Number Theory Alex X. Liu & Haipeng Dai

Similar documents
2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Number Theory. Modular Arithmetic

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

Chapter 9 Basic Number Theory for Public Key Cryptography. WANG YANG

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Numbers. Çetin Kaya Koç Winter / 18

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

Basic elements of number theory

Basic elements of number theory

Discrete Mathematics with Applications MATH236

CHAPTER 3. Congruences. Congruence: definitions and properties

ECE596C: Handout #11

Number Theory and Algebra: A Brief Introduction

Some Facts from Number Theory

A Few Primality Testing Algorithms

CSC 474 Information Systems Security

Introduction to Public-Key Cryptosystems:

Applied Cryptography and Computer Security CSE 664 Spring 2018

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Practice Number Theory Problems

CPSC 467b: Cryptography and Computer Security

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

MTH 346: The Chinese Remainder Theorem

Introduction to Number Theory 1. c Eli Biham - December 13, Introduction to Number Theory 1

Number Theory Proof Portfolio

1 Overview and revision

Chapter 8. Introduction to Number Theory

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Mathematics for Cryptography

Congruence of Integers

The Chinese Remainder Theorem

MATH 3240Q Introduction to Number Theory Homework 4

The security of RSA (part 1) The security of RSA (part 1)

ECEN 5022 Cryptography

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Chapter 5. Modular arithmetic. 5.1 The modular ring

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Lecture 7 Number Theory Euiseong Seo

Lecture 4: Number theory

Lecture 11 - Basic Number Theory.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Number Theory Homework.

Notes on Primitive Roots Dan Klain

1. multiplication is commutative and associative;

Introduction to Information Security

The Chinese Remainder Theorem

Elementary Number Theory MARUCO. Summer, 2018

A SURVEY OF PRIMALITY TESTS

Public-key Cryptography: Theory and Practice

The Chinese Remainder Theorem

CPSC 467: Cryptography and Computer Security

Number Theory. Zachary Friggstad. Programming Club Meeting

4.4 Solving Congruences using Inverses

Wilson s Theorem and Fermat s Little Theorem

CMPUT 403: Number Theory

MATH 310: Homework 7

Chinese Remainder Theorem

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Math From Scratch Lesson 20: The Chinese Remainder Theorem

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

(a) 14 and 42 (b) 33 and 18 (c) 45 and 108 (d) 24 and 2039, given that 2039 is a prime number

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

CSE 521: Design and Analysis of Algorithms I

Carmen s Core Concepts (Math 135)

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Coding Theory ( Mathematical Background I)

A Guide to Arithmetic

Congruences and Residue Class Rings

Lecture 3.1: Public Key Cryptography I

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Homework #2 solutions Due: June 15, 2012

I Foundations Of Divisibility And Congruence 1

Part II. Number Theory. Year

Mathematical Foundations of Public-Key Cryptography

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Part IA Numbers and Sets

13.1 Modular Arithmetic & Number Theory

Elementary Number Theory Review. Franz Luef

SEVENTH EDITION and EXPANDED SEVENTH EDITION

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Number Theory. Raj Jain. Washington University in St. Louis

Transcription:

Number Theory Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University

How to compute gcd(x,y) Observation: gcd(x,y) = gcd(x-y, y) = gcd(x-2y, y) =. Suppose x>y, x=ky+d where d<y, thus gcd(x,y)=gcd(ky+d, y)=gcd(ky+d-ky, y)=gcd(d,y) Euclid s Algorithm: integer euclid(pos. integer m, pos. integer n) x = m, y = n while(y > 0) r = x mod y x = y y = r return x 2

How to compute gcd(x,y) Euclid s Algorithm: r -2 x, r -1 y, u -2 1, v -2 0, u -1 0, v -1 1 //Note that this makes r n =u n x+v n y for n=-2 and n=-1 n 0 while r n-1 0 do r n r n-2 mod r n-1, q n r n-2 / r n-1, // r n-2 = q n r n-1 + r n ; so, u n-2 x+v n-2 y= q n (u n-1 x+v n-1 y)+ r n ; end // So, (u n-2 -q n u n-1 )x+(v n-2 -q n v n-1 )y= r n u n u n-2 -q n u n-1, v n v n-2 -q n v n-1, n n+1 return gcd(a, b)= r n-2 3

Euclid s Algorithm Example Compute gcd(408, 595) 595/408 = 1 remainder 187 408/187 = 2 remainder 34 187/34 = 5 remainder 17 34/17 = 2 remainder 0 n q n r n u n v n -2 408 1 0-1 595 0 1 0 0 408 1 0 1 1 187-1 1 2 2 34 3-2 3 5 17-16 11 4 2 0 35-24 Hence gcd(408, 595)= r 3 =17=-16 408+11 595 4

Finding Multiplicative Inverses Compute the multiplicative inverse a -1 mod n It is equivalent to find a number u such that ua = 1 mod n In other words, there is an integer v such that ua + vn = 1 Using Euclid s algorithm, we can compute gcd(a, n) to find u and v such that ua + vn = 1 Fact: a and n are relatively prime iff there are integers u and v such that ua + vn=1. Proof: If gcd(a,n)=1, then we can find u and v such that ua + vn = 1 according to Euclid s algorithm. If gcd(a, n)=m>1, suppose a=km, n=k m, then for any integers u and v, ua+vn = ukm+vk m=(uk+vk )m>1. 5

Group A group, denoted by (G, ), is a set G with a binary operation : G G G such that Associativity: a (b c) = (a b) c (associative) Existence of identity: there exists e G s.t. x G, e x = x e = x (identity) Existence of inverse: for any x G, there exists y G s.t. x y = y x = e (inverse) A group (G, ) is commutative if x, y G, x y = y x. Examples: (Z, +), (Q, +), (Q\{0}, ), (R, +), (R\{0}, ) 6

Integers modulo n (1/2) Let n 2 be an integer Definition: a is congruent to b modulo n, denoted as a b mod n, if n (a-b), i.e., a and b have the same remainder when divided by n Definition: [a] n = {all integers congruent to a modulo n} [a] n is called a residue class modulo n, and a is a representative of that class. 7

Integers modulo n (2/2) [a] n = [b] n if and only if a b mod n There are exactly n residue classes modulo n: [0], [1], [2],, [n-1]. If x [a] and y [b], then x+y [a+b] and x y [a b]. Addition and multiplication for residue classes: [a]+[b] = [a+b] [a] [b] = [a b] 8

Z n (1/2) Define Z n ={[0], [1], [2],, [n-1]}. Or, more conveniently, Z n ={0, 1, 2,, n-1}. (Z n,+) forms a commutative additive group Associavitivity: for a, b, c Z n, [a]+([b]+[c]) = [a]+[b+c]=[a+b+c]=[a+b]+[c]=([a]+[b])+[c] Existence of identity: 0 is the identity element. Existence of inverse: the inverse of a, denoted by a, is n-a. Communitivity: for a, b Z n, [a]+[b] = [b]+[a] When doing addition/subtraction in Z n, just do the regular addition/subtraction and then compute the result modulo n. In Z 10, 5+9=4 9

Z n (2/2) (Z n, ) is not a group, because 0-1 does not exist. Even if we exclude 0 and consider only Z n+ = Z n \{0}, (Z n+, ) is not necessarily a group; some a -1 may not exist. For a Z n, a -1 exists if and only if gcd(a, n)=1 gcd(a, n) = 1 there exists integers x and y s.t. ax + ny = 1 [a][x] + [n][y] = [1] in Z n [a][x] = [1] in Z n [a] -1 = [x] in Z n 10

Z n * (1/2) Let Z n * = {a Z n : gcd(a, n) = 1}. Theorem: Z n * is closed under multiplication mod n Proof: This means if a and b are in Z n *, then ab mod n is in Z n * Since a and b are relatively prime to n, there are integers u a, v a, u b, and v b such that u a a + v a n = 1 and u b b + v b n = 1 Multiply these two equations (u a u b )ab+(u a v b a+v a u b b+v a v b n)n = 1 Hence ab mod n is in Z n * 11

Z n * (2/2) (Z n *, ) is a commutative multiplicative group. Associativity: for a, b, c Z n *, (a b) c = abc mod n=a (b c). Existence of identity: 1 is the identity element. Existence of inverse: the inverse of a, denoted as a -1, can be computed by the Euclid s algorithm. Commutativity: for a, b Z n *, a b = ab mod n=b a. For example, Z 12 *={1, 5, 7, 11}. 5 7 = 35 mod 12 = 11 How many elements are there in Z n *? Euler s totient function: Facts: φ(n) = Z n * = {a Z n : gcd(a, n) = 1} φ(p) = (p-1) for prime p. φ(pq) = φ(p)φ(q) if gcd(p, q)=1 12

Euler s Theorem Theorem: For all a in Z n *, a φ(n) = 1 mod n Proof: Let Z n * ={x 1, x 2,, x k } and y = x 1 x 2 x k mod n Since Z n * is closed under multiplication, y is in Z n * and it has an inverse y -1 Multiply each element of Z n * by a Z={ax 1 mod n, ax 2 mod n,, ax k mod n} How to prove Z=Z n *? Hint: Prove ax i mod n ax j mod n (1 i j k) Since Z=Z n *, ax 1 ax 2 ax k mod n = x 1 x 2 x k mod n = y Also ax 1 ax 2 ax k mod n = a φ(n) x 1 x 2 x k =a φ(n) y, Thus a φ(n) y = y mod n Since y has an inverse y -1, we have a φ(n) = 1 mod n Fermat s theorem: If p is a prime and 0<a<p, a p-1 = 1 mod n 13

Chinese Remainder Theorem (1/6) One of the most useful results in number theory Discovered by Chinese mathematician Sun-Tzu in 400~500 A.D. Problem: we have a number of things, but we do not know exactly how many. If we count them by threes we have two left over. If we count them by fives we have three left over. If we count them by sevens we have two left over. How many things are there? Formally: if x 2 mod 3, x 3 mod 5, x 2 mod 7, x =? It is used to speed up modulo computations If working modulo a product of numbers eg. mod M = m 1 m 2..m k Chinese Remainder Theorem lets us work in each moduli m i separately when they are pair wise relatively prime Since computational cost is proportional to size, this is faster than working in the full modulus M 14

Chinese Remainder Theorem (2/6) To compute A(mod M)where M=m 1 m 2... m k 1. compute all a i = A mod m i separately 2. determine constants c i below, where M i = M/m i 3. then combine results to get answer using: 15

Chinese Remainder Theorem (3/6) Let M=m 1 m 2 m k, where the m i are pairwise relatively prime, i.e., gcd(m i, m j ) =1 (1 i j k), we can represent any integer A in Z M by a k- tuple whose elements are in Z mi using the following correspondence: A (a 1, a 2,, a k ) where A Z M, a i Z mi, and a i =A mod m i (1 i k) 16

Chinese Remainder Theorem (4/6) Assertion 1: A (a 1, a 2,, a k ) is an one-to-one mapping, called a bijection, between Z M and Z m1 Z m2 Z mk. Proof: (1) A (a 1, a 2,, a k ) is obviously unique, i.e., each is a i uniquely calculated as a i =A mod m i (2) (a 1, a 2,, a k ) A can be done as follows. Let M i =M/m i (1 i k). Note: M i =m 1 m 2 m i-1 m i+1 m k Thus, M i 0 (mod m j ) for all j i. Let c i = M i (M i -1 mod m i ) (1 i k) Because M i is relatively prime to m i, it has a unique multiplicative inverse mod m i. Thus c i is unique. k We compute: A aici (mod M ) i= 1 To show the above equation is correct, we must show A=a i mod m i (1 i k). This is true because c j M j 0 (mod m i ) for all j i and c i 1 (mod m i ) 17

Chinese Remainder Theorem (5/6) Assertion 2: Operations in Z M can be performed individually in each Z mi. If A (a 1, a 2,, a k ) B (b 1, b 2,, b k ) Then A±B mod M (a 1 ±b 1 mod m 1,, a k ±b k mod m k ) A B mod M (a 1 b 1 mod m 1,, a k b k mod m k ) A B mod M (a 1 b 1 mod m 1,, a k b k mod m k ) 18

Chinese Remainder Theorem (6/6) x = 1 mod 3 x = 6 mod 7 x = 8 mod 10 By the Chinese remainder theorem, the solution is M= m 1 m 2 m 3 =3 7 10=210 M 1 = M/m 1 =210/3=70, M 2 = M/m 2 =210/7=30, M 3 = M/m 3 =210/10=21 x = 1 70 (70-1 mod 3)+6 30 (30-1 mod 7)+8 21 (21-1 mod 10) = 1 70 (1-1 mod 3)+6 30 (2-1 mod 7)+8 21 (1-1 mod 10) = 1 70 1+6 30 4+8 21 1 mod 210 = 958 mod 210 = 118 mod 210 19

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback