MST Number Theory and Cryptography Paul Yiu Department of Mathematics Florida Atlantic University Fall 2008 (Revised 2014) Chapters 1-30 Contents 1 Euclidean Algorithm and Linear Diophantine Equations 101 1.1 Euclidean algorithm and gcd ....................101 1.2 gcd(a, b) as an integer combination of a and b............102 1.3 Linear Diophantine equations ....................103 1.4 Exercises ...............................103 2 Representation of integers in base b 105 2.1 Representation in a given base ....................105 2.2 Binary expansions . ....................105 2.2.1 Calculation of high powers by repeated squaring . ....105 2.2.2 Parity of binomial coefficients ................106 2.3 Highest power of a prime dividing a factorial ............106 2.4 Exercises ...............................107 3 Prime Numbers 109 3.1 Infinitude of prime numbers . ....................109 3.2 The sieve of Eratosthenes . ....................109 3.3 The Fundamental Theorem of Arithmetic . ............111 3.4 The number-of-divisors function . ................112 3.5 The sum-of-divisors function ....................113 3.6 Perfect numbers ...........................113 3.7 Exercises ...............................114 4 Linear Congruences 115 4.1 The ring of residues modulo n ....................115 4.2 Simultaneous linear congruences . ................116 4.3 Exercises ...............................117 5 The Euler ϕ-function 119 5.1 Exercises ...............................120 iv CONTENTS 6 Fermat-Euler theorem 121 6.1 Primality test for Mersenne numbers . .............121 6.2 Pseudoprimes . .........................122 6.3 Exercises . .............................122 7 Pythagorean Triangles 201 7.1 Construction of Pythagorean triangles . .............201 7.2 Fermat Last Theorem for n =4 ...................202 7.3 Fermat’s construction of primitive Pythagorean triangles with con- secutive legs .............................202 8 Homogeneous quadratic equations in 3 variables 207 8.1 Pythagorean triangles revisited . .................207 8.2 Rational points on a conic . .....................208 8.3 Integer triangles with a 60◦ angle . .................208 8.4 Integer triangles with a 120◦ angle .................210 9 Heron triangles 213 9.1 The Heron formula .........................213 9.2 Heron triangles . .........................214 9.3 Construction of Heron triangles . .................214 9.4 Heron triangles with sides in arithmetic progression . .....215 9.5 Heron triangles with integer inradii .................216 10 Genealogy of Pythagorean triangles 219 10.1 Two ternary trees of rational numbers . .............219 10.2 Genealogy of Pythagorean triangles .................221 11 Polygonal numbers 225 11.1 The polygonal numbers Pk,n .....................225 11.2 The equation Pk,a + Pk,b = Pk,c ...................226 11.3 Double ruling of S ..........................226 11.4 Primitive Pythagorean triple associated with a k-gonal triple . 227 11.5 Triples of triangular numbers . .................228 11.6 k-gonal triples determined by a Pythagorean triple .........229 12 Quadratic Residues 301 12.1 Quadratic residues . .........................301 12.2 The Legendre symbol . .....................302 12.3 −1 as a quadratic residue modp ...................303 CONTENTS v 13 The law of quadratic reciprocity 305 13.1 Gauss’ lemma . ...........................305 13.2 The law of quadratic reciprocity . ................307 14 Calculation of square roots 311 14.1 Square roots modulo p ........................311 14.2 Square roots modulo an odd prime power . ............313 14.3 Squares modulo 2k ..........................313 15 Primitive roots 315 15.1 Periodicity of decimal expansions of rational numbers . ....317 16 Sums of two and four squares 319 16.1 Fermat’s two-square theorem ....................319 16.2 Representation of integers as sums of two squares . ........320 16.3 Lagrange’s four-square theorem . ................320 16.3.1 Descent . ...........................321 17 Finite continued fractions 401 17.1 Euler’s function F for finite continued fractions . ........401 17.2 Cornacchia’ algorithm for a prime as a sum of two squares ....402 18 Infinite continued fractions 405 19 Lagrange’s Theorem 409 19.1 Purely periodic continued fractions . ................409 19.2 Eventually periodic continued fractions . ............409 19.3 Reduced quadratic irrationalities . ................410 19.4 Proof of Lagrange’s theorem ....................410 20 The Pell Equation 413 20.1 The equation x2 − dy2 =1 .....................413 20.1.1 . ...............................415 20.2 The equation x2 − dy2 = −1 ....................415 20.3 The equation x2 − dy2 = c .....................416 20.4 Applications . ...........................417 21 Sums of consecutive squares 421 21.1 Sums of an odd number of consecutive squares. ........421 21.2 Even number of consecutive squares. ................423 vi CONTENTS 22 Some simple cryptosystems 501 22.1 Shift ciphers .............................501 22.2 Affine ciphers . .........................502 22.3 A matrix encryption system .....................505 23 A public key cryptosystem 509 23.1 RSA-cryptosystems .........................509 23.2 Signature . .............................510 24 Factoring integers 513 24.1 Flipping a coin over the phone . .................513 24.2 The quadratic sieve .........................514 24.3 Factoring by continued fractions . .................515 25 Elliptic Curves 601 25.1 Group law on y2 = x3 + ax2 + bx + c ...............601 25.2 The discriminant . .........................602 25.3 Points of finite order .........................604 26 Factoring Integers 2 605 26.1 Pollard’s algorithm . .........................605 26.2 Factoring with elliptic curves . .................606 27 Some examples of the use of elliptic curves 609 27.1 The congruent number problem . .................609 27.2 Pairs of isosceles triangle and rectangle with equal perimeters and equal areas . .............................610 27.3 Triangles with a median, an altitude, and an angle bisector concurrent611 28 Heron triangles and Elliptic Curves 613 28.1 The elliptic curve y2 =(x − k)2 − 4kx3 ..............613 28.1.1 Proof of Theorem 28.1 . .................616 29 The ring of Gaussian integers 701 29.1 The ring Z[i] .............................701 29.1.1 Norm and units . .....................701 29.1.2 Gaussian primes . .....................701 29.2 An alternative proof of Fermat’s two-square theorem . .....703 30 Construction of indecomposable Heron triangles 705 30.1 Primitive Heron triangles . .....................705 30.1.1 Triple of simplifying factors .................706 30.1.2 Decomposition of Heron triangles . .............707 CONTENTS vii 30.2 Gaussian integers . ....................708 30.2.1 Heron triangles and Gaussian integers ............708 30.3 Orthocentric Quadrangles . ....................710 30.4 Indecomposable primitive Heron triangles . ............711 30.4.1 Construction of Heron triangles with given simplifying factors712 Chapter 1 Euclidean Algorithm and Linear Diophantine Equations 1.1 Euclidean algorithm and gcd The greatest common divisor (gcd) of two positive integers can be found without factorization of the integers, instead by a simple application of the Euclidean algo- rithm. Theorem 1.1 (Euclidean algorithm). Given integers a and b =0 , there are unique integers q and r satisfying a = bq + r, 0 ≤ r<|b|. (1.1) If r =0, we say that a is divisible by b, or simply that b divides a, and write b|a. Suppose a = bq + c for integers a, b, c, and q (with q nonzero). It is easy to see that every common divisor of a and b is a common divisor of b and c, and conversely. Denote by gcd(a, b) the greatest element of the (nonempty) set of common divisors of a and b. Clearly, if b|a, then gcd(a, b)=b. In general, from (1.1), we have gcd(a, b)=gcd(b, r). These observations lead to a straightforward calculation of the gcd of two numbers. To be systematic, we write a = r−1 and b = r0 (assumed positive). r−1 =r0q0 + r1, 0 ≤ r1 <r0, r0 =r1q1 + r2, 0 ≤ r2 <r1, r1 =r2q2 + r3, 0 ≤ r3 <r2, r2 =r3q3 + r4, 0 ≤ r4 <r3, . This division process eventually terminates since the remainders are decreasing, namely, r−1 >r0 >r1 >r2 > ··· 102 Euclidean Algorithm and Linear Diophantine Equations and yet remain nonnegative. In other words, some rn divides the preceding rn−1 (and leaves a remainder rn+1 =0). rn−2 =rn−1qn−1 + rn, 0 ≤ rn <rn−1, rn−1 =rnqn. From these, rn =gcd(rn−1,rn)=gcd(rn−2,rn−1)=···=gcd(r−1,r0)=gcd(a, b). 1.2 gcd(a, b) as an integer combination of a and b. The above calculation of gcd(a, b) can be retraced to give gcd(a, b) as an integer combination of a and b. Here is a more efficient way to obtain such an expression. In the table below, the integers xk and yk are obtained from qk−1 in the same way as rk, beginning with (x−1,x0)=(1, 0) and (y−1,y0)=(0, 1): xk =xk−2 − qk−1xk−1,x−1 =1,x0 =0; yk =yk−2 − qk−1yk−1,y−1 =0,y0 =1. k qk rk xk yk −1 a 1 0 0 q0 b 0 1 1 q1 r1 x1 y1 . n − 1 qn−1 rn−1 xn−1 yn−1 n qn rn xn yn n +1 qn+1 0 In each of these steps, rk = axk + byk. In particular, gcd(a, b)=rn = axn + byn. It can be proved that |xn| <band |yn| <a. Theorem 1.2. Let p be a prime number. For every integer a not divisible by p, there exists an integer b such that ab − 1 is divisible by p. Proof. If a is not divisible by the prime number p, then gcd(a, p)=1. There are integers b and c such that ab + pc =1. It is clear that ab − 1 is divisible by p. 1.3 Linear Diophantine equations 103 1.3 Linear Diophantine equations Theorem 1.3. Let a, b, c be integers, a and b nonzero. Consider the linear Dio- phantine equation ax + by = c. (1.2) 1. The equation (1.2) is solvable in integers if and only if d := gcd(a, b) divides c. 2. If (x, y)=(x0,y0) is a particular solution of (1.2), then every integer solu- tion is of the form b a x = x + t, y = y − t, 0 d 0 d where t is an integer. 3. For c =gcd(a, b), a particular solution (x, y)=(x0,y0) of (1.2) can be found such that |x0| < |b| and |y0| < |a|.