DOCSLIB.ORG

Mathematical Background of Public Key Cryptography Gerhard Frey

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mathematical Background of Public Key Cryptography Gerhard Frey Mathematical Background of Public Key Cryptography Gerhard Frey University of Duisburg-Essen Institute for Experimental Mathematics [email protected] G.A.T.I CIRM -May 12-16, 2003 1 1 Data security and Arithmetic Problem: A open¡¡! B " C (A; m; B) 7! (B; m; A) The transfer of the message has to be “secure”. This has (at least) 3 aspects: 2 ² Reliability (engineers) ² Correctness (coding theory, engineers and mathematicians) ² Authenticity, privateness (cryptogra- phy, mathematicians, computer scien- tists, engineers) Solutions have to be simple, efficient and cheap! 3 There was a basic decision some sixty years ago: Messages are stored and transmitted as numbers. This makes it possible to apply Arithmetic to data security. 4 We shall concentrate to the third aspect which uses ENCRYPTION provided by cryptography. This is, in the true sense of the word, a classic discipline: We find it in Mesopotamia and Caesar used it. 5 Encryption Devices 6 The devices shown are examples for symmetric procedures: There is a common secret amongst the partners which enables them to de- and encrypt. In principle they are used till today, in refined versions. The new standard is called AES. Typically the historical examples are in- volving secret services and military and the information is exchanged amongst a community in which each member is to be trusted. 7 This has changed dramatically becau- se of electronic communication in public networks. So data security has become a public challenge. There are millions of partners in nets. Key exchange necessary for symmetric systems cannot be rely on personal trust and communication. 8 Solution: PUBLIC KEY CRYPTOSYSTEMS ( Diffie-Hellman 1976) Each member A of the network has two keys: ² a private key sA produced by him- self never leaving the private secure environment ² a public key pA published in a direc- tory. pA is related to sA by a (known) One-Way function. For key exchange and for encryption/decryption A uses both keys (and the public key of the partner B if necessary). There is no practically useable leakage of information about sA; sB ! 9 BASIC IDEA: One Way Functions (Informal)Definition: Let A and B be two finite sets of num- bers and f a map from A to B. f is a one way function if a computer can calculate f(a) in · 50 ms but with very high probability (1¡10¡30) it is impossible to find for given value f(a) the argument a during the next 1000 years by using all known methods and all existing computers. 10 Here enters MATHEMATICS ² to construct candidates for one way functions ² to bring them in such a shape that computation is fast ² to analyze possible attacks We shall concentrate us to systems ba- sed on the Discrete Logarithm 11 2 Abstract DL-Systems Recall: We want ² exchange keys ² sign ² authenticate ² (encrypt and decrypt) with simple protocols clear and easy to follow implementation rules based on secure crypto primitives with a well understood mathematical background. 12 Assume that A ½ N is finite and that B ½ Endset(A). 2.1 Key Exchange Assume that the elements of B commu- te: For all a and b1; b2 2 B we have b1(b2(a)) = b2(b1(a)): Then we can use A; B for a key exchange system in the following way: 13 We fix a (publicly known) base point P0 2 A. The members of the crypto community Qi choose si 2 B and publish pi := si(P0). Then si(pj) = sj(pi) is the shared secret of Qi and Qj. 14 The security depends (not only) on the complexity to find from the knowledge of randomly chosen a 2 A and given a1; a2 in B ± fag all elements b 2 B with b(a) = a1 modulo F ixB(a2) = fb 2 B; b(a2) = a2g: The efficiency depends on the “size” of elements in A; B and on the complexity of evaluating b 2 B. 15 2.2 Signature Scheme of El Gamal- Type Again we assume that B ½ Endset(A): In addition we assume that there are three more structures: 1. h : N ! B; a hash function 2. ¹ : A £ A ! C a map into a set C in which equality of elements can be checked fast 3. º : B £ B ! D ½ Homset(A; C) with º(b1; b2)(a) = ¹(b1(a); b2(a)): 16 Signature: a 2 A is given (or introduced as part as the public key). P chooses b and publishes b(a): Let m be a message. P chooses a random element k 2 B. P computes Á := º(h(m) ± b; h(k(a)) ± k) in D: P publishes (Á; m; k(a)): Verification: V computes ¹(h(m)(b(a)); h(k(a))(k(a))) and compares it with Á(a): 17 2.3 The most popular realization A ½ N a cyclic group of prime order p (with composition written multiplicative- ly. with a numeration. Choose a0, a generator of A. » ¤ B = AutZ(A) = (Z=p) identified with f1; :::; p ¡ 1g by b(a) := ab: C = A and ¹ = multiplication in A º = addition of endomorphisms h = a hash function from N to f1; :::; p ¡ 1g. 18 We translate the Signature scheme: to this situation: P chooses randomly and secretly, his private key x 2 f1; :::; p ¡ 1g and x publishes his public key Y := a0. To sign a message m, P chooses a se- cond random number k and computes k s := h(m)x + h(a0)k mod p: The signed message consists of k (m; a0; s) To check the authenticity of (P; m) one computes k s h(m) h(a0) S = a0;T = Y ;H = a0 : and checks whether S = T ± H: 19 The security considerations for the crypto primitive boil down to the complexity of the com- putation of the Discrete Logarithm: For randomly chosen a1; a2 2 G com- pute n 2 N with n a2 = a1 : Challenge: Construct groups with numerations of large prime order such that the computation of the dis- crete discrete logarithm has the requi- red complexity. Time or space needed (probabilistical- ly) for the computation of the logarithm: 20 polynomial in p. Time and space needed to write down the elements and the group law of G and execute a group composition: polynomial in log(p). 21 2.4 Generic Systems We use the algebraic structure “group”. This allows “generic” attacks.. Shanks’ Baby-Step-Giant-Step Method (deterministic) Take P; Q 2 G. Find k with Q = k ¢ P . Principle: Looking up an element in an ordered set is inexpensive. p Baby step: For i = 0; :::; S · p compute (i ¢ P; i): Giant step: Compute Q ¡ i ¢ S ¢ P 22 . Compare the two lists. If i0 ¢ P = Q ¡ i1 ¢ S ¢ P then k = i0 + i1 ¢ S: p Complexity:O( p) Disadvantage: p ² needs O( p) space 23 Pollard’s ½-Algorithm(probabilistic)1 Principle: Random walk in G closes with high probability after p ¼ 1:03 p steps. Controlled random walk (simplest ver- sion) : The result xi of the i¡th step should depend only on xi¡1. So partite G “randomly” into three sets Tj of size ¼ p=3 and take xi = P + xi¡1 if xi¡1 2 T1; xi = Q + xi¡1 if xi¡1 2 T2; xi = 2xi¡1 if xi¡1 2 T3: There are efficient methods to detect collisions. 1Pollard’s method is used for the “world record” w.r.t. Certicom challenge: Compute DL in an 108-bit elliptic curve. 24 Security hierarchy We measure the complexity of a DL- system by the function ® 1¡® Lp(®; c) := exp(C(logp) (loglogp) ) with 0 · ® · 1 and c > 0. Best case: ® = 1:Exponential com- plexity. Worst case: ® = 0: Polynomial complexity The case between...: 0 < ® < 1: The complexity is subexponential. 25 2.5 Very special examples Example 1: G := Z=p . Numeration: f : G ! f1; ¢ ¢ ¢ ; pg given by f(r + pZ) := [r]p where [r]p is the smallest positive repre- sentative of the class of r modulo p. The function © is given by r1 © r2 = [r1 + r2]p which is easy to compute from the know- ledge of ri. 26 Security? Given: b with b = e(n; a) = [na]p. Solve b = na + kp with k 2 Z. The Euclidean algorithm solves this in O(log(p)) operations in Z=p: ® = 0! We do not get a secure Discrete Loga- rithm System. 27 Example 2: G = Z=p. Choose a pri- me q such that p divides q ¡ 1. Choose ³ 6= 1 in Z=q with ³p = 1 (i.e. ³ is a primitive p-th root of unity). Numeration:For 1 · i · p define i zi := [³ ]q and for ¯i = i + pZ 2 G f(¯i) := [zi ¡ z1 + 1]q: Addition: ai = f(xi + pZ) 2 f1; cdots; q ¡ 1g x +x a1 © a2 = [[³ 1 2]q ¡ z1 + 1]q: = [(a1 + z1 ¡ 1)(a2 + z1 ¡ 1) ¡ z1 + 1]q n e(n; 1) = n ± 1 = [z1 ¡ z1 + 1]q: 28 Security? For fixed a and random b 2 A find n in N with n b = e(n; a) = n ± a = [a ¡ z1 + 1]q: This means: For one fixed p-th root of unity and one random p-th root of unity in the multi- plicative group of Z=q one has to deter- mine the exponent needed to transform the fixed root of unity into the random element. 29 The best known method to compute this discrete logarithm is subexponential in q. It usually is compared with factorizati- on (this is no accident).
Load more

Recommended publications
  • Curriculum Vitae
    CURRICULUM VITAE JANNIS A. ANTONIADIS Department of Mathematics University of Crete 71409 Iraklio,Crete Greece PERSONAL Born on 5 of September 1951 in Dryovouno Kozani, Greece. Married with Sigrid Arnz since 1983, three children : Antonios (26), Katerina (23), Karolos (21). EDUCATION-EMPLOYMENT 1969-1973: B.S. in Mathematics at the University of Thessaloniki, Greece. 1973-1976: Military Service. 1976-1979: Assistant at the University of Thessaloniki, Greece. 1979-1981: Graduate student at the University of Cologne, Germany. 1981 Ph.D. in Mathematics at the University of Cologne. Thesis advisor: Prof. Dr. Curt Meyer. 1982-1984: Lecturer at the University of Thessaloniki, Greece. 1984-1990: Associate Professor at the University of Crete, Greece. 1990-now: Professor at the University of Crete, Greece. 2003-2007 Chairman of the Department VISITING POSITIONS - University of Cologne Germany, during the period from December 1981 until Ferbruary 1983 as researcher of the German Research Council (DFG). - MPI-for Mathematics Bonn Germany, during the periods: from May until September of the year 1985, from May until September of the year 1986, from July until January of the year 1988 and from July until September of the year 1988. - University of Heidelberg Germany, during the period: from September 1993 until January 1994, as visiting Professor. University of Cyprus, during the period from January 2008 until May 2008, as visiting Professor. Again for the Summer Semester of 2009 and of the Winter Semester 2009-2010. LONG TERM VISITS: - University
    [Show full text]
  • Sir Andrew J. Wiles
    ISSN 0002-9920 (print) ISSN 1088-9477 (online) of the American Mathematical Society March 2017 Volume 64, Number 3 Women's History Month Ad Honorem Sir Andrew J. Wiles page 197 2018 Leroy P. Steele Prize: Call for Nominations page 195 Interview with New AMS President Kenneth A. Ribet page 229 New York Meeting page 291 Sir Andrew J. Wiles, 2016 Abel Laureate. “The definition of a good mathematical problem is the mathematics it generates rather Notices than the problem itself.” of the American Mathematical Society March 2017 FEATURES 197 239229 26239 Ad Honorem Sir Andrew J. Interview with New The Graduate Student Wiles AMS President Kenneth Section Interview with Abel Laureate Sir A. Ribet Interview with Ryan Haskett Andrew J. Wiles by Martin Raussen and by Alexander Diaz-Lopez Allyn Jackson Christian Skau WHAT IS...an Elliptic Curve? Andrew Wiles's Marvelous Proof by by Harris B. Daniels and Álvaro Henri Darmon Lozano-Robledo The Mathematical Works of Andrew Wiles by Christopher Skinner In this issue we honor Sir Andrew J. Wiles, prover of Fermat's Last Theorem, recipient of the 2016 Abel Prize, and star of the NOVA video The Proof. We've got the official interview, reprinted from the newsletter of our friends in the European Mathematical Society; "Andrew Wiles's Marvelous Proof" by Henri Darmon; and a collection of articles on "The Mathematical Works of Andrew Wiles" assembled by guest editor Christopher Skinner. We welcome the new AMS president, Ken Ribet (another star of The Proof). Marcelo Viana, Director of IMPA in Rio, describes "Math in Brazil" on the eve of the upcoming IMO and ICM.
    [Show full text]
  • A Glimpse of the Laureate's Work
    A glimpse of the Laureate’s work Alex Bellos Fermat’s Last Theorem – the problem that captured planets moved along their elliptical paths. By the beginning Andrew Wiles’ imagination as a boy, and that he proved of the nineteenth century, however, they were of interest three decades later – states that: for their own properties, and the subject of work by Niels Henrik Abel among others. There are no whole number solutions to the Modular forms are a much more abstract kind of equation xn + yn = zn when n is greater than 2. mathematical object. They are a certain type of mapping on a certain type of graph that exhibit an extremely high The theorem got its name because the French amateur number of symmetries. mathematician Pierre de Fermat wrote these words in Elliptic curves and modular forms had no apparent the margin of a book around 1637, together with the connection with each other. They were different fields, words: “I have a truly marvelous demonstration of this arising from different questions, studied by different people proposition which this margin is too narrow to contain.” who used different terminology and techniques. Yet in the The tantalizing suggestion of a proof was fantastic bait to 1950s two Japanese mathematicians, Yutaka Taniyama the many generations of mathematicians who tried and and Goro Shimura, had an idea that seemed to come out failed to find one. By the time Wiles was a boy Fermat’s of the blue: that on a deep level the fields were equivalent. Last Theorem had become the most famous unsolved The Japanese suggested that every elliptic curve could be problem in mathematics, and proving it was considered, associated with its own modular form, a claim known as by consensus, well beyond the reaches of available the Taniyama-Shimura conjecture, a surprising and radical conceptual tools.
    [Show full text]
  • Arxiv:Math/9807081V1 [Math.AG] 16 Jul 1998 Hthsbffldtewrdsbs Id O 5 Er Otl Bed-Time Tell to Years Olivia
    Oration for Andrew Wiles Fanfare We honour Andrew Wiles for his supreme contribution to number theory, a contribution that has made him the world’s most famous mathematician and a beacon of inspiration for students of math; while solving Fermat’s Last Theorem, for 350 years the most celebrated open problem in mathematics, Wiles’s work has also dramatically opened up whole new areas of research in number theory. A love of mathematics The bulk of this eulogy is mathematical, for which I make no apology. I want to stress here that, in addition to calculations in which each line is correctly deduced from the preceding lines, mathematics is above all passion and drama, obsession with solving the unsolvable. In a modest way, many of us at Warwick share Andrew Wiles’ overriding passion for mathematics and its unsolved problems. Three short obligatory pieces Biography Oxford, Cambridge, Royal Society Professor at Oxford from arXiv:math/9807081v1 [math.AG] 16 Jul 1998 1988, Professor at Princeton since 1982 (lamentably for maths in Britain). Very many honours in the last 5 years, including the Wolf prize, Royal Society gold medal, the King Faisal prize, many, many others. Human interest story The joy and pain of Wiles’s work on Fermat are beautifully documented in John Lynch’s BBC Horizon documentary; I par- ticularly like the bit where Andrew takes time off from unravelling the riddle that has baffled the world’s best minds for 350 years to tell bed-time stories to little Clare, Kate and Olivia. 1 Predictable barbed comment on Research Assessment It goes with- out saying that an individual with a total of only 14 publications to his credit who spends 7 years sulking in his attic would be a strong candidate for early retirement at an aggressive British research department.
    [Show full text]
  • Fermat's Last Theorem, a Theorem at Last
    August 1993 MAA FOCUS Fermat’s Last Theorem, that one could understand the elliptic curve given by the equation a Theorem at Last 2 n n y = x(x − a )( x + b ) Keith Devlin, Fernando Gouvêa, and Andrew Granville in the way proposed by Taniyama. After defying all attempts at a solution for Wiles’ approach comes from a somewhat Following an appropriate re-formulation 350 years, Fermat’s Last Theorem finally different direction, and rests on an amazing by Jean-Pierre Serre in Paris, Kenneth took its place among the known theorems of connection, established during the last Ribet in Berkeley strengthened Frey’s mathematics in June of this year. decade, between the Last Theorem and the original concept to the point where it was theory of elliptic curves, that is, curves possible to prove that the existence of a On June 23, during the third of a series of determined by equations of the form counter example to the Last Theorem 2 3 lectures at a conference held at the Newton y = x + ax + b, would lead to the existence of an elliptic Institute in Cambridge, British curve which could not be modular, and mathematician Dr. Andrew Wiles, of where a and b are integers. hence would contradict the Shimura- Princeton University, sketched a proof of the Taniyama-Weil conjecture. Shimura-Taniyama-Weil conjecture for The path that led to the June 23 semi-stable elliptic curves. As Kenneth announcement began in 1955 when the This is the point where Wiles entered the Ribet, of the University of California at Japanese mathematician Yutaka Taniyama picture.
    [Show full text]
  • Fermat's Last Theorem and Andrew Wiles
    Fermat's last theorem and Andrew Wiles © 1997−2009, Millennium Mathematics Project, University of Cambridge. Permission is granted to print and copy this page on paper for non−commercial use. For other uses, including electronic redistribution, please contact us. June 2008 Features Fermat's last theorem and Andrew Wiles by Neil Pieprzak This article is the winner of the schools category of the Plus new writers award 2008. Students were asked to write about the life and work of a mathematician of their choice. "But the best problem I ever found, I found in my local public library." Andrew Wiles. Image © C. J. Mozzochi, Princeton N.J. There is a problem that not even the collective mathematical genius of almost 400 years could solve. When the ten−year−old Andrew Wiles read about it in his local Cambridge library, he dreamt of solving the problem that had haunted so many great mathematicians. Little did he or the rest of the world know that he would succeed... Fermat's last theorem and Andrew Wiles 1 Fermat's last theorem and Andrew Wiles "Here was a problem, that I, a ten−year−old, could understand and I knew from that moment that I would never let it go. I had to solve it." Pierre de Fermat The story of the problem that would seal Wiles' place in history begins in 1637 when Pierre de Fermat made a deceptively simple conjecture. He stated that if is any whole number greater than 2, then there are no three whole numbers , and other than zero that satisfy the equation (Note that if , then whole number solutions do exist, for example , and .) Fermat claimed to have proved this statement but that the "margin [was] too narrow to contain" it.
    [Show full text]
  • On Galois Representations in Theory and Praxis Gerhard Frey, University of Duisburg-Essen
    On Galois Representations in Theory and Praxis Gerhard Frey, University of Duisburg-Essen One of the most astonishing success stories in recent mathematics is arithmetic geo- metry, which unifies methods from classical number theory with algebraic geometry (\schemes"). In this context an extremely important role is played by the Galois groups of base schemes like rings of integers of number fields or rings of holomor- phic functions of curves over finite fields. These groups are the algebraic analogues of topological fundamental groups, and their representations induced by the action on divisor class groups of varieties over these domains yield spectacular results like Serre's Conjecture for two-dimensional representations of the Galois group of Q, which implies for example the modularity of elliptic curves over Q and so Fermat's Last Theorem (and much more). At the same time the algorithmic aspect of arithmetical objects like lattices and ideal class groups of global fields becomes more and more important and accessible, stimulated by and stimulating the advances in theory. An outstanding result is the theorem of F. Heß and C.Diem yielding that the addition in divisor class groups of curves of genus g over finite fields Fq is (probabilistically) of polynomial complexity in g ( fixed) and log(q)(g fixed). So one could hope to use such groups for public key cryptography, e.g. for key exchange, as established by Diffie-Hellman for the multiplicative group of finite fields. But the obtained insights play not only a constructive role but also a destructive role for the security of such systems.
    [Show full text]
  • Sir Andrew Wiles Awarded Abel Prize
    Sir Andrew J. Wiles Awarded Abel Prize Elaine Kehoe with The Norwegian Academy of Science and Letters official Press Release ©Abelprisen/DNVA/Calle Huth. Courtesy of the Abel Prize Photo Archive. ©Alain Goriely, University of Oxford. Courtesy the Abel Prize Photo Archive. Sir Andrew Wiles received the 2016 Abel Prize at the Oslo award ceremony on May 24. The Norwegian Academy of Science and Letters has carries a cash award of 6,000,000 Norwegian krone (ap- awarded the 2016 Abel Prize to Sir Andrew J. Wiles of the proximately US$700,000). University of Oxford “for his stunning proof of Fermat’s Citation Last Theorem by way of the modularity conjecture for Number theory, an old and beautiful branch of mathemat- semistable elliptic curves, opening a new era in number ics, is concerned with the study of arithmetic properties of theory.” The Abel Prize is awarded by the Norwegian Acad- the integers. In its modern form the subject is fundamen- tally connected to complex analysis, algebraic geometry, emy of Science and Letters. It recognizes contributions of and representation theory. Number theoretic results play extraordinary depth and influence to the mathematical an important role in our everyday lives through encryption sciences and has been awarded annually since 2003. It algorithms for communications, financial transactions, For permission to reprint this article, please contact: and digital security. [email protected]. Fermat’s Last Theorem, first formulated by Pierre de DOI: http://dx.doi.org/10.1090/noti1386 Fermat in the seventeenth century, is the assertion that 608 NOTICES OF THE AMS VOLUME 63, NUMBER 6 the equation xn+yn=zn has no solutions in positive integers tophe Breuil, Brian Conrad, Fred Diamond, and Richard for n>2.
    [Show full text]
  • Relations Between Arithmetic Geometry and Public Key Cryptography
    Advances in Mathematics of Communications doi:10.3934/amc.2010.4.281 Volume 4, No. 2, 2010, 281–305 RELATIONS BETWEEN ARITHMETIC GEOMETRY AND PUBLIC KEY CRYPTOGRAPHY Gerhard Frey Institute for Experimental Mathematics University of Duisburg-Essen Ellernstrasse 29, 45326 Essen, Germany (Communicated by Ian Blake) Abstract. In the article we shall try to give an overview of the interplay between the design of public key cryptosystems and algorithmic arithmetic geometry. We begin in Section 2 with a very abstract setting and try to avoid all structures which are not necessary for protocols like Diffie-Hellman key exchange, ElGamal signature and pairing based cryptography (e.g. short signatures). As an unavoidable consequence of the generality the result is difficult to read and clumsy. But nevertheless it may be worthwhile because there are suggestions for systems which do not use the full strength of group structures (see Subsection 2.2.1) and it may motivate to look for alternatives to known group-based systems. But, of course, the main part of the article deals with the usual realization by discrete logarithms in groups, and the main source for cryptographically useful groups are divisor class groups. We describe advances concerning arithmetic in such groups attached to curves over finite fields including addition and point counting which have an immediate application to the construction of cryptosystems. For the security of these systems one has to make sure that the computation of the discrete logarithm is hard. We shall see how methods from arithmetic geometry narrow the range of candidates usable for cryptography considerably and leave only carefully chosen curves of genus 1 and 2 without flaw.
    [Show full text]
  • On Bilinear Structures on Divisor Class Groups
    ANNALES MATHÉMATIQUES BLAISE PASCAL Gerhard Frey On Bilinear Structures on Divisor Class Groups Volume 16, no 1 (2009), p. 1-26. <http://ambp.cedram.org/item?id=AMBP_2009__16_1_1_0> © Annales mathématiques Blaise Pascal, 2009, tous droits réservés. L’accès aux articles de la revue « Annales mathématiques Blaise Pas- cal » (http://ambp.cedram.org/), implique l’accord avec les condi- tions générales d’utilisation (http://ambp.cedram.org/legal/). Toute utilisation commerciale ou impression systématique est constitutive d’une infraction pénale. Toute copie ou impression de ce fichier doit contenir la présente mention de copyright. Publication éditée par le laboratoire de mathématiques de l’université Blaise-Pascal, UMR 6620 du CNRS Clermont-Ferrand — France cedram Article mis en ligne dans le cadre du Centre de diffusion des revues académiques de mathématiques http://www.cedram.org/ Annales mathématiques Blaise Pascal 16, 1-26 (2009) On Bilinear Structures on Divisor Class Groups Gerhard Frey Abstract It is well known that duality theorems are of utmost importance for the arith- metic of local and global fields and that Brauer groups appear in this context unavoidably. The key word here is class field theory. In this paper we want to make evident that these topics play an important role in public key cryptopgraphy, too. Here the key words are Discrete Logarithm systems with bilinear structures. Almost all public key crypto systems used today based on discrete logarithms use the ideal class groups of rings of holomorphic functions of affine curves over finite fields Fq to generate the underlying groups. We explain in full generality how these groups can be mapped to Brauer groups of local fields via the Lichtenbaum- Tate pairing, and we give an explicit description.
    [Show full text]
  • 26 Fermat's Last Theorem
    18.783 Elliptic Curves Spring 2019 Lecture #26 05/15/2019 26 Fermat’s Last Theorem In this final lecture we give an overview of the proof of Fermat’s Last Theorem. Our goal is to explain exactly what Andrew Wiles [18], with the assistance of Richard Taylor [17], proved, and why it implies Fermat’s Last Theorem. This implication is a consequence of earlier work by several mathematicians, including Richard Frey, Jean-Pierre Serre, and Ken Ribet. We will say very little about the details of Wiles’ proof, which are beyond the scope of this course, but we will provide references for those who wish to learn more. 26.1 Fermat’s Last Theorem In 1637, Pierre de Fermat famously wrote in the margin of a copy of Diophantus’ Arithmetica that the equation xn + yn = zn has no integer solutions with xyz 6= 0 and n > 2, and claimed to have a remarkable proof of this fact. As with most of Fermat’s work, he never published this claim (mathematics was a hobby for Fermat, he was a lawyer by trade). Fermat’s marginal comment was apparently discovered only after his death, when his son Samuel was preparing to publish Fermat’s mathematical correspondence, but it soon became well known and is included as commentary in later printings of Arithmetica. Fermat did prove the case n = 4, using a descent argument. It then suffices to consider n n n only cases where n is an odd prime, since if pjn and (x0; y0; z0) is a solution to x + y = z , n=p n=p n=p p p p then (x0 ; y0 ; z0 ) is a solution to x + y = z .
    [Show full text]
  • An Overview of the Proof of Fermat's Last Theorem Glenn Stevens The
    An Overview of the Proof of Fermat’s Last Theorem Glenn Stevens The principal aim of this article is to sketch the proof of the following famous assertion. Fermat’s Last Theorem. For n > 2, we have an + bn = cn FLT(n) : = abc = 0. a, b, c Z ) 2 Many special cases of Fermat’s Last Theorem were proved from the 17th through the 19th centuries. The first known case is due to Fermat himself, who proved FLT(4) around 1640. FLT(3) was proved by Euler between 1758 and 1770. Since FLT(d) = FLT(n) whenever d n, the re- sults of Euler and Fermat immediately reduce) our theorem to the| following assertion. Theorem. If p 5 is prime, and a, b, c Z, then ap + bp + cp = 0 = abc = 0. ≥ 2 ) The proof of this theorem is the result of the combined e↵orts of innumer- able mathematicians who have worked over the last century (and more!) to develop a rich and powerful arithmetic theory of elliptic curves, modular forms, and galois representations. It seems appropriate to emphasize the names of five individuals who had the insight to see how this theory could be used to prove Fermat’s Last Theorem and to supply the final crucial ingredients of the proof: Gerhart Frey (1985), who first suggested that the existence of a solu- tion of the Fermat equation might contradict the Modularity Conjecture of Taniyama, Shimura, and Weil; Jean-Pierre Serre (1985-6), who formulated and (with J.-F. Mestre) tested numerically a precise conjecture about modular forms and galois rep- resentations mod p and who showed how a small piece of this conjecture— the so-called epsilon conjecture—together
    [Show full text]