Module 5: Basic Number Theory

Home , Exponentiation, Modular arithmetic, Module (mathematics)

Theme 1: Division

b b=a ½6=4 =4

Given two integers, say a and , the quotient may or may not be an integer (e.g., but

=5 = ¾:4 ½¾ ). Number theory concerns the former case, and discovers criteria upon which one can

decide about divisibility of two integers.

6=¼ a b k

More formally, for a we say that divides if there is another integer such that

b = ka;

and we write a . In short:

ajb 9 b = ka:

¾Z if and only if k

This simple deﬁnition leads to many properties of divisibility. For example, let us establish the

following lemma.

jb ajc aj´b · cµ Lemma 1 If a and ,then .

Proof. We give a direct proof. From the deﬁnition of divisibility and the hypotheses we know that ×

there are integers Ø and such that

b = Øa; c = ×a:

Hence

b · c = a´× · Øµ:

· Ø aj´b · cµ Since × is an integer, we prove that .

Exercise 5A: Prove the following two facts:

jb ajbc c

1. If a ,then for all integers .

jb bjc ajc 2. If a and ,then .

We already noted that an integer may be or not divisible by another integer. However, when

dividing one number by another there is always a quotient and a remainder. More precisely, if a and

Õ Ö

d are positive integers then there is a unique and such that

a = dÕ · Ö

1 Theme 2: Primes

Primes numbers occupy very prominent role in number theory. A prime number Ô is an integer ½ greater than ½ that is divisible only by and itself. A number that is not prime is called composite.

Example 1: The primes less than ½¼¼ are:

¾; ¿; 5; 7; ½½; ½¿; ½7; ½9 ; ¾¿; ¾9; ¿½ ; ¿7 ; 4½; 4¿ ; 47 ; 5¿; 59; 6½ ; 67; 7½; 7¿ ; 79; 8¿; 89 ; 97:

How many primes are there? We ﬁrst prove that there are inﬁnite number of primes.

Theorem 1. There are inﬁnite number of primes.

Proof. We provide a proof by contradiction. Actually, it is due to Euclid and it is more than 2000

¾; ¿; 5;::: ;Ô Ô k years old. Let us assume that there is a ﬁnite number of primes, say, k where is the largest prime (there is the largest prime since we assumed there are only ﬁnitely many of them).

Construct another number

Å =¾¡ ¿ ¡ 5 ¡¡¡ Ô ·½

¾; ¿; 5;::: ;Ô

which is a product of all primes plus one. First, observe that none of the primes k

Å ½

can divide Å , since the remainder of dividing by any of the primes is equal to . Since every ½

number, including Å , is divisible by at least two numbers, and itself, there must be another prime,

Å ¾; ¿; 5;::: ;Ô

possible itself, that is not among the primes k . This contradicts the assumption that

¾; ¿; 5;::: ;Ô

k are the only primes. Ò

But how many primes are there smaller than Ò,where is a ﬁxed number. This is a very difﬁcult

ÐÓg ´Òµ

problem that was solved only in the last century. Basically, there are approximately about Ò=

¾5 ½¼¼ ½¼¼= ÐÓg ´½¼¼µ ¾¾ primes smaller than Ò. For example, there are primes smaller than ,and . Primes are important since every integer can be represented as a product of primes. This is known as the Fundamental Theorem of Arithmetics and we will prove it below.

Example 2: Observe that

¾ ¾

½¼¼ = ¾ ¡ ¾ ¡ 5 ¡ 5=¾ 5 ;

¿8½ = ¿ ¡ ½¾7;

888 = ¾ ¡ ¿ ¡ ¿7:

Theorem 2.[Fundamental Theorem of Arithmetics ] Every positive integer can be written uniquely

as the product of primes where the prime factors are written in order of increasing size, that is, if Ò is

Ô <Ô < ¡¡¡ <Ô

¾ Ñ

a natural numbers and ½ are distinct primes, then

e e

½ ¾

Ò = Ô ¡ Ô ¡¡¡ Ô

½ ¾

e Ô Ô Ò

i i where i are exponents of (i.e., the number of times occurs in the factorization of ).

Proof. We give an indirect proof. Let us assume that there are two different prime factorizations of

Ò, say

e e

½ ¾

Ò = Ô ¡ Ô ¡¡¡ Ô

½ ¾

d d

½ ¾

Ò = Õ ¡ Õ ¡¡¡ Õ

½ ¾

Õ < ¡¡¡ <Õ Ò Ö

where ½ are primes. Since we factorize the same number we must have

e e d d

e d

½ ¾ ½ ¾

Ñ Ö

Ô ¡ Ô ¡¡¡ Ô = Õ ¡ Õ ¡¡¡ Õ :

Ñ Ö

½ ¾ ½ ¾

Ô = Õ Ô 6= Õ Ô Õ ;::: ;Õ

½ ½ ½ ½ ½ Ö

We ﬁrst prove that ½ .If ,then can not divide any of the primes (we say

Ô Õ ;::: ;Õ Ô Õ ;::: ;Õ

½ Ö ½ ½ Ö

that ½ is relatively prime to all ). Indeed, since and are primes, none of them

d d

¾ ½

¡¡¡ Õ ¡ Õ Ô Ò = Õ

equal, then they must be relatively prime. But, then ½ cannot divide which is

¾ ½

e e

½ ¾

Ò = Ô Ô = Õ ¡ Ô ¡¡¡ Ô ½

nonsense since . Thus, we must conclude that ½ .

½ ¾

e = d Ô = Õ

½ ½ ½

Now we prove that ½ provided that we just established above. Again, assume

e ¼ Ô

½ ½ ½

contrary that ½ , say , . Then after dividing everything by we obtain

d e

d h e

¾ ¾

Ö Ñ

: ¡ Õ ¡¡¡ Õ = Õ Ô ¡¡¡ Ô

Ö ½ Ñ

¾ ¾ Õ

But then the right-hand side of the above is divisible by ½ while the left-hand side is not, which is impossible since there is an equality sign between the left-hand side and the right-hand side of the above. This completes the proof.

How to ﬁnd out whether an integer is a prime or not? Unfortunately, there is no fast way of doing it (i.e., there is no efﬁcient algorithm), but one can use some properties of primes and composite

numbers to speed up the process. Here is one useful result.

Ò Ò

Lemma 2.If Ò is a composite integer, then has a prime divisor less than or equal to .

d ½

Proof.SinceÒ is a composite integer, it must have a factor such that ,thatis,

Ô Ô

½ d> Ò Ö> Ò

where Ö> is an integer. Let us now assume contrary that and .Butthen

Ô Ô

d ¡ Ö> Ò Ò = Ò

= dÖ Ò

which is the desired contradiction since we assumed that Ò . We must conclude that has at Ô

least one divisor not exceeding Ò. This divisor is prime or not. If it is not prime, it must have a Ô

prime divisor, which certainly must be smaller than Ò.

We can use this lemma, in its contrapositive form, to decide whether Ò is a prime or not. Indeed.

Ò Ò the above lemma is equivalent to: if Ò has no prime divisor less than or equal to ,then is a prime number.

3 ½¼7

Example 3: Let us show that ½¼7 is a prime number. If would be composite, then it has had prime

½¼:¿4 ½¼ ¾; ¿; 5 7 ½¼7 divisor smaller than ½¼7 . Primes smaller than are ,and . None of it divides ,

thus it ½¼7 must be a prime number.

There were several attempts to ﬁnd a systematic way of computing prime numbers. Euclid sug-

k ·½µ

gested that ´ -st prime can be computed recursively as follows:

e = ¾;

e = e e ¡¡¡ e ·½:

½ ¾

k ·½ k

For example, the ﬁrst few numbers are

e = ¾·½ = ¿;

e = ¾ ¡ ¿·½ = 7;

e = ¾ ¡ ¿ ¡ 7·½=4¿: 4

This is an example of a recurrence that we already encountered in the previous module. All numbers

computed so far are primes. But, unfortunately,

e =¾¡ ¿ ¡ 7 ¡ 4¿ · ½ = ½8¼7 = ½¿ ¡ ½¿9 5

is not a prime.

½ In the seventeenth century, a French mathematician Marin Marsenne suggested that ¾ is

prime provided Ô is prime. Unfortunately,

½½

¾ ½ = ¾¼47 = ¾¿ ¡ 89:

From now on we shall work under the assumption that there is no easy, simple and fast algorithm to compute prime numbers.

Theme 3: Greatest Common Divisor

Ò Ò Ñ

The largest divisor that divides both Ñ and is called the greatest common divisor of and .It

Ñ; Òµ

is denoted as gcd´ . Formally:

Ñ; Òµ:=ÑaÜfk : k jÑ k jÒg:

gcd ´ and ¿6

Example 4: What is the greatest common divisor of ¾4 and . One way of ﬁnding it is to list all ¿6

divisors of ¾4 and and pick up the largest common to both lists. For example,

= f½; ¾; ¿; 4; 6; 8; ½¾; ¾4g ;

divisors of ¾4

= f½; ¾; ¿; 4; 6; 9; ½¾; ½8; ¿6 g: divisors of ¿6

; ¿6µ = ½¾ Thus gcd´¾4 . Another, more systematic way is to do prime factorization of both numbers

and pick up the largest common factors. In our case,

¾4 = ¾ ¡ ¿;

¾ ¾

¿6 = ¾ ¡ ¿ :

Thus

gcd ´¾4; ¿6µ = ¾ ¡ ¿=½¾:

Generalizing the last example, let

a a

½ ¾

Ñ = Ô Ô ¡¡¡ Ô ;

½ ¾

b b

½ ¾ k

Ò = Ô Ô ¡¡¡ Ô

½ ¾ k

be prime factorizations with possible zero exponents. Then

ÑiÒfa ;b g ÑiÒfa ;b g ÑiÒfa ;b g

½ ½ ¾ ¾

k k

gcd ´Ñ; Òµ=Ô Ô ¡¡¡ Ô

½ ¾

fÜ; Ý g Ü Ý

where ÑiÒ is the minimum of and . Indeed, take the last example to see that

ÑiÒf¾;¿g ÑiÒf½;¾g

gcd ´¾4; ¿6µ = ¾ ¿ : Ò

Exercise 5B: Let us deﬁne the least common multiple of Ñ and as the smallest positive integer

Ò ÐcÑ´Ñ; Òµ ÐcÑ´5; 8µ =4¼

that is divisible by both Ñ and . It is denoted as (e.g., ). Prove that for Ò

any positive integers Ñ and

Ñ ¡ Ò = gcd´Ñ; Òµ ¡ ÐcÑ´Ñ; Òµ: Ò

We need some more deﬁnitions. Two integers, say Ñ and , may be composite but the only

Ñ Ò

common divisor of both is ½. In such a case we say that and are relatively prime. More generally:

a ;a ;::: ;a

½ ¾

Deﬁnition 1. The integers k are pairwise relatively prime if

gcd´a ;a µ=½; 8 ½ i

i j

Unlike finding primes, there is an efficient algorithm (a procedure) that finds the greatest common

divisor. We start with an example.

; ¾6¼µ ¾6¼ 9½

Example 5:Findgcd´9½ . We ﬁrst divide by to ﬁnd

¾6¼ = ¾ ¡ 9½ · 78:

¾6¼ ¾6¼ ¾ ¡ 9½ = 78

Observe that any divisor of 9½ and must also be a divisor of , and vice versa any

78 ¾6¼ = ¾ ¡ 9½ · 78 d ¾6¼ 9½

divisor of 9½ and must be a divisor of . (Indeed, if is a divisor of and ,

Ð ¾6¼ = d ¡ k 9½ = d ¡ Ð ¾6¼ ¾ ¡ 9½ = d´k ¾Ð µ

then there are integers k and such that and , hence ,

¾ ¡ 9½ = 78 d

so ¾6¼ is divisible by .) Thus we concluded that

gcd´9½; ¾6¼µ = gcd´78; 9½µ: 78

We now repeat this procedure: we divide 9½ by to get

9½ = ½ ¡ 78 · ½¿:

9½ 9½ 78 = ½¿

Again any divisor of 78 and must be a divisor of , and vice versa. This means that

gcd´9½; ¾6¼µ = gcd´78; 9½µ = gcd ´½¿; 78µ:

But

78 = ½¿ ¡ 6;

hence ﬁnally

gcd´9½; ¾6¼µ = gcd´78; 9½µ = gcd ´½¿; 78µ = gcd´¼; ½¿µ = ½¿

; ¾6¼µ = ½¿

and we conclude that gcd´9½ .

Ò > Ñ

From the last example, we should conclude that the greatest common divisor of Ñ and

Ò Ñ

is the same as the greatest common divisor of Ñ and the remainder of the division of by (i.e.,

= Õ ¡ Ñ · Ö Õ ¼ Ö <Ñ d Ñ Ò

Ò ,where is an integer and ). Indeed, if is a divisor of and ,thenit

= Ò Õ ¡ Ñ d Ñ Ö Ò = Ñ ¡ Õ · Ö must also divides Ö , and vice versa if divides and ,thenitdivides .

Therefore,

gcd ´Ñ; Òµ = gcd ´Ö;Ñµ:

In previous modules we have used an abbreviation for a remainder. Indeed, we write

Ö := Ò ÑÓ d Ñ

= Õ ¡ Ñ · Ö

where Ò . This is called modular arithmetic and we will be devoted the next section

Ò ÑÓ d Ñ it. For now, we just use the fact that the remainder Ö can be also written as . Then the last

equation, can be expressed as

Ñ; Òµ = gcd ´Ò ÑÓ d Ñ; Ñµ:

gcd ´ (1)

;Ñµ=Ñ

From the example above, we conclude that we can use (1) successively until we reach gcd´¼ .

Ñ; Òµ In summary, we design the following algorithm that computes gcd´ :

ALGORITHM: The Euclidean Algorithm

Ü := Ñ

Ý := Ò

6=¼ Ö := Ü ÑÓ d Ý

while Ý do

Ü := Ý

Ý := Ö

end

Ñ; Òµ:= Ü

gcd ´ .

; 66¾µ

Example 6:Findgcd´4½4 . According to the Euclidean algorithm we proceed as follows:

gcd´4½4; 66¾µ = gcd´¾48; 4½4µ = gcd ´½66; ¾48µ = gcd´8¾; ½66µ = gcd´8¾; ¾µ = gcd´¾; ¼µ = ¾:

Theme 4: Modular Arithmetic

We have already seen in previous modules modular arithmetic. It is about the remainder of an integer

when it is divided by another speciﬁc natural integer. It occurs in many applications (e.g., when ¾ counting time over a 24-hour clock since after 24:00 we have ½ am, am, etc.).

We start with a deﬁnition. Å

Deﬁnition 2. (i) Let Ò be an integer and be a positive integer. We denote by

Ö := Ò ÑÓ d Å

Ò Å

the remainder Ö when is divided by , that is,

Ò = Õ ¡ Å · Ö

¼ Ö<Å

where Õ is an integer and .

Ñ Å Ò Ñ Å

(ii) Let Ò and be integers and a positive integer. We say that is congruent to modulo

Ò Ñ

if Å divides . We shall write

Ñ ÑÓ d Å Å j´Ò Ñµ:

Ò if and only if

Ñ Å Ò 6 Ñ ÑÓ d Å If Ò are are not congruent modulo , then we write .

Example 7:Wehave

½8 ÑÓ d 5=¿; ½45 ÑÓ d 9=8:

We also have

½7 5 ÑÓ d 6; ¾4 6 ½4 ÑÓ d 6:

ÑÓ d 8=? ¾¿ ÑÓ d 4=4 Exercise 5C:Find½¿4 .Is ?

The following result is useful when computing congruences.

b ÑÓ d Ñ c d ÑÓ d Ñ

Theorem 3. Let a and .Then

· c b · d ÑÓ d Ñ;

a (2)

bd ÑÓ d Ñ:

ac (3)

b ÑÓ d Ñ c d ÑÓ d Ñ × Ø

Proof.Sincea and , hence there are integers and such that

b = ×Ñ · a;

d = c · ØÑ:

Therefore

b · d = ´a · cµ·Ñ´× · Øµ;

bd = á · ×Ñµć · ØÑµ=ac · ÑáØ · c× · ×ØÑµ

which prove (2) and (3).

¾ ÑÓ d 5 ½½ ½ ÑÓ d 5

Example 8:Let7 and .Then

½8 = 7 · ½½ ¾·½ ÑÓ d 5

and

77 = 7 ¡ ½½ ¾ ¡ ½ ÑÓ d 5:

From Theorem 3 we conclude that

a · bµ ÑÓ d Ñ = [´a ÑÓ d Ñµ·´b ÑÓ d Ñµ] ÑÓ d Ñ;

´ (4)

a ¡ bµ ÑÓ d Ñ = [´a ÑÓ d Ñµ ¡ ´b ÑÓ d Ñµ] ÑÓ d Ñ: ´ (5)

Identities (4)–(5) are useful when one needs to compute modulo Ñ over large numbers or products of

= ½¾¿ b = ¾¿4

large numbers. For example, let a and .Then

½¾¼ ¡ ¾¿4 ÑÓ d 5 = ´½¾¿ ÑÓ d 5µ ¡ ´¾¿4 ÑÓ d 5µ ÑÓ d 5=¿¡ 4 ÑÓ d 5=¾:

In fact, (5) is often used in the following form

× ×

a ÑÓ d Ñ =´a ÑÓ d Ñµ ÑÓ d Ñ:

¾9

ÑÓ d 7½¿

Let us compute 57¾ . If one tries to estimate this directly on a computer, overﬂow will

¾9 ¾9

likely occur since 57¾ is a huge number. But let us use (5). We ﬁrst represent the exponent as

4 ¿ ¾ ¼

¾9 = ¾ ·¾ ·¾ ·¾ :

½6; 8; 4 ½ 7½¿ We now compute 57¾ to each of the powers and modulo . Here is the calculation

(observe how easy it is!):

57¾ ÑÓ d 7½¿ = ¿¾7½84 ÑÓ d 7½¿ = 6¿¼;

4 ¾ ¾ ¾

57¾ ÑÓ d 7½¿ = ´57¾ ÑÓ d 7½¿µ ÑÓ d 7½¿ = 6¿¼ ÑÓ d 7½¿ = 47¾;

8 4 ¾ ¾

57¾ ÑÓ d 7½¿ = ´57¾ ÑÓ d 7½¿µ ÑÓ d 7½¿ = 47¾ ÑÓ d 7½¿ = ¿¾8;

½6 8 ¾ ¾

57¾ ÑÓ d 7½¿ = ´57¾ ÑÓ d 7½¿µ ÑÓ d 7½¿ = ¿¾8 ÑÓ d 7½¿ = 6¿4;

¾9 ½6 8 4

57¾ ÑÓ d 7½¿ = ´57¾ ÑÓ d 7½¿µ ¡ ´57¾ ÑÓ d 7½¿µ ¡ ´57¾ ÑÓ d 7½¿µ ¡ ´57¾ ÑÓ d 7½¿µ ÑÓ d 7½¿

= 6¿4 ¡ ¿¾8 ¡ 47¾ ¡ 57¾ ÑÓ d 7½¿ = ½½¿:

Theme 5: Applications

We shall discuss here some applications of numbers theory, namely, hashing, pseudo random generators, and cryptosystems based on modular arithmetic.

Hashing

Often one needs a fast methods of locating a given record in a huge set of records. Hashing is a

possible solution. It works as follows. Every record has a key, k , which uniquely identiﬁes it. A

´k µ hashing function h maps the set of keys into the available memory locations.

In practice, the most common hashing function is

h´k µ=k ÑÓ d Ñ

where Ñ is the size of the memory. = ½½½

Example 9:LetÑ and let keys be social security numbers of students. In particular,

h´¼64¾½¾848µ = ¼64¾½¾848 ÑÓ d ½½½ = ½4

h´¼¿7½49¾½¾µ = ¼¿7½49¾½¾ ÑÓ d ½½½ = 65:

Observe that hashing is not one-to-one function, hence some records may be hashed into the same

location. For example,

h´½¼74¼57¾¿µ = ½¼74¼57¾¿ ÑÓ d ½½½ = ½4:

Thus two records are mapped into the location ½4. Since this location was already occupied by the

= ½½½ previous record, the new collided record is moved to the next empty location modulo Ñ .In

our case, it is at memory location ½5.

9 Pseudo Random Number Generators

In many applications, including hashing, one needs to generate numbers that look randomly. For example, in hashing we want to spread out uniformly all records over the memory so to minimize the number of collisions. We should point out that most random generators compute deterministically numbers, therefore, we call them pseudo random generators. We require, however, that a statistical test applied to them will not distinguish these numbers from randomly generated numbers.

The most common procedure to generate pseudo random numbers is the linear congruential

a c

method. In this method we choose (very carefully) the modulus Ñ, multiplier , increment ,and

Ü ¾ a<Ñ ¼ c<Ñ ¼ Ü <Ñ Ü

¼ Ò seed ¼ with , ,and . Then we generate recursively a sequence

Ü =´aÜ · cµ ÑÓ d Ñ

Ò·½ Ò

Ü ¼ Ü <Ñ Ñ Ò with ¼ given. Observe that , hence at most after generations a repetition occurs. Of

course, this is not good for random generations, and one must select very carefully the parameters a, Ñ c and (which should be large) to obtain a long sequence without a repetition. The following result is known.

Theorem 4.[T. Hull and A. Dobel, 1962]The linear congruential generator has a full period (i.e.,

there is no repetition in the ﬁrst Ñ generations) if and only if the following three conditions hold:

c gcd´Ñ; cµ=½

(i) Both Ñ and are relatively prime, that is, .

Ñ Õ a ½

(ii) If Õ is a prime number that divides ,then divides .

Ñ 4 a ½ (iii) If 4 divides ,then divides .

Cryptology

One of the most important application of congruences is in cryptology, which is a study of secret messages. The ﬁrst encryption algorithms were very simple. For example, Julius Caesar designed an

encryption system by shifting each letter three letters in the alphabet. Mathematically speaking, in

´Ôµ

this case the encryption function f is deﬁned as

f ´Ôµ=´Ô ·¿µ ÑÓ d ¾6:

Then decryption is merely ﬁnding the inverse function f , which in this case is

F ´Ôµ=´Ô ¿µ ÑÓ d ¾6:

The above encryption system is too easy to break. Therefore, in mid-1970 the concept of public key cryptosystem was introduced. In such a system, every person can have a publicly known encryption key to send encrypted message, but only those who have secret key can decrypt the message. We

10 describe below a system known as the RSA encryption system (RSA name is built from the initials of the inventors Rivest, Shamir and Adleman).

In the RSA system, the message Å to be sent is ﬁrst transformed into an integer representing

it (with some abuse of notation we denote such an integer by Å ). The RSA is based on modular

Õ Ò = ÔÕ =

exponentiation modulo of the product of two large primes, say Ô and .Deﬁne and

Ô ½µ´Õ ½µ Ô Õ ½¼¼ Ò ¾¼¼ ´ . In practice, and have digits each, thus has digits. Deﬁne now an

exponent e as

gcd ´e; µ=½;

=´Ô ½µ´Õ ½µ C Å that is, e is relatively prime to . The cipher text of the original message is

computed as follows

= Å ÑÓ d Ò C (6)

The RSA decryption works as follows: We first find a number d defined as

de =½ÑÓ d =´Ô ½µ´Õ ½µ:

e d

The number d is called inverse of modulo . It should be underlined that can be found fast (based

Õ ÔÕ on the Euclidean algorithm) only if one knows both primes Ô and , not the product . Then, it can

be proved (see below) that

Å ÑÓ d Ò = ÔÕ :

C (7)

Ô = 4¿ Õ = 59

Example 10: Let us encrypt the message ËÌ ÇÈ using the RSA with and . Thus

=4¿¡ 59 = ¾5¿7 e =½¿ gcd ´½¿; 4¾ ¡ 58µ = ½

Ò , and one ﬁnds since .

A = ¼¼ B =

We now transform the message ËÌ ÇÈ into its numerical equivalent (where ,

;::: Z =¾5

¼¾ ) and group them in pairs. We obtain

½8½9 ½4½5:

We will encrypt each of the two blocks separately. We have

½¿

½8½9 ÑÓ d ¾5¿7 = ¾¼8½;

½¿

½4½5 ÑÓ d ¾5¿7 = ¾½8¾: = ¾¼8½ ¾½8¾ Hence, the encrypted message is C .

Now, to decrypt it, we ﬁrst ﬁnd the inverse d. Using the Euclidean algorithm (and knowing

=4¿ Õ =59 d = 9¿7 Ò = ¾5¿7

Ô ) we compute that . Then (with )

9¿7

¾¼8½ ÑÓ d ¾5¿7 = ½8½9;

and

9¿7

¾½8¾ ÑÓ d ¾5¿7 = ½4½5: hence, we recover the original message.

11 Mathematics behind RSA

In this subsection, we present in some details mathematical ideas used in the construction of the RSA

algorithm. Our main goal is to justify mathematically the decoding procedure (7).

a a Ñ

Let us start with introducing an inverse modulo Ñ. We say that is an inverse of modulo if

aa ½ ÑÓ d Ñ:

In order to compute the inverse, we must plunge into another aspect of number theory. We claim

b × Ø

that for any positive a and there exist integers and such that

a; bµ=×a · Øb: gcd´ (8)

We explain how to construct these two numbers on an example.

; 5¼4µ Example 11: Let us use Euclidean algorithm to compute gcd´¿96 . We proceed according to

the algorithm as follows:

5¼4 = ¿96 · ½¼8

¿96 = ¿ ¡ ½¼8 · 7¾

½¼8 = 7¾ · ¿6

7¾ = ¾ ¡ ¿6;

; 5¼4µ = ¿6 Thus gcd ´¿96 . To ﬁnd the representation (8) we work backward the Euclidean algorithm

starting from the next-to-last devision above, that is,

gcd ´¿96; 5¼4µ = ¿6 = ½¼8 7¾

= ½¼8 ´¿96 ¿ ¡ ½¼8µ = 4 ¡ ½¼8 ¿96

= 4´5¼4 ¿96µ ¿96 = 4 ¡ 5¼4 5 ¡ ¿96

= ´ 5µa · ´4µb

= ¿96 b = 5¼4 × = 5 Ø =4 where a and . Thus and in the representation (8). It is not much harder

to prove (8) in general terms.

gcd ´a; Ñµ=½

Now we can go back to the inverse modulo Ñ construction. Let us assume that . Ø

Then from the fact just proved we conclude that there must exist integers × and such that

×a · ØÑ =½:

This certainly implies that

×a · ØÑ ½ ÑÓ d Ñ:

12 ØÑ

But since Ñ divides we conclude that

×a ½ ÑÓ d Ñ:

=a a Ñ Consequently × is the inverse of modulo .

In summary, we’ve just established the following result.

½ gcd´a; Ñµ =½ a Ñ a

Theorem 5. If Ñ> and (i.e., and are relatively prime), then an inverse of

× gcd´a; Ñµ=½

modulo Ñ exists and it is equal to in the following representation of

×a · ØÑ =½

which can be found efﬁciently by the Euclidean algorithm.

7 gcd´¿; 7µ = ½ Example 12: Let’s ﬁnd the inverse of ¿ modulo .Since , the inverse exists, and the

Euclidean algorithm gives:

7=¾¡ ¿·½

hence

¾ ¡ ¿·½¡ 7=½

7 ¾ and the inverse of ¿ modulo is equal to .

We need two more results before we can explain the decryption algorithm of RSA. The ﬁrst one

goes back to ancient Chinese and Hindu mathematicians and it is known as the Chinese Remainder

Ñ ;Ñ ;::: ;Ñ

¾ Ò

Theorem. Here is the problem: let ½ be pairwise relatively prime positive integers.

Ü Ñ = Ñ Ñ ¡¡¡ Ñ

¾ Ò

Find a solution modulo ½ of the following system;

Ü a ÑÓ d Ñ ;

½ ½

Ü a ÑÓ d Ñ ;

¾ ¾ .

Ü a ÑÓ d Ñ ;

Ò Ò

=½;::: ;Ò

We now construct a solution to the above system of congruences. Let us deﬁne for k

= Ñ ¡¡¡ Ñ Ñ ¡¡¡ Ñ : Å =

½ Ò

k ½ k ·½ k

gcd´Å ;Ñ µ=½ Ý Å Ñ

k k k k Observe that k . Therefore, by Theorem 5 there exists inverse of modulo ,

that is,

Å Ý ½ ÑÓ d Ñ :

k k k

Let us now deﬁne

Ü = a Å Ý · a Å Ý · ¡¡¡ · a Å Ý ÑÓ d Ñ:

½ ½ ¾ ¾ ¾ Ò Ò Ò ½ (9)

We claim it is a simultaneous solution of the above system modulo Ñ. Indeed, we ﬁrst observe that

Å ¼ ÑÓ d Ñ j 6= k j

k for .But

Ü a Å Ý a ÑÓ d Ñ

k k k k k

Å Ý ½ ÑÓ d Ñ Ò

k k since k . Thus we have shown that (9) is a simultaneous solution of the above congruences. This is called the Chinese Remainder Theorem.

Example 13:Solve

Ü ¾ ÑÓ d ¿;

Ü ¿ ÑÓ d 5;

Ü ¾ ÑÓ d 7:

Ñ =¿¡ 5 ¡ 7 = ½¼5 Å =¿5 Å =¾½ Å =½5 Ý =¾

¾ ¿ ½

We have ,and ½ , and .Weﬁndthat is inverse

Å =¿5 Ý =½ Å 5 Ý =½ Å 7

¾ ¾ ¿ ¿ of ½ modulo 3, is inverse of modulo ,and is an inverse of modulo .

Thus the solution of the above system of congruences

Ü ¾ ¡ ¿5 ¡ ¾·¿¡ ¾½ ¡ ½·¾ ¡ ½5 ¡ ½ ÑÓ d ½¼5

= ¾¿¿ ¾¿ ÑÓ d ½¼5; =¾¿ thus the solution Ü .

Finally, we quote (without a proof) the Fermat Little Theorem. a Theorem 6.[Fermat’s Little Theorem] If Ô is a prime number and is an integers not divisible by

Ô,then

Ô ½

a ½ ÑÓ d Ô

or equivalently

a a ÑÓ d Ô:

Now, we are ready to explain the decryption procedure (7) of the RSA algorithm. We recall that

e =´Ô ½µ´Õ ½µ

d is inverse of modulo ,thatis,

de ½ ÑÓ d :

This implies that there is an integer k such that

de =½·k:

Therefore by the Fermat theorem

d de Ô ½ k ´Õ ½µ

C = Å = Å ¡ ´Å µ Å ¡ ½ Å ÑÓ d Ô;

and

d Õ ½ k ´Ô ½µ

C = Å ¡ ´Å µ Å ¡ ½ Å ÑÓ d Õ

Ô ½ Õ ½

½ ÑÓ dÔ Å ½ ÑÓ dÕ gcd´Ô; Õ µ = ½ since Å and by Fermat’s theorem. But , hence it

follows from the Chinese Remainder Theorem that

C Å ÑÓ d ÔÕ as desired.

15 Assignment 5.1: Basic Number Theory Problems

Each assignment is worth 10 points.

c 6=¼ ´acµj´bcµ ajb 1. Show that if a; b and are integers such that ,then .

2. Find the prime factorization of ½¼!.

3. Use the Euclidean algorithm to ﬁnd

; ½4¼¿9µ

(a) gcd´½5¾9 ,

; ½½½½½µ

(b) gcd´½½½½ . ½7

4. Find an inverse of ¾ modulo .

=4¿¡ 59 e =½¿

5. Encrypt the message ATTACK using the RSA system with Ò and , translating

=¼¼ B =¼½;::: Z =¾5 each letter into integers (where A , ) and grouping pairs of integers, as we did in our Example 10.

16 Solutions to Exercises

Solution to Exercise 5A

jb ajbc c ajb k

We ﬁrst prove that if a ,then for all integers . Indeed, since there must be an integer

= k ¡ a b ¡ c = k ¡ c ¡ a ajbc c

such that b . This implies , hence for any integer .

jb bjc ajc k

Now we prove if a and ,then . From the hypotheses we conclude that there are integers

b = ka c = bÐ c = bÐ = kÐa ajc and Ð such that and . Therefore, , hence .