Foundations of Computer Science Lecture 10 Number Theory

Similar documents
Discrete Mathematics GCD, LCM, RSA Algorithm

Number Theory Basics Z = {..., 2, 1, 0, 1, 2,...} For, b Z, we say that divides b if z = b for some. Notation: b Fact: for all, b, c Z:

Introduction to Public-Key Cryptosystems:

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

The Fundamental Theorem of Arithmetic

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Mathematical Foundations of Public-Key Cryptography

basics of security/cryptography

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Basic elements of number theory

Basic elements of number theory

CS483 Design and Analysis of Algorithms

Introduction to Number Theory. The study of the integers

Number theory (Chapter 4)

2.2 Inverses and GCDs

Elementary Number Theory Review. Franz Luef

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Carmen s Core Concepts (Math 135)

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

Algebra for error control codes

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Elementary Number Theory MARUCO. Summer, 2018

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Public Key Cryptography

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

ICS141: Discrete Mathematics for Computer Science I

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

An Algorithm for Prime Factorization

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Ma/CS 6a Class 1. Course Details

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

Practice Number Theory Problems

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Cryptography. pieces from work by Gordon Royle

Applied Cryptography and Computer Security CSE 664 Spring 2017

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

download instant at

4 Number Theory and Cryptography

CS2800 Questions selected for fall 2017

Cryptography CS 555. Topic 22: Number Theory/Public Key-Cryptography

W3203 Discrete Mathema1cs. Number Theory. Spring 2015 Instructor: Ilia Vovsha. hcp://

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

1 Overview and revision

Number Theory and Group Theoryfor Public-Key Cryptography

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Algebra, Coding Theory and Cryptography Lecture Notes. Lior Silberman

Encryption: The RSA Public Key Cipher

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

HOMEWORK 11 MATH 4753

Beautiful Mathematics

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

3 The fundamentals: Algorithms, the integers, and matrices

2301 Assignment 1 Due Friday 19th March, 2 pm

Topics in Cryptography. Lecture 5: Basic Number Theory

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

For your quiz in recitation this week, refer to these exercise generators:

CIS 551 / TCOM 401 Computer and Network Security

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

NOTES ON SIMPLE NUMBER THEORY

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Number Theory Solutions Packet

CS March 17, 2009

Simple Math: Cryptography

Number Theory A focused introduction

CPSC 467b: Cryptography and Computer Security

Introduction to Cybersecurity Cryptography (Part 4)

MATH10040 Chapter 1: Integers and divisibility

Number Theory & Modern Cryptography

Part IA Numbers and Sets

cse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska

Introduction to Cryptography. Lecture 6

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Introduction to Cybersecurity Cryptography (Part 4)

ECE596C: Handout #11

Public Key Cryptography

Chapter 1 A Survey of Divisibility 14

CPSC 467b: Cryptography and Computer Security

Cryptography. P. Danziger. Transmit...Bob...

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

MATH 145 Algebra, Solutions to Assignment 4

CPSC 467b: Cryptography and Computer Security

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Integers and Division

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Ma/CS 6a Class 2: Congruences

MAT 243 Test 2 SOLUTIONS, FORM A

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Transcription:

Foundations of Computer Science Lecture 10 Number Theory Division and the Greatest Common Divisor Fundamental Theorem of Arithmetic Cryptography and Modular Arithmetic RSA: Public Key Cryptography

Last Time 1 Why sums and reccurrences? Running times of programs. 2 Tools for summation: constant rule, sum rule, common sums and nested sum rule. 3 Comparing functions - asymptotics: Big-Oh, Theta, Little-Oh notation. log log(n) < log α (n) < n ǫ < 2 δn 4 The method of integration - estimating sums. n i=1 i k nk+1 k + 1 n i=1 1 ln n i ln n! = n i=1 ln i n ln n n Creator: Malik Magdon-Ismail Number Theory: 2 / 14 Today

Today: Number Theory 1 Division and Greatest Common Divisor (GCD) Euclid s algorithm Bezout s identity 2 Fundamental Theorem of Arithmetic 3 Modular Arithmetic Cryptography RSA public key cryptography Creator: Malik Magdon-Ismail Number Theory: 3 / 14 The Basics

The Basics Number theory has attracted the best of the best, because Babies can ask questions which grown-ups can t solve P. Erdős 6 = 1 + 2 + 3 is perfect (equals the sum of its proper divisors). Is there an odd perfect number? Quotient-Remainder Theorem For n Z and d N, n = qd + r. The quotient q Z and remainder 0 r < d are unique. e.g. n = 27, d = 6: 27 = 4 6 + 4 rem(27, 6) = 4. Divisibility. d divides n, d n if and only if n = qd for some q Z. e.g. 6 24. Primes. P = {2, 3, 5, 7, 11,...} = {p p 2 and the only positive divisors of p are 1, p}. Division Facts (Exercise 10.2) 1 d 0. 2 If d m and d n, then dd mn. 3 If d m and m n, then d n. 4 If d n and d m, then d n + m. 5 If d n, then xd xn for x N. 6 If d m + n and d m, then d n. Creator: Malik Magdon-Ismail Number Theory: 4 / 14 Greatest Common Divisor

Greatest Common Divisor Divisors of 30: {1, 2, 3, 5, 6, 15, 30}. Divisors of 42: {1, 2, 3, 6, 7, 14, 21, 42}. Common divisors: {1, 2, 3, 6}. greatest common divisor (GCD) = 6. Definition. Greatest Common Divisor, GCD Let m, n be two integers not both zero. gcd(m, n) is the largest integer that divides both m and n: gcd(m, n) m, gcd(m, n) n and any other common divisor d gcd(m, n). Notice that every common divisor divides the GCD. Also, gcd(m, n) = gcd(n, m). Relatively Prime If gcd(m, n) = 1, then m, n are relatively prime. Example: 6 and 35 are not prime but they are relatively prime. Theorem. gcd(m, n) = gcd(rem(n, m), m). Proof. n = qm + r r = n qm. Let D = gcd(m, n) and d = gcd(m, r). D m and D n D divides r = n qm. Hence, D gcd(m, r) = d. (D is a common divisor of m, r) d m and d r d divides n = qm + r. Hence, d gcd(m, n) = D. (d is a common divisor of m, n) D d and D d D = d, which proves gcd(m, n) = gcd(n, r). Creator: Malik Magdon-Ismail Number Theory: 5 / 14 Euclid s Algorithm

Euclid s Algorithm Theorem. gcd(m, n) = gcd(rem(n, m), m). gcd(42, 108) = gcd(24, 42) 24 = 108 2 42 = gcd(18, 24) 18 = 42 24 = 42 (108 2 42) }{{} 24 = gcd(6, 18) 6 = 24 18 = (108 2 42) }{{} 24 = gcd(0, 6) 0 = 18 3 6 = 6 gcd(0, n) = n = 3 42 108 (3 42 108) }{{} 18 = 2 108 5 42 Remainders in Euclid s algorithm are integer linear combinations of 42 and 108. In particular, gcd(42, 108) = 6 = 2 108 5 42. This will be true for gcd(m, n) in general: gcd(m, n) = mx + ny for some x, y Z. Creator: Malik Magdon-Ismail Number Theory: 6 / 14 Bezout s Identity

Bezout s Identity: A Formula for GCD From Euclid s Algorithm, gcd(m, n) = mx + ny for some x, y Z. Can any smaller positive number z be a linear combination of m and n? suppose: z = mx + ny > 0. gcd(m, n) divides RHS gcd(m, n) z, i.e z gcd(m, n) (because gcd(m, n) m and gcd(m, n) n). Theorem. Bezout s Identity gcd(m, n) is the smallest positive integer linear combination of m and n: gcd(m, n) = mx + ny for x, y Z. Formal Proof. Let l be the smallest positive linear combination of m, n: l = mx + ny. 1. Prove l gcd(m, n) as above. 2. Prove l gcd(m, n) by showing l is a common divisor (rem(m, l) = rem(n, l) = 0). There is no formula for GCD. But this is close to a formula. Creator: Malik Magdon-Ismail Number Theory: 7 / 14 GCD Facts

GCD Facts (i) gcd(m, n) = gcd(m, rem(n, m)). (ii) Every common divisor of m, n divides gcd(m, n). (iii) For k N, gcd(km, kn) = k gcd(m, n). (iv) if gcd(l, m) = 1 and gcd(l, n) = 1, then gcd(l, mn) = 1. (v) if d mn and gcd(d, m) = 1, then d n. Proof. (ii) gcd(m, n) = mx + ny. Any common divisor divides the RHS and so also the LHS. (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) (iii) gcd(km, kn) = kmx + kny = k(mx + ny). The RHS is the smallest possible, so there is no smaller positive linear combination of m, n. That is gcd(m, n) = (mx + ny). (e.g. gcd(6, 15) = 3 gcd(12, 30) = 2 3 = 6) (iv) 1 = lx + my and 1 = lx + ny. Multiplying, 1 = (lx + my)(lx + ny ) = l (lxx + nxy + myx ) + mn (yy ). (e.g. gcd(15, 4) = 1 and gcd(15, 7) = 1 gcd(15, 28) = 1) (v) dx + my = 1 ndx + nmy = n. Since d mn, d divides the LHS, hence d n, the RHS. (e.g. gcd(4, 15) = 1 and 4 15 16 4 16) Creator: Malik Magdon-Ismail Number Theory: 8 / 14 Die Hard: With A Vengence

Die Hard: With A Vengence, John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0, 0) (3, 1: 0) (0, 2: 3) (3, 1: 3) (1, 2: 5) (1, 3: 0) (0, 2: 1) (3, 1: 1) (0, 2: 4) After the 3-gallon jug is emptied into the 5-gallon jug, the state is (0, l), where l = 3x 5y. (the 3-gallon jug has been emptied x times and the 5-gallon jug y times) (integer linear combination of 3, 5). Since gcd(3, 5) = 1 we can get l = 1, 1 = 3 2 5 1 (after emptying the 3-gallon jug 2 times and the 5 gallon jug once, there is 1 gallon) Do this 4 times and you have 4 gallons (guaranteed). (0, 0) (3, 1: 0) (0, 2: 3) (3, 1: 3) (1, 2: 5) (1, 3: 0) (0, 2: 1) (Actually fewer pours works.) (repeat 4 times) If the producers of Die Hard had chosen 3 and 6 gallon jugs, there can be no sequel (phew ). (Why?) Creator: Malik Magdon-Ismail Number Theory: 9 / 14 Fundamental Theorem of Arithmetic

Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n 2 is uniquely (up to reordering) a product of primes. Euclid s Lemma: For primes p, q 1,..., q l, if p q 1 q 2 q l then p is one of the q i. Proof of lemma: If p q l then p = q l. If not, gcd(p, q l ) = 1 and p q 1 q l 1 by GCD fact (v). Induction on l. Proof. (FTA) Contradiction. Let n be the smallest counter-example, n > 2 and n = p 1 p 2 p n = q 1 q 2 q k Since p 1 n, it means p 1 q 1 q 2 q k and by Euclid s Lemma, p 1 = q i (w.l.o.g. q 1 ). n /p 1 = p 2 p n = q 2 q k. That is, n /p 1 is a smaller counter-example. FISHY! Creator: Malik Magdon-Ismail Number Theory: 10 / 14 Cryptography 101

Cryptography 101: Alice and Bob wish to securely exchange the prime M M??? Charlie eavesdrops M Alice encrypts M Alice sends to Bob Bob decrypts M Example. Alice Encrypts: M = M k Alice and Bob know k, Charlie does not. Bob Decrypts: M = M /k = M k/k = M. (k is a shared secret private key) (Hooray, M = M and Charlie is in the dark.) Secure as long as Charlie cannot factor M into k and M. One time use. For two cypher-texts, k = gcd(m 1, M 2 ). To improve, we need modular arithmetic. (Factoring is hard) Creator: Malik Magdon-Ismail Number Theory: 11 / 14 Modular Arithmetic

Modular Arithmetic a b (mod d) if and only if d (a b), i.e. a b = kd for k Z 41 79 (mod 19) because 41 79 = 38 = 2 19. Modular Equivalence Properties. Suppose a b (mod d), i.e. a = b + kd, and r s (mod d), i.e. r = s + ld. Then, (a) ar bs (mod d). (b) a + r b + s (mod d). (c) a n b n (mod d). ar bs = (b + kd)(s + ld) bs = d(ks + bll + kld). That is d ar bs. (a + r) (b + s) = (b + kd + s + ld) b s = d(k + l). That is d (a + r) (b + s). Repeated application of (a) Induction. Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017? 3 2 1 (mod 10) (3 2 ) 1008 ( 1) 1008 (mod 10) 3 (3 2 ) 1008 3 ( 1) 1008 (mod 10) 3 Creator: Malik Magdon-Ismail Number Theory: 12 / 14 Modular Division

Modular Division is Not Like Regular Arithmetic 15 6 13 6 (mod 12) 15 13 (mod 12) 15 6 2 6 (mod 13) 15 2 (mod 13) 7 8 22 8 (mod 15) 7 22 (mod 15) Modular Division: cancelling a factor from both sides Suppose ac bc (mod d). You can cancel c to get a b (mod d) if gcd(c, d) = 1. Proof. d c(a b). By GCD fact (v), d a b because gcd(c, d) = 1. If d is prime, then division with prime modulus is pretty much like regular division. Modular Inverse. Inverses do not exist in N. Modular inverse may exist. 3 n = 1 n =? 3 n = 1 (mod 7) n = 5 Creator: Malik Magdon-Ismail Number Theory: 13 / 14 RSA

RSA Public Key Cryptography Uses Modular Arithmetic Bob broadcasts to the world the numbers 23, 55. (Bob s RSA public key). M??? Charlie eavesdrops Alice encrypts M M M 23 (mod 55) Alice sends to Bob Bob decrypts M M 7 (mod 55) Examples. Does Bob always decode to the correct message? M = 2. M = 8 M = 2 2 23 8 (mod 55) 8 7 2 (mod 55) M = 3. M = 27 M = 3 3 23 27 (mod 55) 27 7 3 (mod 55) M = M M = M Exercise 10.14. Proof that Bob always decodes to the right message for special 55,23 and 7. (How to get them?) Practical Implementation. Good idea to pad with random bits to make the cypher text random. Creator: Malik Magdon-Ismail Number Theory: 14 / 14

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback