Mathematics for Cryptography

Similar documents
Public-key Cryptography: Theory and Practice

LECTURE NOTES IN CRYPTOGRAPHY

Chapter 5. Modular arithmetic. 5.1 The modular ring

Introduction to Information Security

Basic elements of number theory

Basic elements of number theory

Finite Fields. Mike Reiter

Number Theory and Group Theoryfor Public-Key Cryptography

Chapter 4 Finite Fields

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Math 2070BC Term 2 Weeks 1 13 Lecture Notes

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Foundations of Cryptography

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

A. Algebra and Number Theory

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

ECEN 5022 Cryptography

4 Powers of an Element; Cyclic Groups

Elementary Number Theory Review. Franz Luef

Number Theory and Algebra: A Brief Introduction

Part II. Number Theory. Year

5 Group theory. 5.1 Binary operations

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

MATH 420 FINAL EXAM J. Beachy, 5/7/97

Name: Solutions Final Exam

Summary Slides for MATH 342 June 25, 2018

MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Congruences and Residue Class Rings

K. Ireland, M. Rosen A Classical Introduction to Modern Number Theory, Springer.

Discrete Mathematics with Applications MATH236

Mathematical Foundations of Cryptography

Applied Cryptography and Computer Security CSE 664 Spring 2018

4 PRIMITIVE ROOTS Order and Primitive Roots The Index Existence of primitive roots for prime modulus...

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Number Theory. Modular Arithmetic

Elementary Number Theory MARUCO. Summer, 2018

A Generalization of Wilson s Theorem

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

3 The fundamentals: Algorithms, the integers, and matrices

Chapter 3. Rings. The basic commutative rings in mathematics are the integers Z, the. Examples

INTRODUCTION TO THE GROUP THEORY

CPSC 467: Cryptography and Computer Security

RINGS: SUMMARY OF MATERIAL

M381 Number Theory 2004 Page 1

Algebraic structures I

The Chinese Remainder Theorem

CPSC 467b: Cryptography and Computer Security

Computations/Applications

Finite Fields. Sophie Huczynska. Semester 2, Academic Year

Numbers. Çetin Kaya Koç Winter / 18

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

0 Sets and Induction. Sets

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Definition List Modern Algebra, Fall 2011 Anders O.F. Hendrickson

CHAPTER I. Rings. Definition A ring R is a set with two binary operations, addition + and

Math 547, Exam 1 Information.

TC10 / 3. Finite fields S. Xambó

Introduction to finite fields

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Dirichlet Characters. Chapter 4

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

NOTES ON FINITE FIELDS

CSIR - Algebra Problems

ABSTRACT ALGEBRA MODULUS SPRING 2006 by Jutta Hausen, University of Houston

Finite Fields. Sophie Huczynska (with changes by Max Neunhöffer) Semester 2, Academic Year 2012/13

Groups in Cryptography. Çetin Kaya Koç Winter / 13

MATH 361: NUMBER THEORY FOURTH LECTURE

4 Number Theory and Cryptography

φ(xy) = (xy) n = x n y n = φ(x)φ(y)

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Course 2316 Sample Paper 1

Part IA Numbers and Sets

Factorization in Polynomial Rings

NOTES ON SIMPLE NUMBER THEORY

ϕ : Z F : ϕ(t) = t 1 =

SUMMARY OF GROUPS AND RINGS GROUPS AND RINGS III Week 1 Lecture 1 Tuesday 3 March.

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

A Few Primality Testing Algorithms

A Guide to Arithmetic

Lecture 14: Hardness Assumptions

2 ALGEBRA II. Contents

Reducibility of Polynomials over Finite Fields

Background Material in Algebra and Number Theory. Groups

2. THE EUCLIDEAN ALGORITHM More ring essentials

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Introduction to Number Theory

PROBLEMS ON CONGRUENCES AND DIVISIBILITY

Elementary Number Theory. Franz Luef

Chapter 4. Characters and Gauss sums. 4.1 Characters on finite abelian groups

Chapter 4 Mathematics of Cryptography

May 6, Be sure to write your name on your bluebook. Use a separate page (or pages) for each problem. Show all of your work.

Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition. Todd Cochrane

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

MATH 3330 ABSTRACT ALGEBRA SPRING Definition. A statement is a declarative sentence that is either true or false.

Supplement. Dr. Bob s Modern Algebra Glossary Based on Fraleigh s A First Course on Abstract Algebra, 7th Edition, Sections 0 through IV.

LEGENDRE S THEOREM, LEGRANGE S DESCENT

Transcription:

Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1 Modular Arithmetic 1.1 Definition (congruences). Suppose a and b are integers, and m is a positive integer. Then we write a b (mod m) if m divides b a. The phrase a b (mod m) is called a congruence, and it is read as a is congruent to b modulo m. The integer m is called the modulus. 1.2 Definition (modular reduction). Suppose we divide a and b by m, obtaining integer quotients and remainders, where the remainders are between 0 and m 1. That is, a = q 1 m + r 1 and b = q 2 m + r 2, where 0 r 1 m 1 and 0 r 2 m 1. Then it is not difficult to see that a b (mod m) if and only if r 1 = r 2. We will use the notation a mod m (without parentheses) to denote the remainder when a is divided by m, i.e., the value r 1 above. Thus a b (mod m) if and only if a mod m = b mod m. If we replace a by a mod m, we say that a is reduced modulo m. 1.3 Example. To compute 101 mod 7, we write 101 = 7 14 + 3. Since 0 3 6, it follows that 101 mod 7 = 3. As another example, suppose we want to compute ( 101) mod 7. In this case, we write 101 = 7 ( 15) + 4. Since 0 4 6, it follows that ( 101) mod 7 = 4. 1.4 Remark. Some computer programming languages define a mod m to be the remainder in the range m + 1,..., m 1 having the same sign as a. For example, ( 101) mod 7 would be 3, rather than 4 as we defined it above. But for our purposes, it is much more convenient to define a mod m always to be non-negative. 1.5 Definition (arithmetic modulo m). We now define arithmetic modulo m: Z m is the set {0,..., m 1}, equipped with two operations, + and. Addition and multiplication in Z m work exactly like real addition and multiplication, except that the results are reduced modulo m. 1.6 Example. Suppose we want to compute 11 13 in Z 16. As integers, we have 11 13 = 143. Then we reduce 143 modulo 16 as described above: 143 = 8 16 + 15, so 143 mod 16 = 15, and hence 11 13 = 15 in Z 16. 1

1.2 Groups 1.7 Definition (group). A group is a pair G = (X, ), where X is a set and is a binary operation defined on X, that satisfies the following properties: The operation is associative, i.e., (a b) c = a (b c) for any a, b, c X. There is an element id X called the identity, such that a id = id a = a for any a X. For every a X, there exists an element b X called the inverse of a, such that a b = b a = id. 1.8 Definition. A group G = (X, ) is abelian if the the operation is commutative, i.e., a b = b a for any a, b X. 1.9 Definition. A group G = (X, ) is finite if X is a finite set. 1.10 Definition. The order of a finite group G = (X, ), denoted ord(g), is equal to X. 1.11 Remark. For notational convenience, most group operations are written as multiplication or addition. If the group operation is multiplication, then the identity is usually denoted by 1 and the inverse of a by a 1. If the group operation is addition, then the identity is usually denoted by 0 and the inverse of a by a. 1.12 Example (the additive group Z n ). Let n 2 be an integer. Then (Z n, +) is a finite abelian group of order n, where + denotes addition modulo n. The identity element is 0, and the inverse of a, usually denoted a, is ( a) mod n. 1.13 Example (the multiplicative group Z p ). Let p 2 be a prime. Define Z p = Z p \{0}. Then (Z p, ) is a finite abelian group of order p 1, where denotes multiplication modulo p. The identity element is 1, and the inverse of a, usually denoted a 1, is computed using the Extended Euclidean algorithm (see Theorem 1.52). 1.14 Definition. For an integer n 2, φ(n) denotes the number of positive integers less than n that are relatively prime to n. 1.15 Theorem. φ(n) can be computed from the following formula: suppose that n has prime power factorization l e n = p i i (i.e., the p i s are distinct primes and e i 1 for 1 i l). Then φ(n) = i=1 l e p i 1 i (p i 1) = i=1 l ( e pi i e p i 1 ) i. 1.16 Example (the multiplicative group Z n ). This example generalizes Example 1.12. Let n 2 be an integer. Define Z n = Z n \{d Z n : gcd(d, n) > 1}. Then (Z n, ) is a finite abelian group where denotes multiplication modulo n. The identity element is 1, and the inverse of a, usually denoted a 1, is computed using the Extended Euclidean algorithm (see Theorem 1.52). The order of (Z n, ) is equal to φ(n). 2 i=1

1.17 Example. The RSA Cryptosystem is constructed using the group Z n, where n = pq and p and q are distinct odd primes. For such an integer n, the order of (Z n, ) is equal to (p 1)(q 1). 1.18 Example (matrices with non-zero determinant). Let n 2. The set of n n matrices with entries from Z p (where p is prime) having non-zero determinant is a multiplicative group. The identity is the n n matrix with 1s on the diagonal and 0s elsewhere. This is a non-abelian group, since matrix multiplication is not commutative. 1.19 Example (elliptic curves). Let p > 3 be prime. An elliptic curve is the set of solutions (x, y) Z p Z p to the congruence y 2 x 3 + ax + b (mod p), where a, b Z p are constants such that 4a 3 +27b 2 0 (mod p), together with a special point O called the point at infinity. Suppose we denote the set of points on the elliptic curve by E. It is possible to define an addition operation on E so that (E, +) is an abelian group. Addition is defined as follows (where all arithmetic operations are performed in Z p ): Suppose P = (x 1, y 1 ) and Q = (x 2, y 2 ) are points on E. If x 2 = x 1 and y 2 = y 1, then P + Q = O; otherwise P + Q = (x 3, y 3 ), where and x 3 = λ 2 x 1 x 2 and y 3 = λ(x 1 x 3 ) y 1, λ = Finally, define P + O = O + P = P for all P E. { (y 2 y 1 )(x 2 x 1 ) 1, if P Q (3x 1 2 + a)(2y 1 ) 1, if P = Q. 1.3 Orders of Group Elements 1.20 Definition (orders of group elements). For a finite group (X, ), define the order of an element a X (denoted ord(a)) to be the smallest positive integer m such that a} a {{ a} = id. m If the group operation is written multiplicatively, then a a a }{{} m is written as an exponentiation, a m. If the group operation is written additively, then the same expression is written as a multiplication, ma. The identity element is defined to have order 1. 1.21 Theorem. For a finite group (X, ), the order of any a X divides the order of the group, i.e., ord(a) ord(g). 1.22 Theorem. For a finite group (X, ) and for any a X, the order of b = a i is ord(b) = ord(a) gcd(ord(a), i). (Here, for concreteness, we assume that the group operation is written multiplicatively.) 1.23 Example. If ord(a) = 100 and b = a 35, then ord(b) = 100 gcd(100, 35) = 100 5 = 20. 1.24 Theorem. If ord(a) = i, then a 1 = a i 1. More generally, a i = a j if and only if i j (mod ord(a)). 3

1.4 Cyclic Groups and Primitive Elements 1.25 Definition (cyclic group). A finite abelian group (X, ) is a cyclic group if there exists an element a X having order equal to X. Such an element is called a generator of the group. 1.26 Example. Let n 2 be an integer. Then (Z n, +) is a cyclic group, and 1 is a generator. Further, an element a Z n is a generator of (Z n, +) if and only if gcd(a, n) = 1. The number of generators of (Z n, +) is φ(n). 1.27 Example. Let p 2 be a prime. Then (Z p, ) is cyclic group, and a generator of this group is called a primitive element. 1.28 Theorem. (Z n, ) is cyclic group if and only if n = 2, 4, p k or 2p k, where p is an odd prime and k is a positive integer. 1.29 Theorem. α Z p is a primitive element if and only if for all primes q such that q (p 1). α (p 1)/q 1 (mod p) 1.30 Remark. Using Theorem 1.29, it is simple to test whether a given element α Z p is a primitive element (where p is an odd prime) provided that the factorization of p 1 is known. 1.31 Example. Suppose p = 13 and α = 2. The factorization of 12 into prime powers is 12 = 2 2 3 1. Therefore, to verify that 2 is a primitive element modulo 13, it is sufficient to check that 2 6 1 (mod 13) and 2 4 1 (mod 13). This is much faster than checking all 12 powers of α. 1.32 Theorem. The number of generators of (Z p, ) is φ(p 1) = φ(φ(p)). 1.5 Subgroups and Cosets 1.33 Definition (subgroup). Suppose G = (X, ) is a finite group and Y X. We say that H = (Y, ) is a subgroup of G if H is also a (finite) group. 1.34 Theorem. Suppose G = (X, ) is a finite group and Y X. Then H = (Y, ) is a subgroup of G if and only if it is closed. 1.35 Definition (coset). Suppose H = (Y, ) is a subgroup of the group G = (X, ). For any a X, define the right coset Y a as follows: Also, define the left coset ay as follows: Y a = {y a : y Y }. ay = {a y : y Y }. 1.36 Theorem. Suppose H = (Y, ) is a subgroup of G = (X, ). Then, Y a = Y for all a. Furthermore, two right cosets Y a and Y a (or two left cosets ay and a Y ) are either identical or disjoint. 1.37 Corollary. A group X can be partitioned into right (or left) cosets of any subgroup Y. 4

1.38 Theorem (Lagrange s Theorem). Suppose H = (Y, ) is a subgroup of the finite group G = (X, ). Then ord(h) divides ord(g). 1.39 Definition. Suppose that G = (X, ) is a finite group and y X. Define a = {a i : i 0}. 1.40 Remark. It is easy to see that ( a, ) is a cyclic subgroup of (X, ) and ord( a ) = ord(a). We say that ( a, ) is the subgroup generated by a. Lagrange s Theorem therefore shows that ord(a) ord(g), as stated previously in Theorem 1.21. 1.6 Group Isomorphisms and Homomorphisms 1.41 Definition. Two groups G = (X, ) and H = (Y, ) are isomorphic if there exists a bijection ϕ : X Y such that ϕ(a a ) = ϕ(a) ϕ(a ) for all a, a X. 1.42 Theorem. Any two cyclic groups of the same order n are isomorphic. 1.43 Corollary. If G = (X, ) is any finite group, and a X, then ( a, ) is isomorphic to (Z ord(a), +). 1.44 Definition. A homomorphism from a group G = (X, ) to a group H = (Y, ) is a mapping ϕ : X Y such that ϕ(a a ) = ϕ(a) ϕ(a ) for all a, a X. 1.45 Remark. A homomorphism ϕ from a group G = (X, ) to a group H = (Y, ) is an isomorphism if and only if it is a bijection from X to Y. 1.7 Quadratic Residues 1.46 Definition (quadratic residue). Suppose p is an odd prime and a is an integer. a is defined to be a quadratic residue modulo p if a 0 (mod p) and the congruence y 2 a (mod p) has a solution y Z p. a is defined to be a quadratic non-residue modulo p if a 0 (mod p) and a is not a quadratic residue modulo p. 1.47 Definition (Legendre symbol). Suppose p is an odd prime. For any integer a, define the Legendre symbol ( a p) as follows: ( ) a = p 0 if a 0 (mod p) 1 if a is a quadratic residue modulo p 1 if a is a quadratic non-residue modulo p. 1.48 Theorem. Suppose p is an odd prime. Then ( ) a = a (p 1)/2 mod p. p 1.49 Remark. Suppose p is an odd prime. Then the mapping a ( a p) is a homomorphism from (Z p, ) to ({1, 1}, ). 1.50 Theorem. Suppose p 3 (mod 4) is prime and suppose y is a quadratic residue modulo p. Then the two square roots of y modulo p are ±y (p+1)/4. 5

1.8 Euclidean Algorithm 1.51 Algorithm (Euclidean algorithm). The Euclidean algorithm computes the greatest common divisor of two positive integers, say a and b. The algorithm sets r 0 to be a and r 1 to be b, and performs the following sequence of divisions: r 0 = q 1 r 1 + r 2, 0 < r 2 < r 1 r 1 = q 2 r 2 + r 3, 0 < r 3 < r 2.... r m 2 = q m 1 r m 1 + r m, 0 < r m < r m 1 r m 1 = q m r m. The algorithm terminates when a division yields a remainder of 0. The last nonzero remainder, r m, is the greatest common divisor of a and b. 1.52 Algorithm (Extended Euclidean algorithm). Given two integers a and b, the Extended Euclidean algorithm computes integers s and t such that as + bt = gcd(a, b). 1.53 Theorem (multiplicative inverses in Z n ). Let n 2. A multiplicative inverse a 1 mod n exists if and only if gcd(a, n) = 1. In this case, given inputs a and n, the Extended Euclidean algorithm will compute integers s and t such that as + nt = 1. Then a 1 s (mod n). 1.54 Theorem (linear congruences mod n). Suppose gcd(a, n) = 1. Then the linear congruence ax c (mod n) has a unique solution modulo n, given by the formula x a 1 c (mod n). 1.55 Theorem (linear congruences mod n). Suppose gcd(a, n) = d > 1. If c 0 (mod d), then the linear congruence ax c (mod n) has no solutions. If c 0 (mod d), then the linear congruence ax c (mod n) is equivalent to linear congruence a x c (mod n ), where a = a/d, c = c/d and n = n/d. This congruence has a unique solution modulo n by Theorem 1.54, say x = x 0 mod n. The original congruence has d solutions modulo n, namely, x = x 0 + in mod n, for 0 i d 1. 1.56 Definition. A finite continued fraction is an m-tuple of non-negative integers, say which is shorthand for the following expression: q 1 + [q 1,..., q m ], 1 1. q 2 + q 3 + + 1 qm 1.57 Remark. Continued fractions can be obtained from the sequence of quotients in the Euclidean algorithm. 1.58 Example. We compute the continued fraction expansion of 34/99. The Euclidean algorithm proceeds as follows: 34 = 0 99 + 34 99 = 2 34 + 31 34 = 1 31 + 3 31 = 10 3 + 1 3 = 3 1. The continued fraction expansion of 34/99 is [0, 2, 1, 10, 3], 6

1.59 Definition. The convergents of a finite continued fraction [q 1,..., q m ] are the values defined by the continued fractions [q 1,..., q i ], for 1 i m. 1.60 Example. The convergents of the continued fraction [0, 2, 1, 10, 3] are as follows: [0] = 0 [0, 2] = 1/2 [0, 2, 1] = 1/3 [0, 2, 1, 10] = 11/32, and [0, 2, 1, 10, 3] = 34/99. 1.9 Direct Products 1.61 Definition (direct product). Suppose that G = (X, ) and G = (X, ) are groups. The direct product G G is the group defined as follows: G G = (X X, ), where for all a, b X and all a, b X. (a, a ) (b, b ) = (a b, a b ) 1.62 Remark. Suppose (a, a ) G G. If the order of a is equal to d and the order of a is equal to d, then the order of (a, a ) is equal to the least common multiple of d and d. 1.63 Remark. Definition 1.61 can be extended in the obvious way to define a direct product of more than two groups. 1.64 Theorem (Fundamental Theorem of Abelian Groups). Every finite abelian group is isomorphic to a direct product of cyclic groups of prime power order. 1.65 Example. The factorization of 36 into prime powers is 36 = 2 2 3 2. There are precisely four nonisomoprhic groups of order 36, namely, Z 4 Z 9, Z 2 Z 2 Z 9, Z 4 Z 3 Z 3 and Z 2 Z 2 Z 3 Z 3. 2 Rings and Fields 2.1 Rings 2.1 Definition (ring). A ring is a triple R = (X,, +), where X is a finite set and and + are a binary operations defined on X, that satisfies the following properties: (X, +) is an abelian group with identity 0. Multiplication is associative, i.e., for any a, b, c X, (ab)c = a(bc). The distributive property is satisfied, i.e., for any a, b, c X, (a + b)c = (ac) + (bc) and a(b + c) = (ab) + (ac). 2.2 Definition. A ring R = (X,, +) is a finite ring if X is a finite set. 2.3 Definition. A ring R = (X,, +) is a ring with identity if X contains a multiplicative identity, denoted by 1. 7

2.4 Definition. A ring R = (X,, +) is a commutative ring if multiplication is commutative. 2.5 Example. Some familiar examples of commutative rings include the integers, Z; the real numbers, R; and the complex numbers, C. These are all infinite rings. 2.6 Example. (Z m,, +) is a finite ring for any m 2. 2.7 Example (matrices). Let n 2. The set of n n matrices with entries from Z p is a ring, but not a commutative ring. 2.2 Fields 2.8 Definition (field). A ring R = (X,, +) is a field if it is a commutative ring with identity such that every non-zero element has a multiplicative inverse (i.e., (R\{0}, ) is an abelian group). 2.9 Example. (Z p,, +) is a finite field if p is prime. 2.10 Example (ring of polynomials). Suppose (A,, +) is a field and x is an indeterminate. Let A[x] denote the set of all polynomials with coefficients from A. Then (A[x],, +) is an infinite ring. 2.3 Direct Products and the Chinese Remainder Theorem 2.11 Definition (direct product). Suppose that R = (X,, +) and S = (Y,, +) are rings. The direct product R R is the ring defined as follows: R R = (X X,, +), where and for all a, b X and all a, b X. (a, a ) (b, b ) = (a b, a b ) (a, a ) + (b, b ) = (a + b, a + b ) 2.12 Remark. Definition 2.11 can be extended in the obvious way to define a direct product of more than two rings. 2.13 Remark. The direct product of two fields is not a field. 2.14 Definition. Two rings (or fields) R = (X,, +) and S = (Y,, +) are isomorphic if there exists a bijection ϕ : X Y such that ϕ(a a ) = ϕ(a) ϕ(a ) for all a, a X and ϕ(a+a ) = ϕ(a)+ϕ(a ) for all a, a X. 2.15 Theorem. Suppose M = m 1 m 2 m r, where gcd(m i, m j ) = 1 for all i j. Then the ring (Z M,, +) is isomorphic to the ring (Z m1 Z mr,, +). 2.16 Remark. Define χ : Z M Z m1 Z mr, as follows: χ(a) = (a mod m 1,..., a mod m r ). Then χ can be shown to be an isomorphism of the two rings (Z M,, +) and (Z m1 Z mr,, +). 8

2.17 Remark. For 1 i r, define M i = M/m i and y i = M i 1 mod m i. Then the inverse function χ 1 : Z m1 Z mr Z M is χ 1 (a 1,..., a r ) = r a i M i y i mod M. i=1 2.18 Example. Suppose r = 3, m 1 = 7, m 2 = 11 and m 3 = 13. Then M = 1001. We compute M 1 = 143, M 2 = 91 and M 3 = 77, and then y 1 = 5, y 2 = 4 and y 3 = 12. Then the function χ 1 : Z 7 Z 11 Z 13 Z 1001 is the following: χ 1 (a 1, a 2, a 3 ) = (715a 1 + 364a 2 + 924a 3 ) mod 1001. 2.19 Remark. The fact that the function χ 1 constitutes an isomorphism is an important result that is commonly known as the Chinese Remainder Theorem. 2.20 Theorem (Chinese remainder theorem). Suppose m 1,..., m r are pairwise relatively prime positive integers, and suppose a 1,..., a r are integers. Then the system of r congruences x a i (mod m i ) (1 i r) has a unique solution modulo M = m 1 m r, which is given by x = χ 1 (a 1,..., a m ). 2.4 Ideals and Quotient Rings 2.21 Definition (ideal). Suppose R = (X,, +) is a commutative ring. An ideal is a subset I X that satisfies the following properties: (I, +) is an abelian group, and ab I whenever a X and b I. 2.22 Definition (principal ideal). Suppose R = (X,, +) is a commutative ring and let c X. The principal ideal generated by c, which is denoted by (c), is the subset defined as follows: (c) = {ac : a X}. It is easy to see that a principal ideal is always an ideal. 2.23 Definition (quotient ring). Suppose R = (X,, +) is a commutative ring and I = (c) is a principal ideal. The quotient ring R/I is constructed as follows. R/I = (Y,, +), where Y consists of the (additive) cosets of I in (X, +). The sum of two cosets I + a and I + b is defined to be I + (a + b), for any a, b X, and the product of the two cosets I + a and I + b is defined to be I + ab. 2.24 Definition (principal ring). Suppose R = (X,, +) is a commutative ring. We say that R is a principal ring if every ideal is a principal ideal. 2.25 Example. Examples of principal rings include (Z,, +) as well as any polynomial ring (A[x],, +), where A is a field. 2.26 Example. Since (Z,, +) is a principal ring, it follows that any ideal I in this ring consists of all the multiples (positive and negative) of a positive integer c. The quotient ring Z/I is simply Z c. 9

2.5 Irreducible Polynomials and Finite Fields 2.27 Definition (irreducible polynomial). Then (A[x],, +) is a polynomial ring, where A is a field. A polynomial f(x) A[x] is irreducible if f(x) cannot be written as a product of two polynomials f 1 (x)f 2 (x), where f 1 (x) an f 2 (x) both have positive degree. 2.28 Example. In the ring Z 2 [x], we have that x 2 + 1 = (x + 1)(x + 1), so x 2 + 1 is reducible. Since x 2 + x = x(x + 1), this polynomial is also reducible. However, x 2 + x + 1 is irreducible. 2.29 Example. Suppose that A is any finite field and suppose n is a positive integer. Then there is at least one irreducible polynomial of degree n in (A[x],, +). 2.30 Theorem. There exists a finite field of order n if and only if n = p k where p is prime and k 1 is an integer. 2.31 Definition. A finite field of order n = p k (where p is prime) is said to have characteristic p. 2.32 Theorem. Suppose p is prime and k 2. A finite field of order p k can be constructed as follows. Let f(x) Z p [x] be an irreducible polynomial of degree k. Then the quotient ring Z p [x]/(f(x)) is a finite field of order p k. 2.33 Remark. Multiplicative inverses in a finite field Z p [x]/(f(x)) can be computed using the Extended Euclidean Algorithm for polynomials. 2.34 Remark. For any polynomial f(x) Z p [x], the additive group (Z p [x]/(f(x)), +) is isomorphic to (Z p ) k. 2.35 Theorem. All finite fields of a given order n are isomorphic. 2.36 Remark. We denote the unique (up to isomorphism) finite field of order n by F n. 2.37 Example. The field F 8 can be constructed as either Z 2 [x]/(x 3 + x + 1) or Z 2 [x]/(x 3 + x 2 + 1), since both x 3 + x + 1 and x 3 + x 2 + 1 are irreducible polynomials in Z 2 [x]. The two constructions yield isomorphic fields. 2.38 Theorem. The multiplicative group (F n \{0}, 0) is cyclic. 2.39 Definition. A generator of (F n \{0}, 0) is called a primitive element in F n. 10

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback