DOCSLIB.ORG

Modular Arithmetic II

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Modular Arithmetic II Modular arithmetic II We now look at modular arithmetic again, to prove some results that we skipped over the first time. 1 Chinese remainder theorem We first prove what is commonly known as the \Chinese remainder theorem". As an application, this will let us quickly calculate φ(m) in terms of the prime factorization of m. Let's go ahead and state the result about φ(m), so that we are not burying the lede. a1 ar Theorem 1. Suppose m = p1 ··· pr is the prime factorization of m, so that aj ≥ 1 for j = Qr aj −1 1; 2; : : : ; r. Then φ(m) = j=1 (pj − 1)pj . Example 2. Here are two special cases of the theorem: 1. Suppose m = p1p2. Then φ(m) = (p1 − 1)(p2 − 1). So, for example, φ(15) = 2 · 4 = 8, as we computed before. 2. Suppose m = pj is a power of p. Then φ(m) = (p − 1)pj−1. So, for example, φ(9) = 2 · 3 = 6 and φ(27) = 2 · 9 = 18. Example 3. This is a non-example. Is there an integer x that is • ≡ 3 (mod 10) • ≡ 2 (mod 15)? The answer is \no", because such an x must on the one hand be 3 modulo 5 and on the other hand be 2 modulo 5. So, the problem, so to speak, is that 5j10 and 5j15, so there is a possibility for an obvious incompatibility between the two congruences. This leads us to Theorem 4 (Chinese Remainder Theorem). Suppose (m1; m2) = 1, and a1; a2 are two integers. Then there is an x with • x ≡ a1 (mod m1) • x ≡ a2 (mod m2). Moreover, such an x is unique modulo m = m1m2. Proof. Let's do uniqueness first. If x; x0 are two solutions to the above two congruence, then x − x0 0 0 is ≡ 0 modulo m1 and modulo m2. Thus m1j(x − x ) and m2j(x − x ). Because (m1; m2) = 1, 0 0 m = m1m2 divides x − x . Thus x ≡ x (mod m). For the existence, one proceeds as follows. As we have shown before, (m1; m2) = 1 implies that there exists integers y1; y2 with m1y1 + m2y2 = 1. From this equation, we obtain • m1y1 ≡ 0 (mod m1) and ≡ 1 (mod m2), while 1 • m2y2 ≡ 1 (mod m1) and ≡ 0 (mod m2). Set x = a2(m1y1) + a1(m2y2). Multiplying the above congruences by a2 and a1, respectively, and adding, one gets the desired result for x. Example 5. Note that 4 · 7 − 3 · 9 = 1. Find an integer x so that • x ≡ 4 (mod 7) • x ≡ 3 (mod 9). Answer: • 4 · 7 is ≡ 0 (mod 7) and 1 (mod 9) while • (−3) · 9 is ≡ 1 (mod 7) and ≡ 0 (mod 9). Thus 3 · 7 · 4 + 4 · 9 · (−3) = 12 · (7 − 9) = −24 is equivalent to 4 (mod 7) and ≡ 3 (mod 9). We could also take x = −24 + 63 = 39 for x. We stated a simple version of the CRT. Here is the more general version: Theorem 6. Suppose m1; m2; : : : ; mr are pairwise relatively prime, so that (mi; mj) = 1 if i 6= j. Let a1; : : : ; aj be integers. Then there is an integer x with x ≡ aj (mod mj) for j = 1; 2; : : : ; r. Moreover, x is unique modulo m = m1 ··· mr. Proof. Set m0 = m . Because m , m0 are relatively prime, there exists an integer b with m0 b ≡ 1 j mj j j j j j (mod mj). Set r X 0 x = mjbjaj: j=1 th th Then all but the j term in the sum is 0 modulo mj, while the j -term is equivalent to aj modulo mj. Thus x ≡ aj (mod mj) for each j. The uniqueness of x modulo m follows just as the m = m1m2 case of the CRT proved above. 2 Euler's φ function The function φ(m) is called Euler's φ function, or his \totient" function (not that you need to know that.) Recall Definition 7. For a positive integer m, φ(m) is the number of integers a with 1 ≤ a ≤ m and (a; m) = 1. In order to prove Theorem 1, we require the following lemma. Lemma 8. Suppose m = m1m2 with (m1; m2) = 1. Then φ(m) = φ(m1)φ(m2). Proof. We want to count the integers x with • 1 ≤ x ≤ m1m2 2 • (x; m1) = 1 • (x; m2) = 1. Equivalently, we want to count the x modulo m with (x; m1) = 1 and (x; m2) = 1. Suppose • a1; : : : ; aφ(m1) are the classes modulo m1 prime to m1 and • b1; : : : ; bφ(m2) are the classes modulo m2 prime to m2. Then (x; m1) = 1 and (x; m2) = 1 if and only if there is some j; k with • x ≡ aj (mod m1) and • x ≡ bk (mod m2). By the CRT, there exists a unique x modulo m for each pair (aj; bk). Thus, the total number of x with 1 ≤ x ≤ m1m2 and (x; m1) = 1, (x; m2) = 1 is φ(m1)φ(m2). Let's do an example: Take m = 15 = 3 · 5. ∗ 0 1 2 3 4 0 0 6 12 3 9 : 1 10 1 7 13 4 2 5 11 2 8 14 The table shows the 15 residue classes modulo 15. Which row a number sits in say what this number is modulo 3, and which column a number sits in says what this number is modulo 5. The way to make such a table is to start with the 0 in the upper left corner, and move \southeast", writing in 0; 1; 2; :::. And then, when one reaches the bottom one \wraps around" to the top, and when one reaches the right edge, one \wraps around" to the left. Note that all the numbers that are outside the 0th row and column are the residue classes that are relatively prime to 15. So, the picture shows that φ(15) = φ(3)φ(5) = 2 · 4. From Lemma 8, we can now prove Theorem 1: Proof of Theorem 1. We have φ(p) = p − 1 if p is a prime. More generally, consider powers of primes. If 1 ≤ x ≤ pj, then x is prime to pj if and only if x is prime to p. So φ(pj) = pj − pj−1 because • pj is the number of x with 1 ≤ x ≤ pj • pj−1 is the number of multiples of p between 1 and pj. j j−1 Thus φ(p ) = (p − 1)p . Theorem 1 thus follows from φ(m1m2) = φ(m1)φ(m2) when m1; m2 are relatively prime. We are getting closer to proving Theorem 9. If p is a prime, then there exists g with ordp(g) = p − 1. Our proof uses the following proposition about the Euler φ-function. 3 Proposition 10. One has X φ(d) = m: djm For example • m = p, then φ(1) + φ(p) = 1 + (p − 1) = p • m = p1p2, then φ(1) + φ(p1) + φ(p2) + φ(p1p2) = 1 + (p1 − 1) + (p2 − 2) + (p1 − 1)(p2 − 1) = p1p2: Proof of Proposition 10. If m is prime, we are done by the above example. Otherwise, m = m1m2 for some integers m1; m2 with 1 < mj < m and (m1; m2) = 1. Now, note that an integer djm if and only if d = d1d2 for integers d1; d2 where d1jm1 and d2jm2. Thus X X φ(d) = φ(d1d2) djm d1jm1;d2jm2 X = φ(d1)φ(d2) d1jm1;d2jm2 0 1 0 1 X X = @ φ(d1)A @ φ(d2)A d1jm1 d2jm2 = m1m2: The last equality follows by induction. 3 Generators modulo p We are almost ready to prove Theorem 9. For p a prime, and h an integer, denote by Np(h) the number of nonzero residue classes r modulo p with ordp(r) = h. Lemma 11. With notation as above, Np(h) ≤ φ(h). In fact, Np(h) = 0 or Np(h) = φ(h). Proof. If there are no elements r with ordp(r) = h, then Np(h) = 0 and we are done. Thus, suppose h ordp(r) = h. Then, r is a solution to x − 1 ≡ 0 (mod p). We have already proved that degree h equations have at most h roots modulo p, so Np(h) ≤ h. Why ≤ φ(h)? 2 h−1 • ordp(r) = h ) 1; r; r ; : : : ; r are distinct modulo p • these powers of r are solutions to xh − 1 ≡ 0 (mod p) • Thus, these powers of r are the only solutions to xh − 1 ≡ 0 (mod p). d h • However, we have already proved ordp(r ) = gcd(h;d) . 4 d • Thus, ordp(r ) = h if and only if (d; h) = 1. Therefore, the classes modulo p with order h are exactly the rd with (d; h) = 1. Consequently, if Np(h) ≥ 1 then Np(h) = φ(h). This proves the lemma. Let's show how the proof of Theorem 9 works in an example, so you get the idea: Example 12. Suppose p = 23. Then φ(p) = 22 = 2·11. Therefore, the possible orders for elements modulo p are the divisors of p − 1 = 22, so 1; 2; 11; 22. h 1 2 11 22 : N(h) ≤ φ(1) = 1 ≤ φ(2) = 1 ≤ φ(11) = 10 ≤ φ(22) = 10 On the one hand, the lemma puts an upper bound on the number Np(h) for each possible h. But P on the other hand, because every element modulo p has some order, hjp−1 Np(h) = p − 1. Since 1 + 1 + 10 + 10 = 22 = p − 1, all the ≤ must be equalities. In particular, φ(22) = 10 ≥ 1, proving that there is a g with ord23(g) = 22.
Load more

Recommended publications
  • Modular Arithmetic
    CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range f0;1;:::;N ¡ 1g, and wraps around whenever you try to leave this range — like the hand of a clock (where N = 12) or the days of the week (where N = 7). Example: Calculating the day of the week. Suppose that you have mapped the sequence of days of the week (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday) to the sequence of numbers (0;1;2;3;4;5;6) so that Sunday is 0, Monday is 1, etc. Suppose that today is Thursday (=4), and you want to calculate what day of the week will be 10 days from now. Intuitively, the answer is the remainder of 4 + 10 = 14 when divided by 7, that is, 0 —Sunday. In fact, it makes little sense to add a number like 10 in this context, you should probably find its remainder modulo 7, namely 3, and then add this to 4, to find 7, which is 0. What if we want to continue this in 10 day jumps? After 5 such jumps, we would have day 4 + 3 ¢ 5 = 19; which gives 5 modulo 7 (Friday). This example shows that in certain circumstances it makes sense to do arithmetic within the confines of a particular number (7 in this example), that is, to do arithmetic by always finding the remainder of each number modulo 7, say, and repeating this for the results, and so on.
    [Show full text]
  • 8.6 Modular Arithmetic
    “mcs” — 2015/5/18 — 1:43 — page 263 — #271 8.6 Modular Arithmetic On the first page of his masterpiece on number theory, Disquisitiones Arithmeticae, Gauss introduced the notion of “congruence.” Now, Gauss is another guy who managed to cough up a half-decent idea every now and then, so let’s take a look at this one. Gauss said that a is congruent to b modulo n iff n .a b/. This is j written a b.mod n/: ⌘ For example: 29 15 .mod 7/ because 7 .29 15/: ⌘ j It’s not useful to allow a modulus n 1, and so we will assume from now on that moduli are greater than 1. There is a close connection between congruences and remainders: Lemma 8.6.1 (Remainder). a b.mod n/ iff rem.a; n/ rem.b; n/: ⌘ D Proof. By the Division Theorem 8.1.4, there exist unique pairs of integers q1;r1 and q2;r2 such that: a q1n r1 D C b q2n r2; D C “mcs” — 2015/5/18 — 1:43 — page 264 — #272 264 Chapter 8 Number Theory where r1;r2 Œ0::n/. Subtracting the second equation from the first gives: 2 a b .q1 q2/n .r1 r2/; D C where r1 r2 is in the interval . n; n/. Now a b.mod n/ if and only if n ⌘ divides the left side of this equation. This is true if and only if n divides the right side, which holds if and only if r1 r2 is a multiple of n.
    [Show full text]
  • 1. Modular Arithmetic
    Modular arithmetic Divisibility Given p ositive numb ers a b if a we can write b aq r 1 for appropriate integers q r such that r a The numb er r is the remainder We say that a divides b or ajb if r and so b aq ie b factors as a times q Primes A numb er is prime if it cant b e factored as a pro duct of two numb ers greater or equal to If a numb er factors ie it is not prime then we say that it is comp osite Exercise Find all prime numb ers smaller than Here are several imp ortant questions How do we determine whether a numb er is prime How do we factor a numb er into primes How can we nd big prime numb ers How many prime numb ers are there Exercise Factor Exercise Show that every numb er is either prime or divisible by a prime numb er Theorem There are innitely many prime numbers Proof Supp ose that there are only nitely many prime numb ers P P 1 n then N P P P is not divisible by any prime hence it do es 1 2 n factor and hence it is a new prime not ˜ Divisibility tricks Recall that a numb er is even if its last digit is divisible by it is divisible by if the sum of its digits is divisible by it is divisible by if its last digit is divisible by etc Why is this Can we nd other divisibility tricks eg for One p ossible explanation Let abc b e a digit numb er so that abc a b c Then abc a b c and this is an integer only if c is an integer abc a b c and this is an integer only if c is an integer abc a b a b c and this is an integer only if a b c is an integer
    [Show full text]
  • Chinese Remainder Theorem
    THE CHINESE REMAINDER THEOREM KEITH CONRAD We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens 1. Introduction The Chinese remainder theorem says we can uniquely solve every pair of congruences having relatively prime moduli. Theorem 1.1. Let m and n be relatively prime positive integers. For all integers a and b, the pair of congruences x ≡ a mod m; x ≡ b mod n has a solution, and this solution is uniquely determined modulo mn. What is important here is that m and n are relatively prime. There are no constraints at all on a and b. Example 1.2. The congruences x ≡ 6 mod 9 and x ≡ 4 mod 11 hold when x = 15, and more generally when x ≡ 15 mod 99, and they do not hold for other x. The modulus 99 is 9 · 11. We will prove the Chinese remainder theorem, including a version for more than two moduli, and see some ways it is applied to study congruences. 2. A proof of the Chinese remainder theorem Proof. First we show there is always a solution. Then we will show it is unique modulo mn. Existence of Solution. To show that the simultaneous congruences x ≡ a mod m; x ≡ b mod n have a common solution in Z, we give two proofs. First proof: Write the first congruence as an equation in Z, say x = a + my for some y 2 Z. Then the second congruence is the same as a + my ≡ b mod n: Subtracting a from both sides, we need to solve for y in (2.1) my ≡ b − a mod n: Since (m; n) = 1, we know m mod n is invertible.
    [Show full text]
  • Number Theory
    Number Theory Margaret M. Fleck 31 January 2011 These notes cover concepts from elementary number theory. 1 Number Theory We’ve now covered most of the basic techniques for writing proofs. So we’re going to start applying them to specific topics in mathematics, starting with number theory. Number theory is a branch of mathematics concerned with the behavior of integers. It has very important applications in cryptography and in the design of randomized algorithms. Randomization has become an increasingly important technique for creating very fast algorithms for storing and retriev- ing objects (e.g. hash tables), testing whether two objects are the same (e.g. MP3’s), and the like. Much of the underlying theory depends on facts about which numbers evenly divide one another and which numbers are prime. 2 Factors and multiples You’ve undoubtedly seen some of the basic ideas (e.g. divisibility) somewhat informally in earlier math classes. However, you may not be fully clear on what happens with special cases, e.g. zero, negative numbers. We also need clear formal definitions in order to write formal proofs. So, let’s start with 1 Definition: Suppose that a and b are integers. Then a divides b if b = an for some integer n. a is called a factor or divisor of b. b is called a multiple of a. The shorthand for a divides b is a | b. Be careful about the order. The divisor is on the left and the multiple is on the right. Some examples: • 7 | 77 • 77 6| 7 • 7 | 7 because 7 = 7 · 1 • 7 | 0 because 0 = 7 · 0, zero is divisible by any integer.
    [Show full text]
  • IV.5 Arithmetic Geometry Jordan S
    i 372 IV. Branches of Mathematics where the aj,i1,...,in are indeterminates. If we write with many nice pictures and reproductions. A Scrap- g1f1 + ··· + gmfm as a polynomial in the variables book of Complex Curve Theory (American Mathemat- x1,...,xn, then all the coefficients must vanish, save ical Society, Providence, RI, 2003), by C. H. Clemens, the constant term which must equal 1. Thus we get and Complex Algebraic Curves (Cambridge University a system of linear equations in the indeterminates Press, Cambridge, 1992), by F. Kirwan, also start at an easily accessible level, but then delve more quickly into aj,i1,...,in . The solvability of systems of linear equations is well-known (with good computer implementations). advanced subjects. Thus we can decide if there is a solution with deg gj The best introduction to the techniques of algebraic 100. Of course it is possible that 100 was too small geometry is Undergraduate Algebraic Geometry (Cam- a guess, and we may have to repeat the process with bridge University Press, Cambridge, 1988), by M. Reid. larger and larger degree bounds. Will this ever end? For those wishing for a general overview, An Invitation The answer is given by the following result, which was to Algebraic Geometry (Springer, New York, 2000), by proved only recently. K. E. Smith, L. Kahanpää, P. Kekäläinen, and W. Traves, is a good choice, while Algebraic Geometry (Springer, New Effective Nullstellensatz. Let f1,...,fm be polyno- York, 1995), by J. Harris, and Basic Algebraic Geometry, mials of degree less than or equal to d in n variables, volumes I and II (Springer, New York, 1994), by I.
    [Show full text]
  • Congruences and Modular Arithmetic
    UI Math Contest Training Modular Arithmetic Fall 2019 Congruences and Modular Arithmetic • Congruences: We say a is congruent to b modulo m, and write a ≡ b mod m , if a and b have the same remainder when divided by m, or equivalently if a − b is divisible by m. Equivalently, the congruence notation a ≡ b mod m can be thought of as a shorthand notation for the statement \there exists an integer k such that a = b + km." Here are some examples to illustrate this notation: (1) 5 ≡ 17 mod 3 (since 5 and 17 both have remainder 2 when divided by 3, or equivalently, since 17 − 5 = 12 is divisible by 3). (2) 10 ≡ −4 mod 7 (since 10 − (−4) = 14 is divisible by 7) (3) 2013 ≡ 0 mod 3 (since 2013 − 0 = 2013 is divisible by 3) (4) n ≡ 0 mod 2 if n is even, and n ≡ 1 mod 2 if n is odd. (5) n ≡ d mod 10 if n has d as last decimal digit (since then n = d + 10k for some integer k, and hence n ≡ d mod 10) • Modular arithmetic: The key fact about congruences is that congruences to the same modu- lus can be added, multiplied, and taken to a fixed positive integral power. For example, since 6 ≡ −1 mod 7, we have 61000 ≡ (−1)1000 = 1 mod 7. This type of manipulation is called modular arithmetic or congruence magic, and it allows one to quickly calculate remainders and last digits of numbers with thousands of digits. • Congruence magic: An example. Consider the problem of finding the last digit of 20132014 (which is a number with thousands of decimal digits).
    [Show full text]
  • Large Numbers, the Chinese Remainder Theorem, and the Circle of Fifths Version of January 27, 2001
    Large Numbers, the Chinese Remainder Theorem, and the Circle of Fifths version of January 27, 2001 S. A. FULLING Texas A&M University College Station, TX 77843-3368 [email protected] 1. The problem. Consider a recurrence relation such as 2 an+1 = an +(n+3)nan ;a0=1; whose solutions are integers that grow rapidly with n. (This is a cooked-up example. For a realistic problem of this nature, look at [2], especially the formula at the end, and contemplate calculating Y40 ; or look at equation (3.65) of [9], whre the last coefficient is a fraction whose denominator has 80 decimal digits.) Suppose that: (1) We do not know how to solve the recurrence in closed form, so we want to use a computer to grind out the values of a for, say, n 20: n ≤ a1 =1;a2=5;a3=75;a4= 6975;a5= 48845925; :::: (2) We insist on knowing the answers exactly; floating-point numbers of a fixed precision are not adequate. The problem is that eventually the numbers will overflow the natural “word size” of the computer. If integers are represented by 16 bits, the largest signed integer is 215 1, the largest unsigned integer is 216 1. If “long” (32-bit) integers are used, we can get− up to 232 1 unsigned. − What− happens when an integer variable overflows depends on the programming lan- guage used. Some systems will give an error message and abort the program. In standard C, the storage of the number “rolls over” like a car’s odometer: the most significant dig- its are lost, without warning.
    [Show full text]
  • Modular Arithmetic
    Computational Number Theory Vidur Jasuja November 2020 1 So what is a mod anyway? 1.1 Some Notes • Note: unless stated otherwise, all variables stated will be assumed to be integers. • If a is divisible by b, we say that b divides a, denoted as b j a: 1.2 Defining Congruence Definition (Congruence (mod n)) We say two numbers a and b are congruent modulo n, where n is positive, or a ≡ b (mod n), if any one of the equivalent conditions listed here are met. • If n divides the difference of a and b, or in other words n divides a − b; • If there exists an integer k such that a + kn = b; • Or if a and b leave the same remainder upon division by n: Can you explain why these conditions are equivalent? §1.2.1 Simple Exercises 1. Find a number n such that n ≡ 2020 (mod 64): 2. Find a number n such that n ≡ −27 (mod 46): 3. Find a number 0 ≤ n < 57 such that n ≡ 982 (mod 57): What is another way to phrase this problem in more simple terms? 4. How many positive integers m are there such that 50 ≡ 2 (mod m)? 1.3 Properties of Mods Theorem (Addition works (mod n)) Suppose that a ≡ b (mod n); and c ≡ d (mod n): Then a + c ≡ b + d (mod n): Proof By our definitions of congruence, we have that b = a + nj for some integer j, and that d = c + nk for some integer k: Now, by our other equivalent definition of congruence, we want to show that n j b + d − a − c; or that 1 Computational Number Theory Vidur Jasuja n = c+nk +a+nj −c−a = nk +nj = n(k +j): Clearly, n divides n(k +j), which is an integer multiple of n, so we have shown what we wanted to show.
    [Show full text]
  • Finite Fields (PART 2): Modular Arithmetic
    Lecture 5: Finite Fields (PART 2) PART 2: Modular Arithmetic Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 2, 2021 5:20pm ©2021 Avinash Kak, Purdue University Goals: To review modular arithmetic To present Euclid’s GCD algorithms To present the prime finite field Zp To show how Euclid’s GCD algorithm can be extended to find multiplica- tive inverses Perl and Python implementations for calculating GCD and mul- tiplicative inverses CONTENTS Section Title Page 5.1 Modular Arithmetic Notation 3 5.1.1 Examples of Congruences 5 5.2 Modular Arithmetic Operations 6 5.3 The Set Zn and Its Properties 9 5.3.1 So What is Zn? 11 5.3.2 Asymmetries Between Modulo Addition and Modulo 13 Multiplication Over Zn 5.4 Euclid’s Method for Finding the Greatest Common Divisor 16 of Two Integers 5.4.1 Steps in a Recursive Invocation of Euclid’s GCD Algorithm 18 5.4.2 An Example of Euclid’s GCD Algorithm in Action 19 5.4.3 Proof of Euclid’s GCD Algorithm 21 5.4.4 Implementing the GCD Algorithm in Perl and Python 22 5.5 Prime Finite Fields 29 5.5.1 What Happened to the Main Reason for Why Zn Could Not 31 be an Integral Domain 5.6 Finding Multiplicative Inverses for the Elements of Zp 32 5.6.1 Proof of Bezout’s Identity 34 5.6.2 Finding Multiplicative Inverses Using Bezout’s Identity 37 5.6.3 Revisiting Euclid’s Algorithm for the Calculation of GCD 39 5.6.4 What Conclusions Can We Draw From the Remainders? 42 5.6.5 Rewriting GCD Recursion in the Form of Derivations for 43 the Remainders 5.6.6 Two Examples That Illustrate the Extended Euclid’s Algorithm 45 5.7 The Extended Euclid’s Algorithm in Perl and Python 47 5.8 Homework Problems 54 Computer and Network Security by Avi Kak Lecture 5 Back to TOC 5.1 MODULAR ARITHMETIC NOTATION Given any integer a and a positive integer n, and given a division of a by n that leaves the remainder between 0 and n − 1, both inclusive, we define a mod n to be the remainder.
    [Show full text]
  • 1 Modular Arithmetic: ZN and Z
    CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 8: Computational Number Theory Reading. • KatzLindell 2nd edition 8.0,8.1,8.2.3,8.3.0-8.3.2 OR 1st edition 7.0,7.1,7.2.3,7.3.0-7.3.2 Computational Number theory is a major source of hard problems (eg one-way functions) for cryptography. 1 Modular arithmetic: and ∗ ZN ZN Basic denitions: • x ≡ y (mod N) if Nj(x − y). (Written x = y mod N in KatzLindell.) • [x mod N] def= unique x0 2 f0;:::;N − 1g s.t. x ≡ x0 (mod N). def • ZN = f0;:::;N − 1g with arithmetic (+,·) modulo N. We cannot divide in general: 5 · 8 ≡ 5 · 1 (mod 35). Fact 1 (Extended Euclidean Algorithm) For any x; y 2 N there exists two integers a, b such that ax + by = gcd(x; y). Moreover, such a and b can be found in polynomial time. Denition of ∗ ZN ∗ def elements of with multiplicative inverses ZN = fx 2 ZN : gcd(x; N) = 1g = ZN −1 By a multiplicative inverse for x we mean an element y 2 ZN , denoted y = x , such that . Given and ∗ , we can compute −1 in polynomial time: x · y ≡ 1 (mod N) N x 2 ZN x Example: In ∗ , −1 . Z35 3 = ::: Euler phi function def ∗ φ(N) = jZN j Example: ∗ • Z35 = • φ(35) = 1 Q: how to generate random elements of ∗ ? ZN Fact 2 Y 1 N φ(N) = N · 1 − ≥ p 6loglogN primes pjN 2 Groups • An abelian group G is a set G with binary operation ? satisfying associativity, identity, inverses, and commutativity.
    [Show full text]
  • Chinese Remainder Theorem RSA Cryptosystem
    math 55 - induction and modular arithmetic Feb. 21 Chinese Remainder Theorem + The Chinese Remainder Theorem (CRT) says that given a1; : : : ; an 2 Z, m1; : : : ; mn 2 Z , where the mi are pairwise relatively prime, then the system of congruences: x ≡ a1 mod m1 x ≡ a2 mod m2 . x ≡ an mod mn has a unique solution modulo m = m1m2 ··· mn. We find this solution as follows. Let m Mk = . Then (since the mi are pairwise relatively prime) there are inverses yk such that mk Mkyk ≡ 1 mod mk. Then a1M1y1 + ··· + anMnyn mod m is the solution. 1. Compute the solution to the following system of congruences: x ≡ 1 mod 3 x ≡ 3 mod 5 x ≡ 5 mod 7 2. Check that the following system of congruences has no solutions. (In general, there may or may not be solutions when the mi are not pairwise relatively coprime.) x ≡ 1 mod 2 x ≡ 3 mod 4 x ≡ 5 mod 8 RSA cryptosystem The RSA cryptosystem is designed to encode information using number theory. The algo- rithm is as follows. 1. Choose two prime numbers p and q, and an integer e such that gcd(e; (p−1)(q−1)) = 1. (In general, larger p and q are more secure.) 2. Translate a given message into a sequence of integers by A = 00;B = 01;:::;Z = 25, and then group these integers into blocks of 4. 3. Encrypt each block M by replacing it with M e mod n. 4. To decrypt, compute an inverse d of e mod (p − 1)(q − 1). for each block C, compute Cd ≡ M de ≡ M mod n to get back the original message.
    [Show full text]