Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Similar documents
Lecture Notes. Advanced Discrete Structures COT S

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Basic elements of number theory

Basic elements of number theory

Mathematical Foundations of Cryptography

CHAPTER 3. Congruences. Congruence: definitions and properties

ECE596C: Handout #11

Numbers. Çetin Kaya Koç Winter / 18

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Lecture 7: Number Theory Steven Skiena. skiena

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Topics in Cryptography. Lecture 5: Basic Number Theory

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Elementary Number Theory. Franz Luef

Lecture 7 Number Theory Euiseong Seo

Lecture 3.1: Public Key Cryptography I

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

8 Primes and Modular Arithmetic

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

CSC 474 Information Systems Security

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Introduction to Cryptography. Lecture 6

Number Theory Alex X. Liu & Haipeng Dai

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Number Theory and Group Theoryfor Public-Key Cryptography

Number Theory. Modular Arithmetic

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Finite Fields. Mike Reiter

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Applied Cryptography and Computer Security CSE 664 Spring 2018

CPSC 467b: Cryptography and Computer Security

Chapter 4 Finite Fields

Introduction to Information Security

Number Theory Notes Spring 2011

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Elementary Number Theory Review. Franz Luef

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

3.2 Solving linear congruences. v3

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Applied Cryptography and Computer Security CSE 664 Spring 2017

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Number Theory. Zachary Friggstad. Programming Club Meeting

ALG 4.0 Number Theory Algorithms:

Inverses. Today: finding inverses quickly. Euclid s Algorithm. Runtime. Euclid s Extended Algorithm.

Lecture 11 - Basic Number Theory.

Chapter 5. Modular arithmetic. 5.1 The modular ring

1 Overview and revision

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Mathematical Foundations of Public-Key Cryptography

a the relation arb is defined if and only if = 2 k, k

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Algorithms (II) Yu Yu. Shanghai Jiaotong University

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

ECEN 5022 Cryptography

Introduction to Cryptology. Lecture 19

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

Lecture 14: Hardness Assumptions

Part V. Chapter 19. Congruence of integers

Groups An introduction to algebra. Table of contents

The Euclidean Algorithm and Multiplicative Inverses

Number Theory Proof Portfolio

Practice Number Theory Problems

NOTES ON SIMPLE NUMBER THEORY

MTH 346: The Chinese Remainder Theorem

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Arithmetic Algorithms, Part 1

CS250: Discrete Math for Computer Science

Modular Arithmetic Instructor: Marizza Bailey Name:

Elementary Number Theory MARUCO. Summer, 2018

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

7. Prime Numbers Part VI of PJE

LECTURE NOTES IN CRYPTOGRAPHY

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

CMPUT 403: Number Theory

M381 Number Theory 2004 Page 1

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

CSE20: Discrete Mathematics

1. multiplication is commutative and associative;

MATH 361: NUMBER THEORY FOURTH LECTURE

CS 290G (Fall 2014) Introduction to Cryptography Oct 21st, Lecture 5: RSA OWFs

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

ICS141: Discrete Mathematics for Computer Science I

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Introduction to Number Theory 1. c Eli Biham - December 13, Introduction to Number Theory 1

Transcription:

Great Theoretical Ideas In CS Victor Adamchik CS - Lecture Carnegie Mellon University Outline Number Theory and Modular Arithmetic p- p Working modulo integer n Definitions of Z n, Z n Fundamental lemmas of +,-,,/ Extended Euclid Algorithm Euler phi function (n) = Z n Fundamental lemma of powers Euler Theorem (a mod n) means the remainder when a is divided by n. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b) a mod n = r a = d n + r for some integer d or a = n + r k for some integer k 8 [mod ] 8 8 [mod 7] 7 8 Written as a n b, and spoken a and b are equivalent or congruent modulo n n induces a natural partition of the integers into n residue classes. ( residue = what left over = remainder ) Define residue class [k] = the set of all integers that are congruent to k modulo n. Residue Classes Mod : [] = {, -, -,,,,..} [] = {, -, -,,, 7,..} [] = {, -, -,,, 8,..} [-] = {, -, -,,,,..} [7] = {, -, -,,, 7,..} [-] = {, -, -,,, 8,..} = [] = [] = []

n is an equivalence relation In other words, it is Reflexive: a n a Symmetric: (a n b) (b n a) Transitive: (a n b and b n c) (a n c) Why do we care about these residue classes? Because we can replace any member of a residue class with another member when doing addition or multiplication mod n and the answer will not change To calculate: 9 mod just do - = - = 7 Fundamental lemma of plus and times mod n: If (x n y) and (a n b). Then ) x + a n y + b ) x a n y b Proof of ): x a = y b (mod n) (x n y) => x = y + k n (a n b) => a = b + m n x a = y b + n (y m + b k + k m) Proof: Another Simple Fact: if (x n y) and (k n), then: x k y Example: x = y + m n n = a k x = y + a m k x k y A Unique Representation System Modulo n: We pick one representative from each residue class and do all our calculations using these representatives. Unsurprisingly, we use,,,, n-

Unique representation system mod Finite set Z = {, } Unique representation system mod Finite set Z = {,,, } + XOR AND + Notation Z n = {,,,, n-} Define operations + n and n : a + n b = (a + b mod n) a n b = (a b mod n) Some properties of the operation + n [ Closed ] x, y Z n x + n y Z n [ Associative ] x, y, z Z n (x + n y) + n z = x + n (y + n z) [ Commutative ] x, y Z n x + n y = y + n x Similar properties also hold for n For addition tables, rows and columns always are a permutation of Z n For multiplication, some rows and columns are permutation of Z n, while others aren t + + what s happening here?

For addition, the permutation property means you can solve, say, + x = (mod ) For multiplication, if a row has a permutation you can solve, say, x = (mod ) Subtraction mod n is well-defined Each row has a, hence a is that element such that a + (-a) = a b = a + (-b) + x = (mod ) no solutions! x = (mod ) multiple solutions! Multiplicative Inverse Definition. Let a in Z n An element b in Z n is called a multiplicative inverse of a, if a b = (mod n) A visual way to understand multiplication and the permutation property. Consider 8 on Z 8 7 7 7 7 7 There are exactly 8 distinct multiples of modulo 8. 7 k mod 8 hit all numbers row has the permutation property

There are exactly distinct multiples of modulo 8. 7 k mod 8 There are exactly distinct multiples of 8 modulo 8. 7 8k mod 8 row does not have permutation property for 8 on Z 8 There are exactly distinct multiples of modulo 8. What s the pattern? 7 k mod 8 exactly 8 distinct multiples of modulo 8 exactly distinct multiples of modulo 8 exactly distinct multiple of 8 modulo 8 exactly distinct multiples of modulo 8 y/gcd(x,y) exactly distinct multiples of x modulo y Theorem: There are exactly y/gcd(x,y) distinct multiples of x modulo y Hence, only those values of x with GCD(x,y) = have n distinct multiples (i.e., the permutation property for n on Z n ) Fundamental lemma of division (or cancelation) modulo n: if GCD(c,n)=, then ca n cb a n b Proof: c a = n c b => n (ca cb) => n c(a-b) But GCD(n, c)=, thus n (a-b) => a = n b

Fundamental lemmas mod n: If you want to extend to general c and n If (x n y) and (a n b). Then ca n cb a n/gcd(c,n) b ) x + a n y + b ) x a n y b ) x - a n y b ) cx n cy a n b if gcd(c,n)= New definition: Z = {,,,,,} Z = {,} Z n = {x Z n GCD(x, n) =} + Multiplication over this set Z n has the cancellation property. We ve got closure Z = { x < gcd(x,) = } Recall we proved that Z n was closed under addition and multiplication? What about Z n under multiplication? Fact: if a,b in Z n,then ab in Z n Proof: if gcd(a,n) = gcd(b,n) =, then gcd(a b, n) = then gcd(a b mod n, n) = = {,,7,} 7 7 7 7 7 7

Z = {,,,} = Z \ {} For prime p, the set Z p = Z p \ {} Proof: It just follows from the definition! For prime p, all < x < p satisfy gcd(x,p) = Euler Phi Function (n) (n) = size of Z n = number of k < n that are relatively prime to n. p prime Z p = {,,,,p-} (p) = p- Z = { x < gcd(x,) = } = {,,7,} () = 7 7 7 7 7 7 Theorem: if p,q distinct primes then (p q) = (p-)(q-) pq = # of numbers from to pq p = # of multiples of q up to pq q = # of multiples of p up to pq = # of multiple of both p and q up to pq (pq) = pq p q + = (p-)(q-) () = () =(-)(-)=8 Multiplicative inverse of a mod n = number b such that ab= (mod n) Remember, only defined for numbers a in Z n What is the multiplicative inverse of a = 9 in Z 9 = Z n? Answer: a - = 879 7

How do you find multiplicative inverses fast? Theorem: given positive integers X, Y, there exist integers r, s such that r X + s Y = gcd(x, Y) and we can find these integers fast! Extended Euclid Algorithm Now take n, and a in Z n gcd(a, n)? a in Z n gcd(a, n) = Thus, we can find r and s s.t. ra + sn = then ra = n so, r = a - mod n Euclid s Algorithm for GCD Euclid(A,B) If B= then return A else return Euclid(B, A mod B) Extended Euclid Algorithm Let <r,s> denote the number r7 + s9 =. Calculate all intermediate values in this representation. Euclid(7,9) 7 9 = 7 mod 9 = 9 Euclid(9,9) 9 9 = 9 mod 9 = Euclid(9,) 9 = 9 mod = Euclid(,) = mod = Euclid(,) outputs 7=<,> 9=<,> Euclid(7,9) 9=<,> <,> 9 =<-, -> Euclid(9,9) =<,> <,-> =<-,+> Euclid(9,) =<,-> <-,7> =<,-> Euclid(,) =<-,7> <,-> =<-9,7> Euclid(,) outputs = 7 9 Finally, a puzzle Diophantine equation You have a gallon bottle, a gallon bottle, and lots of water. Can you measure out exactly gallons? Does the equality x + y = have a solution where x,y are integers? 8

New bottles of water puzzle Theorem You have a gallon bottle, a gallon bottle, and lots of water. How can you measure out exactly gallons? The linear equation a x + b y = c has an integer solution in x and y iff gcd(a,b) c The linear equation a x + b y = c has an integer solution in x and y iff gcd(a,b) c Hilbert s th problem =>) gcd(a,b) a and gcd(a,b) b => gcd(a,b) (a x + b y) <=) gcd(a,b) c => c = z gcd(a,b) Hilbert asked for a universal method of solving all Diophantine equations P(x,x,,x n )= with any number of unknowns and integer coefficients. On the other hand, gcd(a,b) = x a + y b z gcd(a,b) = z x a + z y b c = z x a + z y b In 97 Y. Matiyasevich proved that the Diophantine problem is unsolvable. How do you compute Exponentiation 8 using few multiplications? First idea: 7 8 = = 9

8 How do you compute Repeated squaring calculates a k in k multiply operations Better idea: 8 = = = Used only mults instead of 7!!! compare with ( k ) multiply operations used by the naïve method How do you compute To compute a m Use repeated squaring again? 8 Note that = 8++ = () So a = a 8 a a Two more multiplies! Suppose k m < k+ a a a a 8... a k This takes k multiplies Now write m as a sum of distinct powers of say, m = k + i + i + i t a m = a k a i a it at most k more multiplies How do you compute Hence, we can compute a m while performing at most log m multiplies (mod ) First idea: Compute using multiplies 8 = 7 = 8 = then take the answer mod 7 (mod ) =

(mod ) How do you compute Better idea: keep reducing the answer mod 8 8 = = = = = 9 = = = Hence, we can compute a m (mod n) while performing at most log m multiplies where each time we multiply together numbers with log n + bits How do you compute (mod ) The current best idea would still need about calculations OK, need a little more number theory for this one answer = Can we exponentiate any faster? Fundamental lemma of powers? If (x n y) Then a x n a y? NO! ( ), but it is not the case that: (Correct) Fundamental lemma of powers. If a Z n and x (n) y then a x n a y Equivalently, for a Z n, a x n ax mod (n)

How do you compute (mod ) (mod ) = for a Z n, a x n ax mod (n) Hence, we can compute a m (mod n) while performing at most log (n) multiplies (mod ) = mod = for a Z n, a x n ax mod (n) Why did we take mod? where each time we multiply together numbers with log n + bits 8 787 mod 9 Step : reduce the base mod 9 Step : reduce the exponent mod (9) = you should check that gcd(8,9)= to use lemma of powers Step : use repeated squaring to compute, taking mods at each step How do you prove the lemma for powers? for a Z n, a x n ax mod (n) Use Euler s Theorem For a Z n, a (n) n Corollary: Fermat s Little Theorem For p prime, a Z p a p- p Proof of Euler s Theorem: for a Z n, a (n) n Define a Z n = {a n x x Z n } for a Z n By the permutation property, Z n = az n x n ax [as x ranges over Z n ] x n x (a size of Zn ) [Commutativity] = n a size of Zn [Cancellation] a (n) = n Here s What You Need to Know Working modulo integer n Definitions of Z n, Z n Fundamental lemmas of +,-,,/ Extended Euclid Algorithm Euler phi function (n) = Z n Fundamental lemma of powers Euler Theorem

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback