Overview of Number Theory Basics Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Divisibility Definition Given integers a and b, b 0, b divides a (denoted b a) if integer c, s.t. a = cb. b is called a divisor of a. (Transitivity) Given integers a, b, c, all >, with a b and b c, then a c. Proof: a b => m s.t. ma = b b c => n s.t. nb = c, nma = c, We obtain that q = mn, s.t c = aq, so a c
Divisibility (cont.) Given integers a, b, c, x, y all >, with a b and a c, then a bx + cy. Proof: a b => m s.t. ma = b a c => n s.t. na = c bx + cy = a(mx + ny), therefore a bx +cy Divisibility (cont.) (Division algorithm) Given integers a,b such that a>0, a<b then there exist two unique integers q and r, 0 r < a s.t. b = aq + r. Proof: Uniqueness of q and r: assume q and r s.t b = aq + r, 0 r < a, q integer then aq + r=aq + r a(q-q )=r -r q-q = (r -r)/a as 0 r,r <a -a < (r -r) < a - < (r -r)/a < So - < q-q <, but q-q is integer, therefore q = q and r = r 2
Prime and Composite Numbers Definition An integer n > is called a prime number if its positive divisors are and n. Definition Any integer number n > that is not prime, is called a composite number. Example Prime numbers: 2, 3, 5, 7,, 3,7 Composite numbers: 4, 6, 25, 900, 7778, Decomposition in Product of Primes (Fundamental of Arithmetic) Any integer number n > can be written as a product of prime numbers (>), and the product is unique if the numbers are written in increasing order. e e 2 2 n = p p... p ek k Example: 84 = 2 2 3 7 3
Greatest Common Divisor (GCD) Definition Given integers a > 0 and b > 0, we define gcd(a, b) = c, the greatest common divisor (GCD), as the greatest number that divides both a and b. Example gcd(256, 00)=4 Definition Two integers a > 0 and b > 0 are relatively prime if gcd(a, b) =. Example 25 and 28 are relatively prime. Given where p i are prime numbers then GCD using Prime Decomposition e f e 2 2 f2 2 n = p p... p m = p p... p ek k k f k and then gcd(n,m) = p min(e, f ) p 2 min(e 2, f 2 )...p k min(e k, f k ) Example: 84=2 2 3 7 90=2 3 2 5 gcd(84,90)=2 3 5 0 7 0 4
GCD as a Linear Combination Given integers a, b > 0 and a > b, then d = gcd(a,b) is the least positive integer that can be represented as ax + by, x, y integer numbers. Proof: Let t be the smallest integer, t = ax + by d a and d b d ax + by, so d t. We now show t d. First t a; otherwise, a = tu + r, 0 < r < t; r = a - ut = a - u(ax+by) = a(-ux) + b(-uy), so we found another linear combination and r < t. Contradiction. Similarly t b, so t is a common divisor of a and b, thus t gcd (a, b) = d. So t = d. Example gcd(00, 36) = 4 = 4 00 36 = 400-396 GCD and Multiplication Given integers a, b, m >. If gcd(a, m) = gcd(b, m) =, then gcd(ab, m) = Proof idea: ax + ym = = bz + tm Find u and v such that (ab)u + mv = 5
GCD and Division If g = gcd(a, b), where a > b, then gcd (a/g, b/g) = (a/g and b/g are relatively prime). Proof: Assume gcd(a/g, b/g) = d, then a/g = md and b/g = nd. a = gmd and b = gnd, therefore gd a and gd b Therefore gdg, d, so d =. Example gcd(00, 36) = 4 gcd (00/4, 36/4) = gcd(25, 9) = GCD and Division Given integers a>0, b, q, r, such that b = aq + r, then gcd(b, a) = gcd(a, r). Proof: Let gcd(b, a) = d and gcd(a, r) = e, this means d b and d a, so d b - aq, so d r Since gcd(a, r) = e, we obtain d e. e a and e r, so e aq + r, so e b, Since gcd(b, a) = d, we obtain e d. Therefore d = e 6
Finding GCD Using the : Given integers a>0, b, q, r, such that b = aq + r, then gcd(b, a) = gcd(a, r). Euclidian Algorithm Find gcd (b, a) while a 0 do return a r b mod a b a a r Euclidian Algorithm Example Find gcd(43, 0) 43 = 0 + 33 0 = 3 33 + 33 = 3 + 0 gcd (43, 0) = 7
Towards Extended Euclidian Algorithm : Given integers a, b > 0 and a > b, then d = gcd(a,b) is the least positive integer that can be represented as ax + by, x, y integer numbers. How to find such x and y? If a and b are relative prime, then there exist x and y such that ax + by =. In other words, ax mod b =. Euclidian Algorithm Example Find gcd(43, ) 43 = + 32 = 3 32 + 5 32 = 2 5 + 2 5 = 7 2 + gcd (43, ) = 32 = 43 5 = 3 32 = 4 3 43 2 = 32 2 5 = 7 43 9 = 5-7 2 = 67 52 43 8
Extended Euclidian Algorithm x=; y=0; d=a; r=0; s=; t=b; while (t>0) { } q = d/t u=x-qr; v=y-qs; w=d-qt x=r; y=s; d=t r=u; s=v; t=w return (d, x, y) Invariants: ax + by = d ar + bs = t Equivalence Relation Definition A relation is defined as any subset of a cartesian product. We denote a relation (a,b) R as arb, a A and b B. Definition A relation is an equivalence relation on a set S, if R is Reflexive: ara for all a R Symmetric: for all a, b R, arb bra. Transitive: for all a,b,c R, arb and brc arc Example = is an equivalence relation on N 9
Definition: Modulo Operation a modn = r q,s.t. a = q n+ r Example: 7 mod 3 = -7 mod 3 = 2 Definition (Congruence): where 0 r n a b mod n a mod n = b mod n Congruence Relation Congruence mod n is an equivalence relation: Reflexive: a a (mod n) Symmetric: a b(mod n) iff b a mod n. Transitive: a b(mod n) and b c(mod n) a c(mod n) 0
Congruence Relation Properties ) If a b (mod n) and c d (mod n), then: a ± c b ± d (mod n) and ac bd (mod n) 2) If a b (mod n) and d n then: a b (mod d) Reduced Set of Residues Definition: A reduced set of residues (RSR) modulo m is a set of integers R each relatively prime to m, so that every integer relatively prime to m is congruent to exactly one integer in R.
The group (Z n *, ) Z n * consists of all integers in [..n-] that are relative prime to n Z n * = { a a n and gcd(a,n)= } is a reduced set of residues modulo n (Z n *, ) is a group gcd(a,n)= and gcd(b,n)= gcd(ab, n)= given a Z n *, how to compute a -? Linear Equation Modulo If gcd(a, n) =, the equation has a unique solution, 0< x < n ax mod n Proof Idea: if ax (mod n) and ax 2 (mod n), then a(x -x 2 ) 0 (mod n), then n a(x -x 2 ), then n (x -x 2 ), then x -x 2 =0 2
Linear Equation Modulo (cont.) If gcd(a, n) =, the equation has a solution. ax b mod n Proof Idea: x = a - b mod n Chinese Reminder (CRT) Let n, n 2,,,, n k be integers s.t. gcd(n i, n j ) =, i j. x a x... x There exists a unique solution modulo n = n n 2 n k a 2 mod mod n n 2 a k mod n k 3
Proof of CMT Consider the function χ: Z n Z n Z n2 Z nk χ(x) = (x mod n,, x mod n k ) We need to prove that χ is a bijection. For i k, define m i = n / n i, then gcd(m i,n i )= For i k, define y i = m - i mod n i Define function ρ(a,a2,,ak) = Σ a i m i y i mod n a i m i y i a i (mod n i ) a i m i y i 0 (mod n j ) where i j Proof of CMT Example of the mappings: n =3, n 2 =5, n=5 χ: ρ: m =5, y =2, m y =0, m 2 y 2 =6, (,) (,) 0+6 2 (2,2) (,2) 0+2 7 4 (,4) (,3) 0+8 3 7 (,2) (,4) 0+24 4 8 (2,3) (2,) 20+6 (2,) (2,2) 20+2 2 3 (,3) (2,3) 20+8 8 4 (2,4) (2,4) 20+24 4 4
Example of CMT: n =7, n 2 =, n 3 =3, n=00 m =43, m 2 =9, m 3 =77 y =43 - mod 7 = 3 - mod 7 = 5 y 2 =9 - mod = 3 - mod = 4 x 5 (mod 7) x 3 (mod ) x 0 (mod 3) y 3 =77 - mod 3 = 2 - mod 3 = 2 x=(5 43 5 + 3 9 4 + 0 77 2) mod 00 = 3907 mod 00 = 894 The Euler Phi Function Definition Given an integer n, Φ(n) = Z n * is the number of all numbers a such that 0 < a < n and a is relatively prime to n (i.e., gcd(a, n)=). : If gcd(m,n) =, Φ(mn) = Φ(m) Φ(n) 5
The Euler Phi Function : Formula for Φ(n) Let p be prime, e, m, n be positive integers ) Φ(p) = p- 2) Φ(p e ) = p e p e- e e2 ek 3) If n = p p... p then 2 Φ( n) = n( k )( p )...( p p 2 k ) Fermat s Little Fermat s Little If p is a prime number and a is a natural number that is not a multiple of p, then a p- (mod p) Proof idea: gcd(a, p) =, then the set { i*a mod p} 0< i < p is a permutation of the set {,, p-}.(otherwise we have 0<n<m<p s.t. ma mod p = na mod p p (ma - na) p (m-n), where 0<m-n < p ) a * 2a * *(p-)a = (p-)! a p- (p-)! (mod p) Since gcd((p-)!, p) =, we obtain a p- (mod p) 6
Consequence of Fermat s - p is a prime number and - a, e and f are positive numbers - e f mod p- and - p does not divide a, then a e a f (mod p) Proof idea: a e = a q(p-) + f = a f (a (p-) ) q by applying Fermat s theorem we obtain a e a f (mod p) Euler s Euler s Given integer n >, such that gcd(a, n) = then a Φ(n) (mod n) Corollary Given integer n >, such that gcd(a, n) = then a Φ(n)- mod n is a multiplicative inverse of a mod n. Corollary Given integer n >, x, y, and a positive integers with gcd(a, n) =. If x y (mod Φ(n)), then a x a y (mod n). 7
Prime number distribution and testing RSA Efficiency of modular arithmetic Next 8