Similar documents


5.2 The Master Theorem

Sebastián Bravo López

A Holistic Method for Selecting Web Services in Design of Composite Applications

Applications of Fermat s Little Theorem and Congruences

Channel Assignment Strategies for Cellular Phone Systems


How To Fator

1.3 Complex Numbers; Quadratic Equations in the Complex Number System*

Capacity at Unsignalized Two-Stage Priority Intersections

USA Mathematical Talent Search. PROBLEMS / SOLUTIONS / COMMENTS Round 3 - Year 12 - Academic Year

An Introduction to the RSA Encryption Method

Hierarchical Clustering and Sampling Techniques for Network Monitoring

Programming Basics - FORTRAN 77

Computer Networks Framing

cos t sin t sin t cos t

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Every Positive Integer is the Sum of Four Squares! (and other exciting problems)

THE PERFORMANCE OF TRANSIT TIME FLOWMETERS IN HEATED GAS MIXTURES

Lecture 13 - Basic Number Theory.

10.1 The Lorentz force law

Lectures on Number Theory. Lars-Åke Lindahl

Math 319 Problem Set #3 Solution 21 February 2002

Neural network-based Load Balancing and Reactive Power Control by Static VAR Compensator

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Learning Curves and Stochastic Models for Pricing and Provisioning Cloud Computing Services

arxiv:astro-ph/ v2 10 Jun 2003 Theory Group, MS 50A-5101 Lawrence Berkeley National Laboratory One Cyclotron Road Berkeley, CA USA

Integer Factorization using the Quadratic Sieve

Pattern Recognition Techniques in Microarray Data Analysis

) ( )( ) ( ) ( )( ) ( ) ( ) (1)

On Generalized Fermat Numbers 3 2n +1

GREATEST COMMON DIVISOR

Chapter 1 Microeconomics of Consumer Theory

Homework until Test #2

Static Fairness Criteria in Telecommunications

SUM OF TWO SQUARES JAHNAVI BHASKAR

Factoring Algorithms

Weighting Methods in Survey Sampling

Convergence of c k f(kx) and the Lip α class

An Enhanced Critical Path Method for Multiple Resource Constraints

Granular Problem Solving and Software Engineering

Henley Business School at Univ of Reading. Pre-Experience Postgraduate Programmes Chartered Institute of Personnel and Development (CIPD)

Computational Analysis of Two Arrangements of a Central Ground-Source Heat Pump System for Residential Buildings

Notes on Factoring. MA 206 Kurt Bryan

Classical Electromagnetic Doppler Effect Redefined. Copyright 2014 Joseph A. Rybczyk

User s Guide VISFIT: a computer tool for the measurement of intrinsic viscosities

Discovering Trends in Large Datasets Using Neural Networks

FIRE DETECTION USING AUTONOMOUS AERIAL VEHICLES WITH INFRARED AND VISUAL CAMERAS. J. Ramiro Martínez-de Dios, Luis Merino and Aníbal Ollero

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

Computing exponents modulo a number: Repeated squaring

i_~f e 1 then e 2 else e 3

Revised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)

Integer roots of quadratic and cubic polynomials with integer coefficients

The application of prime numbers to RSA encryption

NOMCLUST: AN R PACKAGE FOR HIERARCHICAL CLUSTERING OF OBJECTS CHARACTERIZED BY NOMINAL VARIABLES

8 Primes and Modular Arithmetic

Parametric model of IP-networks in the form of colored Petri net

Primality - Factorization

BUILDING A SPAM FILTER USING NAÏVE BAYES. CIS 391- Intro to AI 1

A Game Theoretical Approach to Gateway Selections in Multi-domain Wireless Networks

Cryptography and Network Security Chapter 8

AUDITING COST OVERRUN CLAIMS *

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Recovering Articulated Motion with a Hierarchical Factorization Method

SHAFTS: TORSION LOADING AND DEFORMATION

Basic Properties of Probability

CHAPTER J DESIGN OF CONNECTIONS

SLA-based Resource Allocation for Software as a Service Provider (SaaS) in Cloud Computing Environments

FACTORING. n = fall in the arithmetic sequence

An Efficient Network Traffic Classification Based on Unknown and Anomaly Flow Detection Mechanism

Overview of Number Theory Basics. Divisibility

Fixed-income Securities Lecture 2: Basic Terminology and Concepts. Present value (fixed interest rate) Present value (fixed interest rate): the arb

Continued Fractions. Darren C. Collins

There are only finitely many Diophantine quintuples

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Computer and Network Security

CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

Intelligent Measurement Processes in 3D Optical Metrology: Producing More Accurate Point Clouds

Chapter 5 Single Phase Systems

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Agile ALM White Paper: Redefining ALM with Five Key Practices

INCOME TAX WITHHOLDING GUIDE FOR EMPLOYERS

Optimal Online Buffer Scheduling for Block Devices *

Dataflow Features in Computer Networks

BENEFICIARY CHANGE REQUEST

An Overview of Integer Factoring Algorithms. The Problem

2. Properties of Functions

CIS 5371 Cryptography. 8. Encryption --

QUADRATIC RECIPROCITY IN CHARACTERISTIC 2

A Three-Hybrid Treatment Method of the Compressor's Characteristic Line in Performance Prediction of Power Systems


Journal of Engineering Science and Technology Review 6 (5) (2013) Research Article

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Stupid Divisibility Tricks

Lemon Signaling in Cross-Listings Michal Barzuza*

Some practice problems for midterm 2

An integrated optimization model of a Closed- Loop Supply Chain under uncertainty

Transcription:

Chapter 6 A N ovel Solution Of Linear Congruenes Proeedings NCUR IX. (1995), Vol. II, pp. 708{712 Jerey F. Gold Department of Mathematis, Department of Physis University of Utah Salt Lake City, Utah 84112 DonH.Tuker Department of Mathematis University of Utah Salt Lake City, Utah 84112 Introdution Although the solutions of linear ongruenes have been of interest for a very long time, they still remain somewhat pedagogially diult. Beause of the importane of linear ongruenes in elds suh as publi-key ryptosystems, new and innovative approahes are needed both to attrat interest and to make them more aessible. While the potential for new ideas used in future researh is diult to assess, some use may be found here. In this paper, the authors make use of the remodulization method developed in [1] as a vehile to haraterize the onditions under whih solutions exist and then determine the solution spae. The method is more eient than those ited in the standard referenes. This novel approah relates the solution spae of x a mod b to the Euler totient funtion for rather than that 1

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 2 of b, whih allows one to develop an alternative and somewhat more eient approah to the problem of reating eniphering and deiphering keys in publikey ryptosystems. Remodulization Denition 1 If a and b are integers, then a mod b = fa; a 6 b; a 6 2b;:::g : The notation x amodb, means that x is an element of the set a mod b. The ommon terminology is to say that x is ongruent to a modulo b. These sets are also frequently alled residue lasses sine they onsist of those integers whih, upon division by b, leave a remainder (residue) of a. It is ustomary to write a as the least non-negative residue. Denition 2 If a 1,a 2,:::,a n,b 2 Z, then [ a 1 ;a 2 ;::: ;a n ]modb = fa 1 mod bg[fa 2 mod bg[1 1 1[fa n mod bg = Theorem 1 Suppose a, b, and 2 Z and >0, then a mod b =[a; a + b; : : : ; a + b( 0 1)] mod b : n[ i=1 fa i mod bg : Proof. Write a mod b = f ::: a 0 b; a 0 ( 0 1)b; ::: a 0 b; a; a + b; ::: a +( 0 1)b; a + b; a +( +1)b; ::: a +(2 0 1)b; ::: g and upon rewriting the olumns, a mod b = f ::: a 0 b; a + b 0 b; ::: a +( 0 1)b 0 b; a; a + b; ::: a +( 0 1)b; a + b; a + b + b; ::: a +( 0 1)b + b; ::: g and forming unions on the extended olumns, the result follows. This proess is alled remodulization by the fator.

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 3 Linear Congruenes Theorem 2 A linear ongruene x a mod b, where gd(;b) = 1, has as unique solution x a 0 mod b, where a 0 2f a+bk g 01. k=0 Proof. Suppose one has the linear ongruene, x a mod b; where gd(; b) = 1 and 0 <<b. (If does not satisfy this requirement, then may be redued or augmented by some multiple of b so that it satises the ondition 0 <<b.) Remodulizing a mod b by the fator gives x [a; a + b; : : : ; a + b( 0 1)] modb : Beause the set fa; a + b; : : : ; a + b( 0 1)g forms a omplete residue system modulo, there exists an element in this set, all it d, whih is divisible by. Sine x [a; a + b; : : : ; d; : : : ; a + b( 0 1)] mod b ; it is seen that the only solvable linear ongruene is The remaining linear ongruenes, x d mod b : x [ a; a + b; : : : ; d 0 b; d + b; : : : ; a + b ( 0 1)] mod b are not solvable, sine in eah ase the fator is pairwise relatively prime with the residues fa; a + b;::: ;d0 b; d + b; : : : ; a+ b( 01)g, and thus does not divide them. For the solution x d mod b, however, dividing through by the fator, or, x d mod b x d mod b: Note that the Eulidean algorithm has not been invoked; all that was neessary to solve this problem was the fat that gd(; b) = 1. The theorem is illustrated by the following example.

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 4 Example 1 Suppose 12x 3 mod 7; this redues to 5x 3 mod 7. This linear ongruene issolvable sine 3 is divisible by gd(5; 7) = 1. Remodulizing 3mod7by the fator 5 gives so that 5x [3; 10; 17; 24; 31] mod 5 1 7 5x 10 mod 35 is the only possible solution and, upon dividing all three terms by 5, x 2mod7: Note that the remaining linear ongruenes 5x [3; 17; 24; 31] mod 35 do not admit any solutions, sine in this example gd(5; 35) = 5 does not divide any element in the set f3; 17; 24; 31g. Theorem 3 If gd(; b) =d and dja, then the linear ongruene x amodb, has d distint (inongruent) solutions modulo b. Proof. In the event gd(; b) = d, then a must be divisible by d, otherwise, the linear ongruene will not admit integer solutions. With that in mind, write = 0 d, a = a 0 d,andb = b 0 d. If all three terms of the original linear ongruene are divided by d, 0 x a 0 mod b 0 : Sine gd( 0 ;b 0 ) = 1, the resulting linear ongruene has a solution x x 0 mod b 0. However, the modulus of the original ongruene is b = b 0 d; therefore, by remodulizing the solution x 0 mod b 0 by the fator d one obtains x [x 0 ;x 0 + b 0 ;::: ;x 0 + b 0 (d 0 1)] mod b 0 d: Hene there are d distint (inongruent) solutions modulo b to the linear ongruene x a mod bif gd(; b) = d and dja. The theorem's utility is demonstrated by the following: Example 2 Suppose 6x 9mod15. Dividing through by the ommon fator 3, 2x 3mod5. This new linear ongruene is solvable beause 3 is divisible by gd(2; 5) = 1. Using the remodulization method, 2x [3; 8] mod 10, where the solution, by inspetion, is x 4mod5. Then, remodulizing 4mod5 by the fator 3, the solutions of the original linear ongruene 6x 9mod15 are x [4; 9; 14] mod 15. It is easily seen that the remodulization method is a trial-and-error method; however, after the solution is found, it is unneessary to arry on any further omputations. Another trial-and-error method onsists of trying all residues of

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 5 the omplete residue system [1; 2;::: ; b]modb in the linear ongruene x a mod b until the solution is found. In the ase b, there are at most omputations using the remodulization method, ompared to b possible omputations of the alternate method. Example 3 Consider the linear ongruene 3x 5mod37. The remodulization method requires at most 3 steps, ompared to 37 possible steps trying solutions of the omplete residue system modulo 37. Remodulizing by the fator 3, 3x [5; 42;:::]mod111. By inspetion, and requiring only 2 steps, the solution is x 14 mod 37. Performing the other alulation would have required 14 steps. Of ourse, simply guessing the solution may sometimes be just as fruitful. Piking an easy example is also helpful. A standard method of solving linear ongruenes involves Euler's phi funtion [2,3], or totient, denoted by 8. The totient 8(b) enumerates the positive integers less than b whih are relatively prime to b. Euler's extension of Fermat's theorem states that 8(b) 1modb; if gd(; b) = 1. Therefore, multiplying the linear ongruene x a mod b through by the fator (8(b)01) gives or 8(b) x a 1 (8(b)01) mod b; x a 1 (8(b)01) mod b: Thus, nding the solution of the linear ongruene x a mod b requires knowing 8(b), or equivalently, the fatorization of b. The remodulization method predits nding solutions of linear ongruenes based on the fator, speially 8(), rather than the modulus b. In ases dealing with very large integers, and where is muh less than b, or those ases in whih the fatorization of is known, it may be more onvenient to alulate the totient of, rather than that of b. Theorem 4 The linear ongruene x a mod b, where gd(; b) =1, has as solution x a(1 0 b8() ) mod b: Proof. Note that the linear ongruene x a mod b, where and b are relatively prime and 0 < < b, implies the existene of integers x and y suh that x 0 by = a. Solving this equation instead for y, whih is equivalent to

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 6 the linear ongruene by 0a mod, shows that the solution, using Euler's theorem, is y 0a 1 b (8()01) mod. Substituting this result into x 0 by = a, x = a + by = a + b [ 0a 1 b (8()01) mod ]. Solving for x, x a + b [ 0a 1 b(8()01) mod ] mod b; where 0a 1 b (8()01) is augmented by the proper multiple of to obtain the least non-negative residue modulo. In the remodulization method, the elements fa; a + b; : : : ; a + b( 0 1)g are generated by a + by, for y 2f0; 1; 2;::: ;0 1g. The y +1 st residue in the remodulized form [a; a + b;::: ;a+ b( 0 1)] mod b is the solution, upon division by. If one is not interested in nding the least non-negative residue, the solution redues to x a(1 0 b8() ) mod b: Theorem 3 gives the obvious orollary to Theorem 4 in ase gd(; b) =d. Corollary 1 If gd(; b) =d and dja, then the linear ongruene x a mod b has d distint solutions x [x 0 ;x 0 +b 0 ;::: ;x 0 +b 0 (d01)] mod b, where a = a 0 d, b = b 0 d, = 0 d,and " # x 0 a 0(1 0 b 8(0) 0 ) mod b 0 : 0 Remark 1 If one solves the diophantine equation x + by = a; i.e., x = a 0 by = a mod b formally, then the answer is x = a 0 b y, but the integer harater and information is lost and not easily reovered. In the modular arithmeti format, however, the formula of Theorem 4 (or its orollary by Theorem 3) haraterizes the ountably innitely many solutions. Appliations In publi-key ryptosystems [2,4,5], an eniphering modulus m is reated by multiplying two very large primes p and q, say m = pq; then one hooses an eniphering exponent e and a deiphering exponent d that satisfy the ongruene relation e 1 d 1mod8(m) ;

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 7 where gd(e; 8(m)) = gd(d; 8(m)) = 1, and 8(m) =(p 0 1)(q 0 1). By large, it is meant that the primes p and q should have 100 or more digits eah. If one hooses the eniphering exponent e to be a prime suh thatgd(e; 8(m)) = 1, then it is unneessary to alulate 8(8(m)) for the usual or standard solution d e (8(8(m))01) mod 8(m) : Instead, one only needs to alulate the solution d 1 0 8(m)8(e) mod 8(m) ; e where 8(e) =e 0 1. It is muh easier (and more omputationally eient) to satisfy the ondition gd(e; 8(m)) = 1 than it is to alulate the prime deomposition of 8(m) and its totient 8(8(m)), even in those ases in whih e is not prime but its fatorization is known. Example 4 Suppose m =71 11 = 77, then 8(77) = 60. The problem is to nd an eniphering exponent e and a deiphering exponent d whih satisfy e 1 d 1mod60: If one hooses e =13,thend is found by d 1 0 608(13) mod 60 1 0 6012 mod 60 37 mod 60 ; 13 13 whereas 8(8(77)) = 8(60) = 8(2 2 1 3 1 5) = 16. Additionally, for e =7, d =43; e =11gives d =11; e =17gives d =53; and so on. This method may not supplant the Eulidean algorithm method. In order to extrat a solution from the linear ongruene nx 1 mod m, the Eulidean algorithm requires at most log 2 (m) iterations, or in the ase n m, only 1+log 2 (n) iterations. Aording to Bressoud [6], the method desribed here requires approximately the same number of iterations (perhaps one or two fewer), but sine one is dealing with very large integers, i.e., n 10 100 and m 10 200, the dierene is negligible. Therefore, those who have inorporated the Eulidean algorithm in their omputer programs will not likely hange to this method. Those just starting may well nd this method preferable. Referenes [1] Jerey F. Gold and Don H. Tuker, Remodulization of Congruenes, Proeedings National Conferene on Undergraduate Researh, University of North

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 8 Carolina Press, Asheville, North Carolina, 1992, Vol. II, 1036{41. [2] David M. Burton, Elementary Number Theory, Seond Edition, Wm. C. Brown Publishers, Iowa, 1989, 156{160, 175{179. [3] Oystein Ore, Number Theory and Its History, Dover Publiations, In., New York, 1988, 109{115. [4] David M. Bressoud, Fatorization and Primality Testing, Springer-Verlag New York, In., New York, 1989, 43{46. [5] Kenneth H. Rosen, Elementary Number Theory and Its Appliations, Third Edition, Addison-Wesley Publishing Company, Massahusetts, 1993, 253{264. [6] David M. Bressoud. Personal ommuniation.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information