Discrete mathematics I - Number theory

Similar documents
Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Elementary Number Theory MARUCO. Summer, 2018

CS March 17, 2009

Elementary Number Theory Review. Franz Luef

4 Number Theory and Cryptography

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

CRYPTOGRAPHY AND NUMBER THEORY

3 The fundamentals: Algorithms, the integers, and matrices

Encryption: The RSA Public Key Cipher

CIS 551 / TCOM 401 Computer and Network Security

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Chapter 8 Public-key Cryptography and Digital Signatures

ICS141: Discrete Mathematics for Computer Science I

Discrete Mathematics GCD, LCM, RSA Algorithm

Public Key Cryptography

Congruence of Integers

Ma/CS 6a Class 3: The RSA Algorithm

Integers and Division

Number Theory. Modular Arithmetic

Ma/CS 6a Class 2: Congruences

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

CPSC 467b: Cryptography and Computer Security

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Cryptography. P. Danziger. Transmit...Bob...

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Asymmetric Encryption

10 Public Key Cryptography : RSA

CPSC 467: Cryptography and Computer Security

Topics in Cryptography. Lecture 5: Basic Number Theory

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

A Readable Introduction to Real Mathematics

Applied Cryptography and Computer Security CSE 664 Spring 2018

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Ma/CS 6a Class 2: Congruences

Carmen s Core Concepts (Math 135)

Number Theory & Modern Cryptography

Numbers. Çetin Kaya Koç Winter / 18

ECE596C: Handout #11

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Introduction to Cryptography. Lecture 6

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Number theory (Chapter 4)

RSA. Ramki Thurimella

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Mathematics of Cryptography

Math.3336: Discrete Mathematics. Mathematical Induction

Summary Slides for MATH 342 June 25, 2018

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Mathematical Foundations of Public-Key Cryptography

Introduction to Modern Cryptography. Benny Chor

Basic elements of number theory

Basic elements of number theory

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Introduction to Public-Key Cryptosystems:

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Public-Key Cryptosystems CHAPTER 4

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

My brief introduction to cryptography

MATHEMATICS EXTENDED ESSAY

Chapter 5. Number Theory. 5.1 Base b representations

Public Key Algorithms

Fall 2017 September 20, Written Homework 02

EE4.07 Coding Theory

Introduction to Number Theory

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Clock Arithmetic and Euclid s Algorithm

Cryptography. pieces from work by Gordon Royle

Elementary Number Theory and Cryptography, 2014

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

CPSC 467b: Cryptography and Computer Security

Number Theory A focused introduction

7.2 Applications of Euler s and Fermat s Theorem.

CPSC 467: Cryptography and Computer Security

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Security II: Cryptography exercises

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Lecture 14: Hardness Assumptions

For your quiz in recitation this week, refer to these exercise generators:

CISC-102 Fall 2017 Week 6

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

A Guide to Arithmetic

4 PRIMITIVE ROOTS Order and Primitive Roots The Index Existence of primitive roots for prime modulus...

RSA: Genesis, Security, Implementation & Key Generation

ECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation

Great Theoretical Ideas in Computer Science

Homework #2 solutions Due: June 15, 2012

Applied Cryptography and Computer Security CSE 664 Spring 2017

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Basic Algorithms in Number Theory

Transcription:

Discrete mathematics I - Number theory Emil Vatai <vatai@inf.elte.hu> (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education Restructuring Fund of the Hungarian Government.

Number theory Divisibility Divisibility If a and b are rational numbers, the division a/b can always be performed (and the result is a rational number). If a and b are integers, the division a/b can not always be performed (the quotient will not always be an integer). Definition (Divisibility) The integer a is a divisor of the integer b: a b, if there exists an integer c for which a c = b (that is b/a is an integer if a 0). Example (Divisibility) 1 13, because 1 13 = 13; 1 n, because 1 n = n; 6 12, because 6 2 = 12; 6 12, because ( 6) ( 2) = 12. The definition can be extended to Gaussian-integers: {a + bi : a, b Z}. i 13, because i ( 13i) = 13 1 + i 2, because (1 + i) (1 i) = 2.

Number theory Divisibility Properties of divisibility Properies For each a, b, c, Z 1. a a; 2. a b b c a c; 3. a b b a a = ±b; 4. a b a b aa bb ; 5. a b ac bc; 6. ac bc c 0 a b; 7. a b 1,..., a b k a c 1 b 1 + + c k b k 8. a 0, since a 0 = 0; 9. 0 a a = 0; Example (Divisibility) 1. 6 6; 2. 2 6 6 12 2 12; 3. 3 3 3 3 3 = ±3; 4. 2 4 3 9 2 3 4 9; 5. 3 6 5 3 5 6; 6. 3 5 6 5 5 0 3 6; 7. 3 6, 3 9 3 6c 1 +9c 2 for each c 1, c 2. 8. a 0, since a 0 = 0; 9. 0 a 0 c = a;

Number theory Divisibility Units The factor ±1 is irrelevant for divisibility. Definition (Unit) If an ε is a divisor of every other number, then ε is called a unit. Proposition There are two units in the set of integers: 1, 1. Proof. ±1 are clearly units. Conversely, if ε is a unit, then 1 = ε q for some integer q. Because ε 1, q 1 ε = 1, that is ε = ±1. Example (Unit) In the set of Gaussian-integers i is a unit: a + bi = i(b ai).

Number theory Divisibility Associated elements The integers 12 and 12 are the same from the perspective of divisibility. Definition (Associated elements) Two numbers are associated if they are each others divisors. Remark a and b are associated if and only if a b and b a. Definition (Trivial divisor) Trivial divisors of n are the numbers associated with n and the units. Other divisors are proper divisors. Example (Divisor of 6) The divisors: {±1, ±2, ±3, ±6} Trivial divisors are: {±1, ±6}

Number theory Primes, irreducible elements Primes, irreducible elements Definition (Irreducible) A nonzero and non-unit number is irreducible if it has only trivial divisors. Example (Irreducible elements) Integers 2, 2, 3, 3, 5, 5 are irreducible; 6 is not irreducible, because 6 = 2 3. Definition (Prime) A non-zero, non-unit p number is a prime number, if p ab (p a p b) (for any a, b). Example (Primes) 2, 2, 3, 3, 5, 5 are prime; 6 is not a prime number, because 6 2 3 but 6 2 and 6 3.

Number theory Primes, irreducible elements Primes, irreducibles Theorem (Primes and irreducbles) Each prime number is irreducible. Proof. Let p be a prime number and let p = ab be a factorization. We have to prove, that a or b is a unit. Because p = ab, p ab, which means e.g. p a. Then a = pk = a(bk), i.e. bk = 1, implying that b and k are units. Remark The converse is not always true: In the set Z it is true, (see later); The set {a + bi 5 : a, b Z} it is not true.

Number theory Euclidean division Euclidean division Theorem (Euclidean division) For all integers a, b 0 there exist unique integers q and r for which a = bq + r 0 r < b. (1) Proof. This proof for non-negative numbers can be applied to all integers. 1. Existence: induction by a. If a < b, then a = b 0 + a (q = 0, r = a). If a b, then suppose that numbers less than a can be written as (1). Let a b = bq + r. Then a = b(q + 1) + r and let q = q + 1, r = r. 2. Uniqueness: Let a = bq + r = bq + r. Then b(q q ) = r r. This can be only if q = q and r = r.

Number theory Euclidean division Euclidean division Definition (mod) Let a and b be integers (b 0). Let a = b q + r (0 r < b ). Then a mod b = r. Remark: q = a/b, if b > 0, and q = a/b, if b < 0. Example (mod) 123 mod 10 = 3, 123 mod 100 = 23, 123 mod 1000 = 123; 123 mod 10 = 3,... 123 mod 10 = 7, 123 mod 100 = 77, 123 mod 1000 = 877; 123 mod 10 = 7,...

Number theory Euclidean division Euclidean division Example (mod) If it is 9 o clock now, what time will it be after 123 hours? Let us divide 123 by 24: 123 = 24 5 + 3. 9 + 3 = 12: noon! If it is 9 o clock now, what time will it be after 116 hours? Let us divide 116 by 24: 116 = 24 4 + 20. So 9 + 20 = 29. We have a reduction again: 29 = 24 1 + 5: it will be 5 A.M.! Which day of the week will the 10th of November be next year? Which day of the week was the 14th of September before two years? Mon= 0, Tue= 1, Wed= 2, Thu= 3, Fri= 4, Sat= 5, Sun= 6 Divide 365 by 7: 365 = 7 52 + 1. Monday + 1 day = 0 + 1 = 1 = Tuesday Divide (365 + 366) (2012 was a leap year) by 7: 731 = 7 ( 105) + 4.

Number theory Euclidean division Numeral systems In the base 10 numeral system the number 123: 123 = 100 + 20 + 3 = 1 10 2 + 2 10 1 + 3 10 0. In the base 2 numeral system the number 123: 1111011 (2) = 1 2 6 + 1 2 5 + 1 2 4 + 1 2 3 + 0 2 2 + 1 2 1 + 1 2 0 = 1 64 + 1 32 + 1 16 + 1 8 + 0 4 + 1 2 + 1 1 (10) Theorem (Representation of numbers) Let q > 1 be a fixed integer. Then each non-negative integer n can uniquely be written in the form n = k i=0 a i q i, where 0 a i < q is an integer, a k 0. 1. This expression is the number n written in the base q num. sys. 2. q is the base of the numeral system. 3. a 0,..., a k are the digits of n.

Number theory Euclidean division Numeral systems n written in the base q numeral system: n = k i=0 a i q i. Proof. The proof is by induction. 1. For n = 0 the theorem is true. 2. Suppose each integer less than n can be written uniquely in a base q numeral system. Because of the Euclidean division theorem, there exists a unique integer 0 a 0 < q, for which n = cq + a 0, that is, q n a 0. Because of the induction hypothesis we can express n a 0 q = k i=1 a i q i 1 (in a base q numeral system), and this expression is unique. Then n = k i=0 a i q i.

Number theory Euclidean division Numeral systems The previous proof provides a method to express the numbers: Example (Representation) Let us write in base 2 numeral system the number n = 123 (expressed in base 10). n a i i n n mod 2 2 Digits 123 1 0 123 1 2 1 61 1 1 61 1 2 1 1 30 0 2 30 0 2 0 11 15 1 3 15 1 2 1 011 7 1 4 7 1 2 1 1011 3 1 5 3 1 2 1 11011 1 1 6 1 1 2 1 111011

Number theory Euclidean algorithm Greatest common divisor Definition (Greatest common divisor) The integer d is the greatest common divisor (or gcd) of integers a and b if: d a, d b, and if c a, c b then c d. The integer d is the gcd of integers a 1, a 2,..., a n (n N + ) if: d a 1, d a 2,... d a n, and if c a 1, c a 2,... c a n then c d. Least common multiple The least common multiple (or lcm) of numbers a and b is m if: a m, b m, and a c, b c m c. The lcm of numbers a 1, a 2,..., a n (n N + ) is m if: a 1 m, a 2 m,..., a n m and if a 1 c, a 2 c,..., a n c then m c. Notation Let (a, b) = gcd(a, b) be the non-negative greatest common divisor! Let [a, b] = lcm(a, b) be the non-negative least common multiple!

Number theory Euclidean algorithm Greatest common divisor Definition (Relative prime) The numbers a and b are relative prime if (a, b) = 1. The numbers a 1, a 2,..., a n are relative prime if (a 1, a 2,..., a n ) = 1 (i.e. if their greatest common divisor is one). The numbers a 1, a 2,..., a n are mutually (or pairwise) relative prime, if i j implies (a i, a j ) = 1. Remarks Attention! The greatest does not refer to the usual ordering: 3 is also the greatest common divisor of 12 and 9. The greatest common divisor is unique disregarding association.

Number theory Euclidean algorithm Euclidean algorithm Theorem (Euclidean algorithm) Each pair of integers has a greatest common divisor and it can be determined using the euclidean algorithm. Proof. If one of the numbers is 0, then the other one will be the gcd. Let a and b be non-zero integers. Let us do the following divisions: a = bq 1 + r 1, 0 < r 1 < b, b = r 1 q 2 + r 2, 0 < r 2 < r 1, r 1 = r 2 q 3 + r 3, 0 < r 3 < r 2,. r n 2 = r n 1 q n + r n, 0 < r n < r n 1, r n 1 = r n q n+1

Number theory Euclidean algorithm Proof (continued).

Number theory Euclidean algorithm a = bq 1 + r 1, 0 < r 1 < b, b = r 1 q 2 + r 2, 0 < r 2 < r 1, r 1 = r 2 q 3 + r 3, 0 < r 3 < r 2,. r n 2 = r n 1 q n + r n, 0 < r n < r n 1, r n 1 = r n q n+1 The algorithm terminates after a finite number of steps: b > r 1 > r 2 >.... The remainder r n is a common divisor: r n r n 1 r n r n 1 q n + r n = r n 2... r n b r n a. r n is the greatest common divisor: let c a, c b c a bq 1 = r 1 c b r 1 q 2 = r 2... c r n 2 r n 1 q n = r n.

Number theory Euclidean algorithm Calculating the GCD, euclidean algorithm Example (Euclidean algorithm) Let us calculate the value of (172, 62). i r i q i r i 2 = r i 1 q i + r i 172 62 1 48 2 172 = 62 2 + 48 2 14 1 62 = 48 1 + 14 3 6 3 48 = 14 3 + 6 4 2 2 14 = 6 2 + 2 5 0 3 6 = 2 3 + 0 The greatest common divisor: (172, 62) = 2

Number theory Euclidean algorithm Calculating the GCD using recursion Theorem (Theorem) Let a 0. If b = 0, then (a, b) = a. If b 0, then (a, b) = ( b, a mod b ). Proof. If b = 0, the theorem is trivial. Since (a, b) = ( a, b ), we can suppose that a, b > 0. If b 0, let us divide a by b : a = b q + (a mod b ). This is the first line of the euclidean alg. Example ((172,62)) (a, b) a mod b (172, 62) 48 (62, 48) 14 (48, 14) 6

Number theory Euclidean algorithm GCD, further observations Similarly, we can define the greatest common divisor of multiple numbers (HW): (a 1, a 2,..., a n ). Proposition (HW) Each collection a 1, a 2,..., a n of integers, has (there exists) a greatest common divisor (a 1, a 2,..., a n ) and (a 1, a 2,..., a n ) = ((... (a 1, a 2 ),... a n 1 ), a n ). Proposition (HW) For each a, b, c integer (ca, cb) = c(a, b) is true.

Number theory Euclidean algorithm Extended euclidean algorithm Theorem (Extended euclidean algorithm) For each a, b integer there exist integers x, y, so that (a, b) = x a + y b. Proof. Let q i, r i be the quotient and the remainder obtained by the euclidean algorithm. Let x 1 = 1, x 0 = 0 and for i 1 let x i = x i 2 q i x i 1. Similarly let y 1 = 0, y 0 = 1 and for i 1 let y i = y i 2 q i y i 1. Then for i 1, x i a + y i b = r i. Suppose for all j < i, x j a + y j b = r j is true. r i = r i 2 r i 1 q i, so r i = x i 2 a + y i 2 b (x i 1 a + y i 1 b)q i after rearranging, r i = x i a + y i b. Ergo x n a + y n b = r n = (a, b).

Number theory Euclidean algorithm Extended euclidean algorithm Algorithm: r i 2 = r i 1, q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1 y 1 = 0, y 0 = 1, y i = y i 2 q i y i 1 Extended euclidean algorithm Let us calculate (172, 62) and solve the 172x + 62y = (172, 62) equation! i r n q n x i y i r i = 172x i + 62y i 1 172 1 0 172 = 172 1 + 62 0 0 62 0 1 62 = 172 0 + 62 1 1 48 2 1 2 48 = 172 1 + 62 ( 2) 2 14 1 1 3 14 = 172 ( 1) + 62 3 3 6 3 4 11 6 = 172 4 + 62 ( 11) 4 2 2 9 25 2 = 172 ( 9) + 62 25 5 0 3

Number theory Elementary number theory Irreducibles, primes (reminder) t is irreducible: if it has only trivial divisors of the form ε, t, ε t (where ε is a unit). p is prime: if p ab p a or p b. p is prime p is irreducible. On the set of integers the converse is also true. Theorem (Irreducible integers are prime) Every irreducible number is also a prime number. Proof. Let p be an irreducible number, and let p ab. Assume p b. Then p and b are relative prime. Using the extended euclidean algorithm we can obtain x, y integers, so that px + by = 1. Therefore pax + aby = a. Since p divides the left hand side, it also divides the right hand side: p a.

Number theory Elementary number theory The fundamental theorem of number theory Theorem (Fundamental theorem of number theory) Every non-zero, non-unit number can uniquely be written as a product of primes ignoring associated elements and order. Proof. The proof is only for non negative integers, but it can be generalized. Existence: Induction: for n = 2, n = 3 it is true (primes). Generally if n is prime, then we are finished, if not, it can be divided into a product in a non-trivial way. The factors are can be factorized base on the induction hypothesis. Uniqueness: Induction: for n = 2, n = 3 it is true (primes). Assume n = p 1 p 2 p k = q 1 q 2 q l, where p 1, p 2, p k, q 1, q 2,..., q l are primes. p 1 divides the left hand side it divides the right hand side, suppose p 1 = q 1. After

Number theory Elementary number theory Fundamental theorem of number theory Definition (Canonical form) The canonical form of a non-zero integer n is: n = ±p α 1 1 pα 2 2 pα l l = ± where p 1, p 2,..., p l are positive primes, α 1, α 2,..., α l positive integers. Corollary (HW) Let n, m > 1 positive integers: n = p α 1 1 pα 2 2 pα l m = p β 1 1 pβ 2 2 pβ l l, (where α i, β i 0 non-negative integers!). Then l i=1 p α i i (a, b) = p min{α 1,β 1 } 1 p min{α 2,β 2 } 2 p min{α l,β l } l, max{α 1,β 1 } max{α 2,β 2 } max{α l,β l } l,

Number theory Elementary number theory Number of divisors Definition (The τ function) τ(n) is the number of (positive) divisors for an integer n > 1. Calculating τ(n) Let n > 1 be an integer, n = p α 1 1 pα 2 2 pα l l its canonical form. Then τ(n) = (α 1 + 1) (α 2 + 1) (α l + 1). Proof. The possible divisors of n can be obtained by iterating all the β i exponents in the expression d = p β 1 1 pβ 2 2 pβ l l over the set {0, 1,..., α i }. There are α i + 1 choices for each exponent. Example (τ(n)) τ(6) = 4: divisors: 1, 2, 3, 6;τ(96) = 12: divisors: 1, 2, 3, 4, 6,... τ(2 3) = (1 + 1) (1 + 1); τ(2 5 3) = (5 + 1) (1 + 1).

Number theory Elementary number theory About primes Theorem (Euclid s theorem) There are infinitely many primes. Proof. Indirect. Assume there are finite many primes. Let them be p 1,..., p k. Consider the integer n = p 1 p k + 1. This is not divisible by either prime p 1,..., p k, so the factorization of n has to contain an additional prime. Theorem (Dirichlet s theorem) If a, d are integers, d > 0, (a, d) = 1, then there are infinitely many primes of the form ak + d.

Number theory Elementary number theory About primes Theorem (Prime number theorem) The number of primes x is x ln x x Number of primes x/ ln x 10 4 4, 33 100 25 21, 71 1000 168 144, 76 10000 1229 1085, 73 Sieve of Eratosthenes How to find all the primes up to the integer n. Start with all the integers from 2 to n. 2 is prime. The (non-trivial) multiples of 2 are not prime, so they are eliminated. The next number is 3 which is also a prime. The (non-trivial) multiples of 3 are not prime, so

For questions about divisibility, often only the remainder from the euclidean division is important: days of the week; number of hours,... Example (Equal remainders) 16 mod 3 = 1, 4 mod 3 = 1: for division by 3 we have 16 = 4. Definition (Congruence) Let a, b, m be integers. If m a b, then we say a is congruent to b with modulus m (or a and b are congruent modulo m) written as a b (mod m). If a and b are not congruent (with some modulus m) then they are incongruent.

Equivalent formulation Alternative notation The following all mean m a b a b (mod m), a b mod m, a b (m). Equivalent formulation: a b (mod m) a mod m = b mod m, that is we get the same remainder when dividing by m. Example () 16 4 (mod 3) since 3 16 4 16 mod 3 = 1 = 4 mod 3; 16 4 (mod 2) since 2 16 4 16 mod 2 = 0 = 4 mod 2; 16 4 (mod 5) since 5 16 4 16 mod 5 = 1 4 = 4 mod 5.

Properties of congruence Theorem (Properties of congruence) 1. a a (mod m) (reflexivity); 2. a b (mod m) b a (mod m) (symmetry); 3. a b (mod m) b c (mod m) a c (mod m) (transitivity); Ergo, the congruence modulo m is an equivalence relation. Proof. 1. m 0 = a a; 2. m a b m b a = (a b); 3. m a b m b c m a c = (a b) + (b c);

Properties of congruence Theorem (Properties of congruence) 1. a b (mod m) m m a b (mod m ); 2. a b (mod m) c d (mod m) a + c b + d (mod m); 3. a b (mod m) c d (mod m) ac bd (mod m). Proof. 1. m m a b m a b; 2. m a b m c d m (a+c) (b+d) = (a b)+(c d); 3. a = q 1 m + b c = q 2 m + d ac = (q 1 m + b)(q 2 m + d) = m(q 1 q 2 m + q 1 d + q 2 b) + bd.

Properties of congruence Example (Properties of congruences) What is 345 mod 7 =? 345 = 34 10 + 5 6 3 + 5 = 18 + 5 4 + 5 = 9 2 (mod 7). Reminder: a b (mod m), c d (mod m) ac bd (mod m) Corollary If a b (mod m) then ac bc (mod m). Example (Properties of congruence) 14 6 (mod 8) then 42 18 (mod 8) The converse is not true! 2 7 2 3 (mod 8) but 7 3 (mod 8).

Divisibility and relative primes Theorem (Statement) a, b, c Z : (a bc (a, b) = 1 = a c) Proof. Using the extended Euclidean algorithm to obtain x and y, such that ax + by = 1, so c = xac + ybc = (xc)a + y(bc). Using the statement about the divisibility of linear combinations we have a c.

The converse is not true Theorem (Division) Let a, b, c, m be integers. Then ac bc (mod m) a b (mod m (c,m) ) Corollary ac bc (mod m), (c, m) = 1 a b (mod m). Example (Division) 2 7 2 3 (mod 8) 7 3 (mod 8 2 ). Proof. Let d = (c, m). Then m c(a b) m d c ( m d (a b). Since d, c d we have m d (a b) a b (mod m d ). ) = 1,

Linear congruences Linear congruences Let us solve the congruence 2x 5 (mod 7). If x is a solution of x y (mod 7), then y is also a solution. Let us find the solution in the set {0, 1,..., 6}. x = 0 2x = 0 5 (mod 7); x = 1 2x = 2 5 (mod 7); x = 2 2x = 4 5 (mod 7); x = 3 2x = 6 5 (mod 7); x = 4 2x = 8 1 5 (mod 7); x = 5 2x = 10 3 5 (mod 7); x = 6 2x = 12 5 (mod 7). The solution of the congruence: {6 + 7k : k Z}. Is there a better method? Let us solve the congruence 23x 4 (mod 211). Do we need 211 tries?

Linear congruences Linear congruences Theorem (Solution of linear congruences) Let a, b, m be integers with m > 1. Then if there is a solution for ax b (mod m) (a, m) b. If this is the case, the number of incongruent solutions modulo m equals (a, m). Proof. ax b (mod m) ax + my = b for some y integer. (a, m) a and (a, m) m (a, m) ax + my = b. If d = (a, m) b let a = a/d, b = b/d, m = m/d: a x + m y = b Since (a, m ) = 1 using the extended euclidean algorithm we can calculate x 0, y 0, so a x 0 + m y 0 = 1 a (b x 0 ) + m (b y 0 ) = b, that is x 1 = b x 0, y 1 = b y 0 will be the solutions. Number of solutions: let (x, y) be a (pair of) solutions. Subtracting the equations equations a x + m y = b and

Linear congruences Linear 1. ax b (mod m) ax + my = b. 2. Let us solve the ax + my = (a, m) equation (ext. euc. alg.). 3. If (a, m) b a solution exists. 4. The solution: x i = b (a,m) x + k m (a,m): k = 0, 1,..., (a, m) 1. Example (Solving congruences) i r n q n x i 1 23 1 0 211 0 1 23 0 1 2 4 9 9 3 3 5 46 4 1 1 55 Example (23x 4 (211)) r i 2 = r i 1 q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1 GCD: (23, 211) = 1 4 One solution: x = 4( 55) 202 (mod 211). All solutions: {202 + 211k : k Z}. These are solutions:

Linear congruences Linear congruences Example (Solving congruences) Solve the 10x 8 (mod 22) congruence! i r n q n x i 1 10 1 0 22 0 1 10 0 1 2 2 2 2 3 0 5 The algorithm: r i 2 = r i 1 q i + r i, x 1 = 1, x 0 = 0, x i = x i 2 q i x i 1, y 1 = 0, y 0 = 1, y i = y i 2 q i y i 1 GCD: (10, 22) = 2 8 A pair of solutions: x 1 = 4( 2) 14 (mod 22), x 2 = 4( 2) + 22 2 14 + 11 3 (mod 22). All solutions: {14 + 22k : k Z} {3 + 22k : k Z}.

Linear congruences Linear Diophantine equations Linear Diophantine equations Definition: equations with integer solutions. Linear Diophantine equations: ax + by = c, where a, b, c Z. This is equivalent with the ax c (mod b), or by c (mod a) congruence. ax + by = c can be solved if and only if (a, b) c, and then the solutions can be obtained using the extended euclidean algorithm. Other Diophantine equations x 2 + y 2 = 4: Doesn t have (real) solutions. x 2 4y 2 = 3: doesn t have integer solutions, because the remainders (mod 4) is: x 2 3 (mod 4). But this can not be, because the Squares (mod 4) x x 2 mod 4 4k 0 4k + 1 1 4k + 2 0 4k + 3 1

Simultaneous congruences Simultaneous congruences We want to find an integer x, which simultaneously satisfies the following congruences: 2x 1 (mod 3) 4x 3 (mod 5) The solution for the congruences separately: x 2 (mod 3) x 2 (mod 5) We can see x = 2 will be a solution! 2, 17, 32,...,2 + 15k; Other solutions? How do we solve the general case: x 2 (mod 3) x 3 (mod 5)

Simultaneous congruences Simultaneous congruences Problem: Solve the following system of congruences: a 1 x b 1 (mod m 1 ) a 2 x b 2 (mod m 2 ). a n x b n (mod m n ) The congruences a i x b i (mod m i ) can be solved separately: x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n )

Simultaneous congruences Simultaneous congruences Problem: Solve the following system of congruences: x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n ) We can assume that m 1, m 2..., m n are relative prime. If e.g. m 1 = m 1 d, m 2 = m 2 d, the first two congruences can be substituted with the following (Proof later) x c 1 (mod m 1) x c 1 (mod d) x c 2 (mod m 2) x c 2 (mod d)

Simultaneous congruences Chinese remainder theorem Theorem (Chinese remainder theorem) Let 1 < m 1, m 2..., m n be relative prime numbers, c 1, c 2,..., c n integers. Then the x c 1 (mod m 1 ) x c 2 (mod m 2 ). x c n (mod m n ) system of congruences can be solves, and the solutions are congruent to each other modulo m 1 m 2 m n.

Simultaneous congruences Chinese remainder theorem x c 1 (mod m 1 ), x c 2 (mod m 2 ),..., x c n (mod m n ). x =? Proof. Let m = m 1 m 2. Using the extended euclidean algorithm solve the m 1 x 1 + m 2 x 2 = 1 equation. Let c 1,2 = m 1 x 1 c 2 + m 2 x 2 c 1. Then c 1,2 c j (mod m j ) (j = 1, 2). If x c 1,2 (mod m), then x is the solution of the first two congruences. Converse: if x is a solution of the first two congruences, then m 1 and m 2 are divisors of x c 1,2, therefore their product is also a divisor: x c 1,2 (mod m). This gives us an equivalent system of congruences to the original: x c 1,2 (mod m 1 m 2 ) x c 3 (mod m 3 ). x c n (mod m n )

Simultaneous congruences Simultaneous congruences Example (Simultaneous congruences) Solve the following system of congruences: x 2 (mod 3) x 3 (mod 5) Let us solve the 3x 1 + 5x 2 = 1 equation. The solution: x 1 = 3, x 2 = 2 c 1,2 = 3 ( 3) 3 + 5 2 2 = 27 + 20 = 7. All the solutions: { 7 + 15k : k Z} = {8 + 15k : k Z}.

Simultaneous congruences Simultaneous congruences Example (Example) x 2 (mod 3) { c 1,2 =8 x 8 (mod 15) x 3 (mod 5) = x 4 (mod 7) x 4 (mod 7) Example (Example) Let us solve the 15x 1,2 + 7x 3 = 1 equation. Solutions: x 1,2 = 1, x 3 = 2. c 1,2,3 = 15 1 4 + 7 ( 2) 8 = 60 112 = 52. All the solutions: { 52 + 105l : l Z} = {53 + 105l : l Z}.

Residue classes Residue classes Often, the solution is not just one integer (family of integers), but an entire set (set of families): 2x 5 (mod 7), sol.: {6 + 7k : k Z} 10x 8 (mod 22), sol.: {14 + 22k : k Z}, {3 + 22k : k Z}. Definition (Residue classes) For a fixed modulus m and integer a, the integers congruent to a constitute the residue (or congruence) class represented by a: a = {x Z : x a (mod m)} = {a + km : k Z}. The set of all residue classes is denoted by Z m = {a : 0 a < m}. Example (Residue class) The solution of 2x 5 (mod 7): 6 The solution of 10x 8 (mod 22): 14, 3. With modulus m = 7, 2 = 23 = {..., 5, 2, 9, 16, 23, 30,... }

Residue classes Complete residue system Definition (Complete residue system) For a fixed modulus m, the complete residue system modulo m is a set containing exactly one element from each congruence class modulo m. Example (CRS) {33, 5, 11, 11, 8} is a complete residue system modulo 5. A popular choices for complete residue systems: Least non-negative residue system modulo m: {0, 1,..., m 1}; Least absolute value residue system modulo m: { } 0, ±1,..., ± m 1 { 2, if 2 m; 0, ±1,..., ± m 2 2, } m 2, if 2 m.

Residue classes Reduced residue system Remark If one element of a congruence class is relative prime to the modulus, then all the elements are too:: (a + lm, m) = (a, m) = 1. Definition (Reduced residue system) For a fixed modulus m, the reduced residue system modulo m is a set containing exactly one element from all the congruence classes with elements relative prime to m. For a fixed modulus m, if (a, m) = 1, then the residue class a represented by a is a reduced residue class. The set of reduced residue classes is denoted by Z m = {a : 1 a < m, (a, m) = 1}. Example (RRS) {1, 2, 3, 4} is a reduced residue system modulo 5. {1, 1} is a reduced residue system modulo 3. {1, 19, 29, 7} is a reduced residue system modulo 8.

Residue classes Operations on residue classes Operations between residue classes can be defined in a natural way: Definition (Addition and multiplication) For a fixed modulus m, and a, b integers let: a + b def = a + b; a b def = a b Proposition This definition is meaningful, because if a = a, b = b, then a + b = a + b, and a b = a b Proof. Since a = a, b = b a a (mod m), b b (mod m) a + b a + b (mod m) a + b = a + b a + b = a + b. Similar proof applies to the multiplication.

Residue classes Residue classes Operations between residue classes can be defined in a natural way: a + b = a + b; a b = a b. Definition (Operations) For a fixed modulus m, let Z m be the set of residue classes modulo m. Then addition and multiplication can be defined on this set. Example (Z 3, +) + 0 1 2 0 0 1 2 1 1 2 0 2 2 0 1 Example (Z 3, ) 0 1 2 0 0 0 0 1 0 1 2 2 0 2 1

Residue classes Example Example (Z 4, +) + 0 1 2 3 0 0 1 2 3 1 1 2 3 0 2 2 3 0 1 3 3 0 1 2 Example (Z 4, ) 0 1 2 3 0 0 0 0 0 1 0 1 2 3 2 0 2 0 1 3 0 3 2 1

Residue classes Residue classes Theorem (Multiplicative group) Let m > 1 be an integer. If 1 < (a, m) < m, then a is a zero divisor in Z m : for a there exists a b 0, so a b = 0 If (a, m) = 1, then a has a reciprocal (multiplicative inverse) in Z m : for a there exists a x, so a x = 1. Ergo, if m is prime, division by any non-zero prime is possible. Example (Zero divisors and multiplicative inverse) Let m = 9. 6 3 = 18 = 0. (2, 9) = 1, so 2 5 = 10 = 1. Proof. Let d = (a, m). Then a m d = a d m 0 (mod m), which if b = m/d then a b = 0. If (a, m) = 1, then using the ext.euc.alg. we can obtain x, y

Remark: ϕ(m) is the number of reduced congruence classes modulo m. Discrete mathematics I - Number theory Euler-Fermat theorem and the totient function Euler s totient ϕ function Definition (Totient function) For a m > 0 integer, let ϕ(m) be the number of positive integers less then and relative prime to m: ϕ(m) = {i : 0 < i < m, (m, i) = 1}. Example (Totient function) ϕ(5) = 4: integers relative prime to 5: 1, 2, 3, 4; ϕ(6) = 2: integers relative prime to 6: 1, 5; ϕ(12) = 4: integers relative prime to 12: 1, 5, 7, 11. ϕ(15) = 8: integers relative prime to 15: 1, 2, 4, 7, 8, 11, 13, 14.

Euler-Fermat theorem and the totient function Euler function ϕ(m) = {i : 0 < i < m, (m, i) = 1} Theorem (Calculating the ϕ(n)) Let the factorization of m be m = p e 1 1 pe 2 2 pe l l. Then l ϕ(m) = m (1 1 ) l = pi i=1 i=1 ( p e i i ) p e i 1 i = l i=1 p e i 1 i (p i 1) Example (Calculating the ϕ(n)) ( ) ϕ(5) = 5 1 1 5 = 4; ( ) ( ) ϕ(6) = 6 1 1 2 1 1 3 = 2; ( ) ( ) ϕ(12) = 12 1 1 2 1 1 3 = 4; ( ) ( )

Euler-Fermat theorem and the totient function Euler-Fermat theorem Theorem (Euler-Fermat) Let m > 1 be an integer, a an integer for which (a, m) = 1. Then a ϕ(m) 1 (mod m). Theorem (Fermat) Let p be a prime, p a. Then a p 1 1 (mod p), or if is an arbitrary integer a then a p a (mod p). (A direct consequence of the E-F thm) Example (Euler Fermat theorem) ϕ(6) = 2 5 2 = 25 1 (mod 6); ϕ(12) = 4 5 4 = 625 1 (mod 12); 7 4 = 2401 1 (mod 12). Caution! 2 4 = 16 4 1 (mod 12), because (2, 12) = 2 1.

Euler-Fermat theorem and the totient function The proof of Euler-Fermat theorem Lemma Let m > 1 be an integer, a 1, a 2..., a m a complete residue system modulo m. Then for each integer a, b, if (a, m) = 1, then a a 1 + b, a a 2 + b..., a a m + b is also a complete residue system. Further, if a 1, a 2,..., a ϕ(m) is a reduced residue system modulo m, then a a 1, a a 2..., a a ϕ(m) is also a reduced residue system. Proof. If i j then aa i + b aa j + b (mod m) aa i aa j (mod m). Since (a, m) = 1, we divide by a: a i a j (mod m). So a a 1 + b, a a 2 + b..., a a m + b are pairwise incongruent. Since we have m different numbers, it is a complete residue system. If (a i, m) = 1, then (a, m) = 1 (a a i, m) = 1. Further a a 1, a a 2..., a a ϕ(m) are pairwise incongruent, their number is ϕ(m) reduced residue system.

Euler-Fermat theorem and the totient function The proof of Euler-Fermat theorem Theorem (Euler-Fermat) (a, m) = 1 a ϕ(m) 1 (mod m). Proof Let a 1, a 2,..., a ϕ(m) be a reduced residue system modulo m. Since (a, m) = 1 a a 1, a a 2..., a a ϕ(m) is also a reduced residue system. Therefore ϕ(m) a ϕ(m) j=1 a j = ϕ(m) j=1 a a j ϕ(m) j=1 a j (mod m) Because ϕ(m) j=1 a j is relative prime to m, we can simplify: a ϕ(m) 1 (mod m)

Euler-Fermat theorem and the totient function Euler-Fermat theorem Theorem (Euler-Fermat) (a, m) = 1 a ϕ(m) 1 (m) Example (E-F theorem) What is the last digit of 3 111 in the decimal number system? What is 3 111 mod 10? ϕ(10) = 4 3 111 = 3 4 27+3 = ( 3 4) 27 3 3 1 27 3 3 = 27 7 (10) Solve the 2x 5 (mod 7) congruence! ϕ(7) = 6. Multiply both sides by 2 5. Then 5 2 5 2 6 x x (mod 7). And now 5 2 5 = 5 32 5 4 = 20 6 (mod 7). Solve the 23x 4 (mod 211) congruence! ϕ(211) = 210. Multiply both sides by 2 209. Then 4 23 209 23 210 x x (mod 211). And now 4 23 209...

Euler-Fermat theorem and the totient function Exponentiation by squaring (fast exponentiation) Let m, a, n be positive integers, m > 1. We would like to calculate efficiently the remainder a n mod m. Write n in the base 2 (binary) numeral system: k n = ε i 2 i = (ε k ε k 1... ε 1 ε 0 ) (2) where ε 0, ε 1,..., ε k {0, 1} i=0 Let n j (0 j k) be the number defined by the first j + 1 digits: n j = n/2 k j = (ε k ε k 1... ε k j+1 ) (2) Then for each j the remainder x j a n j (mod m): n 0 = ε 0 = 1, x 0 = a. n j = 2 n j 1 + ε j { x j = a ε j x xj 1 2 2 mod m = j 1 mod m, if ε j = 0 a ε j xj 1 2 mod m, if ε j = 0 x k = a n mod m. The correctness follows from the following formula (Proof HW): n k ( 2 i ) εi k i

Euler-Fermat theorem and the totient function Fast exponentiation Example (Fast exponentiation) How much is 3 111 mod 10? (Euler-Fermat 7) 111 (10) = 1101111 (2) here k = 6, a = 3. j n j x j = a ε j xj 1 2 x j mod 10 0 1 3 1 1 x 1 = 3 3 2 7 2 0 x 2 = 7 2 9 3 1 x 3 = 3 9 2 3 4 1 x 4 = 3 3 2 7 5 1 x 5 = 3 7 2 7 6 1 x 6 = 3 7 2 7

209 Discrete mathematics I - Number theory Euler-Fermat theorem and the totient function Fast exponentiation Example (Lin.cong. with fast exponentiation) Let us solve the congruence 23x 4 (mod 211). Euler-Fermat x 4 23 209... (mod 211). How much is 23 209 mod 211? 209 (10) = 11010001 (2) itt k = 7, a = 23. j n j x j = a ε j xj 1 2 x j mod 211 0 1 23 1 1 x 1 = 23 23 2 140 2 0 x 2 = 140 2 188 3 1 x 3 = 23 188 2 140 4 0 x 4 = 140 2 188 5 0 x 5 = 188 2 107 6 0 x 6 = 107 2 55 7 1 x 6 = 23 55 2 156

The multiplicative group Generators Theorem (Generating the multiplicative group) Let p be a prime. Then in Z p there exists a generator (primitive root), i.e. there is an integer 1 < g < p, which yields every reduced congruence class when raised to different powers of integer: {g 0 = 1, g, g 2,..., g p 1 } = Z p, i.e. {1 = g 0, g mod p, g 2 mod p,..., g p 1 mod p} = {1, 2,..., p 1}. Example (3 is a generator modulo 7) 3 1 = 3 = 3 0 3 1 3 = 3 3 mod 7 3 2 = 9 = 3 1 3 3 3 = 9 2 mod 7 3 3 = 27 = 3 2 3 2 3 = 6 6 mod 7 3 4 = 81 = 3 3 3 6 3 = 18 4 mod 7 3 5 = 243 = 3 4 3 4 3 = 12 5 mod 7 3 6 = 729 = 3 5 3 5 3 = 15 1 mod 7

The multiplicative group Generator Example (2 mod 11 and mod 7) 2 is a generator modulo 11 n 1 2 3 4 5 6 7 8 9 10 2 n mod 11 2 4 8 5 10 9 7 3 6 1 2 is not a generator modulo 7 n 1 2 3 4 5 6 2 n mod 7 2 4 1 2 4 1

Discrete logarithm Discrete logarithm Definition (Discrete logarithm) Let p be a prime, g a generator modulo p. Then the a Z: (p a) g base discrete logarithm (or index) of a is: log g a = n : a g n mod p, 0 n < p 1. Example (3 is a gen. mod 7) n 1 2 3 4 5 6 3 n 3 2 6 4 5 1 3 n 3 2 6 4 5 1 n 1 2 3 4 5 6 Example (Discrete logarithm) a 3 2 6 4 5 1 log 3 a 1 2 3 4 5 6 a 1 2 3 4 5 6 log 3 a 6 2 1 4 5 3

Discrete logarithm Discrete logarithm Example (a) 2 is a generator modulo 11 n 1 2 3 4 5 6 7 8 9 10 2 n mod 11 2 4 8 5 10 9 7 3 6 1 Table of logarithms: a 1 2 3 4 5 6 7 8 9 10 log 2 a 10 1 8 2 4 9 7 3 6 2 Theorem (Properties of the discrete logarithm) Let p be a prime, g a generator p, 1 a, b < p, n Z. Then log g (a b) log g a + log g b (mod p 1) n

Applications Applications Field of applications of number theory: Cryptography encryption of messages; digital signatures; authentication and authorization, Code theory

Applications Caesar cipher (code) Julius Caesar communicated with his soldiers using the following cipher: Let us match the letters of the (English) alphabet with the set {0, 1,..., 25} : a 0 b 1 c 2. z 25 Example (Caesar - Rot13) Encryption key s {0, 1,..., 25}. Encryption For a {0, 1,..., 25} encrypt a using the a a + s mod 26 map. The encryption is letter-wise. Decryption For b {0, 1,..., 25} decrypt b using the b a s mod 26 map. Decryption is letter-wise. Encryption of hello using s = 13 as the key: hello 7 4 11 11 14 encryption 20 17 24 24 1 uryyb

Applications Caesar cipher (code) For the key s = 13 we have: Rot13. Encryption and decryption is done with the same key: 13 13 (mod 26). This cipher is not secure: it can be cracked by analyzing the frequency of occurrence of letters (al-kindi 9 century a.d. ) If we use a different (random) keys at different positions in the message security is mathematically proven. In practice: One Time Pad OTP Message: binary form: m = 100100101 Key: binary sequence: s = 010110110 Encryption: bitwise XOR (mod2 addition): m = 100100101 XOR s = 010110110 c = 110010011

RSA Applications Ron Rivest, Adi Shamir and Leonard Adleman suggested the following method in 1977: RSA encryption Generating the keys: Let p, q be two (big, ~1024 bit) primes, n = p q. Let e {1,..., ϕ(n)}, so that (e, ϕ(n)) = 1. Let d be the solution of the congruence ex 1 (mod ϕ(n)). Keys: public key (n, e) and private (secret) key d. Encryption of the message 0 m < n: c = m e mod n. Decryption for an encrypted message 0 c < n: m = c d mod n. Correctness of the algorithm E-F

RSA Applications Actually m just a key for another encryption. The procedure is secure, because we can not efficiently factorize the n = p q product. Problem Find the divisors of the following numbers. RSA-100 = 5226050279225333605356183781326374297180681149613806886 57908494580122963258952897654000350692006139 RSA-2048 = 2519590847565789349402718324004839857142928212620403202777713783604366202070759 5556264018525880784406918290641249515082189298559149176184502808489120072844992 6873928072877767359714183472702618963750149718246911650776133798590957000973304 5974880842840179742910064245869181719511874612151517265463228221686998754918242 2433637259085141865462043576798423387184774447920739934236584823824281198163815

Applications RSA Factorization of RSA-2048: Trial-division (the sieve of Eratosthenes): for a number n about n divisions are needed: RSA-2048 2 2048, 2 1024 divisions. For 10 9 2 30 divisions per second 2 1024 /2 30 = 2 994 seconds are needed to factorise. 2 994 seconds 2 969 years. The same with 2 computers: 2 968 years. The same with the best (known) algorithm: 2500000000000000000000000000000 years (= 2, 5 10 30 ) The age of the universe: 1, 38 10 10 years.

e and d change rolls (Separate keys are needed for encryption): Discrete mathematics I - Number theory RSA Applications Example (RSA) Generating the keys: Let p = 61, q = 53 and n = 61 53 = 3233, ϕ(3233) = 3120. Let e = 17. Using the extended euclidean algorithm: d = 2753 Public key: (n = 3233, e = 17); Private (secret) key: d = 2753. Encryption: Let m = 65. c = 2790 65 17 (mod 3233) Decryption: If c = 2790: 2790 2753 65 (mod 3233) Digital signature

Applications Diffie-Hellman key exchange protocol The first public key cryptography system was developed by Whitfield Diffie and Martin Hellman, and published in 1976. Alice Bob chooses: a R {0, 1,..., p 2} chooses: b R {0, 1,..., p 2} g a g b calculates: (g b) a calculates: (g a ) b common key: g ab common key: g ab Public parameters: p (large) prime, g generator modp. Keys: Alice s private key a: 1 a < p 1, public key g a mod p Bob s private key b: 1 a < p 1, public key g b mod p

Applications Diffie-Hellman key exchange protocol The protocol is secure, because calculating the discrete logarithm is hard. If p 2 2048 (2048 bits), calculating the discrete logarithm takes 10 30 years. Example (Diffie-Hellman) Public parameters: Let p = 11, g = 2. Keys: Alice s private key a = 4, public key 2 4 mod p = 5 Bob private key b = 8, public key 2 8 mod p = 3 ( Common key: g b) a = 3 4 mod p = 4, (g a ) b = 5 8 mod = 4.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback