Integers, Division, and Divisibility


 Morgan McLaughlin
 1 years ago
 Views:
Transcription
1 Number Theory Notes (v October 31, 2002) 1 Number Theory is the branch of mathematics that deals with integers and their properties, especially properties relating to arithmetic operations like addition, subtraction, multiplication and division. As it turns out, there are a number of interesting computerrelated applications of basic number theory. Integers, Division, and Divisibility The integers are closed under the operations of addition, subtraction and multiplication. This means that if we add, subtract or multiply two integers we get another integer. But the integers are not closed under division. Sometimes when we divide one integer by another we get another integer, for example: 15 5 = 3 But other times we do not: = 3.75 We should stop here and point out an important connection between multiplication and division. These operations are inverses of each other in the following sense: a b = c means b c = a Using this relationship between multiplication and division, we make the following definitions: Let a and b be integers. If there is some integer c such that bc = a, we say that b divides a. If b divides a we say that b is a divisor (or factor) of a, and a is a multiple of b. We denote b divides a with the notation b a. If b does not divide a we write b a. For small integers, we can test if n m by doing the division m n to see if the result is an integer: Example. Does 4 divide 9? Does 7 divide 21? 9 4 = 2.25, so = 3, so The following basic facts are all straightforward to prove from definition, but are useful enough to collect into a lemma. The first two of these are the key to Euclid s GCD Algorithm, which we will discuss shortly. The next two show that divisibility is a reflexive, transitive (but not symmetric) relation on the integers. 1 One way to think about the rational numbers (fraction with integer numerator and denominator) is as the closure of the integers under division. That is, the rationals are the smallest set that contains the integers and is closed under division.
2 Number Theory Notes (v October 31, 2002) 2 Divisibility Lemma. Let a, b, x, y and z be integers. Then 1. If a x and a y, then a (x + y). and a (x y). (We can abbreviate this by writing a (x ± y).) 2. If a x and a x ± y, then a y. 3. x x 4. If x y and y z, then x z. 5. If a x, then a kx for any integer k. Proof. We ll prove parts (1) and (4) and leave the rest as exercises. For part (1), suppose a x and a y. This means that there are integers m and n such that am = x and an = y. So x + y = am + an = a(m + n) which shows that a x + y; and x y = am an = a(m n) which shows that a x y. For part (4), suppose If x y and y z. Then there must be integers m and n such that mx = y and ny = z. But then z = ny = nmx, which shows that x z. 1. True or False: a) 3 12 b) 3 13 c) 12 3 d) 13 3 e) 3 12 f) 3 12 g) 0 12 h) Finish the proof of the Divisibility Lemma by supplying proofs for parts (2), (3) and (5). The Divisibility Lemma allows us to prove a number of divisibility tests. 3. a) Use the divisibility lemma to prove that an integer is divisible by 2 if and only if its last digit is divisible by 2. (So the last digit must be 0, 2, 4, 6, or 8.) b) Use the divisibility lemma to prove that an integer is divisible by 5 if and only if its last digit is divisible by 5. (So the last digit must be 5 or 0.) c) Use the divisibility lemma to prove that an integer is divisible by 10 if and only if its last digit is 0. d) Use the divisibility lemma to prove that an integer is divisible by 4 if and only if its last two digits form a twodigit integer that is divisible by 4. For example, 4332 is divisible by 4 because 32 is divisible by 4. e) For what integers is there a similar look at the last few digits test for divisibility? How do you determine the number of digits to look at? 4. Here is a divisibility test for divisibility by 11: To see if x is divisible by 11, subtract the last digit of x from the number formed by taking all but the last digit x. Call the result y. Then x is divisible by 11 if and only if y is. Here is an example: To test consider = 12339, then = 1224, then = 118, then 11 8 = 3. Since 11 3, Prove that this test works.
3 Number Theory Notes (v October 31, 2002) 3 5. Here is a divisibility test for divisibility by 7: To see if x is divisible by 7, double the last digit of x and subtract that from the result from the number formed by taking all but the last digit x. Call the result y. Then x is divisible by 7 if and only if y is. Here is an example: To test consider = 12333, then = 1227, then = 108, then = 6. Since 7 6, Prove that this test works. 6. Use the divisibility tests above to find which of 2, 4, 5, 7, and 11 divide the following numbers. a) b) c) d) We ll learn about some more divisibility tests after we have learned a bit about modular arithmetic. Primes and Composites Every positive integer n except 1 has at least two positive divisors: 1 and n. Some integers have additional divisors as well. This leads to the following definition. A prime is an integer p such that p > 1, p has exactly two positive divisors: 1 and p. A composite is an integer greater than 1 that is not a prime. The prime numbers play an important role throughout Number Theory because of their special properties in relationship to divisibility. One of the reasons that the primes have an important role in Number Theory is that they are the multiplicative building blocks for all integers. The Fundamental Theorem of Arithmetic. Every positive integer greater than 1 can be written uniquely as a product of two or more primes where the primes are written in nondecreasing order. Such a product is called the prime factorization of an integer. Note that for a prime, the prime factorization consists just of the prime itself. Example. Here are some example prime factorizations: 15 = = = = = = Proof. We can prove that every integer n > 1 has a prime factorization by induction on n. For a base case, we simply note that n = 2 is prime. Now consider some integer n and suppose that all integers less than n have prime factorizations. There are two cases to consider:
4 Number Theory Notes (v October 31, 2002) 4 1. n is prime. If n is prime, then we are done, since n is its unique factorization. 2. n is composite. If n is composite, then there are two integers a and b such that ab = n. Each of a and b is larger than 1 and smaller than n, for otherwise their product would be too small or too large. Thus a and b have prime factorizations. The prime factorization of n is then the product of these two prime factorizations (with the terms rearranged into nondecreasing order). The proof that this factorization is unique is left as an exercise. It is not a trivial matter to quickly determine whether a large number is prime, and even less trivial to quickly determine the factors of a number that is composite. Just recently (summer 2002) it was announced for the first time that an algorithm exists that runs in polynomial time (in the number of digits of an integer) and can tell whether a number is prime. Factoring algorithms have been the focus of much study for many years, and the difficulty of factoring certain large integers integers with several hundred digits is important for the security of many secret codes. We will study an important example of this, called RSA, once we have laid the groundwork necessary to understand this cryptographic system. One way we might try to find the factorization of an integer n is by trial division. That is, we could check each positive integer a that is less than n and see if a divides n. While this certainly works, it takes an enormous amount of time when n is large. If n has 100 digits, we would need to try roughly different divisors. This is so many, that no computer could put even a small dent in the project in our lifetime. Still one could try to improve things by only trying some of the possible values of a. The following lemma provides two ways we could reduce the search. Trial Division Lemma. If n is a composite, then 1. n has a factor less than or equal to n; in fact, 2. n has a prime factor less than or equal to n. 7. Prove the Trial Division Lemma. Using the Trial Division Lemma, we could modify the method of trial division to only try numbers up to n. In our example of a 100digit number, this would reduce the number of candidates to roughly much smaller than , but still too large to be successfully automated. Of course even fewer of these are primes, so there will be fewer potential divisors to check if we only check the primes, but there are two problems with trying to modify the trial division algorithm to check only primes. First, it is not clear how we identify which numbers are the primes. We may spend more time figuring out if a number is prime than we would spend checking if it divides n. Second, there would still be too many to check. A famous result known as the Prime Number Theorem says that the number of primes less than x is
5 Number Theory Notes (v October 31, 2002) 5 approximately x/ ln(x). This allows us to approximate the number of primes less than As it turns out, there are still more than primes to be checked. Despite the failure of these ideas to give efficient methods for determining if large numbers are prime or composite, they are useful for smaller computations. Example. Which of the numbers are primes? We only need to check prime numbers less than 10, since 11 2 = 121 > 109. So we only need to check whether 2, 3, 5, and 7 are divisors. 102, 104, 106, and 108 are divisible by 2. Of the remaining numbers, 105 is divisible by 3. None of the remaining numbers is divisible by 5 or 7. So 101, 103, 107 and 109 are primes. A procedure known as the sieve of Eratosthenes can be used to find all primes less than n in a systematic (and time consuming) way. Common Divisors, Common Multiples Let a and b be integers, not both zero. A number d such that d a and d b is called a common divisor of a and b. A number m such that a m and b m is called a common multiple of a and b. The largest common divisor of a and b is called the greatest common divisor of a and b and denoted gcd(a,b). The smallest positive common multiple of a and b is called the least common multiple of a and b and denoted lcm(a,b). If gcd(a, b) = 1, then we say that a and b are relatively prime, since there is no prime that divides both a and b. Note that lcm(a, b) ab (why?) and gcd(a, b) 1 (why?) One way to find the gcd of two integers is to list out all of the divisors of each number and find the largest. Example. Evaluate gcd(24, 36), gcd(12, 25), and gcd(15, 45). The divisors of 24 are 1, 2, 3, 4, 6, 8, 12, 24; the divisors of 36 are 1, 2, 3, 4, 6, 9, 12, 18, 36; so gcd(24, 36) = 12. The divisors of 12 are 1, 2, 3, 4, 6, 12; the divisors of 25 are 1, 5, 25; so gcd(12, 25) = 1. The divisors of 15 are 1, 3, 5, 15; the divisors of 45 are 1, 3, 5, 9, 15, 45; so gcd(15, 45) = 15. Another way to determine the the gcd or lcm of two numbers is by looking at the prime factorizations of the two numbers involved.
6 Number Theory Notes (v October 31, 2002) 6 Example. 36. Evaluate gcd(24, 36) and lcm(24, 36) by considering the prime factorizations of 24 and 24 = 2 3 3; 36 = So gcd(24, 36) = = 12, since divides both numbers, but any higher power of 2 or 3 or any other prime will fail to divide one or both numbers. Similarly, lcm(24, 36) = = 72, since every multiple of both 24 and 36 must have at least 3 2 s and 2 3 s in its prime factorization. This same reasoning allows us to find any gcd or lcm from a prime factorization of each number. If a prime occurs a times in one number and b times in the other, then it will occur min(a, b) times in the gcd and max(a, b) times in the lcm. Example. Find gcd(12, 25), lcm(12, 25), gcd(15, 45), and lcm(15, 45) by considering the prime factorizations of the numbers involved. 12 = 2 2 3; 25 = 5 2. So gcd(12, 25) = 1, since there is no prime that divides both numbers. And lcm(12, 25) = = = 3 5; 45 = So gcd(15, 45) = 15, and lcm(15, 45) = 45. Note that as a side effect of the method just illustrated, we can see that gcd(n, m) lcm(n, m) = n m. 8. Evaluate gcd(26, 48), gcd(45, 54), gcd(32, 56). 9. Evaluate lcm(26, 48), lcm(45, 54), lcm(32, 56). 10. For the following, express your answers in terms of prime factorizations. a) Evaluate gcd( , ) and lcm( , ). b) Evaluate gcd( , ) and lcm( , ). Euclid s Algorithm Of course the methods above are only good if we can factor the numbers involved. Since this is not trivial to do for large numbers, we would like to have a better method. Let s suppose we want to determine D = gcd(a, b). Looking over what we know about divisibility, we see that for any natural number d, d a and d b d b and d a b Therefore gcd(a, b) = gcd(b, a b). Furthermore, if a b, then 0 a b a, so we have reduced our gcd problem to a gcd problem involving smaller numbers. This suggests a recursive solution to the gcd problem. We just need to identify a base case. Since the numbers involved are nonnegative and decreasing, a likely candidate is for a base case is when one or the other number is 0. So what is gcd(0, x)? Well, x is the largest integer that divides x, and x 0 because 0 x = 0. So gcd(0, x) = x. Here is a representation of the algorithm we have been describing:
7 Number Theory Notes (v October 31, 2002) 7 //Euclid s Algorithm  First try. unsigned int gcd(unsigned int a, unsigned int b) { if (a = 0) { return b; } if (b = 0) { return a; } } if (a >= b) { return gcd(b, ab); } return gcd(a, ba); Example. Compute gcd(1234,3080) using the algorithm above. gcd(1234, 3080) = gcd(1846, 1234) = gcd(1234, 612) = gcd(622, 612) = gcd(612, 10) = gcd(602, 10) = gcd(592, 10). = gcd(12, 10) = gcd(10, 2) = gcd(8, 2). = gcd(2, 2) = gcd(2, 0) = 2 Notice the omitted steps in the example above. In those places the algorithm is repeatedly subtracting the same amount. We could speed up the algorithm if we could do all that subtracting in one step. Fortunately, we can. For example, when computing gcd(622, 10), we need to subtract 10 from 622 until we are left with a value smaller than 10 (namely 2). This idea motivates the definitions of the next section and will lead to an improved algorithm for the gcd. But first, here is a chance to try your hand at the algorithm in its unimproved form. 11. Trace the gcd algorithm above to compute gcd(578, 238).
8 Number Theory Notes (v October 31, 2002) 8 Euclid s Algorithm Improved Our improved version of Euclid s Algorithm makes use of division to skip over the repeated subtraction of our first attempt. Definition of the mod operator. Let a and b be integers with b > 0. When we divide b by a there is a remainder (possibly 0) left over. That is, b = qa + r r [0, a 1] We define b mod a = r (the remainder when dividing b by a). The number q is called the quotient when dividing b by a. Definition of the mod relations. We say that a b (mod n) if n a b. The number n in the definition of the mod relation is called the modulus of the relation. Example. Determine the values of 18 mod 6, 18 mod 5, and 18 mod 5. Since 18 = 3 6, 18 mod 6 = 0. Since 18 = , 18 mod 5 = 3. Since 18 = , 18 mod 5 = 2. Be sure you understand how the last example above was done. In particular, the mod operator always produces a nonnegative result and a mod b and a mod b are usually (but not always) different. This is not the same as the mod operator in many programming languages which handle negative number differently. It is also important to note that mod is used in two different ways a mod b is an integer, but a b (mod n) is a statement that is either true or false. 12. For what values of a and b with b > 2 is a mod b = a mod b? 13. Show that for a fixed n, the relation arb if and only if a b (mod n) is an equivalence relation on the integers. The equivalences classes mod n are sometimes called congruence classes. As we will see, we will be able to do arithmetic not just with integers but with congruence classes of integers. 14. a) Find three elements of the congruence class of 7 mod 13. b) Find three elements of the congruence class of 13 mod 7. c) Find three elements of the congruence class of 0 mod 13. Now we are in a position to describe an improved version of Euclid s algorithm.
9 Number Theory Notes (v October 31, 2002) 9 //Euclid s Algorithm  Improved Version. unsigned int gcd(unsigned int a, unsigned int b) { if (a = 0) { return b; } if (b = 0) { return a; } return gcd(b, a mod b); } 15. Trace the improved gcd algorithm above to compute gcd(578, 238). Analysis of Euclid s Algorithm So how good is Euclid s Algorithm? That depends, of course, a good deal on the numbers involved. Let s look at the work involved in Euclid s Algorithm in a slightly different format. This time we ll display the Division Algorithm at each step. Example. Compute gcd(1234,3080) using the improved version of Euclid s Algorithm = = = = Notice that the last nonzero remainder is the gcd. In general, if computing gcd(a, b) requires n recursive calls and we let let r n = a and r n 1 = b, then we can write this as r n = q n 1 r n 1 + r n 2 r n 1 = q n 2 r n 2 + r n 3. r 2 = q 2 r 1 + r 0 r 1 = q 1 r Sometimes using division and finding the remainder reduces the numbers very quickly as when we find a quotient of 61 in the third step above. Of course, if the quotient is 1, then division is no better than subtraction. So the worst thing that could happen would be a quotient of 1 each time. r n = r n 1 + r n 2 r n 1 = r n 2 + r n 3. r 2 = r 1 + r 0 r 1 = r 0 + 0
10 Number Theory Notes (v October 31, 2002) 10 This should look familiar. If we let r 0 = 1, then this r n is the nth Fibonacci number. So the algorithm performs worst if a and b are consecutive Fibonacci numbers. Since the nth Fibonacci number is approximately ϕ n (where ϕ is the Golden ratio), we see that if the algorithm requires more than ϕ n recursive calls, then a ϕ n. Taking logarithms and expressing this using the contrapositive we see that if a < n log(ϕ), then the number of recursive calls is less than log(n). So the number of recursive calls required by Euclid s algorithm is O(log n) where n is the larger of a and b. In other words, the number of recursive calls is linear in the length of the decimal (or binary) representations of a and b. Modular Arithmetic Modular arithmetic is useful for much more than an improved version of Euclid s algorithm. In order to see some other applications of modular arithmetic, we need to learn a bit more about the modular arithmetic system. The following statements are all equivalent. That is for a given a, b, and n, either all the statements are true or all the statements are false. 1. a b (mod n) 2. n b a 3. a b = nk for some integer k 4. a = nk + b for some integer k 5. a mod n = b mod n. Proof. We can show that the statements are equivalent by showing that each one implies the next and that the last implies the first. [1 = 2]: This is just the definition of a b (mod n). [2 = 3]: Suppose n a b. This means there is an integer k such that kn = a b. [3 = 4]: If a b = nk, then a = nk + b. [4 = 5]: Suppose a = nk + b, and write b = qn + r for some r [0, n). Then b mod n = r. But a = nk + b = nk + qn + r = (k + q)n + r, so a mod n = r, too. [5 = 1]: If a mod n = r = b mod n, then there are integers q and k such that a = qn + r and b = kn + r. So a b = qn + r (kn + r) = (q k)n, so n a b, which means a b (mod n). Basic Modular Arithmetic Lemma. If a x (mod n) and b y (mod n), then 1. a + b x + y (mod n) 2. a b x y (mod n) 3. a b x y (mod n) So we can do modular arithmetic by taking any member of a congruence class.
11 Number Theory Notes (v October 31, 2002) 11 Proof. Since a x (mod n) and b y (mod n), there are integers q and k such that a = nk + x and b = nq + y. So a + b = nk + nq + x + y = (k + q)n + x + y, which shows that a + b x + y (mod n). Similarly, a b = nk nq + x y = (k q)n + x y, which shows that a b x y (mod n). Finally, ab = (nk + x)(nq + y) = kqn 2 + nky + nqx + xy, n(kqn + ky + qx) + xy, which shows that ab xy (mod n). The importance of the Modular Arithmetic Lemma is that we can do arithmetic (at least addition, subtraction, and multiplication) with congruence classes. Example. Determine the congruence class mod 12 of each of the following numbers: a) b) c) d) Working mod 12 we see that 119 1, and So , , ( 1) (because 149 is odd), and , which must be congruent to some number between 0 and 11. To determine which number, let s begin making a list of powers of 5 (mod 12): Ah, we see an easy pattern here: Since 119 is odd, There are a couple very important things to notice in the example above. First, notice that we are not allowed to reduce the exponent to some member of its equivalence class, only the base of the exponentiation. Second, notice that, we began with the phrase Working mod 12..., and then omitted the (mod 12) everywhere. This is very common and makes writing up modular arithmetic much nicer. As long as only one modulus is involved and it is clear what the modulus is, we will drop the modulus from the notation. We can use modular arithmetic to give some nice proofs of some more divisibility tests. Example. Here is a divisibility test for 3: Add the digits of x. If the sum is divisible by 3, then x is divisible by 3. Use modular arithmetic to prove that this test works. Let x i be a sequence of length k such that each x i is a digit and x = k i=0 x i 10 i. So if x = 1234, then k = 3, x 0 = 4, x 1 = 3, x 2 = 2, and x 3 = 1. Let S = k i=0 x i be the sum of the digits of x. We will show something stronger, namely that x S (mod 3). Notice that 10 i 1 i 1 (mod 3) So a10 i a (mod 3), and k k S = x i x i 10 i = x. i=0 i=0 That is, mod 3, each digit of x is equivalent to its contribution to the value of x, so the sum of the digits will be in the same congruence class as x itself. You will be given a chance to prove some additional divisibility tests in the exercises below.
12 Number Theory Notes (v October 31, 2002) For each of the numbers below, determine its congruence class mod 15. In each case your answer should be a number between 0 and 14 (inclusive). a) b) c) d) Repeat problem 16 with the modulus Here is a divisibility test for 9: Add the digits of x. If the sum is divisible by 9, then x is divisible by 9. Use modular arithmetic to prove that this test works. 19. Here is a divisibility test for 11: Let S be the alternating sum of the digits of x (add the every other digit, subtract the others). Then x is divisible by 11 if and only if S is divisible by 11. (Example: because = 4, which is not divisible by 11.) Use modular arithmetic to prove that this test works. The Modular Arithmetic Lemma handles the cases of addition, subtraction, and multiplication mod n. Division is a bit trickier. Recall that multiplication and division are inverse operations. That is for real numbers x, y, and q x y = q means q y = x So the division question What is a b (mod n)? amounts to asking whether we can find a number q such that qb a and determining what q is. Or, more generally, we are interested in solving congruences like Ax + B C (mod n) (1) where A, B, C, and n are known and x is the unknown to be solved for. If B = 0, we have exactly the inverse of division. Forget for a moment that we are working mod n. Suppose all the numbers in equation 1 were just real numbers. Then the problem would become an easy example of high school algebra, which we might solve the following way: Ax + B = C Ax = C B ( 1 A )Ax = 1 (C B) A x = 1 (C B) A How much of this works in modular arithmetic (mod n)? The first step is fine, since it involves addition 1 and subtraction. The second step is almost good, we just need something to take the place of A, since that might not be an integer. This intuition motivates the following definition. Inverses. The inverse of a (mod n) is an integer q such that qa 1 (mod n).
13 Number Theory Notes (v October 31, 2002) 13 There is not always an inverse. 0 never has an inverse (because 0 x = 0 1 (mod n)). Of course, we weren t allowed to take the reciprocal of zero ( 1 0 ) either, so this is not a problem. But other inverses also might fail to exist. Fortunately, it is easy to determine if there is an inverse and to find it if it exists using information from Euclid s Algorithm. We ll see this shortly, but first some examples. Example. Find the inverse of each number between 1 and 6 mod 7. We don t have any tools for this yet, so we ll just do some multiplication and see what happens: 1 1 1, so 1 is its own inverse , so 2 and 4 are inverses , so 3 and 5 are inverses. Finally ( 1) 1, so 6 is its own inverse. Example. Verify the following claims mod 35: a) 3 and 12 are inverses, b) 11 and 16 are inverses, c) 6 is its own inverse. d) 5 has no inverse. 3(12) = 36 1; (11)(16) = 176 1; 6 6 = 36 1; but 5 has no inverse since 5x is always divisible by 5, but 35k + 1 is never divisible by 5, so there is no number x such that 5x 1 (mod 35). So when does a number have an inverse, and how do we find it in a more systematic way? Inverse Lemma. a has an inverse (mod n) if and only if gcd(a, n) = 1. GCD Lemma. For any a and n, we can always find integers s and t such that gcd(a, b) = sa + tb by running Euclid s GCD Algorithm and backsubstituting for each remainder. Notice that if gcd(a, n) = 1, then the gcd lemma tells us that there are integers s and t such that 1 = sa + tn from which we see that s is an inverse of a (mod n) (and t is an inverse of n (mod a)). To see this, just interpret the equation mod n or mod a. Proof of Inverse Lemma. First suppose that ax 1 (mod n), and gcd(a, n) = 1. Then there is an integer q such that a = qn + 1. Clearly, d a, and d qn. But this means that d 1 (by the Divisibility Lemma), so d = 1. This shows that if a has an inverse mod n, then gcd(a, n) = 1. For the other direction, we will use the GCD Lemma, which we will prove shortly. If gcd(a, n) = 1, then there are integers s and t such that 1 = sa + tn. So q sa + tn sa (mod n), which shows that s is the inverse of a mod n. Proof of GCD Lemma. Let s begin this proof with an example. Suppose we want to find the gcd of 35 and 16. Using Euclid s Algorithm, we can record our work as follows: 35 = = =
14 Number Theory Notes (v October 31, 2002) 14 Starting from the second to last equation, we can get expressions for 1 (the gcd of 16 and 35) in terms of the remainders used in the algorithm by backsubstituting : 1 = = Using this we see that 1 = 16 (5)(3) = 16 5(35 2(16)) = 16 5(35) + 10(16) = 11(16) 5(35) A complete proof of this fact can be given using proof by induction on the number of steps used by Euclid s Algorithm. Notice that with inverses in hand, we can now solve linear congruences. Example. Solve the congruence 11x 9 (mod 35). Recall from the example above that 11 and 16 are inverses mod 35. This leads to a solution that looks almost like high school algebra. 11x 9 (16)(11)x (16)(9) x (16)(9) x (All the congruences are mod 35, of course.) 20. Working mod 50, which of the following numbers have an inverse: a) 3 b) 4 c) 5 d) 7 e) 10? (You do not need to find the inverses.) 21. Working mod 123, two pairs among the following numbers are inverses. Which pairs? How do you know? (Do not use Euclid s Algorithm for this problem.) True or false. Explain. a) 1 has an inverse mod n for any n. b) n 1 has an inverse mod n for any n.
15 Number Theory Notes (v October 31, 2002) 15 c) If a is a prime number, then a has an inverse mod n for any n. d) If a has an inverse mod b, then b has an inverse mod a. 23. Use the extended version of Euclid s Algorithm to find the following inverse, or show that there is no such inverse. a) the inverse of 13 mod 55 b) the inverse of 55 mod 13 c) the inverse of 11 mod 55 d) the inverse of 16 mod 55 A bit more advanced Number Theory We can use the tools above to show a few more advanced things that will be useful for RSA. They are only advanced in the sense that we will justify them by using the results we have already established (rather than directly from the definitions). Except for the last one, these are still straightforward results. 1. First Cancellation Lemma. If gcd(a, c) = 1 and a bc, then a b. Reason: Write 1 = sa + tc (gcd lemma). Then b = sab + tcb. a sab, and a tcb (because a bc), so a b (divisibility lemma). 2. Second Cancellation Lemma. If gcd(n, c) = 1 and ac bc (mod n), then a b (mod n). Reason: n ac bc, so n c(a b), so n (a b) (cancellation lemma), so a b (mod n). Alternative Reason: c has an inverse mod n. Call it d. Then a acd bcd b (mod n). 3. Prime Divisibility Lemma: If p a 1 a 2 a n, then p a i for some i Reason: repeated use of First Cancellation Lemma. 4. Unique Factorization. Every integer can be factored as a product of primes in exactly one way (up to the order of the primes involved). Reason: Show that any two factorizations are the same because everything cancels. (Uses Cancellation Lemma and Prime Divisibility Lemma.) 5. Chinese Remainder Theorem. Let m 1, m 2,..., m k be pairwise relatively prime positive integers (this means that gcd(m i, m j ) = 1 whenever i j), and let a 1, a 2,..., a k be any integers. Then there is a number x such that x mod m i = a i for each i. (i.e., x a k (mod m) k for each k.) In fact, there is always exactly one such number in the range [0, M 1], where M is the product of all the m i s (a) Example: Find x so that x mod 3 = 1, x mod 5 = 2, and x mod 8 = 3. Solution: The idea is to fill in the following boxes with integers: x =
16 Number Theory Notes (v October 31, 2002) 16 where 40 = 5 8, 24 = 3 8, and 15 = 3 5 (products of all but one modulus). The value in the first box will determine x mod 3, because the rest is divisible by 3; the value in the second box will determine x mod 5 because the rest is divisible by 5; the value in the third box will determine x mod 8 because the rest is divisible by 8. To get the appropriate values for each box, we solve the equations B (mod 3), B (mod 5), B (mod 8), which we can do using inverses. mod3 mod5 mod8 B B B B B 2 ( 1) 2 B 3 ( 1) 3 B 1 1 B 2 ( 1)( 1) 2( 1) B 3 ( 1)( 1) 3( 1) B 1 1 B B Now putting each B i back into its box we get Or, choosing different values for the B i s: x = = = 187 x = = = 67 Note that = 120 = This is not a coincidence. The set of all solutions to this system of congruences is a congruence class mod 120. One way to see why this should be is to notice that adjusting the number in one of the boxes by a multiple of the appropriate modulus (3 or 5 or 8) changes the value of x by a multiple of 120. The proof is more easily given by working with our properties of modular arithmetic. You will be asked to prove this in an exercise. (b) This method will always work if the moduli are pairwise relatively prime, because in that case the required inverses will exist. 6. Fermat s Little Theorem. If p is a prime then for any a, a p a (mod p). Furthermore, if a 0 (mod p), then a p 1 1 (mod p). First notice that if a 0 (mod p), then a n 0 (mod p) for any n. So the only interesting case is when a = (mod p). Here is the basic idea: There will be a number a such that the numbers a, a 2, a 3,... a p 1 (mod p) are all distinct and not 0, so 1 can t occur in the list until all the other nonzero numbers (mod p) have occurred. (Proving such an a always exists is the tricky part.) This means that a p 1 1. For other numbers b, b a d for some d, so b p 1 (a d ) p 1 (a p 1 ) d 1 d Prove the Unique Factorization Lemma by induction on the number of primes in the prime factorization. [Note: This is a slightly different approach than the one used in class.] 25. a) Check that the two solutions given in the Chinese Remainder example are indeed correct by doing the modular arithmetic. b) Find another solution and show that it is correct.
17 Number Theory Notes (v October 31, 2002) 17 c) Prove that the set of all solutions is [67] 120, the congruence class of 67 mod 120. [Hint: You need to show two things: (i) if x 67 (mod 120), then x is a solution; (ii) if x is a solution, then x 67mod120.] 26. Find the smallest positive number x such that x 2 (mod 3), x 1 (mod 4) and x 3 (mod 5). 27. Find the smallest positive number x such that x 2 (mod 5), x 4 (mod 6) and x 5 (mod 7). Describe the set of all solutions. 28. Find the smallest positive number x such that x 1 (mod 2), x 2 (mod 3) x 3 (mod 5) and x 4 (mod 11). Describe the set of all solutions , 10, and 15 are not pairwise relatively prime, so the Chinese Remainder Theorem does not apply. But is there an integer x such that x 5 (mod 6), x 7 (mod 10), x 2 (mod 15)? If so, find the two smallest positive solutions. If not, explain why not. 30. Calculate the following. a) 2 10 mod 11 [Hint: Use Fermat s Little Theorem.] b) mod 11 [Hint: How does part (a) help?] c) mod 31 [Hint: What is 2 5 mod 31?] d) mod 341 [Hint: How do parts (b) and (c) help?] 31. Use Fermat s Little Theorem to calculate the following. [Hint: How do parts (a), (b), and (c) help for part (d).] a) mod 5 b) mod 7 c) mod 11 d) mod 385 (Note: 385 = ) 32. Use Fermat s Little Theorem to calculate the following. [Hint: How do parts (a), (b), and (c) help for part (d).] a) mod 7 b) mod 11 c) mod 13 d) mod 1001
18 Number Theory Notes (v October 31, 2002) 18 Applications of Number Theory to Codes Number Theory has numerous applications for various kinds of codes. The most famous of these is probably RSA encryption (named after its inventors Rivest, Shamir and Adelman) which is one of the most commonly used public key encryption schemes. But there are many other types of codes as well. Errordetecting codes are designed to detect common types of errors in communication. Simple errordetecting codes include ISBN and UPC codes. Errorcorrecting codes not only detect that an error has occurred but, provided there are not too many errors, correct the errors. Errorcorrecting codes are used in applications like CDplayers so that the music can be rendered even if a few bits here and there are misread. Both errordetecting and errorcorrecting codes can be used to prevent datatransmission errors. Data compression could be thought of as a kind of code as well, as can the storing of any data in a computer. In each of these cases some information is begin stored electronically in a form that is not the same as the information itself, but from which the information can be retrieved. We will look at one example of this sort of code, which I will call Chinese Remainder coding, that allows us to do arithmetic with larger integers than we would otherwise be able to store in a machines internal registers. Cryptographic codes are used to transmit a message from a sender to a recipient in such a way that an eavesdropper cannot discover the message. Applications of cryptography range from secure remote logins, to online banking and purchasing, to national security. Private key cryptographic schemes rely on keeping a secret key, known only to the sender and recipient. This key must, of course, be communicated between the recipient and sender, and then safely guarded. Public key cryptographic schemes, do not require the use of shared secret key. Instead, only the recipient must know the the secret key. Furthermore, anyone can send a message to the recipient using a public key to code the message, and even though anyone can know how the message was coded (the public key), only the recipient is able to decode the message in a reasonable efficient manner. ISBN Numbers Note: ISBN numbers are discussed on page 104 of the textbook. Stay tuned for more applications The ISBN number for a book is X. What is the missing digit (represented by the box)? 34. This problem discusses some of the errors that are detected by the ISBN code. a) Show that if the first two digits of an ISBN number are reversed, then the resulting number is not a legal ISBN number. (Unless, of course, the two digits were the same. This same caveat applies to each part of this problem.) b) Show that if any two consecutive digits in an ISBN number are reversed, then the result is not a legal ISBN number. c) Show that if any two digits (not necessarily consecutive) are interchanged, then then the result is not a legal ISBN number. d) Show that if the third digit is incorrectly typed, then then the result is not a legal ISBN number. e) Show that if any one digit is incorrectly typed, then then the result is not a legal ISBN number.
19 Number Theory Notes (v October 31, 2002) 19 Chinese Remainder Codes Suppose that there is a maximum size integer that can be handled by the CPU of some computer. For example, suppose that the maximum is 4. This is, of course, unrealistically small, but we will see that the ideas presented here scale well. Now suppose we need to work with numbers as large as 11. What are we to do? We will use a (3, 4)code for the numbers: Instead of storing a number x, which may be too large to process, we will store a pair of numbers: x mod 3 and x mod 4. So our coding scheme looks like the following: 0 (0,0) 1 (1,1) 2 (2,2) 3 (0,3) 4 (1,0) 5 (2,1) 6 (0,2) 7 (1,3) 8 (2,0) 9 (0,1) 10 (1,2) 11 (2,3) There are two important features of this coding scheme: 1. Provided the moduli are pairwise relatively prime, it is possible to recover x from its Chinese Remainder code by using the Chinese Remainder Algorithm. Suppose that the (m, n)code for x is (a, b). Then x is a number such that x a (mod m) and x b (mod n). This system of congruences has a unique solution mod mn, provided m and n are relatively prime. 2. Addition, subtraction, and multiplication can be performed on the codes componentwise. If we have (m, n)codes (a, b) for x and (c, d) for y, then the code for x + y is (a + c, b + d), where the addition is done mod m in the first coordinate and mod n in the second. Similar statements hold for the other operations. This means that all the internal arithmetic can be done just by manipulating the codes and ignoring what they represent. We only need to convert back to decimal notation when we need to display a result. (This is, by the way, much like what happens in a computer with binary representations of numbers. The computer simply does the arithmetic in binary and converts to decimal only when output is requested.) Of course, we are not limited to using just two moduli. The numbers 99, 98, 97 and 95 are pairwise relatively prime, so (99, 98, 97, 95)codes will allow us to handle number from 0 to (99)(98)(97)(95) 1 = while only needing to do arithmetic with two digit numbers. A more interesting example is (2 35 1, , , , , ) codes. One can check that these moduli are all relatively prime numbers that use at most 35 bits. The codes can be used to represent any number up to So six 35bit numbers can represent one 184bit number. 35. Below are (13, 14, 15)codes for some numbers: x (2, 7, 5) y (11, 11, 11) z (0, 1, 2)
20 Number Theory Notes (v October 31, 2002) 20 a) What is the largest number that can be represented by such a code? b) What is the (13, 14, 15)code for x + y? x y? xy? c) Determine the values of x, y, and z. d) Is it easy to do comparison using Chinese Remainder codes? (Can we tell which of x and y is larger by looking at their codes?) Cryptography By an encryption scheme, we mean a pair of algorithms E (encoding) and D (decoding) with the following relationship. message encryption encrypted message decryption original message again M C = E(M) M = D(C) = D(E(M)) That is, there is some message M which is to be communicated from the sender to the recipient. But instead of transmitting M, the message is coded as C = E(M) (the encrypted message, some times called cypher text as opposed to the message which is called plain text). The recipient then uses the decryption algorithm D to decrypt: D(C) = M, retrieving the original message. In a private key encryption scheme, the sender and recipient agree on some information (secretly) that are used to encrypt and decrypt. This information is called a private key Since no on else (presumably) knows the private key, only the sender and receiver can (efficiently) encrypt and decrypt. The traditional Caesar cypher is a trivial example of private key encryption. In order to highlight the number theory and prepare ourselves for things to come, we ll describe the Caesar cypher by first converting each letter of the message to a number: A becomes 0, B becomes 1, etc. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Then we convert the number x to x + 3 mod 26. Finally we convert the numbers back into letters CAESAR CYPHER FHDVDU FBSKHU Decoding is done by shifting in the other direction: y y 3 mod 26. But notice that since 3 22 (mod 26), subtracting 3 is the same as adding 22 (mod 26). So another way to describe decryption is to say that it is the same thing as encryption but with a different key. Of course, one must keep both keys secret, since it is trivial to determine one from the other.
21 Number Theory Notes (v October 31, 2002) 21 Of course, we could shift by some other amount than 3, so there are 26 possible secret keys (perhaps we shouldn t really count the key 0). As is, this is incredibly insecure: one can simply try all 26 keys until the result is a reasonable message. Some improvement could be gained by converting blocks of letters to a number instead of single letters. For example, if we converted twoletter blocks, there would be = 676 possible blocks, and we could work mod 676 and have 675 nonzero keys to choose from. Similarly, if we used 50letter blocks, their would be keys, and it would become much more difficult to simply search through the keys and crack the code. But the Caesar cypher is not touted as a serious cryptographic scheme even its modified form. It is susceptible to other kinds of attacks, and there are better privatekey schemes. It is only of interest because it demonstrates a simple use of modular arithmetic, because it was actually used by the Roman Empire (reportedly with the private key of 3) for sending secret messages, and because it bears an amazing similarity with RSA. RSA RSA is a publickey encryption scheme. In a public key encryption scheme, there are two categories of information used in the encryption/decryption algorithms: Public information: Freely available (to sender, recipient and eaves droppers). Different for each recipient. Senders of messages use this information to encrypt. Secret information: Only the recipient knows it (recipient hopes). Recipient uses this to decrypt. The scheme is amazingly easy to describe. It is very similar to the Caesar cypher, but instead of coding the message using (modular) addition, we will use (modular) exponentiation. So the system consists of a modulus and two exponents, one to encrypt and one to decrypt. Public information: integers n and e Private information: integer d Encryption algorithm: C = E(M) = M e (mod n) Decryption algorithm: D(C) = C d (mod n) Here we are assuming that the text message has been parsed into blocks and that each block is coded as a number mod n. (n will be large, say around 400 bits.) Of course, not just any n, d, and e will do. We need to choose them in such a way that 1. Decryption works: M = D(E(M)). That is, (M e ) d M (mod n). 2. The scheme is secure: It is not easy to determine d if you know e and n. [Recall that for the Caesar cypher, if someone knows how encoding was done, they know how to decode, too.]
22 Number Theory Notes (v October 31, 2002) The scheme is practical: Suitable e, d, and n can be found reasonably efficiently, and the algorithms D and E can be performed efficiently. Number theory (modular arithmetic) is what allows us to make all of this work. Showing that RSA decoding works Choosing the parameters: n, e, and d Here s how we choose n, e, and d: First choose two large primes p and q. (Keep these secret.) Let n = pq. Choose e and d so that they are inverses mod (p 1)(q 1). gcd(e, (p 1)(q 1)) = 1. There will be many such e.) (Note that e has an inverse d if Why this works So why does this work? Remember the goal: we want (M e ) d M (mod n). Let s look at this more closely. (M e ) d M ed, so we want M ed M. This follows from M ed 1 1, so let s see how to achieve that. Since gcd(p, q) = 1, by the Chinese Remainder Theorem we can break this into two pieces: M ed 1 1 (mod p) and M ed 1 1 (mod q). By Fermat s Little Theorem, M p 1 1 (mod p) and M q 1 1 (mod q). Since e and d are inverses mod (p 1)(q 1), we can write ed = 1 + k(p 1)(q 1). So M ed 1 M k(p 1)(q 1) (M p 1 ) k(q 1) 1 k(q 1) 1 (mod p). By a similar argument M ed 1 1 (mod q), hence M ed 1 1 (mod n), so M ed 1M M (mod n). A few comments on RSA 1. Finding large primes p and q is reasonably easy. About 1 in every digit numbers is a prime. There are randomized methods to check whether a number is prime that work most of the time, so if we try 1000 or so 200digit numbers, we will probably have found 2 primes. This cost is a onetime offline cost of using RSA. 2. M e (mod n) can be computed reasonably efficiently. The obvious algorithm (raise M to the eth power by repeated multiplication) is terrible: it takes about steps if e is a 400bit number! But repeated squaring (doing the modular arithmetic as we go) is much better: M e = M e/2 M e/2 or M e = M e/2 M e/2 M This requires only about log 2 (e) steps to compute (i.e., only a few hundred steps for 400bit numbers in general, linear in the length of e). Repeated squaring can be implemented recursively or iteratively. Figuring out which of the two cases applies is particularly easy from the binary representation of e. So RSA is reasonably efficient to use.
23 Number Theory Notes (v October 31, 2002) RSA is not nearly as efficient to use as some private key systems. One use of RSA is to communicate a private key pair over an insecure channel, after which the two parties can use a faster privatekey system like DES. 4. No method is (publicly) known that can determine d from e and n that does not easily yield a factorization of n. So RSA seems to be about as hard to crack as factoring large numbers. But there is no mathematical proof that we won t eventually be able to factor efficiently. This means that RSA is reasonably secure: no one who will admit it knows a good algorithm for factoring 400bit numbers. (Of course, the size bound here keeps growing as both machines and algorithms improve.) 5. RSA can also be used to do electronic signatures. To confirm you authored something, code with your decoding algorithm (using d) to encode your message (or just a signature). The recipient can decode with e. If you are the only one who has access to d, then you are the only one who could have sent the message. This works because (M e ) d = M ed = (M d ) e. 36. We can think of RSA as a modification of the Caesar cypher in which we replace addition mod n with exponentiation mod n. We could also consider a scheme that used multiplication instead of addition. See the table below. Scheme parameters encoding decoding Caesar n,d,e C = M + e mod n M = C + d mod n d = n e Multiplication n,d,e C = M e mod n M = C d mod n d =?? RSA n,d,e C = M e mod n M = C d mod n n = pq ed 1 (mod (p 1)(q 1)) a) What is the relationship between e and d in the multiplicative scheme? b) How does the multiplicative scheme compare with the other two in terms of its quality? Could it be used as a private key scheme? If so, would it be any better or worse than the additive Caesar cypher? Could it be used as a public key scheme? If so, would it be any better or worse than RSA? 37. In this problem we will show that that if n = pq, where p and q are prime, and someone knows n and (p 1)(q 1), then they can determine p and q. Note that this means we better make sure that we keep (p 1)(q 1) secret when using RSA! a) Show that if n and (p 1)(q 1) are known, then we can determine s = p + q. [Hint: what is n (p 1)(q 1)?] b) Express n in terms of p and s. c) Why is it easy to figure out p if we know n and s?
24 Number Theory Notes (v October 31, 2002) 24 Credits Thanks to the following students for finding errors of various sorts in this manuscript: Name Number of errors reported first Randy Buikema 3 Jack Cheung 2 Nate Dykens 2 Justin Kent 1 Andrew Meneely 3 Dennis Sidharta 1 Dan Russcher 1 October 31, 2002
Elementary Number Theory We begin with a bit of elementary number theory, which is concerned
CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationHomework 5 Solutions
Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which
More informationChapter 6. Number Theory. 6.1 The Division Algorithm
Chapter 6 Number Theory The material in this chapter offers a small glimpse of why a lot of facts that you ve probably nown and used for a long time are true. It also offers some exposure to generalization,
More informationPrime Numbers. Chapter Primes and Composites
Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are
More information8 Primes and Modular Arithmetic
8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.
More informationCHAPTER 5. Number Theory. 1. Integers and Division. Discussion
CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a
More informationNumber Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may
Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition
More information8 Divisibility and prime numbers
8 Divisibility and prime numbers 8.1 Divisibility In this short section we extend the concept of a multiple from the natural numbers to the integers. We also summarize several other terms that express
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More informationMathematics of Cryptography
CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter
More informationCourse notes on Number Theory
Course notes on Number Theory In Number Theory, we make the decision to work entirely with whole numbers. There are many reasons for this besides just mathematical interest, not the least of which is that
More information3. Applications of Number Theory
3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a
More informationMODULAR ARITHMETIC KEITH CONRAD
MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic
More informationCHAPTER 5: MODULAR ARITHMETIC
CHAPTER 5: MODULAR ARITHMETIC LECTURE NOTES FOR MATH 378 (CSUSM, SPRING 2009). WAYNE AITKEN 1. Introduction In this chapter we will consider congruence modulo m, and explore the associated arithmetic called
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationFractions and Decimals
Fractions and Decimals Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles December 1, 2005 1 Introduction If you divide 1 by 81, you will find that 1/81 =.012345679012345679... The first
More informationIt is time to prove some theorems. There are various strategies for doing
CHAPTER 4 Direct Proof It is time to prove some theorems. There are various strategies for doing this; we now examine the most straightforward approach, a technique called direct proof. As we begin, it
More informationCongruences. Robert Friedman
Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition
More information1 Die hard, once and for all
ENGG 2440A: Discrete Mathematics for Engineers Lecture 4 The Chinese University of Hong Kong, Fall 2014 6 and 7 October 2014 Number theory is the branch of mathematics that studies properties of the integers.
More informationCS 103X: Discrete Structures Homework Assignment 3 Solutions
CS 103X: Discrete Structures Homework Assignment 3 s Exercise 1 (20 points). On wellordering and induction: (a) Prove the induction principle from the wellordering principle. (b) Prove the wellordering
More informationMath 319 Problem Set #3 Solution 21 February 2002
Math 319 Problem Set #3 Solution 21 February 2002 1. ( 2.1, problem 15) Find integers a 1, a 2, a 3, a 4, a 5 such that every integer x satisfies at least one of the congruences x a 1 (mod 2), x a 2 (mod
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationFactoring Algorithms
Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors
More informationLecture 13  Basic Number Theory.
Lecture 13  Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are nonnegative integers. We say that A divides B, denoted
More information1) A very simple example of RSA encryption
Solved Examples 1) A very simple example of RSA encryption This is an extremely simple example using numbers you can work out on a pocket calculator (those of you over the age of 35 45 can probably even
More informationRSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003
RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationContinued fractions and good approximations.
Continued fractions and good approximations We will study how to find good approximations for important real life constants A good approximation must be both accurate and easy to use For instance, our
More informationToday s Topics. Primes & Greatest Common Divisors
Today s Topics Primes & Greatest Common Divisors Prime representations Important theorems about primality Greatest Common Divisors Least Common Multiples Euclid s algorithm Once and for all, what are prime
More informationDiscrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5
CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range {0,1,...,N
More informationMODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.
MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on
More information3. QUADRATIC CONGRUENCES
3. QUADRATIC CONGRUENCES 3.1. Quadratics Over a Finite Field We re all familiar with the quadratic equation in the context of real or complex numbers. The formula for the solutions to ax + bx + c = 0 (where
More informationIntroduction to Diophantine Equations
Introduction to Diophantine Equations Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles September, 2006 Abstract In this article we will only touch on a few tiny parts of the field
More informationThere are 8000 registered voters in Brownsville, and 3 8. of these voters live in
Politics and the political process affect everyone in some way. In local, state or national elections, registered voters make decisions about who will represent them and make choices about various ballot
More informationFurther linear algebra. Chapter I. Integers.
Further linear algebra. Chapter I. Integers. Andrei Yafaev Number theory is the theory of Z = {0, ±1, ±2,...}. 1 Euclid s algorithm, Bézout s identity and the greatest common divisor. We say that a Z divides
More information4. Number Theory (Part 2)
4. Number Theory (Part 2) Terence Sim Mathematics is the queen of the sciences and number theory is the queen of mathematics. Reading Sections 4.8, 5.2 5.4 of Epp. Carl Friedrich Gauss, 1777 1855 4.3.
More informationThe last three chapters introduced three major proof techniques: direct,
CHAPTER 7 Proving NonConditional Statements The last three chapters introduced three major proof techniques: direct, contrapositive and contradiction. These three techniques are used to prove statements
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationSection 4.2: The Division Algorithm and Greatest Common Divisors
Section 4.2: The Division Algorithm and Greatest Common Divisors The Division Algorithm The Division Algorithm is merely long division restated as an equation. For example, the division 29 r. 20 32 948
More informationLecture 1: Elementary Number Theory
Lecture 1: Elementary Number Theory The integers are the simplest and most fundamental objects in discrete mathematics. All calculations by computers are based on the arithmetical operations with integers
More informationThe Laws of Cryptography Cryptographers Favorite Algorithms
2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field
More informationPublicKey Cryptography. Oregon State University
PublicKey Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secretkey cryptography Exchange the key
More informationNUMBER THEORY AMIN WITNO
NUMBER THEORY AMIN WITNO ii Number Theory Amin Witno Department of Basic Sciences Philadelphia University JORDAN 19392 Originally written for Math 313 students at Philadelphia University in Jordan, this
More informationMATH 289 PROBLEM SET 4: NUMBER THEORY
MATH 289 PROBLEM SET 4: NUMBER THEORY 1. The greatest common divisor If d and n are integers, then we say that d divides n if and only if there exists an integer q such that n = qd. Notice that if d divides
More informationAlgebraic Systems, Fall 2013, September 1, 2013 Edition. Todd Cochrane
Algebraic Systems, Fall 2013, September 1, 2013 Edition Todd Cochrane Contents Notation 5 Chapter 0. Axioms for the set of Integers Z. 7 Chapter 1. Algebraic Properties of the Integers 9 1.1. Background
More informationDiscrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University
Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called
More information2 The Euclidean algorithm
2 The Euclidean algorithm Do you understand the number 5? 6? 7? At some point our level of comfort with individual numbers goes down as the numbers get large For some it may be at 43, for others, 4 In
More informationNotes on Factoring. MA 206 Kurt Bryan
The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor
More informationNotes for Recitation 5
6.042/18.062J Mathematics for Computer Science September 24, 2010 Tom Leighton and Marten van Dijk Notes for Recitation 5 1 Exponentiation and Modular Arithmetic Recall that RSA encryption and decryption
More informationTheorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b.
Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationCLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010
CLASS 3, GIVEN ON 9/27/2010, FOR MATH 25, FALL 2010 1. Greatest common divisor Suppose a, b are two integers. If another integer d satisfies d a, d b, we call d a common divisor of a, b. Notice that as
More informationAlgebra for Digital Communication
EPFL  Section de Mathématiques Algebra for Digital Communication Fall semester 2008 Solutions for exercise sheet 1 Exercise 1. i) We will do a proof by contradiction. Suppose 2 a 2 but 2 a. We will obtain
More informationPractice Problems for First Test
Mathematicians have tried in vain to this day to discover some order in the sequence of prime numbers, and we have reason to believe that it is a mystery into which the human mind will never penetrate.
More informationChapter 11 Number Theory
Chapter 11 Number Theory Number theory is one of the oldest branches of mathematics. For many years people who studied number theory delighted in its pure nature because there were few practical applications
More informationAPPLICATIONS OF THE ORDER FUNCTION
APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and
More informationHomework until Test #2
MATH31: Number Theory Homework until Test # Philipp BRAUN Section 3.1 page 43, 1. It has been conjectured that there are infinitely many primes of the form n. Exhibit five such primes. Solution. Five such
More informationModule 5: Basic Number Theory
Module 5: Basic Number Theory Theme 1: Division Given two integers, say a and b, the quotient b=a may or may not be an integer (e.g., 16=4 =4but 12=5 = 2:4). Number theory concerns the former case, and
More informationMATH10040 Chapter 2: Prime and relatively prime numbers
MATH10040 Chapter 2: Prime and relatively prime numbers Recall the basic definition: 1. Prime numbers Definition 1.1. Recall that a positive integer is said to be prime if it has precisely two positive
More informationTopics in Number Theory
Chapter 1 Topics in Number Theory We assume familiarity with the number systems. The notion of a number line, which extends from to +, represents the ordering of the real numbers. Among these, the counting
More informationAn Introduction to Galois Fields and ReedSolomon Coding
An Introduction to Galois Fields and ReedSolomon Coding James Westall James Martin School of Computing Clemson University Clemson, SC 296341906 October 4, 2010 1 Fields A field is a set of elements on
More informationEULER S THEOREM. 1. Introduction Fermat s little theorem is an important property of integers to a prime modulus. a p 1 1 mod p.
EULER S THEOREM KEITH CONRAD. Introduction Fermat s little theorem is an important property of integers to a prime modulus. Theorem. (Fermat). For prime p and any a Z such that a 0 mod p, a p mod p. If
More informationCHAPTER 3 Numbers and Numeral Systems
CHAPTER 3 Numbers and Numeral Systems Numbers play an important role in almost all areas of mathematics, not least in calculus. Virtually all calculus books contain a thorough description of the natural,
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationMATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS
MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS Class Meetings: MW 2:003:15 pm in Physics 144, September 7 to December 14 [Thanksgiving break November 23 27; final exam December 21] Instructor:
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationORDERS OF ELEMENTS IN A GROUP
ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since
More informationThe Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.
The Prime Numbers Before starting our study of primes, we record the following important lemma. Recall that integers a, b are said to be relatively prime if gcd(a, b) = 1. Lemma (Euclid s Lemma). If gcd(a,
More information3. (5%) Use the Euclidean algorithm to find gcd(742, 1908). Sol: gcd(742, 1908) = gcd(742, 424) = gcd(424, 318) = gcd(318, 106) = 106
Midterm Examination on Discrete Mathematics 1. (4%) Encrypt the message LOVE by translating the letters A through Z into numbers 0 through 25, applying the encryption function f(p) = (3p + 7) (mod 26),
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationSolutions to Homework Set 3 (Solutions to Homework Problems from Chapter 2)
Solutions to Homework Set 3 (Solutions to Homework Problems from Chapter 2) Problems from 21 211 Prove that a b (mod n) if and only if a and b leave the same remainder when divided by n Proof Suppose a
More informationHandout NUMBER THEORY
Handout of NUMBER THEORY by Kus Prihantoso Krisnawan MATHEMATICS DEPARTMENT FACULTY OF MATHEMATICS AND NATURAL SCIENCES YOGYAKARTA STATE UNIVERSITY 2012 Contents Contents i 1 Some Preliminary Considerations
More informationThe RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm
The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm
More informationV55.0106 Quantitative Reasoning: Computers, Number Theory and Cryptography
V55.0106 Quantitative Reasoning: Computers, Number Theory and Cryptography 3 Congruence Congruences are an important and useful tool for the study of divisibility. As we shall see, they are also critical
More informationMath Review. for the Quantitative Reasoning Measure of the GRE revised General Test
Math Review for the Quantitative Reasoning Measure of the GRE revised General Test www.ets.org Overview This Math Review will familiarize you with the mathematical skills and concepts that are important
More informationMathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR
Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGrawHill The McGrawHill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,
More informationCryptography. Helmer Aslaksen Department of Mathematics National University of Singapore
Cryptography Helmer Aslaksen Department of Mathematics National University of Singapore aslaksen@math.nus.edu.sg www.math.nus.edu.sg/aslaksen/sfm/ 1 Basic Concepts There are many situations in life where
More informationSUM OF TWO SQUARES JAHNAVI BHASKAR
SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted
More informationb) Find smallest a > 0 such that 2 a 1 (mod 341). Solution: a) Use succesive squarings. We have 85 =
Problem 1. Prove that a b (mod c) if and only if a and b give the same remainders upon division by c. Solution: Let r a, r b be the remainders of a, b upon division by c respectively. Thus a r a (mod c)
More informationWe can express this in decimal notation (in contrast to the underline notation we have been using) as follows: 9081 + 900b + 90c = 9001 + 100c + 10b
In this session, we ll learn how to solve problems related to place value. This is one of the fundamental concepts in arithmetic, something every elementary and middle school mathematics teacher should
More informationMathematical Induction
Chapter 2 Mathematical Induction 2.1 First Examples Suppose we want to find a simple formula for the sum of the first n odd numbers: 1 + 3 + 5 +... + (2n 1) = n (2k 1). How might we proceed? The most natural
More informationStanford University Educational Program for Gifted Youth (EPGY) Number Theory. Dana Paquin, Ph.D.
Stanford University Educational Program for Gifted Youth (EPGY) Dana Paquin, Ph.D. paquin@math.stanford.edu Summer 2010 Note: These lecture notes are adapted from the following sources: 1. Ivan Niven,
More informationSolutions to Practice Problems
Solutions to Practice Problems March 205. Given n = pq and φ(n = (p (q, we find p and q as the roots of the quadratic equation (x p(x q = x 2 (n φ(n + x + n = 0. The roots are p, q = 2[ n φ(n+ ± (n φ(n+2
More informationThe Fundamental Theorem of Arithmetic
The Fundamental Theorem of Arithmetic 1 Introduction: Why this theorem? Why this proof? One of the purposes of this course 1 is to train you in the methods mathematicians use to prove mathematical statements,
More informationMA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins
MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public
More informationAsymmetric Cryptography. Mahalingam Ramkumar Department of CSE Mississippi State University
Asymmetric Cryptography Mahalingam Ramkumar Department of CSE Mississippi State University Mathematical Preliminaries CRT Chinese Remainder Theorem Euler Phi Function Fermat's Theorem Euler Fermat's Theorem
More informationThe Mathematics of RSA
The Mathematics of RSA Dimitri Papaioannou May 24, 2007 1 Introduction Cryptographic systems come in two flavors. Symmetric or Private key encryption and Asymmetric or Public key encryption. Strictly speaking,
More informationNUMBER THEORY AND CRYPTOGRAPHY
NUMBER THEORY AND CRYPTOGRAPHY KEITH CONRAD 1. Introduction Cryptography is the study of secret messages. For most of human history, cryptography was important primarily for military or diplomatic purposes
More informationSTUDY GUIDE FOR SOME BASIC INTERMEDIATE ALGEBRA SKILLS
STUDY GUIDE FOR SOME BASIC INTERMEDIATE ALGEBRA SKILLS The intermediate algebra skills illustrated here will be used extensively and regularly throughout the semester Thus, mastering these skills is an
More information12 Greatest Common Divisors. The Euclidean Algorithm
Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan 12 Greatest Common Divisors. The Euclidean Algorithm As mentioned at the end of the previous section, we would like to
More information10 k + pm pm. 10 n p q = 2n 5 n p 2 a 5 b q = p
Week 7 Summary Lecture 13 Suppose that p and q are integers with gcd(p, q) = 1 (so that the fraction p/q is in its lowest terms) and 0 < p < q (so that 0 < p/q < 1), and suppose that q is not divisible
More information2.2 Inverses and GCDs
2.2. INVERSES AND GCDS 49 2.2 Inverses and GCDs Solutions to Equations and Inverses mod n In the last section we explored multiplication in Z n.wesaw in the special case with n =12and a =4that if we used
More informationCryptography: RSA and the discrete logarithm problem
Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:
More informationAnnouncements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography
Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl
More informationOutline. Cryptography. Bret Benesh. Math 331
Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people
More informationRSA Encryption. Kurt Bryan ..., 2, 1, 0, 1, 2,...
1 Introduction Our starting point is the integers RSA Encryption Kurt Bryan..., 2, 1, 0, 1, 2,... and the basic operations on integers, +,,,. The basic material could hardly be more familiar. We denote
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationContinued Fractions and the Euclidean Algorithm
Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction
More information