# Introductory Number Theory

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Introductory Number Theory Course No Sring 2006 Michael Stoll Contents 1. Very Basic Remarks 2 2. Divisibility 2 3. The Euclidean Algorithm 2 4. Prime Numbers and Unique Factorization 4 5. Congruences 5 6. Corime Integers and Multilicative Inverses 6 7. The Chinese Remainder Theorem 9 8. Fermat s and Euler s Theorems Structure of F and (Z/ n Z) The RSA Crytosystem Discrete Logarithms Quadratic Residues Quadratic Recirocity Another Proof of Quadratic Recirocity Sums of Squares Geometry of Numbers Ternary Quadratic Forms Legendre s Theorem adic Numbers The Hilbert Norm Residue Symbol Pell s Equation and Continued Fractions Ellitic Curves Primes in arithmetic rogressions The Prime Number Theorem 75 References 80

2 2 1. Very Basic Remarks The following roerties of the integers Z are fundamental. (1) Z is an integral domain (i.e., a commutative ring such that ab = 0 imlies a = 0 or b = 0). (2) Z 0 is well-ordered: every nonemty set of nonnegative integers has a smallest element. (3) Z satisfies the Archimedean Princile: if n > 0, then for every m Z, there is k Z such that kn > m. 2. Divisibility 2.1. Definition. Let a, b be integers. We say that a divides b, written a b, if there is an integer c such that b = ac. In this case, we also say that a is a divisor of b or that b is a multile of a. We have the following simle roerties (for all a, b, c Z). (1) a a, 1 a, a 0. (2) If 0 a, then a = 0. (3) If a 1, then a = ±1. (4) If a b and b c, then a c. (5) If a b, then a bc. (6) If a b and a c, then a b ± c. (7) If a b and b < a, then b = 0. (8) If a b and b a, then a = ±b Definition. We say that d is the greatest common divisor of a and b, written d = gcd(a, b) or d = a b, if d a and d b, d 0, and for all integers k such that k a and k b, we have k d. We say that m is the least common multile of a and b, written m = lcm(a, b) or m = a b, if a m and b m, m 0, and for all integers n such that a n and b n, we have m n. In a similar way, we define the greatest common divisor and least common multile for any set S of integers. We have the following simle roerties. (1) gcd( ) = 0, lcm( ) = 1. (2) gcd(s 1 S 2 ) = gcd(gcd(s 1 ), gcd(s 2 )), lcm(s 1 S 2 ) = lcm(lcm(s 1 ), lcm(s 2 )). (3) gcd({a}) = lcm({a}) = a. (4) gcd(ac, bc) = c gcd(a, b). (5) gcd(a, b) = gcd(a, ka + b). 3. The Euclidean Algorithm How can we comute the gcd of two given integers? The key for this is the last roerty of the gcd listed above. In order to make use of it, we need the oeration of division with remainder.

3 3.1. Proosition. Given integers a and b with b 0, there exist unique integers q ( quotient ) and r ( remainder ) such that 0 r < b and a = bq + r. Proof. Existence: Consider S = {a kb : k Z, a kb 0}. Then S Z 0 is nonemty and therefore has a smallest element r = a qb for some q Z. We have r 0 by definition, and if r b, then r b would also be in S, hence r would not have been the smallest element. Uniqueness: Suose a = bq + r = bq + r with 0 r, r < b. Then b r r and 0 r r < b, therefore r = r. This imlies bq = bq, hence q = q (since b 0) Algorithm GCD (Euclidean Algorithm). Given integers a and b, we do the following. (1) Set n = 0, a 0 = a, b 0 = b. (2) If b n = 0, return a n as the result. (3) Write a n = b n q n + r n with 0 r n < b n. (4) Set a n+1 = b n, b n+1 = r n. (5) Relace n by n + 1 and go to ste 2. We claim that the result returned is gcd(a, b). (Observe that 0 b n+1 < b n if the loo is continued, hence the algorithm must terminate.) Proof. We show that for all n that occur in the loo, we have gcd(a n, b n ) = gcd(a, b). The claim follows, since the return value a n = gcd(a n, 0) = gcd(a n, b n ) for the last n. For n = 0, we have gcd(a 0, b 0 ) = gcd( a, b ) = gcd(a, b). Now suose that we know gcd(a n, b n ) = gcd(a, b) and that b n 0 (so the loo is not terminated). Then gcd(a n+1, b n+1 ) = gcd(b n, a n b n q n ) = gcd(b n, a n ) = gcd(a n, b n ) (use roerty (5) of the gcd) Theorem. Fix a, b Z. The integers of the form xa + yb with x, y Z are exactly the multiles of d = gcd(a, b). In articular, there are x, y Z such that d = xa + yb. Proof. Since d divides both a and b, d also has to divide xa+yb. So these numbers are multiles of d. For the converse, it suffices to show that d can be written as xa + yb. This follows by induction from the Euclidean Algorithm: Leet N be the last value of n. Then d = a N 1 + b N 0; and if d = x n+1 a n+1 + y n+1 b n+1, then we have d = y n+1 a n + (x n+1 q n y n+1 )b n, so setting x n = y n+1 and y n = x n+1 q n y n+1, we have d = x n a n + y n b n. So in the end, we must also have d = x 0 a 0 + y 0 b 0. There is a simle extension of the Euclidean Algorithm that also comutes numbers x and y such that gcd(a, b) = xa + yb. It looks like this Algorithm XGCD (Extended Euclidean Algorithm). Given integers a and b, we do the following. (1) Set n = 0, a 0 = a, b 0 = b, x 0 = sign(a), y 0 = 0, u 0 = 0, v 0 = sign(b). (2) If b n = 0, return (a n, x n, y n ) as the result. (3) Write a n = b n q n + r n with 0 r n < b n. (4) Set a n+1 = b n, b n+1 = r n, x n+1 = u n, y n+1 = v n, u n+1 = x n u n q n, v n+1 = y n v n q n. (5) Relace n by n + 1 and go to ste 2. 3

4 4 By induction, one shows that a n = x n a + y n b and b n = u n a + v n b, so uon exit, the return values (d, x, y) satisfy xa + yb = d = gcd(a, b) Proosition. If n divides ab and gcd(n, a) = 1, then n divides b. Proof. By Thm. 3.3, there are x and y such that xa + yn = 1. We multily by b to obtain b = xab + ynb. Since n divides ab, n divides the right hand side and therefore also b. 4. Prime Numbers and Unique Factorization 4.1. Definition. A ositive integer is called a rime number (or simly a rime ), if > 1 and the only ositive divisors of are 1 and. (This is really the definition of an irreducible element in a ring!) 4.2. Proosition. If is a rime and a, b are integers such that ab, then a or b. (This is the general definition of a rime element in a ring!) Proof. We can assume that a (otherwise we are done). Then gcd(a, ) = 1 (since the only other ositive divisor of, namely itself, does not divide a). Then by Pro. 3.5, divides b. Now let n > 0 be a ositive integer. Then either n = 1, or n is a rime number, or else n has a roer divisor d such that 1 < d < n. Then we can write n = de where also 1 < e < n. Continuing this rocess with d and e, we finally obtain a reresentation of n as a roduct of rimes. (If n = 1, it is given by an emty roduct (a roduct without factors) of rimes.) 4.3. Theorem. This rime factorization of n is unique (u to ordering of the factors). Proof. By induction on n. For n = 1, this is clear (there is only one emty set... ). So assume that n > 1 and that we have written n = k = q 1 q 2... q l with rime numbers i, q j, where k, l 1. Now 1 divides the roduct of the q j s, hence 1 has to divide one of the q j s. U to reordering, we can assume that 1 q 1. But the only ositive divisors of q 1 are 1 and q 1, so we must in fact have 1 = q 1. Let n = n/ 1 = n/q 1, then n = k = q 2 q 3... q l. Since n < n, we know by induction that (erhas after reordering the q j s) k = l and j = q j for j = 2,..., k. This roves the claim.

5 4.4. Definition. This shows that we can write every nonzero integer n uniquely as n = ± v(n) where the roduct is over all rime numbers, and the exonents v (n) are nonnegative integers, all but finitely many of which are zero. v (n) is called the valuation of n at. We have the following simle roerties. (1) v (mn) = v (m) + v (n). (2) m n : v (m) v (n). (3) gcd(m, n) = min(v(m),v(n)), lcm(m, n) = max(v(m),v(n)). (4) v (m + n) min(v (m), v (n)), with equality if v (m) v (n). Proerty (3) imlies that gcd(m, n) lcm(m, n) = mn for ositive m, n. In general, we have gcd(m, n) lcm(m, n) = mn. If we set v (0) = +, then all the above roerties hold for all integers (with the usual conventions like min{e, } = e, e + =,... ). We can extend the valuation function from the integers to the rational numbers by setting ( r ) v = v (r) v (s) s (Exercise: check that this is well-defined). Proerties (1) and (4) above then hold for rational numbers, and a rational number x is an integer if and only if v (x) 0 for all rimes Congruences 5.1. Definition. Let a, b and n integers with n > 0. We say that a is congruent to b modulo n, written a b mod n, if n divides the difference a b Congruence is an equivalence relation. For fixed n and arbitrary a, b, c Z, we have: (1) a a mod n. (2) If a b mod n, then b a mod n. (3) If a b mod n and b c mod n, then a c mod n. Hence we can artition Z into congruence classes mod n : we let ā = a + nz = {a + nx : x Z} = {b Z : a b mod n} (in the ā notation, n must be clear from the context) and We then have Z/nZ = {ā : a Z}. a b mod n b ā ā = b.

6 Proosition. The ma {0, 1,..., n 1} Z/nZ, r r = r + nz is a bijection. In articular, Z/nZ has exactly n elements. Proof. The ma is clearly well-defined. It is injective: assume r = s with 0 r, s < n. Then r s mod n, so n r s and r s < n, therefore r = s. It is surjective: Let ā be a congruence class and write a = nq + r with 0 r < n. Then ā = r. Since the reresentative r of a class ā is given by the (least nonnegative) residue of a when divided by n, congruence classes are also called residue classes The congruence classes form a commutative ring. We define addition and multilication on Z/nZ: ā + b = a + b, ā b = ab We have to check that these oerations are well-defined. This means that if a a mod n and b b mod n, then we must have a + b a + b mod n and ab a b mod n. Now (a + b) (a + b ) = (a a ) + (b b ) is divisible by n, and also ab a b = (a a )b + a (b b ) is divisible by n. Once these oerations are well-defined, all the commutative ring axioms carry over immediately from Z to Z/nZ Congruences are useful. Why are congruences a useful concet? They give us a kind of Mickey Mouse image of the integers (luming together many integers into one residue class, thus losing information), with the advantage that the resulting structure Z/nZ has only finitely many elements. This means that all sorts of questions that are difficult to answer with resect to Z are effectively (though not necessarily efficiently, if n is large) decidable with resect to Z/nZ. If we can show in this way that something is imossible over Z/nZ, then this often imlies a negative answer for Z, too. Consider, for examle, the equation x 2 + y 2 15 z 2 = 7. Does it have a solution in integers? That to decide seems to be hard. On the other hand, we can very easily make a table of all ossible values of the left hand side in Z/8Z: it is easy to see that a square is always 0, 1, or 4 mod 8, and adding three of these values (note that 15 1 mod 8) leads to all residue classes mod 8 with one excetion the left hand side is never 7 mod 8. So a solution is not ossible in Z/8Z. But any solution in Z would lead to an image solution in Z/8Z, hence there can be no solution in Z either. 6. Corime Integers and Multilicative Inverses When does a class ā have a multilicative inverse in Z/nZ? We have to solve the congruence ax 1 mod n; equivalently, there need to exist integers x and y such that ax + ny = 1. By Thm. 3.3, this is equivalent with gcd(a, n) = 1. In this case, we say that a and n are relatively rime or a and n are corime, and sometimes write a n. We can use the extended Euclidean Algorithm to find the inverse.

7 Theorem. The ring Z/nZ is a field if and only if n is a rime number. Proof. Clear for n = 1 (a field has at least two elements 0 and 1, and 1 is not a rime number). For n > 1, Z/nZ is not a field if and only if there is some a Z, not divisible by n, such that d = gcd(n, a) > 1. This imlies that 1 < d < n is a roer divisor of n, hence n is not a rime. Conversely, if d is a roer divisor of n, then gcd(n, d) = d, and d is not invertible. If gcd(n, a) = 1, then ā is called a rimitive residue class mod n ; its uniquely determined multilicative inverse in Z/nZ is denoted ā 1. The rime residue classes form a grou, the multilicative grou (Z/nZ) of the ring Z/nZ. When n = is rime, then the field Z/Z is also denoted F ; we have F = F \{ 0} for the multilicative grou; in articular, #F = Definition. The Euler φ function is defined for n > 0 by φ(n) = #(Z/nZ) = #{a Z : 0 a < n, a n}. n φ(n) We have that n is rime if and only if φ(n) = n Proosition. If is rime and e 1, then φ( e ) = e 1 ( 1). Proof. Clear for e = 1. For e > 1, observe that a e φ( e ) = #{a Z : 0 a < e, a} = e #{a Z : 0 a < e, a} = e e 1 = ( 1) e 1. a a, so 6.4. A Recurrence. Counting the numbers between 0 (inclusive) and n (exclusive) according to their gcd with n (which can be any (ositive) divisor d of n), we obtain ( n ) φ = φ(d) = n. d d n d n This can be read as a recurrence for φ(n): φ(n) = n We get d n,d<n φ(d). φ(1) = 1 0 = 1, φ(2) = 2 φ(1) = 1, φ(3) = 3 φ(1) = 2, φ(4) = 4 φ(2) φ(1) = 2, φ(6) = 6 φ(3) φ(2) φ(1) = 2, etc. Obviously, the recurrence determines φ(n) uniquely: If integers a n (n 1) satisfy a d = n, d n then a n = φ(n). This still holds if the n s are restricted to be divisors of some fixed integer N.

8 A Question. The following icture reresents in black the corime airs (m, n) with 0 m, n 100. The black squares aear to be fairly evenly distributed, so the following question should make sense. What is the robability that two random (ositive) integers are corime? Take a large ositive integer N and consider all airs (m, n) with 1 m, n N. Call f(n) the number of such airs with m n. Since m n for all m, n, where m = m/ gcd(m, n), n = n/ gcd(m, n), we can count the airs according to their gcd. We get N 2 = #{(m, n) : 1 m, n N} N = #{(m, n) : 1 m, n N, gcd(m, n) = g} = = g=1 N #{(m, n ) : 1 m, n N/g, m n } g=1 N f ( N/g ) g=1 The robability we are looking for is P = lim N P (N), where P (N) = f(n)/n 2. We get N N/g 2 1 = P ( N/g ). N 2 g=1 Observe that the terms in the sum are between 0 and 1/g 2, hence the sum is uniformly absolutely convergent. Passing to the limit as N, we obtain P 1 = g, 2 hence P = g=1 1 = 6 g 2 π g=1

9 9 (Exercise: where is the ga in this argument?) We can aly what we have learned to linear congruences. Given a, b, and n, what are the solutions x of ax b mod n? In other words, for which x Z does there exist a y Z such that ax + ny = b? 6.6. Theorem. The congruence ax b mod n has no solutions unless gcd(a, n) b. If there are solutions, they form a residue class modulo n/gcd(a, n). Proof. By Thm. 3.3, the condition gcd(a, n) b is necessary and sufficient for solutions to exist. Let g = gcd(a, n). If g b, we can divide the equation ax+ny = b by g to get a x + n y = b, where a = a g, n = n g, b = b g. Then gcd(a, n ) = 1, and we can solve the equation ā x = b for x (in Z/n Z): x = b (ā ) 1. So the set of solutions x is given by this residue class modulo n. 7. The Chinese Remainder Theorem Now let us consider simultaneous congruences: x a mod m, x b mod n Is such a system solvable? What does the solution set look like? If d = gcd(m, n), then we obviously need to have a b mod d for a solution to exist. On the other hand, when m n, solutions do always exist Chinese Remainder Theorem. If m n, then the above system has solutions x; they form a residue class modulo mn. Proof. Since m n, we can find u and v with mu+nv = 1 by Thm Consider x = anv + bmu. We have x = anv + bmu anv = a amu a mod m and similarly x b mod n. So solutions exist. Now we show that y is anoher solution if and only if mn y x. If mn divides y x, then m and n both divide y x, hence y x a mod m and y x b mod n. Now assume y is another solution. Then m and n both divide y x. So n y x = mt. By Pro. 3.5, n t and hence mn mt = y x. There is a straight-forward extension to more than two simultaneous congruences Chinese Remainder Theorem. If the numbers m 1, m 2,..., m k are corime in airs, then the system of congruences x a 1 mod m 1, x a 2 mod m 2,..., x a k mod m k has solutions; they form a residue class modulo m 1 m 2... m k. Proof. Induction on k using Thm Note that a b, a c imlies a bc. Now we can answer the question from the beginning of this section.

10 Theorem. The system x a mod m, x b mod n has solutions if and only if a b mod gcd(m, n). If solutions exist, they form a residue class modulo lcm(m, n). Proof. We have already seen that the condition is necessary. Let d = gcd(m, n). We can find u and v such that mu + nv = b a by Thm Then x = a + mu = b nv is a solution. As in the roof of Thm. 7.1, we see that y is another solution if and only if m and n both divide y x. This means that the solutions form a residue class modulo lcm(m, n). We can give the Chinese Remainder Theorem a more algebraic formulation Theorem. Assume that m 1, m 2,..., m k are corime in airs. Then the natural ring homomorhism Z/m 1 m 2... m k Z Z/m 1 Z Z/m 2 Z Z/m k Z is an isomorhism. In articular, we have an isomorhism of multilicative grous (Z/m 1 m 2... m k Z) = (Z/m1 Z) (Z/m 2 Z) (Z/m k Z). Proof. By the above, the homomorhism is bijective, hence an isomorhism A Formula for φ. The Chinese Remainder Theorem 7.4 imlies that φ(mn) = φ(m) φ(n) if m n. A similar formula holds for roducts with more factors. Alying this to the rime factorization of n, we get φ(n) = v(n) 1 ( 1) = n ( 1 1 ). n n 8. Fermat s and Euler s Theorems A very nice roerty of the finite fields F and all their extension fields is that the ma x x is not only comatible with multilication: (xy) = x y, but also with addition! 8.1. Theorem ( Freshman s Dream ). Let F be a field of rime characteristic (this means that 1 F = 0 F ; for us, the basic examle is F = F ). Then for all x, y F, we have (x + y) = x + y. Proof. By the Binomial Theorem, ( ) ( ) ( ) ( ) (x+y) = x + x 1 y+ x 2 y x k y k + + xy 1 +y. 1 2 k 1 Now the binomial coefficients ( k) for 1 k 1 all are integers divisible by (why?), and since F is of characteristic, all the corresonding terms in the formula vanish, leaving only x + y. We can use this to give one roof of the following fundamental fact.

11 8.2. Theorem (Fermat s Little Theorem). Let be a rime number. For all ā F, we have ā = ā. (Equivalently, for all a Z, divides a a.) 11 Proof. First Proof: By induction on a. a = 0 is clear. Now, by Thm. 8.1, divides (a+1) a 1 for all a Z. But then also divides ((a+1) (a+1)) (a a), hence: a a (a + 1) (a + 1) This gives the inductive ste uwards and downwards, hence the claim holds for all a Z. Second Proof: Easy roof using Algebra. ā = 0 is clear. Hence it suffices to show that ā 1 = 1 for all ā 0. This is a consequence of the fact that #F = 1 and the general theorem that g #G = 1 for any g in any finite grou G. Third Proof: By Combinatorics (for a > 0). Consider utting beads that can have colors from a set of size a at equidistant laces around a circle (to form necklaces ). There will be a necklaces in total, a of which will consist of beads of only one color. The remaining a a come in bunches of, obtained by rotation, so has to divide a a. The algebra roof can readily be generalized Theorem (Euler). Let n be a ositive integer. Then for all a Z with a n, we have a φ(n) 1 mod n. Proof. Under the assumtion, ā (Z/nZ), and by definition, #(Z/nZ) = φ(n). By the general fact from algebra used in the second roof of Thm. 8.2, the claim follows Examle. What is mod 15? By Thm. 8.3, mod 15 (as φ(15) = 8). On the other hand, 11 3 mod 8, and mod 8 (in fact, already 3 2 is 1 mod 8). So = (11 4 ) mod 8, and then = mod A Consequence of Fermat s Little Theorem. Consider the olynomial X X with coefficients in F. By Fermat s Little Theorem 8.2, every element ā F is a root of this olynomial. Now F is a field, and so we can divide out the roots successively to find that X X = ā F (X ā). This imlies that for any olynomial f(x) dividing X X (in the olynomial ring F [X]), the number of its distinct roots in F equals the degree deg f(x). More generally, if f is any olynomial in F [X], we can comute the number of distinct roots of f in F by the formula #{ā F : f(ā) = 0} = deg gcd(f, X X).

12 12 9. Structure of F and (Z/ n Z) Fermat s Theorem 8.2 tells us that the multilicative order of any nonzero element ā of F (this is the smallest ositive integer n such that ā n = 1) divides 1. (The set of all n such that ā n = 1 consists exactly of the multiles of the order.) Now the question arises, are there elements of order 1? In other, more algebraic terms, is the grou F cyclic? The answer is yes Theorem. The multilicative grou F is cyclic. (In other words, there exist elements ḡ F such that all ā F are owers of ḡ. The corresonding integers g are called rimitive roots mod.) Proof. Obviously, all elements of F of order dividing d (where d is a divisor of 1) will be roots of X d 1. Since d divides 1, X d 1 divides X 1 1 and hence also X X (as olyomials). By 8.5, it follows that X d 1 has exactly d roots in F. Let a d be the number of elements of exact order d. Then we get d = k d a k. By the statement in 6.4, it follows that a d = φ(d); in articular, a 1 = φ( 1) 1. Hence rimitive roots exist Examles. The roof shows that there are exactly φ( 1) essentially distinct rimitive roots mod. For the first few rimes, we get the following table. Prime Primitive Roots , 3 7 3, , 3, 8, , 6, 7, 11 There is a famous conjecture, named after Artin, that asserts that every integer g 1 that is not a square is a rimitive root mod infinitely many different rimes. (Why are squares no good?) This has been roven assuming another famous conjecture, the Extended Riemann Hyothesis. The best unconditional result so far seems to be that the statement is true for all allowed integers, with at most three excetions. On the other hand, the statement is not known to hold for any articular integer g! 9.3. Proosition. Let G be a finite multilicative abelian grou of order n. An element g G is a generator of G (and so G is cyclic) if and only if g n/q 1 G for all rime divisors q of n. Proof. If g is a generator, then n is the least ositive integer m such that g m = 1 G, hence the condition is necessary. Now if g is not a generator, then its order m divides n, but is smaller than n, hence m divides n/q for some rime divisor q of n. It follows that g n/q = 1 G. Let us use this result to show that (Z/ n Z) is cylic if is an odd rime and n 1.

13 9.4. Theorem. Let g be a rimitive root modulo, where is an odd rime. Then one of g and g + is a rimitive root modulo n for all n 1. Proof. We know that g 1 = 1 + a for some a Z. If a, let h = g; otherwise we set h = g + ; then we have h 1 = 1 + a with a : (g + ) 1 = g 1 + ( 1)g 2 + b 2 1 k mod 2 (with some integer b) where k g 2 mod is not divisible by. Hence we have in both cases that h a mod 2 with a. Now I claim that for all n 0, we have h n ( 1) 1 + a n+1 mod n+2. This follows by induction from the case n = 0: h n+1 ( 1) = ( h n ( 1) ) = (1 + (a + b) n+1 ) = 1 + (a + b) n+1 + c n+3 = 1 + a n+2 + (b + c) n+3 Here b and c are suitable integers, and the enultimate equality uses that 3 (since then the last term in the binomial exansion, (a + b) (n+1), is divisible by n+3, as are the intermediate ones, even when n = 0). Now let n 2, and let q be a rime divisor of φ( n ) = n 1 ( 1). If q divides 1, then h ( 1)/q 1 mod, hence also h n 1 ( 1)/q h ( 1)/q 1 mod, so h n 1 ( 1)/q 1 mod n. If q =, then we have just seen that h n 2 ( 1) 1 mod n. So by Pro. 9.3, h {g, g + } is a rimitive root mod n The RSA Crytosystem The basic idea of Public Key Crytograhy is that each articiant has two keys: A ublic key that is known to everybody and serves to encryt messages, and a rivate key that is known only to her or him and is used to decryt messages. For this idea to work, two conditions have to be satisfied: (1) Both encrytion and decrytion must be reasonably fast (with keys of a size satisfying the next condition) (2) It must be imossible to comute the rivate key from the ublic key in less than a very large amount of time (how large will deend on the desired level of security) Bob s Public Key Bob s Private Key Encrytion Algorithm Cihertext Decrytion Algorithm Alice Plaintext Eve Plaintext Bob

14 14 The first ublished system (1977) satisfying these assumtions was designed by Rivest, Shamir and Adleman, and is called the RSA Crytosystem (after their initials). However, already in 1973, Clifford Cocks at GCHQ (the British NSA equivalent) came u with the same system. It was not used by GCHQ, and Cocks contribution only ublicly acknowledged in The idea was that finding the rime factors of a large number is very hard, whereas knowing them would allow you to do ceratin things quickly The set-u. To generate a ublic-rivate key air, one takes two large rime numbers and q (of 160 or more decimal digits, say). The ublic key then consists of n = q and another ositive integer e that has to be corime with lcm( 1, q 1) and can be taken to be fairly (but not too) small (in order to make encrytion more efficient). Encrytion roceeds as follows. The message is encoded in one or several numbers 0 m < n (e.g., by taking bunches of bits of length less than the length of n (measured in bits)). Then each number m is encryted as c = m e mod n. In order to decryt such a c, we need to be able to undo the exonentiation by e. In order to do this, we use Fermat s Little Theorem 8.2 and the Chinese Remainder Theorem 7.1: Since e lcm( 1, q 1), we can comute d such that de 1 mod lcm( 1, q 1) (using the XGCD Algorithm). Then c d = m de m mod and modq by Fermat s Little Theorem and so c d m mod n by the Chinese Remainder Theorem. So the ublic key is the air (n, e) and the rivate key the air (n, d). Encrytion is m m e mod n, decrytion is c c d mod n Why is it ractical? Encrytion and decrytion are reasonably fast: they involve exonentiation mod n, which can be done in O((log n) 2 log e) time (where e is the exonent), or even in O(log n log log n log e), using fast multilication. Also, it is ossible to select suitable rimes and q in reasonable time: there are algorithms that rove that a given number is rime in olynomial time (olynomial in log ), and gas between rimes are on average of size log, so one can exect to find a rime in olynomial time. The remaining stes in choosing the ublicrivate key air are relatively fast. For examle, my lato running the comuter algebra system MAGMA, takes about 4 seconds to find a rime of 100 digits, and about 12 seconds to find a rime of 120 digits Why is it considered secure? In order to get m from c, one needs a number t such that c t m mod n. For general m, this means that te 1 mod lcm( 1, q 1). Then te 1 is a multile of lcm( 1, q 1), and we can use this in order to factor n in the following way. Note that if n is an odd rime, then there are exactly two square roots of 1 in the ring Z/nZ (which is a field of characteristic not 2 in this case), namely (the residue classes of) 1 and 1. However, when n = q is the roduct of two distinct odd rimes, then there are four such square roots; they are obtained from airs of square roots of 1 mod and mod q via the Chinese Remainder Theorem 7.1. If x 2 1 mod n, but x ±1 mod n, then we can use x to factor n: we have that n divides x 2 1 = (x 1)(x + 1), but n divides neither factor on the right, so gcd(x 1, n) has to be a roer divisor of n.

15 Now suose we know a multile f of lcm( 1, q 1). Write f = 2 r s with s odd (note that r 1 since 1 and q 1 are even). Now ick a random 1 < w < n 1. If gcd(w, n) 1, then we have found a roer divisor of n. Otherwise, we successively comute w 0 = w s mod n, w 1 = w 2 0 mod n, w 2 = w 2 1 mod n,..., w r = w 2 r 1 mod n By Fermat s Little Theorem 8.2 and the Chinese Remainder Theorem 7.1, w r = 1. Now if there is some j such that w j ±1 mod n, but w j+1 1 mod n, we have found a square root of 1 mod n that will slit n as exlained above. One can check (see [Sti, Sect ]) that the robability of success is at least 1/2. Hence we need no more than two tries on average to factor n. Conversely, if we have and q, we can easily comute a suitable t (in fact, our d in the rivate key is found that way). The ushot is that in order to break the system, we have to factor n. Now factorization aears to be a hard roblem: even though quite some effort has been invested into develoing good factoring algorithms (in articular since this is relevant for crytograhy! you can win rize money if you factor certain numbers), and we now have considerably better algorithms than thirty years ago (say), the erformance of the best known algorithms is still much worse than olynomial time. The comlexity is something like ( ex O( 3 ) log n(log log n) 2 ). This is already quite a bit better than exonential (in log n), but grows fast enough to make factorization of 300-digit numbers or so infeasible. For examle, again MAGMA on my lato needs 14 seconds to factor a roduct of two 20-digit rimes and 3 minutes to factor a roduct of two 30-digit rimes. But note that there is an efficient algorithm (at least in theory) for factoring integers on a quantum comuter. So if quantum comuters become a reality, crytosystems based on the difficulty of factorization like RSA will be dead. 11. Discrete Logarithms In RSA, we use modular exonentiation with a fixed exonent, where the base is the message. There are other crytosystems, which in some sense work the other way round: they use exonentiation with a fixed base and varying exonent. This can be done in the multilicative grou of a finite field F, or even in a more general setting The Discrete Logarithm Problem. Let G be a finite cyclic grou of order n, with generator g. The roblem of finding a Z/nZ from g and g a is known as the Discrete Logarithm Problem: We want to find the logarithm of g a to the base g. If x = g a, then sometimes the notation a = log g x is used. The difficulty of this roblem deends on the reresentation of the grou G. (1) The simlest case is G = Z/nZ (the additive grou), g = 1. Then log g x = x, and the roblem is trivially solved. (2) It is more interesting to choose G = F, with g a rimitive root mod (or rather, its image in F ). If the grou order #G = 1 has a large rime factor (e.g., 1 = 2q or 4q where q is rime), then here, the DLP 15

### SOME PROPERTIES OF EXTENSIONS OF SMALL DEGREE OVER Q. 1. Quadratic Extensions

SOME PROPERTIES OF EXTENSIONS OF SMALL DEGREE OVER Q TREVOR ARNOLD Abstract This aer demonstrates a few characteristics of finite extensions of small degree over the rational numbers Q It comrises attemts

### As we have seen, there is a close connection between Legendre symbols of the form

Gauss Sums As we have seen, there is a close connection between Legendre symbols of the form 3 and cube roots of unity. Secifically, if is a rimitive cube root of unity, then 2 ± i 3 and hence 2 2 3 In

### Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Lectures on the Dirichlet Class Number Formula for Imaginary Quadratic Fields. Tom Weston

Lectures on the Dirichlet Class Number Formula for Imaginary Quadratic Fields Tom Weston Contents Introduction 4 Chater 1. Comlex lattices and infinite sums of Legendre symbols 5 1. Comlex lattices 5

### Number Theory Naoki Sato

Number Theory Naoki Sato 0 Preface This set of notes on number theory was originally written in 1995 for students at the IMO level. It covers the basic background material

### Number Theory Naoki Sato

Number Theory Naoki Sato 0 Preface This set of notes on number theory was originally written in 1995 for students at the IMO level. It covers the basic background material that an

### MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions

### Review for Final Exam

Review for Final Exam Note: Warning, this is probably not exhaustive and probably does contain typos (which I d like to hear about), but represents a review of most of the material covered in Chapters

### Assignment 9; Due Friday, March 17

Assignment 9; Due Friday, March 17 24.4b: A icture of this set is shown below. Note that the set only contains oints on the lines; internal oints are missing. Below are choices for U and V. Notice that

### Math 5330 Spring Notes Prime Numbers

Math 5330 Sring 206 Notes Prime Numbers The study of rime numbers is as old as mathematics itself. This set of notes has a bunch of facts about rimes, or related to rimes. Much of this stuff is old dating

### A 60,000 DIGIT PRIME NUMBER OF THE FORM x 2 + x Introduction Stark-Heegner Theorem. Let d > 0 be a square-free integer then Q( d) has

A 60,000 DIGIT PRIME NUMBER OF THE FORM x + x + 4. Introduction.. Euler s olynomial. Euler observed that f(x) = x + x + 4 takes on rime values for 0 x 39. Even after this oint f(x) takes on a high frequency

### Introduction to NP-Completeness Written and copyright c by Jie Wang 1

91.502 Foundations of Comuter Science 1 Introduction to Written and coyright c by Jie Wang 1 We use time-bounded (deterministic and nondeterministic) Turing machines to study comutational comlexity of

### PRIME NUMBERS AND THE RIEMANN HYPOTHESIS

PRIME NUMBERS AND THE RIEMANN HYPOTHESIS CARL ERICKSON This minicourse has two main goals. The first is to carefully define the Riemann zeta function and exlain how it is connected with the rime numbers.

### 6.042/18.062J Mathematics for Computer Science December 12, 2006 Tom Leighton and Ronitt Rubinfeld. Random Walks

6.042/8.062J Mathematics for Comuter Science December 2, 2006 Tom Leighton and Ronitt Rubinfeld Lecture Notes Random Walks Gambler s Ruin Today we re going to talk about one-dimensional random walks. In

### 5 Elliptic Curves in Cryptography

Crytograhy (art 5): Ellitic Curves in Crytograhy (by Evan Dummit, 2016, v. 1.00) Contents 5 Ellitic Curves in Crytograhy 1 5.1 Ellitic Curves and the Addition Law................................... 1 5.1.1

### Unique Factorization

Unique Factorization Waffle Mathcamp 2010 Throughout these notes, all rings will be assumed to be commutative. 1 Factorization in domains: definitions and examples In this class, we will study the phenomenon

### 11 Ideals. 11.1 Revisiting Z

11 Ideals The presentation here is somewhat different than the text. In particular, the sections do not match up. We have seen issues with the failure of unique factorization already, e.g., Z[ 5] = O Q(

### Algebraic Systems, Fall 2013, September 1, 2013 Edition. Todd Cochrane

Algebraic Systems, Fall 2013, September 1, 2013 Edition Todd Cochrane Contents Notation 5 Chapter 0. Axioms for the set of Integers Z. 7 Chapter 1. Algebraic Properties of the Integers 9 1.1. Background

### Factoring of Prime Ideals in Galois Extensions

Chater 8 Factoring of Prime Ideals in Galois Extensions 8.1 Decomosition and Inertia Grous We return to the general AKLB setu: A is a Dedekind domain with fraction field K, L is a finite searable extension

### Groups, Rings, and Fields. I. Sets Let S be a set. The Cartesian product S S is the set of ordered pairs of elements of S, S S = {(x, y) x, y S}.

Groups, Rings, and Fields I. Sets Let S be a set. The Cartesian product S S is the set of ordered pairs of elements of S, A binary operation φ is a function, S S = {(x, y) x, y S}. φ : S S S. A binary

### Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. We begin by defining the ring of polynomials with coefficients in a ring R. After some preliminary results, we specialize

### PYTHAGOREAN TRIPLES PETE L. CLARK

PYTHAGOREAN TRIPLES PETE L. CLARK 1. Parameterization of Pythagorean Triples 1.1. Introduction to Pythagorean triples. By a Pythagorean triple we mean an ordered triple (x, y, z) Z 3 such that x + y =

### I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Introduction to Modern Algebra

Introduction to Modern Algebra David Joyce Clark University Version 0.0.6, 3 Oct 2008 1 1 Copyright (C) 2008. ii I dedicate this book to my friend and colleague Arthur Chou. Arthur encouraged me to write

### Congruences. Robert Friedman

Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition

### Elementary Number Theory: Primes, Congruences, and Secrets

This is age i Printer: Oaque this Elementary Number Theory: Primes, Congruences, and Secrets William Stein November 16, 2011 To my wife Clarita Lefthand v vi Contents This is age vii Printer: Oaque this

3. QUADRATIC CONGRUENCES 3.1. Quadratics Over a Finite Field We re all familiar with the quadratic equation in the context of real or complex numbers. The formula for the solutions to ax + bx + c = 0 (where

### Primality - Factorization

Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

### TRANSCENDENTAL NUMBERS

TRANSCENDENTAL NUMBERS JEREMY BOOHER. Introduction The Greeks tried unsuccessfully to square the circle with a comass and straightedge. In the 9th century, Lindemann showed that this is imossible by demonstrating

### Chapter 13: Basic ring theory

Chapter 3: Basic ring theory Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 42, Spring 24 M. Macauley (Clemson) Chapter 3: Basic ring

### Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### SECTION 6: FIBER BUNDLES

SECTION 6: FIBER BUNDLES In this section we will introduce the interesting class o ibrations given by iber bundles. Fiber bundles lay an imortant role in many geometric contexts. For examle, the Grassmaniann

### CHAPTER 5: MODULAR ARITHMETIC

CHAPTER 5: MODULAR ARITHMETIC LECTURE NOTES FOR MATH 378 (CSUSM, SPRING 2009). WAYNE AITKEN 1. Introduction In this chapter we will consider congruence modulo m, and explore the associated arithmetic called

### More Properties of Limits: Order of Operations

math 30 day 5: calculating its 6 More Proerties of Limits: Order of Oerations THEOREM 45 (Order of Oerations, Continued) Assume that!a f () L and that m and n are ositive integers Then 5 (Power)!a [ f

### Factoring Polynomials

Factoring Polynomials Sue Geller June 19, 2006 Factoring polynomials over the rational numbers, real numbers, and complex numbers has long been a standard topic of high school algebra. With the advent

### The Dirichlet Unit Theorem

Chapter 6 The Dirichlet Unit Theorem As usual, we will be working in the ring B of algebraic integers of a number field L. Two factorizations of an element of B are regarded as essentially the same if

### Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

### Algorithms for Constructing Zero-Divisor Graphs of Commutative Rings Joan Krone

Algorithms for Constructing Zero-Divisor Grahs of Commutative Rings Joan Krone Abstract The idea of associating a grah with the zero-divisors of a commutative ring was introduced in [3], where the author

### 1 Gambler s Ruin Problem

Coyright c 2009 by Karl Sigman 1 Gambler s Ruin Problem Let N 2 be an integer and let 1 i N 1. Consider a gambler who starts with an initial fortune of \$i and then on each successive gamble either wins

### Precalculus Prerequisites a.k.a. Chapter 0. August 16, 2013

Precalculus Prerequisites a.k.a. Chater 0 by Carl Stitz, Ph.D. Lakeland Community College Jeff Zeager, Ph.D. Lorain County Community College August 6, 0 Table of Contents 0 Prerequisites 0. Basic Set

### CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a

### ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS

ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS John A. Beachy Northern Illinois University 2014 ii J.A.Beachy This is a supplement to Abstract Algebra, Third Edition by John A. Beachy and William D. Blair

### The Cubic Equation. Urs Oswald. 11th January 2009

The Cubic Equation Urs Oswald th January 009 As is well known, equations of degree u to 4 can be solved in radicals. The solutions can be obtained, aart from the usual arithmetic oerations, by the extraction

### JEREMY BOOHER. 2... pem m that are less than 2 N. Estimate the maximum size of the

SOME INTERESTING ELEMENTARY NUMBER THEORY PROBLEMS JEREMY BOOHER 1. The Distribution of Primes (1) Take Euclid s standard roof that there are infinitely many rimes (multily all rimes, add one, to get a

### CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS

CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS JEREMY BOOHER Continued fractions usually get short-changed at PROMYS, but they are interesting in their own right and useful in other areas

### Stat 134 Fall 2011: Gambler s ruin

Stat 134 Fall 2011: Gambler s ruin Michael Lugo Setember 12, 2011 In class today I talked about the roblem of gambler s ruin but there wasn t enough time to do it roerly. I fear I may have confused some

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Factoring of Prime Ideals in Extensions

Chapter 4 Factoring of Prime Ideals in Extensions 4. Lifting of Prime Ideals Recall the basic AKLB setup: A is a Dedekind domain with fraction field K, L is a finite, separable extension of K of degree

### SUM OF TWO SQUARES JAHNAVI BHASKAR

SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted

### Number Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures

Number Theory Hungarian Style Cameron Byerley s interpretation of Csaba Szabó s lectures August 20, 2005 2 0.1 introduction Number theory is a beautiful subject and even cooler when you learn about it

### Mathematical Reasoning and the Inductive Process: An Examination of The Law of Quadratic Reciprocity

California State University, San Bernardino CSUSB ScholarWorks Electronic Theses, Projects, and Dissertations Office of Graduate Studies 6-016 Mathematical Reasoning and the Inductive Process: An Examination

### Chapter 6. Number Theory. 6.1 The Division Algorithm

Chapter 6 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,

### 3 1. Note that all cubes solve it; therefore, there are no more

Math 13 Problem set 5 Artin 11.4.7 Factor the following polynomials into irreducible factors in Q[x]: (a) x 3 3x (b) x 3 3x + (c) x 9 6x 6 + 9x 3 3 Solution: The first two polynomials are cubics, so if

### Point Location. Preprocess a planar, polygonal subdivision for point location queries. p = (18, 11)

Point Location Prerocess a lanar, olygonal subdivision for oint location ueries. = (18, 11) Inut is a subdivision S of comlexity n, say, number of edges. uild a data structure on S so that for a uery oint

### Further linear algebra. Chapter I. Integers.

Further linear algebra. Chapter I. Integers. Andrei Yafaev Number theory is the theory of Z = {0, ±1, ±2,...}. 1 Euclid s algorithm, Bézout s identity and the greatest common divisor. We say that a Z divides

### United Arab Emirates University College of Sciences Department of Mathematical Sciences HOMEWORK 1 SOLUTION. Section 10.1 Vectors in the Plane

United Arab Emirates University College of Sciences Deartment of Mathematical Sciences HOMEWORK 1 SOLUTION Section 10.1 Vectors in the Plane Calculus II for Engineering MATH 110 SECTION 0 CRN 510 :00 :00

### NUMBER THEORY AMIN WITNO

NUMBER THEORY AMIN WITNO ii Number Theory Amin Witno Department of Basic Sciences Philadelphia University JORDAN 19392 Originally written for Math 313 students at Philadelphia University in Jordan, this

### FREQUENCIES OF SUCCESSIVE PAIRS OF PRIME RESIDUES

FREQUENCIES OF SUCCESSIVE PAIRS OF PRIME RESIDUES AVNER ASH, LAURA BELTIS, ROBERT GROSS, AND WARREN SINNOTT Abstract. We consider statistical roerties of the sequence of ordered airs obtained by taking

### 8 Divisibility and prime numbers

8 Divisibility and prime numbers 8.1 Divisibility In this short section we extend the concept of a multiple from the natural numbers to the integers. We also summarize several other terms that express

### PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include 2 + 5.

PUTNAM TRAINING POLYNOMIALS (Last updated: November 17, 2015) Remark. This is a list of exercises on polynomials. Miguel A. Lerma Exercises 1. Find a polynomial with integral coefficients whose zeros include

### Stanford University Educational Program for Gifted Youth (EPGY) Number Theory. Dana Paquin, Ph.D.

Stanford University Educational Program for Gifted Youth (EPGY) Dana Paquin, Ph.D. paquin@math.stanford.edu Summer 2010 Note: These lecture notes are adapted from the following sources: 1. Ivan Niven,

### Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

### Solutions to TOPICS IN ALGEBRA I.N. HERSTEIN. Part II: Group Theory

Solutions to TOPICS IN ALGEBRA I.N. HERSTEIN Part II: Group Theory No rights reserved. Any part of this work can be reproduced or transmitted in any form or by any means. Version: 1.1 Release: Jan 2013

### it is easy to see that α = a

21. Polynomial rings Let us now turn out attention to determining the prime elements of a polynomial ring, where the coefficient ring is a field. We already know that such a polynomial ring is a UF. Therefore

### Finite Fields and Error-Correcting Codes

Lecture Notes in Mathematics Finite Fields and Error-Correcting Codes Karl-Gustav Andersson (Lund University) (version 1.013-16 September 2015) Translated from Swedish by Sigmundur Gudmundsson Contents

### Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University

Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called

### Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

### Number Theory 2. Paul Yiu. Department of Mathematics Florida Atlantic University. Spring 2007 April 8, 2007

Number Theory Paul Yiu Department of Mathematics Florida Atlantic University Spring 007 April 8, 007 Contents 1 Preliminaries 101 1.1 Infinitude of prime numbers............... 101 1. Euclidean algorithm

### Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

### A Modified Measure of Covert Network Performance

A Modified Measure of Covert Network Performance LYNNE L DOTY Marist College Deartment of Mathematics Poughkeesie, NY UNITED STATES lynnedoty@maristedu Abstract: In a covert network the need for secrecy

### 2 The Euclidean algorithm

2 The Euclidean algorithm Do you understand the number 5? 6? 7? At some point our level of comfort with individual numbers goes down as the numbers get large For some it may be at 43, for others, 4 In

### Revised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)

Chapter 23 Squares Modulo p Revised Version of Chapter 23 We learned long ago how to solve linear congruences ax c (mod m) (see Chapter 8). It s now time to take the plunge and move on to quadratic equations.

### 2.1 Simple & Compound Propositions

2.1 Simle & Comound Proositions 1 2.1 Simle & Comound Proositions Proositional Logic can be used to analyse, simlify and establish the equivalence of statements. A knowledge of logic is essential to the

### Quotient Rings and Field Extensions

Chapter 5 Quotient Rings and Field Extensions In this chapter we describe a method for producing field extension of a given field. If F is a field, then a field extension is a field K that contains F.

### Copy in your notebook: Add an example of each term with the symbols used in algebra 2 if there are any.

Algebra 2 - Chapter Prerequisites Vocabulary Copy in your notebook: Add an example of each term with the symbols used in algebra 2 if there are any. P1 p. 1 1. counting(natural) numbers - {1,2,3,4,...}

### A number field is a field of finite degree over Q. By the Primitive Element Theorem, any number

Number Fields Introduction A number field is a field of finite degree over Q. By the Primitive Element Theorem, any number field K = Q(α) for some α K. The minimal polynomial Let K be a number field and

### Homework 5 Solutions

Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### 1 Homework 1. [p 0 q i+j +... + p i 1 q j+1 ] + [p i q j ] + [p i+1 q j 1 +... + p i+j q 0 ]

1 Homework 1 (1) Prove the ideal (3,x) is a maximal ideal in Z[x]. SOLUTION: Suppose we expand this ideal by including another generator polynomial, P / (3, x). Write P = n + x Q with n an integer not

### Coin ToGa: A Coin-Tossing Game

Coin ToGa: A Coin-Tossing Game Osvaldo Marrero and Paul C Pasles Osvaldo Marrero OsvaldoMarrero@villanovaedu studied mathematics at the University of Miami, and biometry and statistics at Yale University

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

SUBGROUPS OF CYCLIC GROUPS KEITH CONRAD 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by g = {g k : k Z}. If G = g, then G itself is cyclic, with g as a generator. Examples

### Pythagorean Triples and Rational Points on the Unit Circle

Pythagorean Triles and Rational Points on the Unit Circle Solutions Below are samle solutions to the roblems osed. You may find that your solutions are different in form and you may have found atterns

### lecture 25: Gaussian quadrature: nodes, weights; examples; extensions

38 lecture 25: Gaussian quadrature: nodes, weights; examles; extensions 3.5 Comuting Gaussian quadrature nodes and weights When first aroaching Gaussian quadrature, the comlicated characterization of the

### ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

### Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b.

Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,

### CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

January 10, 2010 CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY The set of polynomials over a field F is a ring, whose structure shares with the ring of integers many characteristics.

### 9. POLYNOMIALS. Example 1: The expression a(x) = x 3 4x 2 + 7x 11 is a polynomial in x. The coefficients of a(x) are the numbers 1, 4, 7, 11.

9. POLYNOMIALS 9.1. Definition of a Polynomial A polynomial is an expression of the form: a(x) = a n x n + a n-1 x n-1 +... + a 1 x + a 0. The symbol x is called an indeterminate and simply plays the role

### Overview of Number Theory Basics. Divisibility

Overview of Number Theory Basics Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Divisibility Definition Given integers a and b, b 0, b divides a (denoted b a) if integer c, s.t. a = cb. b is called

### A matrix over a field F is a rectangular array of elements from F. The symbol

Chapter MATRICES Matrix arithmetic A matrix over a field F is a rectangular array of elements from F The symbol M m n (F) denotes the collection of all m n matrices over F Matrices will usually be denoted

### Settling a Question about Pythagorean Triples

Settling a Question about Pythagorean Triples TOM VERHOEFF Department of Mathematics and Computing Science Eindhoven University of Technology P.O. Box 513, 5600 MB Eindhoven, The Netherlands E-Mail address:

### FACTORING IN QUADRATIC FIELDS. 1. Introduction. This is called a quadratic field and it has degree 2 over Q. Similarly, set

FACTORING IN QUADRATIC FIELDS KEITH CONRAD For a squarefree integer d other than 1, let 1. Introduction K = Q[ d] = {x + y d : x, y Q}. This is called a quadratic field and it has degree 2 over Q. Similarly,

### Solutions to Practice Problems

Solutions to Practice Problems March 205. Given n = pq and φ(n = (p (q, we find p and q as the roots of the quadratic equation (x p(x q = x 2 (n φ(n + x + n = 0. The roots are p, q = 2[ n φ(n+ ± (n φ(n+2

### APPLICATIONS OF THE ORDER FUNCTION

APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and

### On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a