. 5.1 The modular ring

Chapter 5 Modular arithmetic 5.1 The modular ring Definition 5.1. Suppose n N and x, y Z. Then we say that x, y are equivalent modulo n, and we write x y mod n if n x y. It is evident that equivalence

Numbers. Çetin Kaya Koç Winter / 18

Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Math 152, Problem Set 2 solutions (2018-01-24) All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. 1. Let us look at the following equation: x 5 1

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We

Introduction to Number Theory

INTRODUCTION Definition: Natural Numbers, Integers Natural numbers: N={0,1,, }. Integers: Z={0,±1,±, }. Definition: Divisor If a Z can be writeen as a=bc where b, c Z, then we say a is divisible by b or,

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Math 324, Fall 2011 Assignment 7 Solutions Exercise 1. (a) Suppose a and b are both relatively prime to the positive integer n. If gcd(ord n a, ord n b) = 1, show ord n (ab) = ord n a ord n b. (b) Let

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Computer Science CSC 474 Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography CSC 474 Dr. Peng Ning 1 Outline GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

ECE646 Lecture RSA Key Generation Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality A.Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 3: Theory of Modular Arithmetic 25 SECTION C Solving Linear Congruences By the end of this section you will be able to solve congruence equations determine the number of solutions find the multiplicative

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

The first exam will be on Monday, June 8, 202. The syllabus will be sections. and.2 in Lax, and the number theory handout found on the class web site, plus the handout on the method of successive squaring

MATH 361: NUMBER THEORY FOURTH LECTURE

MATH 361: NUMBER THEORY FOURTH LECTURE 1. Introduction Everybody knows that three hours after 10:00, the time is 1:00. That is, everybody is familiar with modular arithmetic, the usual arithmetic of the

Ma/CS 6a Class 4: Primality Testing

Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Send anonymous suggestions and complaints from here. Email: adamcandobetter@gmail.com Password: anonymous2 There aren t enough crocodiles in the presentations

The primitive root theorem

The primitive root theorem Mar Steinberger First recall that if R is a ring, then a R is a unit if there exists b R with ab = ba = 1. The collection of all units in R is denoted R and forms a group under

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

SOLUTIONS TO PROBLEM SET 1 Section 1.3 Exercise 4. We see that 1 1 2 = 1 2, 1 1 2 + 1 2 3 = 2 3, 1 1 2 + 1 2 3 + 1 3 4 = 3 4, and is reasonable to conjecture n k=1 We will prove this formula by induction.

Finite Fields. Mike Reiter

1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication,

PREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012

PREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012 0.1. Basic Num. Th. Techniques/Theorems/Terms. Modular arithmetic, Chinese Remainder Theorem, Little Fermat, Euler, Wilson, totient, Euclidean

Discrete Mathematics with Applications MATH236

Discrete Mathematics with Applications MATH236 Dr. Hung P. Tong-Viet School of Mathematics, Statistics and Computer Science University of KwaZulu-Natal Pietermaritzburg Campus Semester 1, 2013 Tong-Viet

Lecture 14: Hardness Assumptions

CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

CS 5319 Advanced Discrete Structure Lecture 9: Introduction to Number Theory II Divisibility Outline Greatest Common Divisor Fundamental Theorem of Arithmetic Modular Arithmetic Euler Phi Function RSA

Cryptography: Joining the RSA Cryptosystem

Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Overview First,

7. Prime Numbers Part VI of PJE

7. Prime Numbers Part VI of PJE 7.1 Definition (p.277) A positive integer n is prime when n > 1 and the only divisors are ±1 and +n. That is D (n) = { n 1 1 n}. Otherwise n > 1 is said to be composite.

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem Grzegorz Herman and Michael Soltys November 24, 2008 Abstract Although a deterministic polytime algorithm for

Elementary Number Theory Review. Franz Luef

Elementary Number Theory Review Principle of Induction Principle of Induction Suppose we have a sequence of mathematical statements P(1), P(2),... such that (a) P(1) is true. (b) If P(k) is true, then

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Factoring Algorithms Pollard s p 1 Method This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors. Input: n (to factor) and a limit B Output: a proper factor of

4 Number Theory and Cryptography

4 Number Theory and Cryptography 4.1 Divisibility and Modular Arithmetic This section introduces the basics of number theory number theory is the part of mathematics involving integers and their properties.

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups

Mathematical Foundations of Public-Key Cryptography

Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical

Summary Slides for MATH 342 June 25, 2018

Summary Slides for MATH 342 June 25, 2018 Summary slides based on Elementary Number Theory and its applications by Kenneth Rosen and The Theory of Numbers by Ivan Niven, Herbert Zuckerman, and Hugh Montgomery.

The Chinese Remainder Theorem

Sacred Heart University DigitalCommons@SHU Academic Festival Apr 20th, 9:30 AM - 10:45 AM The Chinese Remainder Theorem Nancirose Piazza Follow this and additional works at: http://digitalcommons.sacredheart.edu/acadfest

Congruences and Residue Class Rings

Congruences and Residue Class Rings (Chapter 2 of J. A. Buchmann, Introduction to Cryptography, 2nd Ed., 2004) Shoichi Hirose Faculty of Engineering, University of Fukui S. Hirose (U. Fukui) Congruences

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number

ECE596C: Handout #11

ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying

Number Theory Proof Portfolio

Number Theory Proof Portfolio Jordan Rock May 12, 2015 This portfolio is a collection of Number Theory proofs and problems done by Jordan Rock in the Spring of 2014. The problems are organized first by

Part IA Numbers and Sets

Part IA Numbers and Sets Definitions Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)

A. Algebra and Number Theory

A. Algebra and Number Theory Public-key cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding

a = mq + r where 0 r m 1.

8. Euler ϕ-function We have already seen that Z m, the set of equivalence classes of the integers modulo m, is naturally a ring. Now we will start to derive some interesting consequences in number theory.

Number Theory. Modular Arithmetic

Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic

Number Theory Solutions Packet

Number Theory Solutions Pacet 1 There exist two distinct positive integers, both of which are divisors of 10 10, with sum equal to 157 What are they? Solution Suppose 157 = x + y for x and y divisors of

Lecture 6: Deterministic Primality Testing

Lecture 6: Deterministic Primality Testing Topics in Pseudorandomness and Complexity (Spring 018) Rutgers University Swastik Kopparty Scribe: Justin Semonsen, Nikolas Melissaris 1 Introduction The AKS

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

6 Prime Numbers Part VI of PJE 6.1 Fundamental Results Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively D (p) = { p 1 1 p}. Otherwise

1. multiplication is commutative and associative;

Chapter 4 The Arithmetic of Z In this chapter, we start by introducing the concept of congruences; these are used in our proof (going back to Gauss 1 ) that every integer has a unique prime factorization.

THE MILLER RABIN TEST

THE MILLER RABIN TEST KEITH CONRAD 1. Introduction The Miller Rabin test is the most widely used probabilistic primality test. For odd composite n > 1 at least 75% of numbers from to 1 to n 1 are witnesses

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 3: Theory of Modular Arithmetic 25 SECTION C Solving Linear Congruences By the end of this section you will be able to solve congruence equations determine the number of solutions find the multiplicative

Part IA Numbers and Sets

Part IA Numbers and Sets Theorems Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)