This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Similar documents
8 Primes and Modular Arithmetic

9 Modular Exponentiation and Square-Roots

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

CPSC 467b: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security

Ch 4.2 Divisibility Properties

Arithmetic Algorithms, Part 1

Numbers. Çetin Kaya Koç Winter / 18

The Euclidean Algorithm and Multiplicative Inverses

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Senior Math Circles Cryptography and Number Theory Week 2

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Discrete Mathematics GCD, LCM, RSA Algorithm

Some Facts from Number Theory

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Public Key Encryption

1 Overview and revision

Basic elements of number theory

Basic elements of number theory

Algorithms (II) Yu Yu. Shanghai Jiaotong University

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

ICS141: Discrete Mathematics for Computer Science I

Number theory (Chapter 4)

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Chapter 4 Finite Fields

The following is an informal description of Euclid s algorithm for finding the greatest common divisor of a pair of numbers:

Number Theory Proof Portfolio

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Number Theory. Zachary Friggstad. Programming Club Meeting

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Introduction to Public-Key Cryptosystems:

Number Theory. Modular Arithmetic

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

3 The fundamentals: Algorithms, the integers, and matrices

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Number Theory and Group Theoryfor Public-Key Cryptography

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Intermediate Math Circles February 26, 2014 Diophantine Equations I

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Homework #2 solutions Due: June 15, 2012

Fast Fraction-Integer Method for Computing Multiplicative Inverse

a the relation arb is defined if and only if = 2 k, k

CMPUT 403: Number Theory

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

An Algorithm for Prime Factorization

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Lecture 4: Number theory

CSC 474 Information Systems Security

Fall 2017 Test II review problems

Mathematical Foundations of Cryptography

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

CHAPTER 3. Congruences. Congruence: definitions and properties

CSE20: Discrete Mathematics

Ma/CS 6a Class 2: Congruences

M381 Number Theory 2004 Page 1

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

ECEN 5022 Cryptography

WORKSHEET ON NUMBERS, MATH 215 FALL. We start our study of numbers with the integers: N = {1, 2, 3,...}

4 Number Theory and Cryptography

NOTES ON INTEGERS. 1. Integers

18 Divisibility. and 0 r < d. Lemma Let n,d Z with d 0. If n = qd+r = q d+r with 0 r,r < d, then q = q and r = r.

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Lecture 6: Introducing Complexity

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

Theory of RSA. Hiroshi Toyoizumi 1. December 8,

Well-Ordering Principle The set N of natural numbers is well-ordered, i.e.: every non-empty set of natural numbers has a least element.

ALG 4.0 Number Theory Algorithms:

Lecture 7 Number Theory Euiseong Seo

Practice Number Theory Problems

Modular Arithmetic and Elementary Algebra

MATH10040 Chapter 1: Integers and divisibility

cse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

Summary: Divisibility and Factorization

Numbers, Groups and Cryptography. Gordan Savin

CSE 311: Foundations of Computing. Lecture 12: Two s Complement, Primes, GCD

Mathematics for Cryptography

Definition For a set F, a polynomial over F with variable x is of the form

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Wilson s Theorem and Fermat s Little Theorem

Chapter 5. Number Theory. 5.1 Base b representations

1. multiplication is commutative and associative;

Mathematics of Cryptography

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Transcription:

8 Modular Arithmetic We introduce an operator mod. Let d be a positive integer. For c a nonnegative integer, the value c mod d is the remainder when c is divided by d. For example, c mod d = 0 if and only if d is a multiple of c. We will discuss the arithmetic of remainders shortly, but first an old concept. 8.1 Euclid s Algorithm Recall that the gcd (greatest common divisor) of two positive integers is the largest integer that is a divisor of both. Two integers are called relatively prime if their gcd is 1. If we have the prime factorization of the two numbers, then it is straightforward to calculate their gcd: take the smaller power of each common prime. For example: gcd(36, 120) = 12, since 36 = 2 2 3 2 and 120 = 2 3 3 5, and so their gcd is 2 2 3. Surprisingly, knowing the factorizations is not necessary, as was known to Euclid and other ancients. Here is Euclid s Algorithm for the greatest common divisor of a and b: gcd(a,b) if b is a divisor of a, then return b else return gcd(b, a mod b) This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time. Example 8.1. What is the gcd of 33 and 12? gcd(33, 12) = gcd(12, 9) = gcd(9, 3) = 3. But we need to show that the procedure always gives the correct value. If b is a divisor of a, then clearly their gcd is b. So we need to show that when b is not a divisor of a, that gcd(a, b) = gcd(b, a mod b) Well suppose a = qb + r where r = a mod b. It follows that, if c is a factor of both b and r, then c is a factor of qb + r as well, and so it is a factor of a. Conversely, we can re-arrange the equation to r = a qb, and so if c is a factor of both a and b, then it is a factor of r

8 MODULAR ARITHMETIC 35 as well. This shows that the set of common factors of a and b is the same as the set of common factors of a and r. In particular, the greatest element in the two sets must be the same. Euclid s algorithm can be extended to prove the following result, and indeed to construct the s and t the theorem claims exist: Theorem 8.1 If c is the gcd of a and b, then there exist integers s and t such that s a + t b = c. Example 8.2. For 12 and 33, we have 3 12 + ( 1) 33 = 3. We omit the proof of the theorem. 8.2 Modular Arithmetic: Addition and Multiplication In arithmetic modulo n, when we add, subtract, or multiply two numbers, we take the answer mod n. For example, if we want the product of two numbers modulo n, then we multiply them normally and the answer is the remainder when the normal product is divided by n. The value n is sometimes called the modulus. Specifically, let Z n represent the set {0, 1,...,n 1} and define the two operations: a + n b = (a + b) mod n a n b = (a b) mod n Modular arithmetic obeys the usual rules for the operations addition and multiplication. For example, a + n b = b + n a and (a n b) n c = a n (b n c). Now, we can write down tables for modular arithmetic. For example, here are the tables for arithmetic modulo 5. + 5 0 1 2 3 4 0 0 1 2 3 4 1 1 2 3 4 0 2 2 3 4 0 1 3 3 4 0 1 2 4 4 0 1 2 3 5 0 1 2 3 4 0 0 0 0 0 0 1 0 1 2 3 4 2 0 2 4 1 3 3 0 3 1 4 2 4 0 4 3 2 1 The table for addition is rather boring, and it changes in a rather obvious way if we change the modulus.

8 MODULAR ARITHMETIC 36 However, the table for multiplication is a bit more interesting. There is obviously a row with all zeroes. But in each of the other rows, every value is there and there is no repeated value. This does not always happen; for example, if we wrote down the table for modulus 4, then we would see only even numbers. Indeed, if the modulus is a multiple of m, then every value in the multiplication table will be a multiple of m. So the only way it can happen that all values appear in the multiplication table is that the modulus is a prime. And in that case, yes this happens: Theorem 8.2 If p is a prime, and 1 a p 1, then the values 0 mod p, a mod p, 2a mod p, 3a mod p,..., (p 1)a mod p are all distinct. Proof. Proof by contradiction. Suppose ia mod p = ja mod p with 0 i < j p 1. Then (ja ia) mod p = ja mod p ia mod p = 0, and so ja ia = (j i)a is a multiple of p. However, a is not a multiple of p; so j i is a multiple of p. But that is impossible, because j i > 0 and j i < p. We have a contradiction. Since there are p distinct values in the row, but only p possible values, this means that every value must appear exactly once in the row. We can also define subtraction in the same way, provided we say what the mod operation does when the first argument is negative: c mod d is the smallest nonnegative number r such that c = qd + r for some integer q; for example, 1 mod d = d 1. 8.3 Modular Arithmetic: Inverses An interesting question is whether one can define division. This is based on the concept of an inverse, which is actually a more important concept. We define the inverse of b, written b 1, as a number y in Z n such that b n y = 1. The question is: does such a y exist? And if so, how to find it? Well, it certainly does exist in some cases. Example 8.3. For n = 7, it holds that 4 1 = 2 and 3 1 = 5. But 0 1 never exists. Nevertheless, it turns out that modulo a prime p, all the remaining numbers have inverses. Actually, we already proved this when we showed in Theorem 8.2 that all values appear in a row of the multiplication table. In particular, we know that somewhere in the row for b there will be a 1; that is, there exists a y such that b p y = 1.

8 MODULAR ARITHMETIC 37 But this does not provide a quick algorithm for finding b 1. And what about the case where the modulus is not a prime? For example, 5 1 = 7 when the modulus is 12. Theorem 8.3 b 1 exists if and only if b is relatively prime to n. Proof. There are two parts to prove. If b and n have a common factor say a, then any multiple of b is divisible by a and indeed b n y is a multiple of a for all y, so the inverse does not exist. If b is relatively prime to n, then consider Euclid s extended algorithm. Given n and b, the algorithm behind Theorem 8.1 will produce integers x and y such that: n x + b y = 1. And so b n y = 1. It can be shown that if an inverse exists, then it is unique. 8.4 Modular Equations A related question is trying to solve modular equations. These arise in puzzles problems where it says that: there was a collection of coconuts and when we divided it into four piles there was one left over, and when we divided it into five piles, etc. Theorem 8.4 Let a be a nonnegative integer, and let b and c be positive integers that are relatively prime. Then the solution to the equation c x mod b = a is all integers x such that x mod b = a b c 1, where c 1 is calculated modulo b; or if you prefer, all integers of the form ib+a bc 1 where i is an integer (which can be negative). Proof. The proof is just to multiply both sides of the equation by c 1, which we know exists. Example 8.4. Solve the equation 3x mod 10 = 4. Then 3 1 = 7 and 4 10 7 = 8. So x mod 10 = 8. This is then generalized in the Chinese Remainder Theorem, which we do not discuss.

8 MODULAR ARITHMETIC 38 8.5 Modular Exponentiation Modular arithmetic is also used in cryptography. In particular, modular exponentiation is the cornerstone of what is called RSA cryptosystems. Theorem 8.5 Fermat s little theorem. If p is a prime, then for a with 1 a p 1, a mod p = 1. Proof. Consider the following set S = { ia mod p : 1 i p 1 }. That is, multiply a by all integers in the range 1 to p 1 and write down the remainders when each is divided by p. Actually, we already looked at this set: it is the row corresponding to a from the multiplication table for p. And we showed that these values are all distinct. Therefore, S is actually just the set of integers from 1 up to p 1. Now, we multiply the elements of S together. To avoid very ugly formulas, we use x y to mean x mod p = y mod p. And we use Π-notation, which is the same as Σ-notation except that it is the product rather than the sum. By Theorem 8.2 and the above discussion, But, we can also factor out the a s: (ia) mod p = i (ia) mod p a i It follows that i a i Divide both sides by i 1 i and we get that a 1; that is, a mod p = 1. We consider now an algorithm for calculating modular powers. Consider trying to compute g A mod n given g, A, and n. The obvious algorithm to compute g A mod n multiplies g together A times. But there is a much faster algorithm to calculate g A mod n, which uses at most 2 log 2 A multiplications. The algorithm uses the fact that one can reduce modulo n at each and every point. For example, that a b mod n = (a mod n) (b mod n) mod n. But the key savings is the insight that g 2B is the square of g B.

8 MODULAR ARITHMETIC 39 dexpo(g,a,n) if A = 0 then return 1 else if A odd { z = dexpo(g, A 1, n) return(zg mod n) % uses g A = g g A 1 } else { z = dexpo (g, A/2, n) return(z 2 mod n) % uses g A = (g A/2 ) 2 } Note that at least every second turn the value of A is even and therefore is halved. Example 8.5. Calculate 3 12 mod 5. dexpo(3, 12, 5) = (dexpo(3, 6, 5)) 2 mod 5 = 4 2 mod 5 = 1 dexpo(3, 6, 5) = (dexpo(3, 3, 5)) 2 mod 5 = 2 2 mod 5 = 1 dexpo(3, 3, 5) = (3 dexpo(3, 2, 5)) mod 5 = 3 4 mod 5 = 2 dexpo(3, 2, 5) = (dexpo(3, 1, 5)) 2 mod 5 = 3 2 mod 5 = 4 dexpo(3, 1, 5) = (3 dexpo(3, 0, 5)) mod 5 = 3 1 mod 5 = 3 Exercises 8.1. List all factors of 945. 8.2. Define D(n) as the number of factors of n. For example, the primes are the n such that D(n) = 2. (a) Determine all n such that D(n) = 3. (b) Determine all n such that D(n) = 4. 8.3. Calculate the gcd of 91 and 287. 8.4. (a) Write out the addition and multiplication tables for Z 2. (b) If we define 1 as true and 0 as false, explain which boolean connectives correspond to + 2 and 2. 8.5. Calculate 5 1 and 10 1 in Z 17.

8 MODULAR ARITHMETIC 40 8.6. Prove that if b has an inverse in Z n, then it is unique. 8.7. How many elements of Z 91 have multiplicative inverses in Z 91? 8.8. How many rows of the table for 12 contain all values? 8.9. Describe all solutions to the modular equation 7x mod 8 = 3. 8.10. Find the smallest positive solution to the set of modular equations: x mod 3 = 2, x mod 11 = 4, x mod 8 = 7. 8.11. (a) Compute 3 29 mod 20. (b) Compute 5 33 mod 13. 8.12. (a) Consider the primes 5, 7, and 11 for n. For each integer from 1 through n 1, calculate its inverse. (b) A number is self-inverse if it is its own inverse. For example, 1 is always self-inverse. Based on the data from (a), state a conjecture about the number of self-inverses. (c) Prove your conjecture. 8.13. (a) Consider the primes 5, 7, and 11 for n. For each a from 1 through n 1, calculate a 2 mod n (which is the same as a n a). (b) A number y is a quadratic residue if there is some a such that y = a 2 mod n. For example, 1 is always a quadratic residue (since it is 1 2 mod n). Based on the data from (a), state a conjecture about the number of quadratic residues. (c) Prove your conjecture. 8.14. Using the Binomial Theorem (and without using Fermat s little theorem), prove that for any prime p 3, it holds that 2 p mod p = 2.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback