Introduction to Number Theory. The study of the integers

Similar documents
CPSC 467b: Cryptography and Computer Security

1. Algebra 1.7. Prime numbers

CPSC 467b: Cryptography and Computer Security

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

Integers and Division

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Proofs. Methods of Proof Divisibility Floor and Ceiling Contradiction & Contrapositive Euclidean Algorithm. Reading (Epp s textbook)

3 The fundamentals: Algorithms, the integers, and matrices

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Direct Proof MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Direct Proof Fall / 24

Discrete Mathematics GCD, LCM, RSA Algorithm

Applied Cryptography and Computer Security CSE 664 Spring 2017

4 Number Theory and Cryptography

Ch 4.2 Divisibility Properties

4 Powers of an Element; Cyclic Groups

A Readable Introduction to Real Mathematics

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

Ma/CS 6a Class 1. Course Details

5: The Integers (An introduction to Number Theory)

Sets. We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth

Senior Math Circles Cryptography and Number Theory Week 2

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

4. Number Theory (Part 2)

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Algorithms (II) Yu Yu. Shanghai Jiaotong University

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

CS483 Design and Analysis of Algorithms

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

Intermediate Math Circles February 26, 2014 Diophantine Equations I

Beautiful Mathematics

Basic elements of number theory

Basic elements of number theory

You separate binary numbers into columns in a similar fashion. 2 5 = 32

Applied Cryptography and Computer Security CSE 664 Spring 2018

OWO Lecture: Modular Arithmetic with Algorithmic Applications

EUCLID S ALGORITHM AND THE FUNDAMENTAL THEOREM OF ARITHMETIC after N. Vasiliev and V. Gutenmacher (Kvant, 1972)

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Introduction Integers. Discrete Mathematics Andrei Bulatov

Elementary Properties of the Integers

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Introduction to Number Theory

EDULABZ INTERNATIONAL NUMBER SYSTEM

Public Key Cryptography

Lecture 10: HMAC and Number Theory

The Euclidean Algorithm and Multiplicative Inverses

Introduction to Sets and Logic (MATH 1190)

Chapter 5: The Integers

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

W3203 Discrete Mathema1cs. Number Theory. Spring 2015 Instructor: Ilia Vovsha. hcp://

Notes for Recitation 6

Chapter 1. Greatest common divisor. 1.1 The division theorem. In the beginning, there are the natural numbers 0, 1, 2, 3, 4,...,

8 Primes and Modular Arithmetic

The Euclidean Algorithm

Chapter 5. Number Theory. 5.1 Base b representations

Lecture 1: Introduction to Public key cryptography

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

Foundations of Computer Science Lecture 10 Number Theory

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Mat Week 8. Week 8. gcd() Mat Bases. Integers & Computers. Linear Combos. Week 8. Induction Proofs. Fall 2013

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

Student Responsibilities Week 8. Mat Section 3.6 Integers and Algorithms. Algorithm to Find gcd()

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

An Algorithm for Prime Factorization

Lecture Notes, Week 6

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

2. THE EUCLIDEAN ALGORITHM More ring essentials

Remainders. We learned how to multiply and divide in elementary

(e) Commutativity: a b = b a. (f) Distributivity of times over plus: a (b + c) = a b + a c and (b + c) a = b a + c a.

CISC-102 Fall 2017 Week 6

CS2800 Questions selected for fall 2017

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

NET 311D INFORMATION SECURITY

Factorization & Primality Testing

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

CPSC 467b: Cryptography and Computer Security

CS March 17, 2009

Solutions to Practice Final 3

CPSC 467: Cryptography and Computer Security

Introduction to Public-Key Cryptosystems:

CPSC 467: Cryptography and Computer Security

1 Overview and revision

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

Ma/CS 6a Class 2: Congruences

Clock Arithmetic and Euclid s Algorithm

Chapter 2. Divisibility. 2.1 Common Divisors

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

NOTES ON SIMPLE NUMBER THEORY

Number Theory and Group Theoryfor Public-Key Cryptography

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

CSE 311: Foundations of Computing. Lecture 12: Two s Complement, Primes, GCD

Lecture 11: Number Theoretic Assumptions

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Transcription:

Introduction to Number Theory The study of the integers

of Integers, The set of integers = {... 3, 2, 1, 0, 1, 2, 3,...}. In this lecture, if nothing is said about a variable, it is an integer. Def. We say that a divides b if there is an integer k such that b = a k. We write a b if a divides b. Otherwise, we write a b. For example, 7 63, because 7 9 = 63. If a divides b, then b is a multiple of a. p. 2

Definition for a b a k = b for some integer k notation: a b reads as a divides b alternatively: b is a multiple of a Example: 6 54 p. 3

Lemma 1. If a b then a bc for all c. Proof. Since a b, k such that ak = b. Thus bc = akc, and therefore by definition, a bc. Example: 5 15, then, 5 30, 5 45, 5 150. p. 4

Lemma 2. If a b and b c, then a c. Proof. There exist integers m and n such that b = am and c = bn. So, c = bn = amn, and therefore, a c. Example: 7 14, and 14 280, therefore, by this lemma, 7 280. p. 5

Lemma 3. If a b and a c, then a (mb + nc) for all m and n. Example: 5 100 and 5 15. Therefore, 5 115, 5 1030, 5 245. Lemma 4. For all c 0, a b if and only if ac bc. Example: 17 34 if and only if 170 340. p. 6

Consider a problem (a) First, prove that k(k + 1) is even for all integers k. (b) After that, show that if n is odd then 8 (n 2 1). p. 7

Division algorithm Theorem. The Division Algorithm. Let a be an integer and d a positive integer. Then there are unique integers q and r, such that 0 r < d and a = dq + r. d = divisor a = dividend q = quotient r = remainder How can we prove that q and r are unique? p. 8

Division algorithm Assume that they are not unique, then there exist at least two distinct pairs of q and r: a = dq 1 + r 1, and a = dq 2 + r 2 Subtract one from another: 0 = d(q 1 q 2 ) + (r 1 r 2 ) Since 0 r1, r2 < d, the difference of the remainders is d < r 1 r 2 < d, Therefore the same is true for the other term: d < d(q 1 q 2 ) < d It can happen only if q 1 q 2 = 0, which also implies that r 1 r 2 = 0. By contradiction, q and r are unique. p. 9

Greatest common divisor Def. The greatest common divisor of two positive integers a 0 and a 1, denoted gcd(a 0, a 1 ) is the largest integer g that divides both a 0 and a 1. Example. Find gcd(12, 18). First, list all positive x such that x 12: 1, 2, 3, 4, 6, 12. Then, list all positive x such that x 18: 1, 2, 3, 6, 9, 18. The largest in the both lists, 6, is the gcd(12, 18). p. 10

Greatest common divisor For two positive integers a and b: gcd(a, b) = gcd(b, a) p. 11

Greatest common divisor For two positive integers a and b: If a b, what is the gcd(a, b)? a is one of the divisors of b. But a is the greaterst possible divisor of itself. Thus a is the greatest common divisor. So, if b = ka, gcd(a, b) = gcd(a, ka) = a. p. 12

Greatest common divisor For two positive integers a and b: If a b, what is the gcd(a, b)? a is one of the divisors of b. But a is the greaterst possible divisor of itself. Thus a is the greatest common divisor. So, if b = ka, gcd(a, b) = gcd(a, ka) = a. p. 13

Greatest common divisor Let s find a way to compute gcd(a 0, a 1 ) without simply trying every single positive integer from 1 to min(a 0, a 1 ). For simplicity, without loss of generality we can say that a 0 a 1. Then, by the division algorithm, a 0 = a 1 q + r. (and q 1) Lemma. If a 0 = a 1 q + r then gcd(a 0, a 1 ) = gcd(a 1, r). p. 14

Greatest common divisor Lemma. If a 0 = a 1 q + r then gcd(a 0, a 1 ) = gcd(a 1, r). Proof. We are going to prove that the common divisors of a 0 and a 1 are the same as the common divisors of a 1 and r. In other words, we have to prove that d divides a 0 and a 1 if and only if d divides a 1 and r. ( ) Let d be a divisor of a 0 and a 1, that is d a 0 and d a 1. By Lemma 3, d (a 0 a 1 q), and since r = a 0 a 1 q, we get d r. Thus d divides a 1 and r. ( ) Let d be a divisor of a 1 and r, that is d a 1 and d r. Again, by Lemma 3, d (a 1 q + r), so d a 0. So, d divides a 0 and a 1. Threofore, gcd(a 0, a 1 ) = gcd(a 1, r). p. 15

Greatest common divisor Lemma. If a 0 = a 1 q + r then gcd(a 0, a 1 ) = gcd(a 1, r). Proof. We are going to prove that the common divisors of a 0 and a 1 are the same as the common divisors of a 1 and r. In other words, we have to prove that d divides a 0 and a 1 if and only if d divides a 1 and r. ( ) Let d be a divisor of a 0 and a 1, that is d a 0 and d a 1. By Lemma 3, d (a 0 a 1 q), and since r = a 0 a 1 q, we get d r. Thus d divides a 1 and r. ( ) Let d be a divisor of a 1 and r, that is d a 1 and d r. Again, by Lemma 3, d (a 1 q + r), so d a 0. So, d divides a 0 and a 1. Threofore, gcd(a 0, a 1 ) = gcd(a 1, r). p. 16

Greatest common divisor Lemma. If a 0 = a 1 q + r then gcd(a 0, a 1 ) = gcd(a 1, r). Proof. We are going to prove that the common divisors of a 0 and a 1 are the same as the common divisors of a 1 and r. In other words, we have to prove that d divides a 0 and a 1 if and only if d divides a 1 and r. ( ) Let d be a divisor of a 0 and a 1, that is d a 0 and d a 1. By Lemma 3, d (a 0 a 1 q), and since r = a 0 a 1 q, we get d r. Thus d divides a 1 and r. ( ) Let d be a divisor of a 1 and r, that is d a 1 and d r. Again, by Lemma 3, d (a 1 q + r), so d a 0. So, d divides a 0 and a 1. Threofore, gcd(a 0, a 1 ) = gcd(a 1, r). p. 17

Greatest common divisor Compute gcd(a 0, a 1 ). 1) We find the quotient and the remainder: a 0 = q 1 a 1 + r 1 Let a 2 = r 1 : gcd(a 0, a 1 ) = gcd(a 1, r 1 ) = gcd(a 1, a 2 ). 2) Find the new quotient and the remainder: a 1 = q 2 a 2 + r 2 Let a 3 = r 2 : gcd(a 1, a 2 ) = gcd(a 2, r 2 ) = gcd(a 2, a 3 ). 3)... continue the process, computing a 4, a 5, a 6,... until what? p. 18

Greatest common divisor Compute gcd(300, 18). a 0 = 300, a 1 = 18. gcd(300, 18)? 300 = 16 18 + 12 a 2 = 12. gcd(18, 12)? a 3 = 6. gcd(12, 6)? 18 = 1 12 + 6 12 = 2 6 + 0 6 12, and 6 6. And there is simply no larger divisors of 6, so gcd(300, 18) = gcd(12, 6) = 6. p. 19

Greatest common divisor So, to compute gcd(a 0, a 1 ), you compute a sequence remainders a k, until some a k divides a k 1, and therefore gcd(a 0, a 1 ) = gcd(a k 1, a k ) = a k, where a k is the last non-zero remainder. This procedure for computing is called. p. 20

Greatest common divisor If we use the following notation for the remainder of a division: c = a rem b works as follows: gcd(300, 18) = gcd(18, } 300 rem {{ 18} ) =12 = gcd(12, } 18 rem {{ 12} ) 6 = gcd(12, 6) = 6 In C and C++, there is a similar operator % (though it behaves differently when a or b are negative) p. 21

Greatest common divisor Compute gcd(1110, 777) p. 22

Efficiency of Worst case number of steps. In how many steps k the Euclidean algorithm computes gcd(a 0, a 1 )? In the best case, if a 1 a 0, we immediately find that the is equal to a 1, and it takes just a single step. What is the worst possible input? That is, what are the smallest integers a 0 a 1, such that gcd(a 0, a 1 ) is computed in k steps. p. 23

Efficiency of What are the smallest integers a 0 computed in k steps. a 1, such that gcd(a 0, a 1 ) is We are going to construct a sequence of a i such that a k is the gcd(a 0 ), and a 0 is the smallest possible. Observe that a k = gcd(a 0, a 1 ) 1 a k 1 2 We want to construct all the previous terms of the sequence in this backward order. a k 2, a k 3,..., a 0 p. 24

Efficiency of Observe that the sequence of a i is strictly decreasing (a i > a i+1 ). The recurrence looks like this and the quotient q i+1 1. Thus a i = q i+1 a i+1 + a i+2, a i a i+1 + a i+2 If, eventually, we are want to end up with the smallest possible a 0, then on each step, when constructing a i from a i+1 and a i+2, we should choose the smallest possible number: a i = a i+1 + a i+2 p. 25

Efficiency of Let s summarize our analysis. We are constructing a decreasing sequence of positive integers a 0 > a 1 > a 2 >... > a k 1 > a k Such that a k 1 a k 1 2 a i = a i+1 + a i+2 p. 26

Efficiency of a 0 > a 1 > a 2 >... > a k 1 > a k a k 1 a k 1 2 a i = a i+1 + a i+2 The Fibonacci numbers satisfy all the requirements F 1 F 2 F 3 F 4... F k+2 i... F k+2 1 1 2 3 a k a k 1 a k 2... a i... a 0 F 1 = 1; F 2 = 1; F i = F i 1 + F i 2 p. 27

Efficiency of Lets see, how bad they are: Compute gcd(21, 34). a 0 = 34, a 1 = 21, 34 = 1 21 + 13 a 2 = 13, 21 = 1 13 + 8 a 3 = 8, 13 = 1 8 + 5 a 4 = 5, 8 = 1 5 + 3 a 5 = 3, 5 = 1 3 + 2 a 6 = 2, 3 = 1 2 + 1 a 7 = 1, 2 = 2 1 gcd(21, 34) = a 7 = 1. And it took k = 7 steps. The sequence of a i is the Fibonacci sequence, a i = F k+2 i. p. 28

Efficiency of The algorithm is still very fast, even on the worst input: Look at the Fibonacci sequence: 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987, 1597, 2584, 4181, 6765, 10946, 17711, 28657, 46368, 75025, 121393, 196418, 317811, 514229, 832040, 1346269, 2178309, 3524578, 5702887, 9227465,... In the limit F n F n 1 approaches φ 1.618. p. 29

Efficiency of It can be shown that F n cφ n 1 for some constant c, so a 0 cφ n 1. Given a 0, the number of steps for the Euclidean algorithm is k log φ a 0 c 1 So the complexity (number of steps) is logarithmic in a 0. Complexity, when the input is a number Usually, when the input is a number, the length of the input is measured as the length of the binary string that represents the input. A number a 0 can be represented by log 2 a 0 bits. k log φ a 0 c 1 = 1 log 2 φ log 2 a 0 log φ c 1 = C 1 log 2 a 0 + C 2 Therefore, the time complexity of the Euclidean algorithm is linear in the number of bits required to represent a 0. p. 30

Def. A number p > 1 with no positive divisors other than 1 and itself is called a prime. Every other number greater than 1 is called composite. The number 1 is considered neither prime nor composite. The first few primes are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37... The factorization of a number into its constituent primes, also called prime decomposition, is considered to be a hard computational problem. There is no known easy way, given a product of two large primes P Q, find what those P and Q are. p. 31

The sender wants to send a message victory to the receiver. Beforehand. The sender and receiver agree on a secret key, which is a large prime number p = 22801763489 p. 32

Encryption. (1) The sender transforms a string of characters into a number: v i c t o r y 22 09 03 20 15 18 25 (2) The resulting number is padded with a few more digits to make a prime number m = 2209032015182513 (3) After that, the sender encrypts the message m by computing m = m p = 2209032015182513 22801763489 = 50369825549820718594667857 p. 33

Decryption. The receiver decrypts m by computing m p = m p p = m m = m p = 50369825549820718594667857 = 2209032015182513 22801763489 Then the number is transformed into the string victory. p. 34

The code raises a couple immediate questions. 1. How can the sender and receiver ensure that m and p are prime numbers? The general problem of determining whether a large number is prime or composite has been studied for centuries, and reasonably good primality tests were known in the past. In 2002, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena announced a primality test that is guaranteed to work on a number n in about (log n) 12 steps. 2. Is the code secure? If the adeversary receives the encrypted message m, how easily he can recove the original message m? This is the problem of factoring m = m p. Despite immense efforts, no really efficient factoring algorithm has ever been found. It appears to be a fundamentally difficult problem, though a breakthrough is not impossible. p. 35

Now, consider a situation, when your adversary received two encrypted messages m = m p and n = n p p. 36

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback