# Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

 To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video
Save this PDF as:

Size: px
Start display at page:

Download "Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and"

## Transcription

2 Input: A product n of two distinct (unknown) odd prime numbers p 1 and p 2. Execute the following routine as often as needed until n has been factored: Step 1. Randomly, select a number a {1, 2,, n 1}. Step 2. Compute the greatest common divisor gcd(a, n) of a and n. Step 3. Step 4. Step 5. Step 6. If gcd(a, n) 1, then output p 1 = a and p 2 = n/a and stop; else continue. [This step requires a quantum computer.] Find the smallest positive integer r with a r 1 (mod n). If r is odd, then output factoring failed in this round and stop. Compute q =gcd(a r/2 + 1, n). If q = n, then output factoring failed in this round and stop; else output p 1 = q and p 2 = n/q and stop. Analysis of the Algorithm First, we randomly select a number a between 1 and n 1. Next, we use the very efficient Euclidean Algorithm [1, Theorem 1.6] to compute the greatest common divisor gcd(a, n) of a and n. If gcd(a, n) 1, then a = p 1 or a = p 2, because the only divisors of n are 1, p 1, p 2 and n. We will assume the worst case, where gcd(a, n) = 1, and proceed to Step 4. Note that the set Z n = {k (mod n) gcd(k, n) = 1} forms a group under multiplication [1, Corollary 2.10]. Since this group is finite, there is a smallest positive integer r, called the order of a (mod n), such that a r 1 (mod n)[1, Theorem 7.8(1)]. The next step of the algorithm calls for computing the value of r, which can be done by computing the period of the function f(x) = a x, since f(x + r) = a x+r = a x a r = a x 1 = f(x) (mod n). It is not feasible to carry out this step on a classical computer. However, a quantum computer is able to find this period (in theory) in an efficient manner. (See [2] to learn how.) If r turns out to be odd, our algorithm fails. From here on, we are going to assume that r is even. Let us denote the phrase i divides j by i j. Since a r 1 (mod n), then n (a r 1) = (a r/2 1) (a r/2 + 1). We know that n (a r/2 1), otherwise r would not be the order of a. (If n (a r/2 1), then a r/2 1 (mod n), contradicting the choice of r.) Therefore, gcd(a r/2 + 1, n) 1. Now if n (a r/2 + 1), i.e. if a r/2 1 (mod n), then n must have a nontrivial common factor with each of a r/2 ± 1, which we extract by computing 1 gcd(a r/2 + 1, n) {p 1, p 2 }. So we succeed in factoring n, unless either r is odd, or r is even and a r/2 1 (mod n). 1 A computational note: gcd(a r/2 + 1, n) is found by first reducing a r/2 modulo n. Even for very large numbers, a r/2 (mod n) can be computed efficiently. This is done by first expressing the exponent r/2 as the sum of powers of 2 and then repeatedly squaring a, each 36 B.S. Undergraduate Mathematics Exchange, Vol. 1, No. 1 (Fall 2003)

3 How Likely Is Success? Recall that n = p 1 p 2, where p 1 and p 2 are two distinct odd primes. By the Chinese Remainder Theorem (CRT) [1, Theorem 13.2], for each pair a 1 and a 2 of integers with 0 a 1 < p 1 and 0 a 2 < p 2, there exists exactly one integer a with 0 a < p 1 p 2, such that a a 1 (mod p 1 ) a a 2 (mod p 2 ) Hence, randomly choosing a {1, 2,, n 1} with gcd(a, n) = 1, is equivalent to randomly choosing a 1 {1, 2,, p 1 1} and a 2 {1, 2,, p 2 1}, independently. (Note that a i = 0 corresponds to p i a.) Now, let r 1 denote the order of a 1 (mod p 1 ) and let r 2 denote the order of a 2 (mod p 2 ). By the CRT, a x 1 (mod p 1 p 2 ) is equivalent to a x a x 1 1 (mod p 1 ) a x a x 2 1 (mod p 2 ) This, in turn, is equivalent to r 1 x and r 2 x [1, Theorem 7.8(3)]. Consequently, since r is the smallest positive x with a x 1 (mod p 1 p 2 ), then r = lcm(r 1, r 2 ). Therefore, if both r 1 and r 2 are odd, then so is r and the factoring attempt fails. If either r 1 or r 2 is even, then so is r and we proceed. Since a r a r i 1 (mod p i), we see that p i a r 1 = (a r/2 + 1) (a r/2 1). However, p i is prime, so that either p i (a r/2 + 1) or p i (a r/2 1). In other words: a r/2 ±1 (mod p 1 ) We will now analyze the four cases: a r/2 ±1 (mod p 2 ) Case 1 Case 2 Case 3 Case 4 a r/2 1 mod p 1 a r/2 1 mod p 1 a r/2 1 mod p 1 a r/2 1 mod p 1 a r/2 1 mod p 2 a r/2 1 mod p 2 a r/2 1 mod p 2 a r/2 1 mod p 2 a r/2 1 mod n a r/2 1 mod n a r/2 1 mod n a r/2 1 mod n Not Possible Failure Success Success Let us factor out all of the 2 s from r 1 and r 2, that is, let us write r 1 = 2 C1 m 1 r 2 = 2 C2 m 2 with two odd integers m 1 and m 2 and C i 0. time reducing the result modulo n. Multiplying the appropriate powers a (2i) (mod n), while reducing modulo n after each multiplication, finally yields a r/2 (mod n). This procedure decreases the number of necessary arithmetic steps on a logarithmic scale. B.S. Undergraduate Mathematics Exchange, Vol. 1, No. 1 (Fall 2003) 37

4 Suppose now that C 1 > C 2, then r = lcm(r 1, r 2 ) = 2 r 2 z, for some integer z, and we claim that a r/2 1 (mod p 2 ) and a r/2 1 (mod p 1 ), which leads us to Case 3. To see this, first note that a r/2 (a r2 ) z (a r2 2 )z 1 z 1 (mod p 2 ). And since a r/2 1 (mod n), we must have a r/2 1 (mod p 1 ). So we obtain a r/2 1 (mod p 1 ). By symmetry, if C 2 > C 1, we end up in Case 4. Now let us suppose that C 1 = C 2 1. Then r = lcm(r 1, r 2 ) = r 1 u 1 = r 2 u 2, for some odd integers u i. We claim that a r/2 1 (mod p 1 ) and a r/2 1 (mod p 2 ), which places us into Case 2. To see this, first notice that r 1 r1 2 u 1, due to the lack of a factor of 2 on the right hand side. Hence, a r/2 = a r 1 2 u (mod p 1 ). By symmetry we also get a r/2 = a r2 2 u (mod p 2 ). Moreover, r will be odd if and only if C 1 = C 2 = 0, in which case the algorithm fails. In summary, we succeed if and only if C 1 C 2. We now wish to estimate the likelihood of this to occur. To this end, we view C i as a function of the variable a i, whose domain is the set {1, 2,, p i 1}. Let Ĉi denote the maximum value of the function C i. Below, we will show that the function C i assumes its maximum value Ĉi for exactly 50% of all a i {1, 2,, p i 1}. For now, let us assume this to be true. Then each of the following four systems of equations is true exactly 25% of the time: (1) C 1 = Ĉ1 and C 2 = Ĉ2; (2) C 1 = Ĉ1 and C 2 < Ĉ2; (3) C 1 < Ĉ1 and C 2 = Ĉ2; (4) C 1 < Ĉ1 and C 2 < Ĉ2. If Ĉ1 = Ĉ2, we succeed in Situations (2) and (3). If Ĉ1 < Ĉ2, we succeed in Situations (1) and (3). Finally, if Ĉ1 > Ĉ2, we succeed in Situations (1) and (2). So, either way, we succeed in at least 50% of all cases as we claimed we would. The remaining task is to verify the following Lemma. C i = Ĉi for exactly half of the values of a i {1, 2,, p i 1}. PROOF. Recall that the multiplicative group Z p i = {1 (mod p i ), 2 (mod p i ),, p i 1 (mod p i )} is cyclic [1, Theorem 7.15] and therefore must contain a generating element of order p i 1. Let b i (mod p i ) be such a generator, that is, suppose Z p i Say, a i (mod p i ) = b ti i element a i (mod p i ). Now, a x i which is in turn equivalent to = {b 1 i (mod p i ), b 2 i (mod p i ),, b pi 1 i (mod p i )}. (mod p i ). Recall that r i is defined to be the order of the 1 (mod p i ) if and only p i 1 (t i x), bti x i p i 1 gcd(t i, p i 1) x. 38 B.S. Undergraduate Mathematics Exchange, Vol. 1, No. 1 (Fall 2003)

5 Therefore, 2 Ci m i = r i = order(a i ) = p i 1 gcd(t i, p i 1). Writing p i 1 = 2 ki s i with k i 1 and some odd integer s i, we see that Ĉ i = k i and that C i = k i if and only if t i is odd. This happens half of the time. Conclusion We have presented an algorithm, which successfully factors n = p 1 p 2 at least 50% of the time and does so efficiently, if implemented on a quantum computer. Note that repeated execution of this algorithm will result in rapidly increasing probability of success. Here is a table of accumulative failure probabilities: Number of Executions Probability of Not Having Factored n 1 (1/2) 1 = (1/2) 2 = (1/2) 3 = (1/2) Already after 7 executions, this algorithm has a 99.2% chance of succeeding in factoring n. References [1] T.W. Hungerford, Abstract Algebra: An Introduction (Second Ed.), Saunders College Publishing (1997). [2] A.O. Pittenger, An introduction to quantum computing algorithms, Birkhäuser (2001). [3] J. Preskill, Quantum Information and Computation, Lecture notes for Physics 229, Available at [4] P. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM J. Comput. 26 (1997) B.S. Undergraduate Mathematics Exchange, Vol. 1, No. 1 (Fall 2003) 39

### Factoring & Primality

Factoring & Primality Lecturer: Dimitris Papadopoulos In this lecture we will discuss the problem of integer factorization and primality testing, two problems that have been the focus of a great amount

### Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

### = 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Lecture 13: Factoring Integers

CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method

### Mathematics of Cryptography

Number Theory Modular Arithmetic: Two numbers equivalent mod n if their difference is multiple of n example: 7 and 10 are equivalent mod 3 but not mod 4 7 mod 3 10 mod 3 = 1; 7 mod 4 = 3, 10 mod 4 = 2.

### Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

### Algebra for Digital Communication

EPFL - Section de Mathématiques Algebra for Digital Communication Fall semester 2008 Solutions for exercise sheet 1 Exercise 1. i) We will do a proof by contradiction. Suppose 2 a 2 but 2 a. We will obtain

### MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions

### SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

SUBGROUPS OF CYCLIC GROUPS KEITH CONRAD 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by g = {g k : k Z}. If G = g, then G itself is cyclic, with g as a generator. Examples

### Prime Numbers. Chapter Primes and Composites

Chapter 2 Prime Numbers The term factoring or factorization refers to the process of expressing an integer as the product of two or more integers in a nontrivial way, e.g., 42 = 6 7. Prime numbers are

### Homework 5 Solutions

Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

### The Laws of Cryptography Cryptographers Favorite Algorithms

2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field

### Further linear algebra. Chapter I. Integers.

Further linear algebra. Chapter I. Integers. Andrei Yafaev Number theory is the theory of Z = {0, ±1, ±2,...}. 1 Euclid s algorithm, Bézout s identity and the greatest common divisor. We say that a Z divides

### An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

### Lecture 8: Applications of Quantum Fourier transform

Department of Physical Sciences, University of Helsinki http://theory.physics.helsinki.fi/ quantumgas/ p. 1/25 Quantum information and computing Lecture 8: Applications of Quantum Fourier transform Jani-Petri

### The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

The Prime Numbers Before starting our study of primes, we record the following important lemma. Recall that integers a, b are said to be relatively prime if gcd(a, b) = 1. Lemma (Euclid s Lemma). If gcd(a,

### 12 Greatest Common Divisors. The Euclidean Algorithm

Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan 12 Greatest Common Divisors. The Euclidean Algorithm As mentioned at the end of the previous section, we would like to

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Basic Algorithms In Computer Algebra

Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,

### 8 Primes and Modular Arithmetic

8 Primes and Modular Arithmetic 8.1 Primes and Factors Over two millennia ago already, people all over the world were considering the properties of numbers. One of the simplest concepts is prime numbers.

### 11 Ideals. 11.1 Revisiting Z

11 Ideals The presentation here is somewhat different than the text. In particular, the sections do not match up. We have seen issues with the failure of unique factorization already, e.g., Z[ 5] = O Q(

### Today s Topics. Primes & Greatest Common Divisors

Today s Topics Primes & Greatest Common Divisors Prime representations Important theorems about primality Greatest Common Divisors Least Common Multiples Euclid s algorithm Once and for all, what are prime

### Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof. Harper Langston New York University

Discrete Mathematics Lecture 3 Elementary Number Theory and Methods of Proof Harper Langston New York University Proof and Counterexample Discovery and proof Even and odd numbers number n from Z is called

### Computing exponents modulo a number: Repeated squaring

Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method

### Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

### A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

### Short Programs for functions on Curves

Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function

### Notes on Factoring. MA 206 Kurt Bryan

The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor

### MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

### Cryptography and Network Security Chapter 8

Cryptography and Network Security Chapter 8 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 8 Introduction to Number Theory The Devil said to Daniel Webster:

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Practice Problems for First Test

Mathematicians have tried in vain to this day to discover some order in the sequence of prime numbers, and we have reason to believe that it is a mystery into which the human mind will never penetrate.-

### GREATEST COMMON DIVISOR

DEFINITION: GREATEST COMMON DIVISOR The greatest common divisor (gcd) of a and b, denoted by (a, b), is the largest common divisor of integers a and b. THEOREM: If a and b are nonzero integers, then their

### b) Find smallest a > 0 such that 2 a 1 (mod 341). Solution: a) Use succesive squarings. We have 85 =

Problem 1. Prove that a b (mod c) if and only if a and b give the same remainders upon division by c. Solution: Let r a, r b be the remainders of a, b upon division by c respectively. Thus a r a (mod c)

### Public Key Cryptography and RSA. Review: Number Theory Basics

Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and

### Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

### Integer roots of quadratic and cubic polynomials with integer coefficients

Integer roots of quadratic and cubic polynomials with integer coefficients Konstantine Zelator Mathematics, Computer Science and Statistics 212 Ben Franklin Hall Bloomsburg University 400 East Second Street

### Primality - Factorization

Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.

### RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### Chapter Two. Number Theory

Chapter Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the ordinary operations of addition, subtraction, multiplication and

### Lecture 1: Elementary Number Theory

Lecture 1: Elementary Number Theory The integers are the simplest and most fundamental objects in discrete mathematics. All calculations by computers are based on the arithmetical operations with integers

### Congruences. Robert Friedman

Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that. a = bq + r and 0 r < b.

Theorem (The division theorem) Suppose that a and b are integers with b > 0. There exist unique integers q and r so that a = bq + r and 0 r < b. We re dividing a by b: q is the quotient and r is the remainder,

### 9 Modular Exponentiation and Cryptography

9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.

### 1 Die hard, once and for all

ENGG 2440A: Discrete Mathematics for Engineers Lecture 4 The Chinese University of Hong Kong, Fall 2014 6 and 7 October 2014 Number theory is the branch of mathematics that studies properties of the integers.

### On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples Brian Hilley Boston College MT695 Honors Seminar March 3, 2006 1 Introduction 1.1 Mazur s Theorem Let C be a

### CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

CONTINUED FRACTIONS AND FACTORING Niels Lauritzen ii NIELS LAURITZEN DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF AARHUS, DENMARK EMAIL: niels@imf.au.dk URL: http://home.imf.au.dk/niels/ Contents

### Solutions to Practice Problems

Solutions to Practice Problems March 205. Given n = pq and φ(n = (p (q, we find p and q as the roots of the quadratic equation (x p(x q = x 2 (n φ(n + x + n = 0. The roots are p, q = 2[ n φ(n+ ± (n φ(n+2

### MODULAR ARITHMETIC. a smallest member. It is equivalent to the Principle of Mathematical Induction.

MODULAR ARITHMETIC 1 Working With Integers The usual arithmetic operations of addition, subtraction and multiplication can be performed on integers, and the result is always another integer Division, on

### Applications of Fermat s Little Theorem and Congruences

Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4

### Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm. We begin by defining the ring of polynomials with coefficients in a ring R. After some preliminary results, we specialize

### APPLICATIONS OF THE ORDER FUNCTION

APPLICATIONS OF THE ORDER FUNCTION LECTURE NOTES: MATH 432, CSUSM, SPRING 2009. PROF. WAYNE AITKEN In this lecture we will explore several applications of order functions including formulas for GCDs and

### Integers and division

CS 441 Discrete Mathematics for CS Lecture 12 Integers and division Milos Hauskrecht milos@cs.pitt.edu 5329 Sennott Square Symmetric matrix Definition: A square matrix A is called symmetric if A = A T.

### CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a

### RSA and Primality Testing

and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2

### I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called

### Introduction to Finite Fields (cont.)

Chapter 6 Introduction to Finite Fields (cont.) 6.1 Recall Theorem. Z m is a field m is a prime number. Theorem (Subfield Isomorphic to Z p ). Every finite field has the order of a power of a prime number

### FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY

FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this

### PROBLEM SET 6: POLYNOMIALS

PROBLEM SET 6: POLYNOMIALS 1. introduction In this problem set we will consider polynomials with coefficients in K, where K is the real numbers R, the complex numbers C, the rational numbers Q or any other

### Factoring Algorithms

Factoring Algorithms The p 1 Method and Quadratic Sieve November 17, 2008 () Factoring Algorithms November 17, 2008 1 / 12 Fermat s factoring method Fermat made the observation that if n has two factors

### Is this number prime? Berkeley Math Circle Kiran Kedlaya

Is this number prime? Berkeley Math Circle 2002 2003 Kiran Kedlaya Given a positive integer, how do you check whether it is prime (has itself and 1 as its only two positive divisors) or composite (not

### Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

### Outline. Cryptography. Bret Benesh. Math 331

Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people

### ORDERS OF ELEMENTS IN A GROUP

ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since

### 9. POLYNOMIALS. Example 1: The expression a(x) = x 3 4x 2 + 7x 11 is a polynomial in x. The coefficients of a(x) are the numbers 1, 4, 7, 11.

9. POLYNOMIALS 9.1. Definition of a Polynomial A polynomial is an expression of the form: a(x) = a n x n + a n-1 x n-1 +... + a 1 x + a 0. The symbol x is called an indeterminate and simply plays the role

### Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### (x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

### Computer and Network Security

MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

### CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

CONTINUED FRACTIONS AND PELL S EQUATION SEUNG HYUN YANG Abstract. In this REU paper, I will use some important characteristics of continued fractions to give the complete set of solutions to Pell s equation.

### Factoring by Quantum Computers

Factoring by Quantum Computers Ragesh Jaiswal University of California, San Diego A Quantum computer is a device that uses uantum phenomenon to perform a computation. A classical system follows a single

### Solutions to Homework Set 3 (Solutions to Homework Problems from Chapter 2)

Solutions to Homework Set 3 (Solutions to Homework Problems from Chapter 2) Problems from 21 211 Prove that a b (mod n) if and only if a and b leave the same remainder when divided by n Proof Suppose a

### MTH 382 Number Theory Spring 2003 Practice Problems for the Final

MTH 382 Number Theory Spring 2003 Practice Problems for the Final (1) Find the quotient and remainder in the Division Algorithm, (a) with divisor 16 and dividend 95, (b) with divisor 16 and dividend -95,

### Continued fractions and good approximations.

Continued fractions and good approximations We will study how to find good approximations for important real life constants A good approximation must be both accurate and easy to use For instance, our

### Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

### Discrete Square Root. Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter / 11

Discrete Square Root Çetin Kaya Koç http://cs.ucsb.edu/~koc/cs178 koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb cs 178 intro to crypto winter 2013 1 / 11 Discrete Square Root Problem The discrete

### CS 103X: Discrete Structures Homework Assignment 3 Solutions

CS 103X: Discrete Structures Homework Assignment 3 s Exercise 1 (20 points). On well-ordering and induction: (a) Prove the induction principle from the well-ordering principle. (b) Prove the well-ordering

### FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z

FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z DANIEL BIRMAJER, JUAN B GIL, AND MICHAEL WEINER Abstract We consider polynomials with integer coefficients and discuss their factorization

### Problem Set 5. AABB = 11k = (10 + 1)k = (10 + 1)XY Z = XY Z0 + XY Z XYZ0 + XYZ AABB

Problem Set 5 1. (a) Four-digit number S = aabb is a square. Find it; (hint: 11 is a factor of S) (b) If n is a sum of two square, so is 2n. (Frank) Solution: (a) Since (A + B) (A + B) = 0, and 11 0, 11

### Modular arithmetic. x ymodn if x = y +mn for some integer m. p. 1/??

p. 1/?? Modular arithmetic Much of modern number theory, and many practical problems (including problems in cryptography and computer science), are concerned with modular arithmetic. While this is probably

### Elementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.

Elementary Number Theory and Methods of Proof CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.edu/~cse215 1 Number theory Properties: 2 Properties of integers (whole

### Subsets of Euclidean domains possessing a unique division algorithm

Subsets of Euclidean domains possessing a unique division algorithm Andrew D. Lewis 2009/03/16 Abstract Subsets of a Euclidean domain are characterised with the following objectives: (1) ensuring uniqueness

### ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,

### MATH 289 PROBLEM SET 4: NUMBER THEORY

MATH 289 PROBLEM SET 4: NUMBER THEORY 1. The greatest common divisor If d and n are integers, then we say that d divides n if and only if there exists an integer q such that n = qd. Notice that if d divides

### SOLUTIONS FOR PROBLEM SET 2

SOLUTIONS FOR PROBLEM SET 2 A: There exist primes p such that p+6k is also prime for k = 1,2 and 3. One such prime is p = 11. Another such prime is p = 41. Prove that there exists exactly one prime p such

### Announcements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography

Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS

COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS IGOR V. EROVENKO AND B. SURY ABSTRACT. We compute commutativity degrees of wreath products A B of finite abelian groups A and B. When B

### Math Review. for the Quantitative Reasoning Measure of the GRE revised General Test

Math Review for the Quantitative Reasoning Measure of the GRE revised General Test www.ets.org Overview This Math Review will familiarize you with the mathematical skills and concepts that are important

### 1 = (a 0 + b 0 α) 2 + + (a m 1 + b m 1 α) 2. for certain elements a 0,..., a m 1, b 0,..., b m 1 of F. Multiplying out, we obtain

Notes on real-closed fields These notes develop the algebraic background needed to understand the model theory of real-closed fields. To understand these notes, a standard graduate course in algebra is

### CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

January 10, 2010 CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY The set of polynomials over a field F is a ring, whose structure shares with the ring of integers many characteristics.

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### Mathematical Induction

Mathematical S 0 S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 S 9 S 10 Like dominoes! Mathematical S 0 S 1 S 2 S 3 S4 S 5 S 6 S 7 S 8 S 9 S 10 Like dominoes! S 4 Mathematical S 0 S 1 S 2 S 3 S5 S 6 S 7 S 8 S 9 S 10