Congruence of Integers

Similar documents
NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

Carmen s Core Concepts (Math 135)

CS March 17, 2009

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Ma/CS 6a Class 3: The RSA Algorithm

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

The RSA cryptosystem and primality tests

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

For your quiz in recitation this week, refer to these exercise generators:

Integers and Division

Elementary Number Theory Review. Franz Luef

3.2 Solving linear congruences. v3

Lecture Notes. Advanced Discrete Structures COT S

Part V. Chapter 19. Congruence of integers

Mathematics of Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Number Theory and Group Theoryfor Public-Key Cryptography

Discrete mathematics I - Number theory

ECE596C: Handout #11

Ma/CS 6a Class 2: Congruences

dit-upm RSA Cybersecurity Cryptography

Public Key Cryptography

Number Theory Math 420 Silverman Exam #1 February 27, 2018

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Math 109 HW 9 Solutions

Number Theory. Modular Arithmetic

Ma/CS 6a Class 2: Congruences

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Encryption: The RSA Public Key Cipher

Basic elements of number theory

Basic elements of number theory

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Discrete Mathematics GCD, LCM, RSA Algorithm

Simple Math: Cryptography

CHAPTER 3. Congruences. Congruence: definitions and properties

Chapter 8 Public-key Cryptography and Digital Signatures

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Lecture 14: Hardness Assumptions

Senior Math Circles Cryptography and Number Theory Week 2

Wilson s Theorem and Fermat s Little Theorem

PMA225 Practice Exam questions and solutions Victor P. Snaith

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

4 Powers of an Element; Cyclic Groups

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

10 Modular Arithmetic and Cryptography

ICS141: Discrete Mathematics for Computer Science I

Topics in Cryptography. Lecture 5: Basic Number Theory

CIS 551 / TCOM 401 Computer and Network Security

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

COMP4109 : Applied Cryptography

MATH 145 Algebra, Solutions to Assignment 4

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Discrete Mathematics with Applications MATH236

Number Theory and Algebra: A Brief Introduction

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

3 The fundamentals: Algorithms, the integers, and matrices

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Iterated Encryption and Wiener s attack on RSA

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Mathematical Foundations of Public-Key Cryptography

Introduction to Cryptography. Lecture 6

Basic Algorithms in Number Theory

Number Theory A focused introduction

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

THE RSA ENCRYPTION SCHEME

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

M381 Number Theory 2004 Page 1

4 Number Theory and Cryptography

MATHEMATICS EXTENDED ESSAY

The RSA Cipher and its Algorithmic Foundations

Homework #2 solutions Due: June 15, 2012

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

Chapter 3 Basic Number Theory

Lecture 3.1: Public Key Cryptography I

Number Theory & Modern Cryptography

1. Given the public RSA encryption key (e, n) = (5, 35), find the corresponding decryption key (d, n).

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Math 412: Number Theory Lecture 13 Applications of

MONOALPHABETIC CIPHERS AND THEIR MATHEMATICS. CIS 400/628 Spring 2005 Introduction to Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Chapter 5. Modular arithmetic. 5.1 The modular ring

Elementary Number Theory and Cryptography, 2014

Basic Algorithms in Number Theory

A Guide to Arithmetic

8. Given a rational number r, prove that there exist coprime integers p and q, with q 0, so that r = p q. . For all n N, f n = an b n 2

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Proof 1: Using only ch. 6 results. Since gcd(a, b) = 1, we have

Transcription:

Congruence of Integers November 14, 2013 Week 11-12 1 Congruence of Integers Definition 1. Let m be a positive integer. For integers a and b, if m divides b a, we say that a is congruent to b modulo m, written a b mod m. Every integer is congruent to exactly one of the following integers modulo m: 0, 1, 2,..., m 1. Proposition 2 (Equivalence Relation). Let m be a positive integer. integers a, b, c Z, we have For (1) a a mod m; (2) If a b mod m, then b a mod m. (2) If a b mod m and b c mod m, then a c mod m. Proof. Trivial. Proposition 3. Let a b mod m and c d mod m. Then (1) a + c b + d mod m; (2) ac bd mod m; (3) a n b n mod m for any positive integer n. Proof. Trivial Proposition 4. Let a, b, c be integers, a 0, and m be a positive integer. (1) If a m, then ab ac mod m iff b c mod m a. 1

(2) If gcd(a, m) = 1, then ab ac mod m iff b c mod m. (3) If p is a prime and p a, then ab ac mod p iff b c mod p. Proof. (1) ab ac mod m ab = ac + km for some k Z b = c + k m a for some k Z b c mod m a. (2) If ab ac mod m. Then m divides ab ac = a(b c) by definition. Since gcd(a, m) = 1, we have m (b c). Hence b c mod m. (3) In particular, when p is a prime and p a, then gcd(a, p) = 1. 2 Congruence Equation Let m be a positive integer and let a, b Z. The equation ax b mod m (1) is called a linear congruence equation. Solving the linear congruence equation (1) is meant to find all integers x Z such that m (ax b). Proposition 5. Let d = gcd(a, m). The linear congruence equation (1) has a solution if and only if d b. Proof. Assume that (1) has a solution, i.e., there exists an integer k such that ax b = km. Then b = ax km is a multiple of d. So d b. Conversely, if d b, write b = dc. By the Euclidean Algorithm, there exist s, t Z such that d = as + mt. Multiplying c(= b d ) to both sides, we have Hence x = b ds is a solution of (1). acs + mct = dc = b. Let x = s 1 and x = s 2 be two solutions of (1). It is clear that x = s 1 s 2 is a solution of the equation ax 0 mod m. (2) So any solution of (1) can be expressed as a particular solution of (1) plus a solution of (2). Note that (2) is equivalent to a d x 0 mod m d ; since gcd( q d, m d ) = 1, it is further equivalent to x 0 mod m d. Thus all solutions of (2) are given by x = m k, k Z. d 2

Hence all solutions of (1) are given by x = b d s + m k, k Z, where d = gcd(a, m). d Corollary 6. If d is a common factor of a, b, m, then the linear congruence equation (1) is equivalent to a d x b d mod m d. (3) Proof. Given a solution x = s of (1). Then as = b + km for some k Z. Clearly, a d s = b d + m d k. This means that x = s is a solution of (3). Conversely, given a solution x = s of (3), that is, a d s = b d + m d k for some k Z. Multiplying d to both sides, we have as = b + mk. This means that x = s is a solution of (1). Example 1. 3x = 6 mod 4. Since gcd(3, 4) = 1 = 4 3, then all solutions are given by x = 6 + 4k, where k Z, or x = 2 + 4k, k Z. Example 2. 3 The System Z m 6x 9 mod 15 6 3 x 9 3 mod 15 3 2x 3 mod 5. Let Z m = {0, 1, 2,..., m 1}, where m 2. For a, b Z m, we define if a + b s with s Z m, and define if ab t with t Z m. Proposition 7. (1) a b = b a, (2) (a b) c = a (b c), (3) a b = b a, a b = s a b = t 3

(4) (a b) c = a (b c), (5) a (b c) = (a b) (a c), (6) 0 a = a, (7) 1 a = a. (8) 0 a = 0. An element a Z m is said to be invertible if there is an element b Z m such that a b = 1; if so the element b is called an inverse of a in Z m. If m 2, the element m 1 is always invertible and its inverse is itself. Proposition 8. Let m be a positive integer. Then an element a Z m is invertible iff gcd(a, m) = 1. Proof. Necessity: Let b Z m be an inverse of a. Then ab 1 mod m, that is, ab + km = 1 for some k Z. Clearly, gcd(a, m) divides ab + km, and subsequently divides 1. It then forces gcd(a, m) = 1. Sufficiency: Since gcd(a, m) = 1, there exist integers s, t Z such that 1 = as + mt by the Euclidean Algorithm. Thus as 1 mod m. This means that s is an inverse of a. 4 Fermat s Little Theorem Theorem 9. Let p be a prime number. If a is an integer not divisible by p, then a p 1 1 mod p. Proof. Consider the numbers a, 2a,..., (p 1)a modulo p in Z p = {0, 1,..., p 1}. These integers modulo p are distinct, for if xa ya mod p for some x, y Z m, then x y mod p, so x = y, and since 1, 2,..., p 1 are distinct. Thus these integers modulo p are just the list 1, 2,..., p 1. Multiplying these p 1 integers together, we have a p 1 (p 1)! (p 1)! mod p. Since (p 1)! and p are coprime each other, we thus have a p 1 1 mod p. 4

Proposition 10 (Generalized Fermat s Little Theorem). Let p, q be distinct prime numbers. If a is an integer such that p a and q a, then a (p 1)(q 1) 1 mod pq. Proof. By Fermat s Little Theorem we have a p 1 1 mod p. Raising both sides to the (q 1)th power, we have a (p 1)(q 1) 1 mod p. This means that p ( a (p 1)(q 1) 1 ). Analogously, q ( a (p 1)(q 1) 1 ). Since p and q are coprime each other, we then have pq ( a (p 1)(q 1) 1 ), namely, a (p 1)(q 1) 1 mod pq. 5 Roots of Unity Modulo m Proposition 11. Let p be a prime. Let k be a positive integer coprime to p 1. Then (a) There exists a positive integer s such that sk 1 mod p 1. (b) For each b Z not divisible by p, the congruence equation x k b mod p has a unique solution x = b s, where s is as in (a). Proof. (a) By the Euclidean Algorithm there exist integers s, t Z such that sk t(p 1) = 1. Hence sk 1 mod p 1. (b) Suppose that x is a solution to x k b mod p. Since p does not divide b, it does not divide x; i.e., gcd(x, p) = 1. By Fermat s Little Theorem we have x p 1 1 mod p. Then x t(p 1) 1 mod p. Thus Indeed, x = b s is a solution as x x 1+t(p 1) x sk (x k ) s b s mod p. (b s ) k b sk b 1+t(p 1) b (b p 1 ) t b mod p. Proposition 12. Let p, q be distinct primes. Let k be a positive integer coprime to both p 1 and q 1. Then the following statements are valid. 5

(a) There exists a positive integer s such that sk 1 mod (p 1)(q 1). (b) For each b Z such that p b and q b, the congruence equation x k b mod pq has a unique solution x = b s, where s is as in (a). Proof. (a) It follows from the Euclidean Algorithm. In fact, there exists s, t Z such that sk t(p 1)(q 1) = 1. Then sk 1 mod (p 1)(q 1). (b) Suppose x is a solution for x k b mod pq. Since p b and q b, we have p x and q x. By the Generalized Fermat s Little Theorem, we have x (p 1)(q 1) 1 mod pq. Then x t(p 1)(q 1) 1 mod pq. Hence Indeed x = b s is a solution, x x 1+t(p 1)(q 1) x sk (x k ) s b s mod pq. (b s ) k b sk b 1+t(p1)(q 1) b b t(p 1)(q 1) b mod pq. Proposition 13. Let p be a prime. If a is an integer such that a 2 1 mod p, then either a 1 mod p or a 1 mod p. Proof. Since a 2 1 mod p, then p (a 2 1), i.e., p (a 1)(a + 1). Hence we have either p (a 1) or p (a + 1). In other words, we have either a 1 mod p or a 1 mod p. 6 RSA Cryptography System Definition 14. An RSA public key cryptography system is a tuple (S, N, e, d, E, D), where S = {0, 1, 2,..., N 1}, N = pq, p and q are distinct primes numbers, e and d are positive integers such that ed 1 mod (p 1)(q 1), and E, D : S S are functions defined by E(x) = x e mod n and D(x) = x d mod n. The number e is known as the encryption number and d as the decryption number, the maps E and D are known as the encryption map and the decryption map. The pair (N, e) is called the public key of the system. RSA stands for three math guys, Ron Rivest, Adi Shamir and Leonard Adleman. 6

Theorem 15. For any RSA cryptography system (S, N, e, d, E, D), the maps E and D are inverse each other, i.e., for all x S, D(E(x)) x mod N, E(D(x)) x mod N. The two numbers N, e are given in public. Proof. Case 1: x = 0. It is trivial that x ed x mod N. Case 2: gcd(x, N) = 1. Since ed 1 mod (p 1)(q 1), then ed = 1 + k(p 1)(q 1) for some k Z. Thus Since x (p 1)(q 1) 1 mod N, we have x ed = x 1+k(p 1)(q 1) = x(x (p 1)(q 1) ) k x ed x mod N. Case 3: gcd(x, N) 1. Since N = pq, we either have x = ap for some 1 a < q or x = bq for some 1 b < p. In the formal case, we have x ed = (ap) 1+k(p 1)(q 1) = ((ap) q 1 ) k(p 1) (ap). Note that q ap, by Fermat s Little Theorem, (ap) q 1 1 mod q. Thus (ap) q 1 1 mod q. Hence x ed ap x mod q. Note that x ed (ap) ed 0 x mod p. Therefore p (x ed x) and q (x ed x). Since gcd(p, q) = 1, we have pq (x ed x), i.e., x ed x mod N. Example 3. Let p = 3 and q = 5. Then N = 3 5 = 15, (p 1)(q 1) = 2 4 = 8. The encryption key e can be selected to be the numbers 1, 3, 5, 7; Their corresponding decryption keys are also 1, 3, 5, 7, respectively. (e, d) = (3, 11), (5, 5), (7, 7),(9,1),(11,3), (13, 5), and (15, 7) are encryptiondecryption pairs. For instance, for (e, d) = (11, 3), we have x 1 2 3 4 5 6 7 8 9 10 11 12 13 14 E(x) 1 8 12 4 5 6 13 2 9 10 11 3 7 14 In fact, in this special case the inverse of E is itself, i.e., D = E 1 = E. Example 4. Let p = 11, q = 13. Then N = pq = 143, (p 1)(q 1) = 120. Then there are RSA systems with (e, d) = (7, 103); (e, d) = (11, 11); and (e, d) = (13, 37). For the RSA system with (e, d) = (13, 37), we have E(2) = 2 13 41 mod 143 7

(2 2 = 4, 2 4 = 16, 2 8 = 16 2 113, 2 13 = 2 8 2 4 2 113 16 2 41); and D(41) = 41 37 2 mod 143 (41 2 108, 41 4 108 2 81, 41 8 81 2 17, 41 16 17 2 3, 41 32 9, 41 37 = 41 32 41 4 41 2). Note that E(41) 41 8 41 4 41 28, we see that E D. Example 5. Let p = 19 and q = 17. Then N = 19 17 = 323, (p 1)(q 1) = 18 16 = 288. Given encryption number e = 25; find a decryption number d. (d = 265) Given (N, e); we shall know the two prime numbers p, q in principle since N = pq. However, assuming that we cannot factor integers effectively, actually we don t know the numbers p, q. To break the system, the only possible way is to find the number (p 1)(q 1), then use e to find d. Suppose (p 1)(q 1) = pq p q +1 = N (p+q)+1 is known. Then p+q is known. Thus p, q can be found by solving the quadratic equation x 2 (p+q)x+n = 0. This is equivalent to factorizing the number N. Example 6. Given N = pq = 18779 and (p 1)(q 1) = 18480. Then p + q = N (p 1)(q 1) + 1 = 300. The equation x 2 300x + 18779 = 0 implies p = 89, q = 211. Note that (p 1)(q 1) = 88 210 = 2 4 3 5 7 11. One can choose e = 13, 17, 19, 23, 29, etc. Say e = 29, then d can be found as follows: 18480 = 637 29 + 7, 29 = 4 7 + 1; 1 = 29 4 7 = 29 4(18480 637 29) = 4 18480 + 2549 29. Thus d = 2549. 8

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback