Computer Security Ch8:Introduction to Number Theory & Forouzan’s Book, CH9 Howon Kim 2019.4 Agenda Prime Numbers Fermat’s & Euler’s Theorems Testing for Primality The Chinese Remainder Theorem Discrete Logarithms 2 Agenda Prime Numbers Fermat’s & Euler’s Theorems Carmichael Number Testing for Primality The Chinese Remainder Theorem Discrete Logarithms 3 Three groups of positive integers Note A prime is divisible only by itself and 1. Ref: Forouzan Book, CH9 9.4 Prime Numbers prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers note: 1 is prime, but is generally not of interest. So, 2 is the smallest prime. 1 is considered to be neither prime nor composite. eg. 2,3,5,7 are prime, 4,6,8,9,10 are not prime numbers are central to number theory • What is the smallest prime? Solution The smallest prime is 2, which is divisible by 2 (itself) and 1. • List the primes smaller than 10. Solution There are four primes less than 10: 2, 3, 5, and 7. It is interesting to note that the percentage of primes in the range 1 to 10 is 40%. The percentage decreases as the range increases. 5 Cardinality of Primes Infinite Number of Primes Note There is an infinite number of primes. Number of Primes 6 Prime Numbers list of prime number less than 2000 is: 907 1993 7 Ex) Checking for Primesness Given a number n, how can we determine if n is a prime? The answer is that we need to see if the number is divisible by all primes less than We know that this method is inefficient, but it is a good start. 8 Ex) Checking for Primesness Is 97 a prime? Solution The floor of 97 = 9. The primes less than 9 are 2, 3, 5, and 7. We need to see if 97 is divisible by any of these numbers. It is not, so 97 is a prime. Is 301 a prime? Solution The floor of 301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17. The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore 301 is not a prime. 9 Prime Factorisation to factor a number n is to write it as a product of other numbers: n=a x b x c note that factoring a number is relatively hard compared to multiplying the factors together to generate the number Any integer a>1 can be factored in a unique way as: aa a 12 t a p12 p pt where p1<p2<…<pt are prime numbers 91 = 7 x 13 4 2 2 3600 = 2 x 3 x 5 2 11011 = 7 x 11 x 13 It is expressed as the following form: ap a p,where each ap 0 pP 10 Relatively Prime Numbers & GCD two numbers a,b are relatively prime if have no common divisors apart from 1 Two numbers a and b are relatively prime if gcd(a, b) = 1. eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers 2 1 2 1 2 1 1 0 eg. 300=2 x3 x5 18=2 x3 hence GCD(18,300)=2 x3 x5 =6 11 Agenda Prime Numbers Fermat’s & Euler’s Theorems Carmichael Number Testing for Primality The Chinese Remainder Theorem Discrete Logarithms 12 Fermat's Theorem If p is prime and a is a positive integer not divisible by p (gcd(a,p)=1), then p-1 a = 1 (mod p) also known as Fermat’s Little Theorem An alternative form of Fermat’s theorem is also useful p a = a(mod p) This form does not require that a be relatively prime to p useful in public key and primality testing Cf. Fermat Last Theorem (Fermat’s Conjecture): n n n states that no three positive integers a, b, and c satisfy the equation a + b = c for any integer value of n strictly greater than two. The cases n = 1 and n = 2 have been known to have infinitely many solutions. Andrew Wiles 교수가 증명함 13 Fermat's Theorem mod p로 만들어진 set에 a를 곱해서(p와 서로소인)만들어진 set도 결국 원래의 set과 동일하다는 것을 증명함. p-1 Proof of a = 1 (mod p), gcd(a,p)=1 Consider the set of positive integers less than p. that is {1,2,…,p-1} and multiply each element by a, and then apply modulo p. We can get X={a mod p, 2a mod p, …,(p-1)a mod p}. Here, none of the elements of X is equal to zero because p does not divide a. Furthermore no two of the integers in X are equal. To see this, assume that ja=ka(mod p) where 1<=j<k<=p-1. Because a is relatively prime to p, gcd(a,p)=1, we can eliminate a from both sides of ja=ka(mod p). We now get j=k(mod p). This is impossible because j and k are both positive integers less than p. Therefore, we know that the (p-1) elements of X are all positive integers, with no two elements equal. We can conclude the X consists of the set of integers {1,2,…,p-1} in some order. Multiplying the numbers in both sets and taking the result mod p yields: a x 2a x … x (p-1)a = [ (1x2x…x(p-1)](mod p) p-1 a (p-1)! = (p-1)! (mod p) p-1 That is, a = 1 (mod p) 14 Fermat's Theorem In some parts of proof step, (In the case of p is 5 and a is 3) Gcd(a,p) = gcd(3,5) = 1 Consider the set of positive integers less than p: that is, {1,2,3,4} Also the set of X, X = a mod p, 2a mod p, …,(p-1)a mod p} = {3 mod p, 2*3 mod p, 3*3 mod p, 4*3 mod p} = {3,6,9,12} mod 5 = {3,1,4,2} mod 5 We can conclude the X consists of the set of integers {1,2,…,p-1} in some order. Multiplying the numbers in both sets and taking the result mod p yields: a x 2a x … x (p-1)a = [ (1x2x…x(p-1)](mod p) p-1 a (p-1)! = (p-1)! (mod p) p-1 That is, a = 1 (mod p) 15 Fermat's Theorem Example a = 7, p = 19 72 = 49 = 11(mod 19) 74 = 121 = 7(mod 19) 78 = 49 = 11(mod 19) 716 = 121 = 7(mod 19) ap-1 = 718 = 716 x 72 = 7 x 11 = 1(mod 19) 16 Euler Totient Function ø(n) Before presenting the Euler’s theorem. We need to introduce the important quantity in number theory complete set of residues is: 0..n-1 reduced set of residues, in which those numbers (residues) are relatively prime to n eg for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} number of elements in reduced set of residues is called the Euler Totient Function ø(n) ø(10)=4 and the set is {1,3,7,9} 17 Euler Totient Function ø(n) Some values of Euler Totient Function ø(n) 18 Euler Totient Function ø(n) In general, we need prime factorization to compute ø(n) But, we have some easy ways to get ø(n) The order of for p (p prime) ø(p) = p-1 GF(p) is p-1 for p.q (p,q prime) ø(pq)= ø(p) x ø(q) =(p-1)x(q-1) ø(pqr)!= ø(p) x ø(q) x ø(r) eg. ø(37) = 36 ø(21) = ø(3)x ø(7)= (3–1)x(7–1) = 2x6 = 12 19 Euler Totient Function ø(n) Proof of ø(n)=ø(p) x ø(q): To see ø(n)=ø(p) x ø(q), consider that the set of positive integers less than n is the set {1,…,(pq- 1)}. The integers in this set that are not relatively prime to n are the set {p,2p,…,(q-1)p} and the set {q,2q, …, (p-1)q}. (since n=pxq) Accordingly, ø(n)=(pq-1)-[ (q-1) + (p-1)] p의 배수와 q의 배수를 빼야 즉, n=p x q이므로 n과 relatively = pq – (p+q)+1 prime하지 않은걸 뺀다는 의미 = (p-1) x (q-1) = ø(p)x ø(q) 20 Euler's Theorem A generalisation of Fermat's Theorem ø(n) a = 1 (mod n) for any a,n where gcd(a,n)=1 if n is prime and gcd(a,n)=1, this is Fermat’s theorem. That is, aø(n) = an-1 = 1 (mod n) eg. a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 210 = 1024 = 1 mod 11 Alternative form of the Euler’s theorem also useful. ø(n)+1 a = a (mod n), where gcd(a,n)=1 21 Agenda Prime Numbers Fermat’s & Euler’s Theorems Carmichael Number Testing for Primality The Chinese Remainder Theorem Discrete Logarithms 22 Recap: Fermat's Little Theorem Formulation 1: If p is prime, then for every number a with 1 ≤ a <p, ap-1 1 (mod p) Formulation 2: If p is prime, then for every number a with 1 ≤ a <p, ap a (mod p) Q4-5 Easy Primality Test? Is N prime? "composite" Pick some a with 1 < a < N means "not prime" N-1 Is a 1 (mod N)? If so, N is prime; if not, N is composite Nice try, but… Fermat's Little Theorem is not an "if and only if" condition.