CHAPTER 2 Number Theory Basics Badran Awad Computer Department Palestine Technical College Motivation

• Public key cryptography is based on large primes that have to be generated & tested using modular arithmetic.

• Fermat & Euler’s work is used to prime or relatively prime numbers.

• Euclid’s algorithm finds multiplicative inverses that are needed to find appropriate encryption keys in public key cryptography. Divisibility

Definition 2.1.1 Let 푎, 푏 ∈ ℤ and 푎 ≠ 0. We say 푎 divides 푏 if there exists 푘 ∈ ℤ such that 푏 = 푎푘. This is denoted by 푎|푏.

Example 2.1.1 3|15, -15|60, 7 ∤ 18

Proof: Divisibility

Q: Which of the following is true? 1. 77 | 7 2. 7 | 77 3. 24 | 24 4. 0 | 24 5. 24 | 0 Greatest Common Divisor

Definition: The greatest common divisor (gcd) for two integers a and b is the largest integer dividing a and b.

Example 2.1.2 gcd(4,6) = 2, gcd(5,7) = 1, gcd(24,60) = 12

Definition 2.1.2

2 integers a and b are relative prime if gcd(a,b) = 1. Euclidean algorithm

Definition This is a method to find the gcd of 2 integers. As an example , let’s say we want to find gcd(a,b) and a>b. Step 1 Divide a by b. Determine the remainder. We will have 푎 = 푞1푏 + 푟1 Step 2 If 푟1 = 0 then If 푟1 ≠ 0, continue by dividing 푏 with 푟1. We will have 푏 = 푞2푟1 + 푟2 Step 3 If 푟2 = 0, gcd 푎, 푏 = 푟, else do 푟1 = 푞3푟2 + 푟3 ⋮ 푟푘−2 = 푞푘푟푘−1 + 푟푘 푟푘−1 = 푞푘+1푟푘 + 0 So, gcd 푎, 푏 = 푟푘. Euclidean algorithm

Example 2.1.3 Compute 푔푐푑 482,1180 . 1180 = 2(482) +216 482 = 2(216) + 50 This is the gcd 216 = 4(50) + 16 50 = 3(16) + 2 16 = 8(2)

That is, gcd(482,1180) = 2.

Example 2.1.4 Compute gcd(12345,11111). Euclidean algorithm

Solving 풂풙 + 풃풚 = 풅.

In the above Euclidean algorithm we did not use the quotients 푞푖. Theorem 2.1.2 Let 푎, 푏 ∈ ℤ with at least one of the numbers is non-zero and let gcd 푎, 푏 = 푑. Then there exists 푥, 푦 ∈ ℤ such that 푎푥 + 푏푦 = 푑 (푥 and 푦 can be either positive or negative). Example 2.1.5

gcd 4,6 = 2. There exists 푥 = −1, 푦 = 1 such that 4푥 + 6푦 = 2 Euclidean algorithm

Example 2.1.6 Determine gcd 748,2024 and find the two integers 푥, 푦 ∈ ℤ such that 푎푥 + 푏푦 = gcd 748,2024 .

To solve 푎푥 + 푏푦 = gcd 푎, 푏 where 푎 < 푏. We need to use an algorithm called extended Euclidean algorithm. Extended Euclidean algorithm

Solve 푎푥 + 푏푦 = gcd 푎, 푏 where 푎 < 푏. • Step 1 푏 Divide 푎 into 푏 (i.e. ). 푎 푎 = 푞1푏 + 푟1 푏 = 푞2푟1 + 푟2 푟1 = 푞3푟2 + 푟3 ⋮ 푟푘−2 = 푞푘푟푘−1 + 푟푘 푟푘−1 = 푞푘+1푟푘 + 0 • Step 2 Set 푥0 = 0, 푥1 = 1 and 푥푗 = −푞푗−1푥푗−1 + 푥푗−2. Set 푦0 = 1, 푦1 = 0 and 푦푗 = −푞푗−1푦푗−1 + 푦푗−2 • Step 3

Then 푎푥푛 + 푏푦푛 = gcd 푎, 푏 . Extended Euclidean algorithm

Example 2.1.7

Find gcd 4,6 gcd 6,21 gcd 748,2024 Extended Euclidean algorithm

Remark 2.1.1

We will define the solution pair 푥푛, 푦푛 as the initial solution for

푎푥 + 푏푦 = gcd 푎, 푏 . We re-denote as 푋0, 푌0 . We define the general solution for 푎푥 + 푏푦 = gcd 푎, 푏 as

푋 = 푋0 + 푏푡 and 푌 = 푌0 − 푎푡 where 푡 ∈ ℤ. That is for any 푡 ∈ ℤ, 푋, 푌 will always satisfy 푎푥 + 푏푦 = gcd 푎, 푏 .

Example 2.1.8

Try to find gcd 12345,11111 and solve 12345x + 11111y = gcd(12345,11111). Modular Arithmetic

2.2.1 Congruence

Definition 2.2.1

푎−푏 Let 푎, 푏, 푛 ∈ ℤ and 푛 ≠ 0. We say 푎 ≡ 푏 mod 푛 if = 푘 ∈ ℤ. 푛

Example 2.2.1

32 ≡ 7 mod 5 Modular Arithmetic

Proposition 2.2.1

Let 푎, 푏, 푛 ∈ ℤ and 푛 ≠ 0.

i) 푎 ≡ 푎 mod 푛

ii) 푎 ≡ 푏 mod 푛 implies 푏 ≡ 푎 mod 푛

iii) If 푎 ≡ 푏 mod 푛 and 푏 ≡ 푐 mod 푛 then 푎 ≡ 푐 mod 푛 .

Proof: Modular Arithmetic

Arithmetic operations

i. [(a mod n) + (b mod n)] mod n = (a + b) mod n ii. [(a mod n) - (b mod n)] mod n = (a - b) mod n iii. [(a mod n) x (b mod n)] mod n = (a x b) mod n Modular Arithmetic

Remark 2.2.1 Cryptography thought in this course will work with the integers modulo 푛. They are denoted by ℤ푛 or also as ℤ/푛ℤ. ℤ푛 = 0,1,2, … , 푛 − 1 Example 2.2.2 Generate the addition and multiplication table modulo 10. Modular Arithmetic

• Rules for Addition, Modulo 10 + 0 1 2 3 4 5 6 7 8 9 0 0 1 2 3 4 5 6 7 8 9 1 1 2 3 4 5 6 7 8 9 0 2 2 3 4 5 6 7 8 9 0 1 3 3 4 5 6 7 8 9 0 1 2 4 4 5 6 7 8 9 0 1 2 3 5 5 6 7 8 9 0 1 2 3 4 6 6 7 8 9 0 1 2 3 4 5 7 7 8 9 0 1 2 3 4 5 6 8 8 9 0 1 2 3 4 5 6 7 9 9 0 1 2 3 4 5 6 7 8 Modular Arithmetic

2.2.1.1 Division in modular arithmetic

Proposition 2.2.2 Let 푎, 푏, 푛 ∈ ℤ and 푛 ≠ 0 with 푎푏 ≡ 푎푐 mod 푛 then 푏 ≡ 푐 mod 푛 . Proof:

Example 2.2.5 Solve 2푥 + 7 ≡ 3 mod 17 . (Note: please observe gcd 2,17 ) Modular Arithmetic

Proposition 2.2.3

Suppose gcd 푎, 푛 = 1. Let 푠, 푡 ∈ ℤ such that 푎푠 + 푛푡 = 1 (푠 and 푡 can be found using the extended Euclidean algorithm).

If 푎푠 ≡ 1 mod 푛 , then 푠 is the multiplicative inverse for 푎 mod 푛 .

Proof: Inverses - Preliminaries

Observe that if (a + b)  (a + c) mod n, then b  c mod n For a = 5; b = 23; c = 7, n = 8 If (5 + 23)  (5 + 7) mod 8; then 23  7 mod 8. Is this true?

Part 1: Is (5 + 23)  (5 + 7) mod 8? (5 + 23) = 28; 28/8 = 3, 4 (i.e., r = 4), and (5 + 7) mod 8 = 12 mod 8 = 12/8 = 1, 4 (i.e., r = 4) OK!

Part 2: Is 23  7 mod 8? 23/8 = 2, 7 (i.e., r = 7), and 7 mod 8 = 0, 7 (i.e., r = 7) OK! So, what is the point? Inverses - Preliminaries

This is true because there is an additive inverse.

It is the number you would have to subtract from the original number to get 0. That is:

(a + b) - a  -a + (a + c) mod n, or b  c mod n Inverses in Cryptography

We will use one number to encrypt and its inverse to decrypt.

Consider an input string to be encrypted = 3692. Add a constant mod 10 to map the string to a new string (character by character).

(3 + 6) mod 10 = 9 (6 + 6) mod 10 = 2 (9 + 6) mod 10 = 5 (2 + 6) mod 10 = 8

The encrypted string for 3692 = 9258 Inverses in Cryptography

Now use the additive inverse of 6; it is 6 + x = 0; x = 4 to decrypt (inverse is taken from the table).

(9 + 4) mod 10 = 3 (2 + 4) mod 10 = 6 (5 + 4) mod 10 = 9 (8 + 4) mod 10 = 2 The encrypted string is decrypted!

This is a simple substitution cipher (e.g., Caesar). The only difference is numbers were used instead of letters.

But – easy to break – lets do something harder! Inverses in Cryptography - Multiplicative

0 1 2 3 4 5 6 7 8 9 x 0 0 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 8 9 2 0 2 4 6 8 0 2 4 6 8 3 0 3 6 9 2 5 8 1 4 7 4 0 4 8 2 6 0 4 8 2 6 5 0 5 0 5 0 5 0 5 0 5 6 0 6 2 8 4 0 6 2 8 4 7 0 7 4 1 8 5 2 9 6 3 8 0 8 6 4 2 0 8 6 4 2 9 0 9 8 7 6 5 4 3 2 1

If this works like addition, we should be able to encrypt and decrypt. Trouble is, it only works part of the time. We can encrypt/decrypt some, but not all, numbers. Inverses in Cryptography - Multiplicative

Encrypt the string 8732 using a multiplicative constant of: 5 mod 10

(8 x 5) mod 10 = 0; (40/10 = 4, 0) (7 x 5) mod 10 = 5; (35/10 = 3, 5) (3 x 5) mod 10 = 5; (15/10 = 1, 5) (2 x 5) mod 10 = 0; (10/10 = 1, 0)

So the encrypted string would be 0550.

Trouble is, half the characters mapped to 0 and half to 5. We might guess this is a problem since results are not unique. Inverses in Cryptography - Multiplicative

However, if we use 3 mod 10 we get unique results:

(8 x 3) mod 10 = 4; (24/10 = 2, 4) (7 x 3) mod 10 = 1; (21/10 = 2, 1) (3 x 3) mod 10 = 9; (9/10 = 0, 9) (2 x 3) mod 10 = 6; (6/10 = 0, 6)

The result is 4196.

This looks better, but do inverses work?

Can we decrypt? Inverses in Cryptography - Multiplicative

The multiplicative inverse of n is m, where (n x m) mod 10 = 1.

The multiplicative inverse of 3 is (3 x m) mod 10 = 1; so m = 7. Decrypting 4196 (previous slide) using 7 :

(4 x 7) mod 10 = 8 (1 x 7) mod 10 = 7 (9 x 7) mod 10 = 3 (6 x 7) mod 10 = 2; So… the inverse decrypts the cipher!

What is the condition that makes 3 work and 5 not work? Inverses in Cryptography - Multiplicative

Why 3 works.

If (a x b)  (a x c) mod n, then b  c mod n, if and only if (iff) a is relatively prime to n.

Because ((a-1) x a x b)  ((a-1) x a x c) mod n = b  c mod n

This is in accordance with Fermat’s theorem.

That is, a mod n will not produce a complete & unique set of residues if a & n have any factors in common except 1! Exercises

Example 2.2.3 Solve 푥 + 5 ≡ 9 mod 20 Example 2.2.4 Solve 푥 + 7 ≡ 3 mod 17 Example 2.2.6 Solve 5푥 + 6 ≡ 13 mod 11 Example 2.2.7 Solve 11111푥 ≡ 4 mod 12345 The Chinese Remainder Theorem

Let us examine the following congruence relation 푥 ≡ 25 mod 42 This means there exists 푘 ∈ ℤ such that 푥 = 25 + 42푘 1 Let us re-write 42 = 7 ∙ 6. We can have equation 1 becoming 푥 = 25 + 7 6푘 2 OR 푥 = 25 + 6 7푘 3 From 2 we can have 푥 ≡ 25 ≡ 4 mod 7 From 3 we can have 푥 ≡ 25 ≡ 1 mod 6 The Chinese Remainder Theorem

Therefore we can say that 푥 ≡ 4 mod 7 푥 ≡ 25 mod 42 = 푥 ≡ 1 mod 6

The Chinese Remainder Theorem will reverse this process.

That is, a system of congruences can be replaced by a single congruence (But under certain conditions). The Chinese Remainder Theorem

Theorem 2.3.1 (The Chinese Remainder Theorem)

Suppose gcd 푚, 푛 = 1 Given 푎, 푏 ∈ ℤ there exists exactly one solution 푥 mod 푚푛 to the simultaneous congruence 푥 ≡ 푎 mod 푚 푥 ≡ 푏 mod 푛

Proof: The Chinese Remainder Theorem

Example 2.3.1 Solve 푥 ≡ 3 mod 7 푥 ≡ 5 mod 15 Solution: We can observe that gcd 7,15 = 1 and 푚푛 = 105. What is 푥 congruent to modulo 105???? List down numbers congruent 3 mod 7 : 3, 10, 17, 24, 31, 38, 45, 52, 59, 66, 73, 80, 87, 94, 101,… List down numbers congruent 5 mod 15 : 5, 20, 35, 50, 65, 80, 95,… Thus, 푥 ≡ 80 mod 105 The Chinese Remainder Theorem

THE BIG QUESTION IS: WHAT ABOUT FOR LARGE NUMBERS??? MAKING A LIST LIKE THE ONE ABOVE WOULD BE IN-EFFICIENT!!!! Let’s look back at the question: Find a solution for 푥 ≡ 푎 mod 푚 1 푥 ≡ 푏 mod 푛 2 Such that 푥 ≡ 푦 mod 푚푛 (i.e. 푥 is congruent to 푦 modulo 푚푛) From 1 푥 = 푎 + 푚푘 3 The Chinese Remainder Theorem

3 and 2 we have: Solve 푎 + 푚푘 ≡ 푏 mod 푛 That is, 푚푘 ≡ 푏 − 푎 mod 푛 Since gcd 푚, 푛 = 1 there exists a multiplicative inverse 푖 for 푚 mod 푛 . So, 푖푚푘 ≡ 푏 − 푎 푖 mod 푛 and All answers are obtained by adding and subtracting multiples 푘 ≡ 푏 − 푎 푖 mod 푛 of mn to the particular answer. Substituting back into 3 푥 = 푎 + 푚 푏 − 푎 푖 ≡ 푎 + 푚 푏 − 푎 푖 mod 푚푛

푥 = ⋯ , 푎 + 푚 푏 − 푎 푖 − 2푚푛, 푎 + 푚 푏 − 푎 푖 − 푚푛, 푎 + 푚 푏 − 푎 푖 + 푚푛, 푎 + 푚 푏 − 푎 푖 + 2푚푛 , … ∎ The Chinese Remainder Theorem

Example 2.3.2 Let us try for small numbers first. Solve 푥 ≡ 1 mod 5 1 푥 ≡ 9 mod 11 2 From 1 푥 = 1 + 5푘1 3 3 into 2 1 + 5푘1 ≡ 9 mod 11 5푘1 ≡ 8 mod 11 4 Multiply both sides of 4 with inverse of 5 mod 11 Thus, 푘1 ≡ 72 ≡ 6 mod 11 and 푥 = 1 + 5 ∙ 6 ≡ 31 mod 55 The Chinese Remainder Theorem

Example 2.3.3 Solve 푥 ≡ 7 mod 563 푥 ≡ 3 mod 219 Solution: Try.

Assignment The Chinese Remainder Theorem

Theorem 2.3.2 (The Chinese Remainder Theorem – General Form)

Let 푚1, … , 푚푘 ∈ ℤ with gcd 푚푖, 푚푗 = 1 whenever 푖 ≠ 푗. Given 푎1, … , 푎푘 ∈ ℤ there exists exactly on solution 푥 mod 푚1푚2 ⋯ 푚푘 to the simultaneous congruences 푥 ≡ 푎1 mod 푚1 , 푥 ≡ 푎2 mod 푚2 ,…, 푥 ≡ 푎푘 mod 푚푘 .

Example 2.4.4 Solve 푥 ≡ 2 mod 3 푥 ≡ 3 mod 7 푥 ≡ 4 mod 16 The Chinese Remainder Theorem

Remark 2.3.1 How do you use the Chinese remainder theorem???? Suppose you want to solve 푥2 ≡ 1 mod 35 . Since 푥2 ≡ 1 mod 7 푥2 ≡ 1 mod 35 = 푥2 ≡ 1 mod 5 Observe that 푥2 ≡ 1 mod 7 has 2 solutions, 푥 ≡ ±1 mod 7 and for 푥2 ≡ 1 mod 5 we have 푥 ≡ ±1 mod 5 . We can arrange them in 4 ways: 푥 ≡ 1 mod 5 , 푥 ≡ 1 mod 7 ⇒ 푥 ≡ 1 mod 35 푥 ≡ 6 ≡ 1 mod 5 , 푥 ≡ 6 ≡ −1 mod 7 ⇒ 푥 ≡ 6 mod 35 푥 ≡ 29 ≡ −1 mod 5 , 푥 ≡ 29 ≡ 1 mod 7 ⇒ 푥 ≡ 29 mod 35 푥 ≡ 34 ≡ −1 mod 5 , 푥 ≡ 34 ≡ −1 mod 7 ⇒ 푥 ≡ 34 mod 35

So, solutions of 푥2 ≡ 1 mod 35 are 푥 ≡ 1, 6, 29, 34 mod 35 . Square roots

Consider the following: 푥2 ≡ 71 mod 77 Or more generally 푥2 ≡ 푏 mod 푛 Where 푛 = 푝푞 is the product of primes.

Remark 2.4.1 When we say 푥2 ≡ 푏 mod 푛 it means that 푥 is a square root of 푏 modulo 푛.

As in the “normal” situation such as 22 = 4 means 2 is a square root of 4. 62 = 36 means 6 is a square root of 36 Square roots

Proposition 2.4.1

푝+1 Let 푝 ≡ 3 mod 4 be a prime and let 푦 ∈ ℤ. Let 푥 ≡ 푦 4 mod 푝 .

If 푦 has a square root mod 푝, then the square roots of 푦 mod 푝 are ±푥. If 푦 has a no square root mod 푝, then −푦 has a square root mod 푝, then the square roots of −푦 mod 푝 are ±푥. Proof: Square roots

Example 2.4.1 Find square root of 5 mod 11. Solution: 푝+1 = 3. Compute 푥 ≡ 53 mod 11 and we get 42 ≡ 5 mod 11 . 4 So, the square roots of 5 mod 11 are ±4.

Example 2.4.2 Find the square roots of 2 mod 11. Solution: 푝+1 = 3. Compute x ≡ 23 mod 11 and we get 82 ≡ 9 ≡ −2 mod 11 . 4 We found the square root of -2 mod 11, that is 8. Thus, 2 has no square root mod 11. Square roots

Now let’s consider square roots for a composite modulus. Note that x2 ≡ 71 mod 77 means that x2 ≡ 71 ≡ 1 mod 7 and x2 ≡ 71 ≡ 5 mod 11 .

푝+1 Note: = 3, ± x ≡ 53 푚표푑 11 = 4 4 Therefore, x ≡ ±1 mod 7 and x ≡ ±4 mod 11 . By CRT, we can have the solution set (4 answers): x ≡ ±15, ±29 mod 77 Prime Numbers

A number 푝 > 1 that can only be divided by 1 and itself is called a prime number. Example 2.6.1 The first few prime numbers are 2,3,5,7,11,13,…

Remark 2.6.1 An integer 푎 that is not a prime is called a composite.

Theorem 2.6.1 (Fundamental Theorem of Arithmetic) Let 푎 ≥ 2 be an integer. Then 푎 can be factored as a product of primes. 푒1 푒2 푒3 푒푟 푎 = 푝1 푝2 푝3 ⋯ 푝푟 22 This factorization is unique.

Example 2.6.2 2 = 21, 3 = 31, 4 = 22, 5 = 51, 6 = 2131, … , 12 = 2231, … Also 504 = 223271 and 1125 = 3253 Discovering Primes

Many methods, oldest = Sieve of Eratosthenes. Given the first 100 numbers (1-100)

1. Remove 1 since it is not a prime by definition 2. Test 2 to see if it is only divisible by 1 and itself. Keep 2, it passes. 3. Cross out every number divisible by 2 since they are composite numbers with 2 as a factor. 4. Test 3. Keep 3, it passes. 5. Eliminate all multiples of 3 since they contain 3 as a factor 6. Test 5. Keep 5, it passes. (we didn’t do 4 - a factor of 2). 7. Repeat this process for all numbers up to 100. Example - Sieve of Eratosthenes

1 is eliminated, so starting matrix is:

02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Example - Sieve of Eratosthenes

Test 2, retain 2, eliminate all multiples of 2 since they are composite numbers with 2 as a factor. 02 03 05 07 09 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 81 83 85 87 89 91 93 95 97 99 Example - Sieve of Eratosthenes

Test 3, retain 3, eliminate multiples of 3.

02 03 05 07 11 13 17 19 23 25 29 31 35 37 41 43 47 49 53 55 59 61 65 67 71 73 77 79 83 85 89 91 95 97 Example - Sieve of Eratosthenes

Test 5, retain 5, eliminate multiples of 5.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 49 53 59 61 67 71 73 77 79 83 89 91 97 Example - Sieve of Eratosthenes

Test 7, retain 7, eliminate multiples of 7.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Example - Sieve of Eratosthenes

Test 11, retain 11, eliminate multiples of 11 (there aren’t any). We could go on, but all the remaining # are also primes.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Example - Sieve of Eratosthenes

We have discovered all the primes less than 100. The sieve computationally intensive (and dull)!

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Computing Primes - Some Properties

There are infinitely many primes. Why?

Suppose you have a finite set of primes. Just multiply them all together and add 1. The result will not be divisible by any of the primes in your set (the remainder will always be one when you divide). It is not in your set and you have a new prime!

Example: the set is 2,3,5,7 - all primes

2x3x5x7 = 210 + 1 = 211; is it prime - yep! 2x3x5x7x11 = 2,310 + 1 = 2311; is it prime - yep! Computing Primes - More Properties

Primes thin out for larger primes (result of multiplying).

3 digit primes 25 in 100 (1 out of 4 numbers - 25%) 10 digit primes , 1 in 23 - 4.3% 100 digit primes, 1 in 230 - .43%

Going through all of them like the sieve does is too slow.

We need 100 - 150 digit primes. If we guess a 150 digit number, we have 1 chance in 230 of it being a prime.

This is computationally feasible. This also means you must generate and test candidate Prime numbers. Determining primes (Primality tests)

Definition 2.6.2 Let 휋 푥 be the counting function that counts the number of prime numbers less than 푥.

Example 2.6.4 휋 10 = 4 because there are 4 primes that are less than 10. That is, 2,3,5,7 .

Theorem 2.6.2 (The Prime Number Theorem) -1896 Let 휋 푥 be the counting function that counts the number of prime numbers less than 푥. Then, 푥 휋 푥 ~ as 푥 → ∞ log 푥 Determining primes (Primality tests)

Lemma 2.6.3 If 푝 is a prime and 푝 divides a product of integers 푎푏, then either 푝|푎 or 푝|푏. Proof:

Remark 2.6.2 In general, if 푝 is a prime and 푝 divides a product of integers 푛1푛2푛3 ⋯ 푛푘 then 푝 must divide one of the factors 푛1, 푛2 , 푛3, ⋯ , 푛푘.

Example 2.6.6 7|294. Observe 294 = 49 × 6. Let = 49, 푏 = 6 ⟹ 7|49. Prime Numbers

A number 푝 > 1 that can only be divided by 1 and itself is called a prime number. Example 2.6.1 The first few prime numbers are 2,3,5,7,11,13,…

Remark 2.6.1 An integer 푎 that is not a prime is called a composite.

Example 2.6.2 2 = 21, 3 = 31, 4 = 22, 5 = 51, 6 = 2131, … , 12 = 2231, … Also 504 = 223271 and 1125 = 3253 Discovering Primes

Many methods, oldest = Sieve of Eratosthenes. Given the first 100 numbers (1-100)

1 is eliminated, so starting matrix is:

Test 3, retain 3, eliminate multiples of 3.

02 03 05 07 11 13 17 19 23 25 29 31 35 37 41 43 47 49 53 55 59 61 65 67 71 73 77 79 83 85 89 91 95 97 Example - Sieve of Eratosthenes

Test 5, retain 5, eliminate multiples of 5.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 49 53 59 61 67 71 73 77 79 83 89 91 97 Example - Sieve of Eratosthenes

Test 7, retain 7, eliminate multiples of 7.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Example - Sieve of Eratosthenes

Test 11, retain 11, eliminate multiples of 11 (there aren’t any). We could go on, but all the remaining # are also primes.

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Example - Sieve of Eratosthenes

We have discovered all the primes less than 100. The sieve computationally intensive (and dull)!

02 03 05 07 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 Computing Primes - Some Properties

There are infinitely many primes. Why?

Example: the set is 2,3,5,7 - all primes

2x3x5x7 = 210 + 1 = 211; is it prime - yep! 2x3x5x7x11 = 2,310 + 1 = 2311; is it prime - yep! Computing Primes - More Properties

Primes thin out for larger primes (result of multiplying).

3 digit primes 25 in 100 (1 out of 4 numbers - 25%) 10 digit primes , 1 in 23 - 4.3% 100 digit primes, 1 in 230 - .43%

Going through all of them like the sieve does is too slow.

We need 100 - 150 digit primes. If we guess a 150 digit number, we have 1 chance in 230 of it being a prime.

This is computationally feasible. This also means you must generate and test candidate Prime numbers. Determining primes (Primality tests)

Definition 2.6.2 Let 휋 푥 be the counting function that counts the number of prime numbers less than 푥.

Example 2.6.4 휋 10 = 4 because there are 4 primes that are less than 10. That is, 2,3,5,7 .

Lemma 2.6.3 If 푝 is a prime and 푝 divides a product of integers 푎푏, then either 푝|푎 or 푝|푏. Proof:

Remark 2.6.2 In general, if 푝 is a prime and 푝 divides a product of integers 푛1푛2푛3 ⋯ 푛푘 then 푝 must divide one of the factors 푛1, 푛2 , 푛3, ⋯ , 푛푘.

Example 2.6.6 7|294. Observe 294 = 49 × 6. Let a = 49, 푏 = 6 ⟹ 7|49. Determining primes (Primality tests)

Fermat’s little theorem Theorem 2.6.4 (Fermat’s little theorem) If 푝 is a prime and 푝 ∤ 푎 then 푎푝−1 ≡ 1 mod 푝 . Proof:

Corollary 2.6.5 (Fermat’s little theorem) If 푝 is a prime and 푝 ∤ 푎 then 푎푝 ≡ 푎 mod 푝 . Proof:

Example 2.6.7 Let 푝 = 11 and 푎 = 2. We have 210 ≡ 1 mod 11 Fermat’s little theorem (Primality tests)

• Remark 2.6.3 • Usually if 2푛−1 ≡ 1 mod 푛 then 푛 is prime. • But there are exceptions. Example 푛 = 561, 2560 ≡ 1 mod 561 , but 561 = 3 ∙ 11 ∙ 17 . But, if clearly 2푛−1 ≢ 1 mod 푛 then 푛 is not prime. • So, FLT only states a necessary condition. That is if for 2 integers 푗 and 푎 and 푗 ∤ 푎 and 푎푗−1 ≡ 1 mod 푗 it is not necessary that 푗 is prime. • So, we can have the following flow chart. Determining primes (Primality tests)

Example 2.6.8 푛 = 561, 2560 ≡ 1 mod 561 , now take 푎 = 3 we have 3560 ≡ 375 mod 561 .

푛 = 341, 2340 ≡ 1 mod 341 , now take 푎 = 3 we have 3340 ≡ 56 mod 341 .

Remark 2.6.4 As seen in the example in Example 2.6.8, we will call 3 as a “witness” that 561 and 341 are not primes. Where else, 2 is a ”liar” that 561 and 341 are primes.

Definition 2.6.3 Fix an integer 푛. We say that an integer 푎 is a witness for (the compositeness) of 푛 if 푎푛 ≢ 푎 mod 푛 . Determining primes (Primality tests)

Remark 2.6.5 If according to our experience above, to test whether an integer 푛 is composite or not, one has to test for all possible witness 푎1, 푎2, … that will “testify” that 푛 is composite. TESTIFY IT IS COMPOSITE – NOT IT IS PRIME However, there are integers that DON’T HAVE WITNESSES THAT THEY ARE COMPOSITE!!! Example 2.6.9 Let 561 = 3 x 11 x 17. But for all 푎 where 561∤ 푎 it will always result in 푎561 ≡ 푎 mod 561 .∎

Remark 2.6.6 The integers such as the one illustrated in Example 2.6.9 are known as Carmichael numbers. In 1984, Alford, Granville and Pomerance proved that there are infinitely many Carmichael numbers!!! So, a better strategy to determine primes other that the FLT must be designed. Determining primes (Primality tests)

Proposition 2.6.6 Let 푝 be an odd prime and write 푝 − 1 = 2푘푞 with 푞 being an odd number. Let 푎 be any number not divisible by 푝. Then one of the following 2 conditions are true: 푎푞 ≡ 1 mod 푝 푘−1 푘 One of 푎푞, 푎2푞, … , 푎2 푞, 푎2 푞 is congruent to -1 modulo 푝.

Proof: Determining primes (Primality tests)

Definition 2.6.4 (Miller-Rabin Primality Test) Let 푛 > 1 be an odd integer. 1. Write 푛 − 1 = 2푘푚 with 푚 odd. 2. Choose random integer 푎 with 1 < 푎 < 푛 − 1. 푚 3. Compute 푏0 ≡ 푎 mod 푛 . 4. If 푏0 ≡ ±1 mod 푛 ---STOP. Declare 푛 is probably a prime. 2 5. Otherwise, let 푏1 ≡ 푏0 mod 푛 . 6. If 푏1 ≡ 1 mod 푛 . 푛 is a composite number. 7. If 푏1 ≡ −1 mod 푛 ---STOP. Declare 푛 is probably a prime. 2 8. Otherwise, let 푏2 ≡ 푏1 mod 푛 . 9. If 푏2 ≡ 1 mod 푛 . 푛 is a composite number. 10.If 푏2 ≡ −1 mod 푛 ---STOP. Declare 푛 is probably a prime. 11.Continue until stopping or reaching 푏푘−1. 12.If reach 푏푘−1 ≢ −1 mod 푛 , then 푛 is composite. Determining primes (Primality tests)

Example 2.6.7 Let’s try the Carmichael number 푛 = 561. Then 푛 − 1 = 560 = 16 × 35 or 560 = 24 × 35 (observe that 푘 = 4). Let 푎 = 2. 35 푏0 ≡ 2 ≡ 263 mod 561 2 2∙35 푏1 ≡ 푏0 ≡ 2 ≡ 166 mod 561 2 4∙35 푏2 ≡ 푏1 ≡ 2 ≡ 67 mod 561 2 8∙35 푏3 ≡ 푏2 ≡ 2 ≡ 1 mod 561 Since, 푏푘−1 = 푏3 ≢ −1 mod 561 , we conclude that 561 is a composite number. OR we can say: The 1st number 235mod 561 is neither 1 nor -1 (point IV), and the other numbers in the list are not equal to -1. So 561 is a composite. We say 2 is a Miller-Rabin witness to the fact that 561 is composite.∎ Determining primes (Primality tests)

Example 2.6.8 Let’s try the number 푛 = 172947529. Then 푛 − 1 = 172947528 = 8 × 21618441 or 172947528 = 23 × 21618441 (observe that 푘 = 3).

Let 푎 = 3. Observe 321618441 ≡ −1 mod 172947529

So, 172947529 is prime? Let 푎 = 17. Observe 1721618441 ≡ 1 mod 172947529 So, 172947529 is prime? It looks like it…Try more 푎′푠 … 1 < 푎 < 푛 − 1 Try 푎 = 23. Observe 21618441 푏0 ≡ 23 ≡ 40063806 mod 172947529 2∙21618441 푏1 ≡ 23 ≡ 2257065 mod 172947529 4∙21618441 푏2 ≡ 23 ≡ 1 mod 172947529

Thus, 23 is a Miller-Rabin witness for 172947529. Actually 172947529 is a composite number. In fact it is a Carmichael number.∎ Determining primes (Primality tests)

Example 2.6.9 Let’s try the number 푛 = 601. Then 푛 − 1 = 600 = 23 × 75. 75 Let 푎 = 2. Observe 푏0 ≡ 2 ≡ 1 mod 601 . 601 prime? 75 Let 푎 = 3. Observe 푏0 ≡ 3 ≡ 1 mod 601 . 601 prime? 75 Let 푎 = 4. Observe 푏0 ≡ 4 ≡ 1 mod 601 601 prime? ---Declare 601 probably prime.—In fact it is prime!!!

Remark 2.6.7 M-R test is better than FLT to check for prime numbers because there are no Carmichael numbers for the M-R test. The question is: How many “witnesses” that we can count upon so that we can “catch” a number if it is a composite? Determining primes (Primality tests)

Proposition 2.6.7 Let 푛 be an odd composite number. Then at least 75% of the numbers between 1 and 푛 − 1 are Miller-Rabin witnesses for 푛. Proof:

Remark 2.6.8 Before understanding the proof of Proposition 2.6.7, we will observe characteristics and structure of the witnesses via the following lemmas.

Lemma 2.6.8 If 푏, 푐 ∈ ℤ+ such that gcd(b,c)=1 and 푥푏 ≡ 푐 mod 푛 has 푘 > 0 solutions, then 푥푏 ≡ 1 mod 푛 also has 푘 solutions. Proof: Determining primes (Primality tests)

Corollary 2.6.9 If a composite integer 푛 has at least one witness 푥 such that gcd 푥, 푛 = 1, then at least half of the elements of 1,2, … , 푛 − 1 are Fermat witnesses for 푛. Proof:

Definition 2.6.5 An odd composite integer 푛 is a Carmichael number if for every 푥 such that gcd 푥, 푛 = 1 is a Fermat liar for 푛. Determining primes (Primality tests)

Lemma 2.6.10 If 푛 is a Carmichael number, then 푛 has at least 3 distinct prime factors and is not divisible by the square of any prime. Proof:

We state here again Proposition 2.6.7.

Proposition 2.6.7 Let 푛 be an odd composite number. Then at least 75% of the numbers between 1 and 푛 − 1 are Miller-Rabin witnesses for 푛. Proof: Primitive Roots

Consider the powers of 3 mod7 as follows:

31 mod7 ≡ 3 32 mod7 ≡ 2 33 mod7 ≡ 6 34 mod7 ≡ 4 35 mod7 ≡ 5 36 mod7 ≡ 1

Observe the set 1,2,3,4,5,6 = ℤ7. Thus, we say 3 is a primitive root of 7. Primitive Roots

Example 2.7.1 Is 4 a primitive root of 7? Solution: 41 mod7 ≡ 4 42 mod7 ≡ 2 43 mod7 ≡ 1 44 mod7 ≡ 4 45 mod7 ≡ 2 46 mod7 ≡ 1 NO. 4 is not a primitive root of 7. We say 1,2,4 are powers of 4 modulo 7. Primitive Roots

Theorem 2.7.1

Let 푝 be a prime number. There exists an element 푔 ∈ 픽푝 whose 2 3 푝−1 power gives every element in 픽푝. That is, 픽푝 = 푔, 푔 , 푔 , … , 푔 . Elements with this property are called primitive roots of 픽푝 or generators of 픽푝. Proof:

Examples: Is 3 a primitive root of 13? Is 2 a primitive root of 11? Is 2 a primitive root of 17? Primitive Roots

Definition 2.7.1 ℤ/푚ℤ = 0,1,2, … , 푚 − 1

Definition 2.7.2 ℤ/푚ℤ ∗ = 푎 ∈ ℤ/푚ℤ ∶ gcd 푎, 푚 = 1 OR ℤ/푚ℤ ∗ = 푎 ∈ ℤ/푚ℤ ∶ 푎 has an Primitive Roots

Proposition 2.7.2 Let 푔 be a primitive root for the prime 푝. Let 푛 be an integer. Then 푔푛 ≡ 1 mod 푝 if and only if 푛 ≡ 0 mod 푝 − 1 . If 푗 and 푘 are integers, then 푔푗 ≡ 푔푘 mod 푝 if and only if 푗 ≡ 푘 mod 푝 − 1 .

Proof: Part 1 (⇐) If 푛 ≡ 0 mod 푝 − 1 , then we have 푛 = 푝 − 1 푚 for some integer 푚. Therefore by Fermat’s theorem we have: 푔푛 ≡ 푔푚 푝−1 ≡ 1 mod 푝 ⇒ Suppose 푔푛 ≡ 1 mod 푝 . We want to show that 푝 − 1|푛. So we divide 푝 − 1 into 푛 and try to show that the remainder is 0. We write: 푛 = 푝 − 1 푞 + 푟 with 0 ≤ 푟 < 푝 − 1 Now we have: 1 ≡ 푔푛 ≡ 푔푞 푝−1푔푟 ≡ 1 ∙ 푔푟 ≡ 푔푟 mod 푝 Primitive Roots

Now suppose 푟 > 0. If we consider the powers 푔, 푔2, … of 푔 mod 푝 , then we get back to 1 after 푟 steps. After that we will loop again: 푔푟+1 ≡ 푔, 푔푟+2 ≡ 푔2, … So the powers of 푔 mod 푝 yield only the remainders (푟 numbers) that are given by 푔, 푔2, … , 1. Now if we take 푟 < 푝 − 1 we can’t generate the whole list (we won’t be able to generate 1). This contradicts the fact 푔 is a primitive root. The only way we can generate 1 is by setting 푟 = 0. By setting 푟 = 0 we will have the relation 푛 = 푝 − 1 푞, which means 푝 − 1|푛 or 푛 ≡ 0 mod 푝 − 1 ∎ Primitive Roots

Proof Part 2 ⇒ Assume 푗 ≥ 푘. Divide both sides by 푔푘 we will get 푔푗−푘 ≡ 1 mod 푝 . By part 1 this means 푗 − 푘 ≡ 0 mod 푝 − 1 . So, 푗 ≡ 푘 mod 푝 − 1 . (⇐) If , 푗 ≡ 푘 mod 푝 − 1 , we have 푗 − 푘 ≡ 0 mod 푝 − 1 which would imply 푔푗−푘 ≡ 1 mod 푝 . Hence, 푔푗 ≡ 푔푘 mod 푝 .∎