An Algorithm for Prime Factorization

Similar documents
Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

Applied Cryptography and Computer Security CSE 664 Spring 2017

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

The Fundamental Theorem of Arithmetic

With Question/Answer Animations. Chapter 4

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Ch 4.2 Divisibility Properties

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Integers and Division

NOTES ON SIMPLE NUMBER THEORY

NOTES ON INTEGERS. 1. Integers

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Introduction to Sets and Logic (MATH 1190)

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CS March 17, 2009

Introduction to Public-Key Cryptosystems:

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions

4 Powers of an Element; Cyclic Groups

8 Primes and Modular Arithmetic

Some Facts from Number Theory

Number Theory. Zachary Friggstad. Programming Club Meeting

Chapter 5. Number Theory. 5.1 Base b representations

cse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska

CMPUT 403: Number Theory

Ma/CS 6a Class 2: Congruences

Basic elements of number theory

Basic elements of number theory

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

CPSC 467: Cryptography and Computer Security

3 The fundamentals: Algorithms, the integers, and matrices

4 Number Theory and Cryptography

Ma/CS 6a Class 2: Congruences

1 Overview and revision

Arithmetic Algorithms, Part 1

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Remainders. We learned how to multiply and divide in elementary

MATH 145 Algebra, Solutions to Assignment 4

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Introduction to Number Theory. The study of the integers

Beautiful Mathematics

1. multiplication is commutative and associative;

Discrete Mathematics GCD, LCM, RSA Algorithm

Chapter 14: Divisibility and factorization

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Number Theory and the abc Conjecture

Algebra for error control codes

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Practice Number Theory Problems

Number Theory Solutions Packet

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers

. As the binomial coefficients are integers we have that. 2 n(n 1).

#26: Number Theory, Part I: Divisibility

The following is an informal description of Euclid s algorithm for finding the greatest common divisor of a pair of numbers:

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

Introduction to Number Theory

Introduction to Number Theory

4. Number Theory (Part 2)

ICS141: Discrete Mathematics for Computer Science I

CSE 20 DISCRETE MATH. Winter

Homework 3, solutions

2301 Assignment 1 Due Friday 19th March, 2 pm

Chapter 2. Divisibility. 2.1 Common Divisors

CHAPTER 3. Congruences. Congruence: definitions and properties

CPSC 467b: Cryptography and Computer Security

Proof 1: Using only ch. 6 results. Since gcd(a, b) = 1, we have

Applied Cryptography and Computer Security CSE 664 Spring 2018

Number Theory Proof Portfolio

Direct Proof MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Direct Proof Fall / 24

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

4.3 - Primes and Greatest Common Divisors

Mat Week 8. Week 8. gcd() Mat Bases. Integers & Computers. Linear Combos. Week 8. Induction Proofs. Fall 2013

CS250: Discrete Math for Computer Science

Student Responsibilities Week 8. Mat Section 3.6 Integers and Algorithms. Algorithm to Find gcd()

Proofs. Methods of Proof Divisibility Floor and Ceiling Contradiction & Contrapositive Euclidean Algorithm. Reading (Epp s textbook)

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

PRACTICE PROBLEMS: SET 1

Solutions Math 308 Homework 9 11/20/2018. Throughout, let a, b, and c be non-zero integers.

Number theory (Chapter 4)

Number Theory and Cryptography

Numbers, Groups and Cryptography. Gordan Savin

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

ECE596C: Handout #11

Senior Math Circles Cryptography and Number Theory Week 2

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Lecture 11 - Basic Number Theory.

Number Theory Basics Z = {..., 2, 1, 0, 1, 2,...} For, b Z, we say that divides b if z = b for some. Notation: b Fact: for all, b, c Z:

Selected Chapters from Number Theory and Algebra

CISC-102 Fall 2017 Week 6

Notes for Recitation 6

a the relation arb is defined if and only if = 2 k, k

Foundations of Computer Science Lecture 10 Number Theory

Section Summary. Division Division Algorithm Modular Arithmetic

CPSC 467b: Cryptography and Computer Security

Notes on Systems of Linear Congruences

CSE 521: Design and Analysis of Algorithms I

Transcription:

An Algorithm for Prime Factorization Fact: If a is the smallest number > 1 that divides n, then a is prime. Proof: By contradiction. (Left to the reader.) A multiset is like a set, except repetitions are allowed {{2, 2, 3, 3, 5}} is a multiset, not a set PF(n): A prime factorization procedure Input: n N + Output: PFS - a multiset of n s prime factors PFS := for a = 2 to n do if a n then PFS := PF(n/a) {{a}} return PFS if PFS = then PFS := {{n}} [n is prime] Example: PF(7007) = {{7}} PF(1001) = {{7, 7}} PF(143) = {{7, 7, 11}} PF(13) = {{7, 7, 11, 13}}. 1

The Complexity of Factoring Algorithm PF runs in exponential time: We re checking every number up to n Can we do better? We don t know. Modern-day cryptography implicitly depends on the fact that we can t! 2

How Many Primes Are There? Theorem 4: [Euclid] There are infinitely many primes. Proof: By contradiction. Suppose that there are only finitely many primes: p 1,..., p n. Consider q = p 1 p n + 1 Clearly q > p 1,..., p n, so it can t be prime. So q must have a prime factor, which must be one of p 1,..., p n (since these are the only primes). Suppose it is p i. Then p i q and p i p 1 p n So p i (q p 1 p n ); i.e., p i 1 (Corollary 1) Contradiction! Largest currently-known prime (as of 5/04): 2 24036583 1: 7235733 digits Check www.utm.edu/research/primes Primes of the form 2 p 1 where p is prime are called Mersenne primes. Search for large primes focuses on Mersenne primes 3

The distribution of primes There are quite a few primes out there: Roughly one in every log(n) numbers is prime Formally: let π(n) be the number of primes n: Prime Number Theorem Theorem: π(n) n/ log(n); that is, lim π(n)/(n/ log(n)) = 1 n Why is this important? Cryptosystems like RSA use a secret key that is the product of two large (100-digit) primes. How do you find two large primes? Roughly one of every 100 100-digit numbers is prime To find a 100-digit prime; Keep choosing odd numbers at random Check if they are prime (using fast randomized primality test) Keep trying until you find one Roughly 100 attempts should do it 4

(Some) Open Problems Involving Primes Are there infinitely many Mersenne primes? Goldbach s Conjecture: every even number greater than 2 is the sum of two primes. E.g., 6 = 3 + 3, 20 = 17 + 3, 28 = 17 + 11 This has been checked out to 6 10 16 (as of 2003) Every sufficiently large integer (> 10 43,000!) is the sum of four primes Two prime numbers that differ by two are twin primes E.g.: (3,5), (5,7), (11,13), (17,19), (41,43) also 4, 648, 619, 711, 505 2 60,000 ± 1! Are there infinitely many twin primes? All these conjectures are believed to be true, but no one has proved them. 5

Greatest Common Divisor (gcd) Definition: For a Z let D(a) = {k N : k a} D(a) = {divisors of a}. Claim. D(a) < if (and only if) a 0. Proof: If a 0 and k a, then 0 < k < a. Definition: For a, b Z, CD(a, b) = D(a) D(b) is the set of common divisors of a, b. Definition: The greatest common divisor of a and b is gcd(a, b) = max(cd(a, b)). Examples: gcd(6, 9) = 3 gcd(13, 100) = 1 gcd(6, 45) = 3 Def.: a and b are relatively prime if gcd(a, b) = 1. Example: 4 and 9 are relatively prime. Two numbers are relatively prime iff they have no common prime factors. Efficient computation of gcd(a, b) lies at the heart of commercial cryptography. 6

Least Common Multiple (lcm) Definition: The least common multiple of a, b N +, lcm(a, b), is the smallest n N + such that a n and b n. Formally, M(a) = {ka k N} the multiples of a Define CM(a, b) = M(a) M(b) the common multiples of a and b lcm(a, b) = min(cm(a, b)) Examples: lcm(4, 9) = 36, lcm(4, 10) = 20. 7

Computing the GCD There is a method for calculating the gcd that goes back to Euclid: Recall: if n > m and q divides both n and m, then q divides n m and n + m. Therefore gcd(n, m) = gcd(m, n m). Proof: Show CD(m, n) = CD(m, n m); i.e., that q divides both n and m iff q divides both m and n m. (If q divides n and m, then q divides n m by the argument above. If q divides m and n m, then q divides m + (n m) = n.) This allows us to reduce the gcd computation to a simpler case. We can do even better: gcd(n, m) = gcd(m, n m) = gcd(m, n 2m) =... keep going as long as n qm 0 n/m steps Consider gcd(6, 45): 45/6 = 7; remainder is 3 (45 3 (mod 6)) gcd(6, 45) = gcd(6, 45 7 6) = gcd(6, 3) = 3 8

We can keep this up this procedure to compute gcd(n 1, n 2 ): If n 1 n 2, write n 1 as q 1 n 2 + r 1, where 0 r 1 < n 2 q 1 = n 1 /n 2 gcd(n 1, n 2 ) = gcd(r 1, n 2 ); r 1 = n 1 mod n 2 Now r 1 < n 2, so switch their roles: n 2 = q 2 r 1 + r 2, where 0 r 2 < r 1 gcd(r 1, n 2 ) = gcd(r 1, r 2 ) Notice that max(n 1, n 2 ) > max(r 1, n 2 ) > max(r 1, r 2 ) Keep going until we have a remainder of 0 (i.e., something of the form gcd(r k, 0) or (gcd(0, r k )) This is bound to happen sooner or later 9

Euclid s Algorithm Input m, n [m, n natural numbers, m n] num m; denom n [Initialize num and denom] repeat until denom = 0 q num/denom rem num (q denom) [num mod denom = rem] num denom [New num] denom rem [New denom; note num denom] endrepeat Output num [num = gcd(m, n)] Example: gcd(84, 33) Iteration 1: num = 84, denom = 33, q = 2, rem = 18 Iteration 2: num = 33, denom = 18, q = 1, rem = 15 Iteration 3: num = 18, denom = 15, q = 1, rem = 3 Iteration 4: num = 15, denom = 3, q = 5, rem = 0 Iteration 5: num = 3, denom = 0 gcd(84, 33) = 3 gcd(84, 33) = gcd(33, 18) = gcd(18, 15) = gcd(15, 3) = gcd(3, 0) = 3 10

Euclid s Algorithm: Correctness How do we know this works? We have two loop invariants, which are true each time we start the loop: gcd(m, n) = gcd(num, denom) num denom At the end, denom = 0, so gcd(num, denom) = num. 11

Euclid s Algorithm: Complexity Input m, n [m, n natural numbers, m n] num m; denom n [Initialize num and denom] repeat until denom = 0 q num/denom rem num (q denom) num denom [New num] denom rem [New denom; note num denom] endrepeat Output num [num = gcd(m, n)] How many times do we go through the loop in the Euclidean algorithm: Best case: Easy. Never! Average case: Too hard Worst case: Can t answer this exactly, but we can get a good upper bound. See how fast denom goes down in each iteration. 12

Claim: After two iterations, denom is halved: Recall num = q denom + rem. Use denom and denom to denote value of denom after 1 and 2 iterations. Two cases: 1. rem denom/2 denom denom/2 and denom < denom/2. 2. rem > denom/2. But then num = denom, denom = rem. At next iteration, q = 1, and denom = rem = num denom < denom/2 How long until denom is 1? < 2 log 2 (m) steps! After at most 2 log 2 (m) steps, denom = 0. 13

The Extended Euclidean Algorithm Theorem 5: For a, b N, not both 0, we can compute s, t Z such that gcd(a, b) = sa + tb. Example: gcd(9, 4) = 1 = 1 9 + ( 2) 4. Proof: By strong induction on max(a, b). Suppose without loss of generality a b. If max(a, b) = 1, then must have b = 1, gcd(a, b) = 1 gcd(a, b) = 0 a + 1 b. If max(a, b) > 1, there are three cases: If a = 0, then gcd(a, b) = b = 0 a + 1 b If a = b, then gcd(a, b) = a = 1 a + 0 b If 0 < a < b, then gcd(a, b) = gcd(a, b a). Moreover, b = max(a, b) > max(a, b a). Thus, by IH, we can compute s, t such that gcd(a, b) = gcd(a, a b) = sa+t(b a) = (s t)a+tb. Note: this computation basically follows the recipe of Euclid s algorithm. 14

Example Recall that gcd(84, 33) = gcd(33, 18) = gcd(18, 15) = gcd(15, 3) = gcd(3, 0) = 3 We work backwards to write 3 as a linear combination of 84 and 33: 3 = 18 15 [Now 3 is a linear combination of 18 and 15] = 18 (33 18) = 2(18) 33 [Now 3 is a linear combination of 18 and 33] = 2(84 2 33)) 33 = 2 84 5 33 [Now 3 is a linear combination of 84 and 33] 15

Some Consequences Corollary 2: If a and b are relatively prime, then there exist s and t such that as + bt = 1. Corollary 3: If gcd(a, b) = 1 and a bc, then a c. Proof: Exist s, t Z such that sa + tb = 1 Multiply both sides by c: sac + tbc = c Since a bc, a sac + tbc, so a c Corollary 4: If p is prime and p Π n i=1 a i, then p a i for some 1 i n. Proof: By induction on n: If n = 1: trivial. Suppose the result holds for n N and p Π N+1 i=1 a i. Note that p Π N+1 i=1 a i = (Π N i=1 a i )a N+1. If p a N+1 we are done. If not, gcd(p, a N+1 ) = 1. By Corollary 3, p Π N i=1 a i By the IH, p a i for some 1 i N. 16

The Fundamental Theorem of Arithmetic, II Theorem 3: Every n > 1 can be represented uniquely as a product of primes, written in nondecreasing size. Proof: Still need to prove uniqueness. We do it by strong induction. Base case: Obvious if n = 2. Inductive step. Suppose OK for n < n. Suppose that n = Π s i=1 p i = Π r j=1 q j. p 1 Π r j=1 q j, so by Corollary 4, p 1 q j for some j. But then p 1 = q j, since both p 1 and q j are prime. But then n/p 1 = p 2 p s = q 1 q j 1 q j+1 q r Result now follows from I.H. 17

Characterizing the GCD and LCM Theorem 6: Suppose a = Π n i=1 p α i i where p i are primes and α i, β i N. Some α i s, β i s could be 0. Then gcd(a, b) = Π n i=1 p min(α i,β i ) i lcm(a, b) = Π n i=1 p max(α i,β i ) i Proof: For gcd, let c = Π n i=1 p min(α i,β i ) i. Clearly c a and c b. and b = Π n i=1 p β i i, Thus, c is a common divisor, so c gcd(a, b). If q γ gcd(a, b), must have q {p 1,..., p n } Otherwise q a so q gcd(a, b) (likewise b) If q = p i, q γ gcd(a, b), must have γ min(α i, β i ) E.g., if γ > α i, then p γ i a Thus, c gcd(a, b). Conclusion: c = gcd(a, b). 18

For lcm, let d = Π n i=1 p max(α i,β i ) i. Clearly a d, b d, so d is a common multiple. Thus, d lcm(a, b). But if p δ i lcm(a, b), must have δ max(α i, β i ). E.g., if δ < α i, then a lcm(a, b). Thus, d lcm(a, b). Conclusion: d = lcm(a, b). Example: 432 = 2 4 3 3, and 95256 = 2 3 3 5 7 2, so gcd(95256, 432) = 2 3 3 3 = 216 lcm(95256, 432) = 2 4 3 5 7 2 = 190512. Corollary 5: ab = gcd(a, b) lcm(a, b) Proof: min(α, β) + max(α, β) = α + β. Example: 4 10 = 2 20 = gcd(4, 10) lcm(4, 10). 19

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback