CMPUT 403: Number Theory

Similar documents
Number Theory. Zachary Friggstad. Programming Club Meeting

Elementary Number Theory Review. Franz Luef

Number Theory Proof Portfolio

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

The Euclidean Algorithm and Multiplicative Inverses

M381 Number Theory 2004 Page 1

Applied Cryptography and Computer Security CSE 664 Spring 2017

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

1 Overview and revision

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CPSC 467b: Cryptography and Computer Security

CSC 474 Information Systems Security

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

CPSC 467: Cryptography and Computer Security

Discrete Structures Lecture Primes and Greatest Common Divisor

Number Theory and Group Theoryfor Public-Key Cryptography

Some Facts from Number Theory

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

The Chinese Remainder Theorem

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

Notes on Systems of Linear Congruences

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Number Theory Notes Spring 2011

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Basic elements of number theory

Basic elements of number theory

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

CHAPTER 3. Congruences. Congruence: definitions and properties

NOTES ON SIMPLE NUMBER THEORY

Lecture 4: Number theory

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

a the relation arb is defined if and only if = 2 k, k

MATH 145 Algebra, Solutions to Assignment 4

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

2 Elementary number theory

Summary Slides for MATH 342 June 25, 2018

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Elementary Number Theory MARUCO. Summer, 2018

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

4 Number Theory and Cryptography

8 Primes and Modular Arithmetic

Intermediate Math Circles February 26, 2014 Diophantine Equations I

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Applied Cryptography and Computer Security CSE 664 Spring 2018

Numbers. Çetin Kaya Koç Winter / 18

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Finite Fields. Mike Reiter

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Lecture Notes. Advanced Discrete Structures COT S

Mathematics for Cryptography

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

3 The fundamentals: Algorithms, the integers, and matrices

Olympiad Number Theory Through Challenging Problems

An Algorithm for Prime Factorization

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Lecture 7: Number Theory Steven Skiena. skiena

Chapter 5. Number Theory. 5.1 Base b representations

Integers and Division

4 Powers of an Element; Cyclic Groups

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

Lecture 7 Number Theory Euiseong Seo

Solutions Math 308 Homework 9 11/20/2018. Throughout, let a, b, and c be non-zero integers.

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

ECE596C: Handout #11

Homework #2 solutions Due: June 15, 2012

Mathematical Foundations of Cryptography

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Chapter 4 Finite Fields

Direct Proof MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Direct Proof Fall / 24

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

MTH 346: The Chinese Remainder Theorem

Remainders. We learned how to multiply and divide in elementary

Winter Camp 2009 Number Theory Tips and Tricks

Number Theory Solutions Packet

Introduction to Sets and Logic (MATH 1190)

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

A Guide to Arithmetic

CS250: Discrete Math for Computer Science

CISC-102 Fall 2017 Week 6

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

Number theory (Chapter 4)

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Solutions to Problem Set 3 - Fall 2008 Due Tuesday, Sep. 30 at 1:00

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Practice Number Theory Problems

The following is an informal description of Euclid s algorithm for finding the greatest common divisor of a pair of numbers:

Transcription:

CMPUT 403: Number Theory Zachary Friggstad February 26, 2016

Outline Factoring Sieve Multiplicative Functions Greatest Common Divisors Applications Chinese Remainder Theorem

Factoring Theorem (Fundamental Theorem of Arithmetic) Every integer n 2 can be uniquely expressed in the form p a 1 1... pa k k where p 1... p k are primes and a i 1 are integers. We usually just try trial division to factor an integer n: Find the smallest integer p 2 dividing n. Divide it out (it must be a prime) and repeat.

Speedup: just try values p n, if anything remains it is a prime since n cannot have two prime divisors > n. map<int, int> p r i m e s ; for ( int p = 2 ; p p <= n ; ++p ) while ( n%p == 0) { ++p r i m e s [ p ] ; n /= p ; } if ( n > 1) ++p r i m e s [ n ] ; for ( auto& x : p r i m e s ) { // x. first is a prime dividing n // x. second is the number of times it divides n } Running Time: O( n)

Sieve: Find all primes n. Write all numbers from 2 to n. Find the smallest number p not highlighted. Highlight it and cross off larger multiples. 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, 4, 5, 6, 7, 8, 9, 10 Crossed out numbers are multiples of smaller numbers: not prime. Highlighted numbers are not multiples of smaller numbers: prime.

Speedup 1) Only go up to n, anything not highlighted or crossed out must be a prime since any composite number is divisible by a prime n. Note: This is only a practical speedup, not an asymptotic speedup. v e c t o r <int> p r i m e s ( n +1); for ( int i = 2 ; i <= n ; ++i ) p r i m e s [ i ] = i ; for ( int p = 2 ; p p <= n ; ++p ) if ( p r i m e s [ p ] == p ) //if p is not crossed off yet // then cross off multiples of p for ( int q = 2 p ; q <= n ; q += p ) p r i m e s [ q ] = p ; // now p is a prime if and only if primes[p] == p // if p is composite, then primes[p] is a prime divisor of p Running Time The inner loop iterates p n prime n p = O(n log log n) times.

Multiplicative Functions Definition A multiplicative function is a function f : Z 1 R satisfying f (a b) = f (a) f (b) whenever gcd(a, b) = 1. Examples: φ(n) = number of integers 1 k n with gcd(n, k) = 1. τ(n) = number of distinct positive divisors of n σ(n) = sum of all positive divisors of n µ(n) = 0 if p 2 n for some p, otherwise is ( 1) k where k is the number of distinct prime divisors of n.

Let f be multiplicative. If you can easily compute f (p a ) for primes p and a 1, then you can compute f (n) for all n by factoring: if n = p a 1 1... pa k k then f (n) = f (p a 1 1 )... f (pa k k ). Examples: φ(p a ) = p a 1 (p 1) τ(p a ) = a + 1 σ(p a ) = 1 + p + p 2 +... + p a = pa+1 1 p 1 { 1 if a = 1 µ(p a ) = 0 if a 2

Can conveniently compute f (n) for all values up to n with a sieve. Idea For each 2 k n, compute a prime divisor of k with a sieve. Initialize f (1) = 1. For some k 2, let p k with multiplicity a. Compute f (n) = f (n/p a ) f (p a ). Example v e c t o r <int> p r i m e s ( n +1); // suppose we sieved so primes[p] is a prime divisor of p v e c t o r <int> sigma ( n +1); sigma [ 1 ] = 1 ; for ( int k = 2 ; k <= n ; ++k ) { int s = 1, p = p r i m e s [ k ], m = k ; while (m % p == 0) { m /= p ; s = s p + 1 ; } // invariant : s = sigma(p^i) after i iterations sigma [ k ] = s sigma [m] }

Greatest Common Divisors gcd(a, b) for integers a, b 0 is the largest integer d such that d a and d b. Note gcd(a, 0) = a if a 1. Standard convention: gcd(0, 0) = 0. Observation gcd(a, b) = gcd(a b, b) if a b Because anything that divides a and b also divides a ± b. Accelerated Subtraction gcd(a, b) = gcd(a mod b, b) (even if a < b) Because a mod b is obtained by repeatedly subtracting b from a.

Euclid s algorithm to compute gcd(a, b). If b = 0 then the answer is a. Otherwise, the answer is gcd(b, a mod b) (even if a b). int gcd ( int a, int b ) { return b? gcd ( b, a%b ) : a ; } Running time: O(log a + log b) because a mod b a/2 if a b. Quick Proof: Obvious if b a/2 since a mod b < b. Otherwise a mod b = a b a/2. Least Common Multiple Find the smallest integer m that is a common multiple of positive integers a, b. Simply put: lcm(a, b) = a b gcd(a,b). int lcm ( int a, int b ) { return a/ gcd ( a, b ) b ; } // division before multiplication may avoid overflow

Extended Euclidean Algorithm Given integers a, b 0, for any other integers c, d we have that gcd(a, b) divides ac + bd. Question Can we find integers c, d such that ac + bd = gcd(a, b). Answer Yes, and the Extended Euclidean Algorithm finds them.

Define a sequence of tuples (r i, s i, t i ) for 0 i inductively as follows. r 0 = a, r 1 = b s 0 = 1, s 1 = 0 t 0 = 0, t 1 = 1 Invariant, for any i will maintain a s i + b t i = r i. True for i = 0, 1. Inductively for i 2 q i = r i 2 /r i 1 (quotient) r i = r i 2 q i r i 1 (remainder) same as r i = r i 2 mod r i 1 s i = s i 2 q i s i 1 t i = t i 2 q i t i 1 The r 0, r 1, r 2,... sequence is just following Euclid s gcd algorithm. Consequence of the Invariants Let j be the first index where r j = 0. Then gcd(a, b) = r j 1 = s j 1 a + t j 1 b.

Example Find x, y such that 21x + 27y = gcd(21, 27) = 3. i q i r i s i t i 0 21 1 0 1 27 0 1 2 0 21 1 0 3 1 6 1 1 4 3 3 4 3 5 2 0 10 13 Therefore 3 = gcd(21, 27) = 21 4 + 27 ( 3). i.e. x = 4, y = 3

typedef p a i r <int, int> p i i ; //# include utility void update ( p i i & p, int q ) { p = p i i ( p. second, p. f i r s t q p. second ) ; } // returns gcd(r. first, r. second) and p is set so // gcd(r.first, r. second) = p.first*r.first+p.second*r.second int gcdex ( p i i r, p i i s, p i i t, p i i & p ) { while ( r. second ) { int q = r. f i r s t / r. second ; update ( r, q ) ; update ( s, q ) ; update ( t, q ) ; } p = p i i ( s. f i r s t, t. f i r s t ) ; return r. f i r s t ; } // can prove p. first <= r. second, p. second <= r. first p i i p ; int g = gcdex ( p i i ( a, b ), p i i ( 1, 0 ), p i i ( 0, 1 ), p ) ; // now g = gcd(a,b) = a*p. first + b*p. second

Applications Modular Inverses Recall a b mod m means m (a b). Given a Z and m > 0 find b such that a b 1 mod m. Cleanup: We usually like to think of 0 a < m. If a m, then just compute a mod m. If a < m, then we have to be more careful. ISO Standard: In c++, if a < 0 and m > 0, then a % m is the negative reminder closest to 0. Example: -17 % 5 == -2. // assumes m > 0, returns the residue of a mod m in [0, m -1] int safe mod ( int a, int m) { return ( a%m + m)%m; }

Recall, we are finding b such that a b 1 mod m where m > 0. If gcd(a, m) > 1, impossible. Otherwise, use Euclid s extended algorithm to find c, d such that a c + m d = gcd(a, m) = 1. So a c 1 mod m. // assumes m > 0, returns an integer b in [1, m -1] such that // a * b equiv 1 mod m int modinv ( int a, int m) { a = safe mod ( a, m) ; // ensure a >= 0 p i i p ; a s s e r t ( gcdex ( p i i ( a,m), p i i ( 1, 0 ), p i i ( 0, 1 ), p ) == 1 ) ; return safe mod ( p. f i r s t, m) ; }

Linear Diophantine Equations Given integers a, b, d, find integers x, y such that ax + by = d. Idea: Find x, y with ax + by = gcd(a, d). Scale x, y by d/ gcd(a, b). Some fussing to handle negatives. p i i l i n d i o p ( int a, int b, int d ) { p i i p ; int g ; g = gcdex ( p i i ( abs ( a ), abs ( b ) ), p i i ( 1, 0 ), p i i ( 0, 1 ), p ) ; a s s e r t ( d % g == 0 ) ; // impossible if d%g!= 0 // now abs(a)* p. first + abs(b)* p. second == g if ( a < 0) p. f i r s t = p. f i r s t ; if ( b < 0) p. second = p. second ; p. f i r s t = d/g ; p. second = d/g ; return p ; } // even works if d < 0 or some/ all parameters are 0

Chinese Remaindering If a is an integer such that a 4 mod 15 then we know a 1 mod 3 and a 4 mod 5. That is, 15 (a 4) means surely 3 (a 1) and 5 (a 4). What about the other way around? Given target remainders x, y modulo 3 and 5 respectively, is there some integer a such that a x mod 3 and a y mod 5? More generally Theorem Let m, n be such that gcd(m, n) = 1. Then for any integers x, y there exists an integer a such that a x mod m and a y mod n.

Idea: let m, n be the moduli and x, y the target remainders. As gcd(m, n) = 1, compute integers m, n such that m m 1 mod n and n n 1 mod m. The answer is just x m m + y n n (try reducing mod m and n to see why). // assumes m,n > 0 // returns 0 <= a < m*n congruent to x mod m and y mod n int chrem ( int x, m, int y, int n ) { int mi = modinv (m, n ), n i = modinv ( n, m) ; return safe mod ( x m mi + y n ni, m n ) ; }

More generally, given moduli m 1,..., m n > 0 and target remainders x 1,..., x n find an integer a such that a x i mod m i for each i. Assumption: gcd(m i, m j ) = 1 for any i j. Base Case: if n = 1 just return a = x. Inductive Step Inductively construct b congruent to x i mod m i for i j. Solve the case n = 2 to find a congruent to b mod j i=1 m i and congruent to x j+1 mod m j+1. int c h r e m m u l t i ( int x, int m, int n ) { int a = x [ 0 ], mm = m[ 0 ] ; for ( int j = 0 ; j +1 < n ; ++j ) { a = chrem ( a, mm, x [ j +1], m[ j + 1 ] ) ; mm = m[ j +1]; } return x [ n 1]; }

Missing Topics Chinese remaindering when moduli are not relatively prime. Either there is no solution or it is unique modulo the least-common multiple of all moduli. Quadratic residues, discrete logarithms, finding integer solutions for integer quadratic equations. Finding integer solutions to a system of integer linear equations. Next Lecture Tricks in Combinatorics and Arithmetic.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback