Math 5330 Spring Notes Congruences

Similar documents
Exam 2 Solutions. In class questions

4.4 Solving Congruences using Inverses

1 Divisibility Basic facts about divisibility The Division Algorithm... 3

Elementary factoring algorithms

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

1. multiplication is commutative and associative;

Number Theory Homework.

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Senior Math Circles Cryptography and Number Theory Week 2

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Wilson s Theorem and Fermat s Little Theorem

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

Part V. Chapter 19. Congruence of integers

A Guide to Arithmetic

Math 261 Spring 2014 Final Exam May 5, 2014

ICS141: Discrete Mathematics for Computer Science I

Applied Cryptography and Computer Security CSE 664 Spring 2018

Summary Slides for MATH 342 June 25, 2018

7. Prime Numbers Part VI of PJE

I Foundations Of Divisibility And Congruence 1

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

3 The fundamentals: Algorithms, the integers, and matrices

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

1. (a) q = 4, r = 1. (b) q = 0, r = 0. (c) q = 5, r = (a) q = 9, r = 3. (b) q = 15, r = 17. (c) q = 117, r = 11.

Number Theory A focused introduction

Number Theory Math 420 Silverman Exam #1 February 27, 2018

Introduction to Number Theory

FERMAT S TEST KEITH CONRAD

Math 109 HW 9 Solutions

Part II. Number Theory. Year

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

Computing Quotient and Remainder. Prime Numbers. Factoring by Trial Division. The Fundamental Theorem of Arithmetic

CPSC 467b: Cryptography and Computer Security

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

NOTES ON SIMPLE NUMBER THEORY

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

4 Number Theory and Cryptography

Chapter 1. Number of special form. 1.1 Introduction(Marin Mersenne) 1.2 The perfect number. See the book.

1. (a) q = 4, r = 1. (b) q = 0, r = 0. (c) q = 5, r = (a) q = 9, r = 3. (b) q = 15, r = 17. (c) q = 117, r = 11.

WORKSHEET ON NUMBERS, MATH 215 FALL. We start our study of numbers with the integers: N = {1, 2, 3,...}

CPSC 467: Cryptography and Computer Security

MATH 3330 ABSTRACT ALGEBRA SPRING Definition. A statement is a declarative sentence that is either true or false.

Number Theory Solutions Packet

The running time of Euclid s algorithm

With Question/Answer Animations. Chapter 4

Chapter 5. Number Theory. 5.1 Base b representations

The RSA Encryption/Decryption method is based on the Euler's and Fermat's Theorem

CHAPTER 3. Congruences. Congruence: definitions and properties

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

ORDERS OF ELEMENTS IN A GROUP

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

ASSIGNMENT Use mathematical induction to show that the sum of the cubes of three consecutive non-negative integers is divisible by 9.

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

EULER S THEOREM KEITH CONRAD

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Homework #2 solutions Due: June 15, 2012

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Euler s, Fermat s and Wilson s Theorems

Solutions to Problem Set 4 - Fall 2008 Due Tuesday, Oct. 7 at 1:00

Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition. Todd Cochrane

Elementary Number Theory

5: The Integers (An introduction to Number Theory)

Elementary Number Theory Review. Franz Luef

Chapter 5: The Integers

Elementary Number Theory MARUCO. Summer, 2018

Ma/CS 6a Class 3: The RSA Algorithm

Discrete Mathematics with Applications MATH236

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

MATH 215 Final. M4. For all a, b in Z, a b = b a.

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

A Few Primality Testing Algorithms

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Pseudoprimes and Carmichael Numbers

CS March 17, 2009

This exam contains 5 pages (including this cover page) and 4 questions. The total number of points is 100. Grade Table

Gaussian integers. 1 = a 2 + b 2 = c 2 + d 2.

MATH 2200 Final Review

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

MATH 115, SUMMER 2012 LECTURE 12

Transcription:

Math 5330 Spring 2018 Notes Congruences One of the fundamental tools of number theory is the congruence. This idea will be critical to most of what we do the rest of the term. This set of notes partially follows the book s treatment. I will not use the language of abstract algebra, however, to the extent that the book does. In addition, I will present some results of historical importance, which are not in the book. Definition 1 We say a b pmod mq (read a is congruent to b modulo m) if a b is divisible by m. If a qm ` r, where 0 ď r ă m, then a r pmod mq. We refer to r as the least residue of a modulo m and say that a belongs to the residue class of r. The book denotes this a P r, where r is the set t..., r 2m, r m, r, r ` m, r ` 2m,...u. I will not refer much to residue classes. Theorem 1 Let a b pmod mq and c d pmod mq. Then 1) a ` c b ` d pmod mq 2) ac bd pmod mq 3) for any n ą 0, a n b n pmod mq Proof: I will leave you to prove (1). You should try to do this to get used to working with congruences. (3) follows by induction from (2) (with c a and d b). Here is a verification of (2): if a b pmod mq and c d pmod mq, then for some integers k 1 and k 2, a b k 1 m and c d k 2 m. Writing this as a b ` k 1 m and c d ` k 2 m, we have ac pb ` k 1 mqpd ` k 2 mq bd ` mpk 1 d ` k 2 b ` k 1 k 2 mq. Thus, ac bd is a multiple of m, so ac bd pmod mq, as desired. Division is not possible in general with congruences. For example, 24 84 pmod 15q but if we divide both sides by 6, we get 4 14 pmod 15q, which is not correct. However, we do have the following: Theorem 2 If ac bc pmod mq and gcdpc, mq 1, then a b pmod mq. More generally, if ac bc pmod mq and gcdpc, mq d, then a b pmod m{dq. Proof: If ac bc pmod mq, then for some integer, k, ac bc km, or pa bqc km. If gcdpc, mq d, then for some integers x and y, cx ` my d. Now pa bqcx kmx and cx d my so pa bqpd myq kmx. Dividing by d gives pa bq 1 my kmx d d. Thus, a b m pkx ` pa bqyq, which means that a b pmod m{dq. If d 1, we get the d first assertion. The idea of a congruence goes back many centuries, but Gauss made the notation and its properties explicit. When we talk about theorems of Euler and Fermat that apply to congruences, they did not use congruence notation. For example, Fermat made two observations of some importance to us here. First, he noticed that if p is prime and q is a divisor of the Mersenne number 2 p 1, then q 1 pmod pq. Fermat would have phrased this as q 1 is divisible by p. Second, and more important to us in this course, is one of the most fundamental results in computational number theory.

Theorem 3 (Fermat s Little Theorem) If p is prime and a is any integer, then a p apmod pq. Proof: Our book derives this theorem as a corollary to Euler s theorem, which we state in a little bit. Here is an alternative proof by induction. First, for odd primes, p, p aq p a p, so if we can establish the result for nonnegative a, we will get the negative values as well. Inducting on a, the result is obviously true when a 0. Supposing we have established the result for a, we must show that pa ` 1q p a ` 1 pmod pq. Using the Binomial Theorem, pa ` 1q p a p ` ˆp a p 1 ` 1 ˆp 2 ˆ a p 2 ` ` p p 1 a ` 1. ˆp p! Now, and this will be divisible by p if there is no factor involving p in the k k!pp kq! denominator. This is the case whenever 1 ď k ď p 1, so all the middle binomial coefficients are divisible by p. This means ˆ ˆp ˆp p pa ` 1q p a p ` a p 1 ` a p 2 ` ` a ` 1 1 2 p 1 establishing the inductive step. a p ` 0 ` 0 ` ` 0 ` 1 pmod pq a ` 1 pmod pq, Corolary 1 (Also called Fermat s Little Theorem) If p ffl a then a p 1 1 pmod pq. This follows by the cancellation theorem since if p ffl a then gcdpa, pq 1. If n is not prime, then usually a n 1 ı 1 pmod nq. As we will see shortly, this gives a quick way to determine that most composite numbers are not prime. For example, 2 14 16384 4 pmod 15q. Thus, 15 can t be prime. We say it violates Fermat s Little Theorem, or fails the Fermat Test. Unfortunately, this is not a fool proof approach. It turns out that 2 340 1 pmod 341q even though 341 11 ˆ 31. A composite number n that has the property that 2 n 1 1 pmod nq is called a base 2 pseudoprime. These numbers are rare: there are 245 pseudoprimes under 1,000,000 while there are 78,498 primes less than 1,000,000. So if a number, n ă 1, 000, 000 is selected at random and 2 n 1 1 pmod nq, then 78, 498 the probability that n is prime is «.997, pretty good odds. 245 ` 78, 498 Let s show that 341 is a base 2 pseudoprime. By Fermat s Little Theorem, 2 11 2 pmod 11q, or 2 10 1 pmod 11q. In fact, 2 10 1 1023, which is 93 ˆ 11. Noticing that 31 is a divisor of 93, we see that 31 1023 as well. In fact, 1023 3 ˆ 341. This means 341 2 10 1. But 2 10 1 is a divisor of 2 340 1 (since 10 is a divisor of 340) so 341 2 340 1, or 2 340 1 pmod 341q. Page 2

Now even though 341 is a base 2 pseudoprime, it is not a base 3 pseudoprime. That is, 3 340 56 ı 1 pmod 341q. We say that 341 fails a base 3 Fermat test. Unfortunately, there are very rare numbers that are pseudoprimes to infinitely many bases. A number n for which a n a pmod nq for all integers a is called a Carmichael number. Carmichael was a mathematician trying to prove that such numbers could not exist. While studying properties such numbers would have to possess, he discovered, in 1910, that 561 had those properties. Of course Carmichael numbers are much rarer than pseudoprimes. Of the 245 base 2 pseudoprimes under 1,000,000, only 43 of them are Carmichael numbers. Even so, it was proved in 1993 that there are infinitely many Carmichael numbers. Euler s φ function A useful number theoretic function is Euler s phi function φpnq the number of positive integers less than n which are relatively prime to n. For example, the numbers prime to 15 are 1, 2, 4, 7, 8, 11, 13, 14. There are 8 of them so φp15q 8. The following is a generalization of Fermat s Little Theorem. Theorem 4 (Euler s Theorem) If gcdpa, nq 1, then a φpnq 1 pmod nq. Proof: Let φpnq k and suppose that x 1, x 2, x 3,..., x k are the numbers less than, but prime to n. As mentioned before, since gcdpa, nq 1, if ax ay pmod nq then x y pmod nq. Because of this, the numbers ax 1, ax 2, ax 3,..., ax k must all be distinct modulo n. That is, for all i j, ax i ı ax j pmod nq. These numbers are also relatively prime to n, so modulo n they must be a reordering of the numbers x 1, x 2, x 3,..., x k. This means that they must have the same product modulo n. That is, x 1 x 2 x k pax 1 qpax 2 q pax k q pmod nq, so x 1 x 2 x k a k x 1 x 2 x k pmod nq. Since x 1 x 2 x k is relatively prime to n, we may cancel it out to get a k 1 pmod nq, as desired. For an example of the proof, using n 15, and x 1,..., x 8 being 1, 2, 4, 7, 8, 11, 13, 14, if we were to pick a 7 then multiplying each of these numbers by 7 would give the list 7, 14, 28, 49, 56, 77, 91, 98. Reducing these modulo 15 would give the list 7, 14, 13, 4, 11, 2, 1, 8, a reordering of the original list. This means that 7 14 28 49 56 77 91 98 7 14 13 4 11 2 1 8 1 2 4 7 8 11 13 14 modulo 15. That is, 7 8 1 2 4 7 8 11 13 14 1 2 4 7 8 11 13 14 pmod 15q, so 7 8 1 pmod 15q. In fact, 7 8 5764801 15 ˆ 384320 ` 1. I mentioned that Fermat made two observations about primes, most easily understood in terms of congruences. One was Fermat s Little Theorem. The other was that if p is prime and q is any divisor of the Mersenne number 2 p 1 then q 1 pmod pq. For example, in the previous set of notes, we commented that 2 11 1 is not prime, it has prime divisors 23 and 89. Indeed, 23 1 pmod 11q and 89 1 pmod 11q. We now turn our attention to this second observation of Fermat s. We need one more fact. Page 3

Lemma 1 For positive integers m and n, gcdpa m 1, a n 1q a gcdpm,nq 1. Proof: We may assume m ě n. We have gcdpa m 1, a n 1q gcdpa m a n, a n 1q gcdpa n pa m n 1q, a n 1q. Since a n is prime to a n 1, we can deduce that gcdpa m 1, a n 1q gcdpa m n 1, a n 1q. Now suppose that m qn ` r. Then m n pq 1qn ` r, and if we repeat the calculation above q times, we end with gcdpa m 1, a n 1q gcdpa n 1, a r 1q. This completely mimics the gcd calculation gcdpm, nq gcdpn, rq. Consequently, after some number of steps, we obtain gcdpa m 1, a n 1q gcdpa gcdpm,nq 1, a 0 1q. But a 0 1 0, and gcdpk, 0q k, so gcdpa m 1, a n 1q a gcdpm,nq 1. For example, suppose we had m 84, n 35. We have gcdpa 84 1, a 35 1q gcdpa 84 a 35, a 35 1q gcdpa 35 pa 49 1q, a 35 1q In abbreviated form, this would read gcdpa 49 1, a 35 1q gcdpa 49 a 35, a 35 1q gcdpa 35 pa 14 1q, a 35 1q gcdpa 14 1, a 35 1q gcdpa 35 1, a 14 1q gcdpa 35 a 14, a 14 1q gcdpa 21 1, a 14 1q gcdpa 14 1, a 7 1q gcdpa 7 1, a 7 1q gcdpa 7 1, 0q a 7 1. gcdpa 49 1, a 35 1q gcdpa 35 1, a 14 1q gcdpa 14 1, a 7 1q gcdpa 7 1, 0q, which we contrast with gcdp84, 35q gcdp35, 14q gcdp14, 7q gcdp7, 0q 7. Theorem 5 (Fermat s second observation) If d 2 p 1 then d 1 pmod pq. Proof: First, consider the case where d q, a prime. By Fermat s Little Theorem, 2 q 1 1 pmod qq. This means that q 2 q 1 1 and q 2 p 1. Since q is a common divisor of these two numbers, it must be that q gcdp2 q 1 1, 2 p 1q. By the previous lemma, gcdp2 q 1 1, 2 p 1q 2 gcdpq 1,pq 1, and this number must be divisible by q. If gcdpq 1, pq 1, then 2 gcdpq 1,pq 1 1, which is not divisible by q so gcdpq 1, pq ą 1. But p is a prime so if gcdpq 1, pq ą 1, then gcdpq 1, pq p, meaning that p q 1, or q 1 pmod pq. To finish the proof, if d is not prime, then d can be factored into primes: d q 1 q 2 q k, and if d 2 p 1, then each prime divisor has the same property: q i 2 p 1. By the first part of the proof, each q i 1 pmod pq, and so their product will also be congruent to 1. The point of this observation is the following: Suppose we wish to try to factor a Mersenne number, say 2 29 1. By Fermat s observation, if p 2 29 1, then p 1 pmod 29q, meaning that for some integer, k, p 29k ` 1. Since p must be odd, we can throw in a factor of 2: Page 4

p 58k ` 1. Consequently, we don t have to check if 37, say, is a divisor of 2 29 1, and in searching for factors, we pick various k s. The first bunch of possible divisors are 59, 117, 175, 233, 291, 349, 407, 465, 523, 581, 639, 697, 755, 813, 871, 929, 987, 1045, 1103, 1161, 1219, 1277 and so on. Every third one of these is divisible by 3, fifth one of these is divisible by 5, and so on. The list we have so far of possible prime divisors would be reduced to 59, 233, 349, 407, 523, 581, 697, 871, 929, 1103, 1219, 1277. Checking these, we find that 2 29 1 233 ˆ 2304167 233 ˆ 1103 ˆ 2089. Fast Exponentiation As mentioned earlier, since 2 15 ı 2 pmod 15q, we know, by Fermat s Little Theorem, that 15 is not prime without actually factoring the number. This might be a little more impressive if we didn t know what the factors of 15 were. If we want to use Fermat s Little Theorem as a way to prove numbers are composite without actually factoring them, we must be able to calculate 2 n pmod nq or more generally, a n pmod nq relatively quickly. There is a way to do this, based on the fact that a 2k pa 2k 1 q 2. We will show the method with an example. Suppose we wish to verify that 341 is not a base 3 pseudoprime. That is, we wish to show that 3 240 ı 1 pmod 341q. We do the following. Step 1 Step 2 Write 340 as a sum of powers of 2: 340 = 256 + 64 + 16 + 4. From this, it follows that 3 340 3 256 3 64 3 16 3 4. Construct a table of powers 3 2k pmod 341q by repeatedly squaring previous entires. n 0 1 2 3 4 5 6 7 8 2 n 1 2 4 8 16 32 64 128 256 3 2n pmod 341q 3 9 81 82 245 9 81 82 245 Step 3 Use the table to find 3 340 : 3 340 245 ˆ 9 ˆ 245 ˆ 81 56 pmod 341q. This is called the Binary Squaring Algorithm. How good is it? The naive algorithm to calculate a k pmod nq might consist of k 1 multiplications and k 1 divisions by n (to keep the number from growing too big) for a total of 2k 2 multiplications/divisions. For our problem above, 3 340 pmod 341q, this would be a total of 678 multiplications/divisions. For the binary squaring algorithm, the number of multiplications/divisions depends on the highest power of 2 less than k, tlog 2 ku. If we call this number m, for now, then we must calculate a 2j for each j ă m, by squaring the previous entry, for a total of m squaring and m divisions by n. Then, we multiply as many terms as needed, which could be as large as m again, giving 2m more multiplications/divisions. This gives an upper bound of 4tlog 2 ku. multiplications/divisions. For 340, this would be 4 log 2 340 «34 such operations. For large numbers, if we had an exponent k with, say 100 digits, so k «10 99, then on the fastest computer it would take more than the lifetime of the universe to use the naive approach. With the binary squaring algorithm, at most 4 log 2 p10 99 q steps, or about 1315 multiplications/divisions are required. This algorithm makes Fermat s Little Theorem practical. Page 5

Both Maple and Mathematica know about the binary squaring algorithm to calculate a k pmod nq. In Maple, one uses the command a & ˆ k mod n, in Mathematica, PowerModra, k, ns. Terms used in this set of notes Here are the major terms introduced above. The Binary Squaring Algorithm is a fast way to calculate a n or a n pmod mq based on writing n as a sum of powers of 2. A base a pseudoprime is a number n ą a which we know to be composite and for which a n a pmod nq. Most books say a must be relatively prime to n as well, in which case we can use the congruence a n 1 1 pmod nq instead. In contrast with a pseudoprime, a probable prime is a number n which we DON T know to be prime or composite, for which there is an a with 1 ă a ă n 1 and a n a pmod nq. Again, we sometimes use the condition a n 1 1 pmod nq instead. We say a number n passes a Fermat test if a n 1 1 pmod nq (or if a n a pmod nq) where 1 ă a ă n 1. That is, if we don t know if n is prime, but n passes a Fermat test, then n is a probable prime. Finally, a Carmichael number is a composite number n which is a pseudoprime for every possible base. That is, n is a Carmichael number if a n a pmod nq for every a, even though n is not prime. Page 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback