CSE 311 Lecture 15: Modular Exponentiation and Induction Emina Torlak and Kevin Zatloukal 1 Topics Modular equations A quick review of Lecture 14. Modular exponentiation k A fast algorithm for computing a mod m. Mathematical induction A method for proving statements about all natural numbers. Using induction Using induction in formal and English proofs. Example proofs by induction Example proofs about sums and divisibility. 2 Modular equations A quick review of Lecture 14. 3 Bézout’s theorem and multiplicative inverses Bézout’s theorem If a and b are positive integers, then there exist integers s and t such that GCD(a, b) = sa + tb. We can compute s and t using the extended Euclidean algorithm. If GCD(a, m) = 1, then s mod m is the multiplicative inverse of a modulo m: 1 = (sa + tm) mod m = sa mod m, so we have sa ≡ 1 (mod m). These inverses let us solve modular equations. 4 Using multiplicative inverses to solve modular equations Solve: 7x ≡ 1 (mod 26) 5 Using multiplicative inverses to solve modular equations Solve: 7x ≡ 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 5 Using multiplicative inverses to solve modular equations Solve: 7x ≡ 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 Solve the equations for r in the tableau. a = q ∗ b + r r = a − q ∗ b 26 = 3 ∗ 7 + 5 5 = 26 − 3 ∗ 7 7 = 1 ∗ 5 + 2 2 = 7 − 1 ∗ 5 5 = 2 ∗ 2 + 1 1 = 5 − 2 ∗ 2 5 Using multiplicative inverses to solve modular equations Solve: 7x ≡ 1 (mod 26) Compute GCD and keep the tableau. Back substitute the equations for r. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) 1 = 5 − 2 ∗ (7 − 1 ∗ 5) = GCD(2, 1) = GCD(1, 0) = (− 2) ∗ 7 + 3 ∗ 5 = 1 = (− 2) ∗ 7 + 3 ∗ (26 − 3 ∗ 7) Solve the equations for r in the tableau. = 3 ∗ 26 + (− 11) ∗ 7 a = q ∗ b + r r = a − q ∗ b 26 = 3 ∗ 7 + 5 5 = 26 − 3 ∗ 7 7 = 1 ∗ 5 + 2 2 = 7 − 1 ∗ 5 5 = 2 ∗ 2 + 1 1 = 5 − 2 ∗ 2 5 Using multiplicative inverses to solve modular equations Solve: 7x ≡ 1 (mod 26) Compute GCD and keep the tableau. Back substitute the equations for r. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) 1 = 5 − 2 ∗ (7 − 1 ∗ 5) = GCD(2, 1) = GCD(1, 0) = (− 2) ∗ 7 + 3 ∗ 5 = 1 = (− 2) ∗ 7 + 3 ∗ (26 − 3 ∗ 7) Solve the equations for r in the tableau. = 3 ∗ 26 + (− 11) ∗ 7 Solve for x. a = q ∗ b + r r = a − q ∗ b 26 = 3 ∗ 7 + 5 5 = 26 − 3 ∗ 7 Multiplicative inverse of 7 mod 26 7 = 1 ∗ 5 + 2 2 = 7 − 1 ∗ 5 (− 11) mod 26 = 15 5 = 2 ∗ 2 + 1 1 = 5 − 2 ∗ 2 So, x = 26k + 15 for k ∈ ℤ. 5 Solving a more general equation Solve: 7y ≡ 3 (mod 26) 6 Solving a more general equation Solve: 7y ≡ 3 (mod 26) We computed that 15 is the multiplicative inverse of 7 modulo 26: That is, 7 ∗ 15 ≡ 1 (mod 26). 6 Solving a more general equation Solve: 7y ≡ 3 (mod 26) We computed that 15 is the multiplicative inverse of 7 modulo 26: That is, 7 ∗ 15 ≡ 1 (mod 26). By the multiplication property of mod, we have That is, 7 ∗ 15 ∗ 3 ≡ 1 ∗ 3 (mod 26). 6 Solving a more general equation Solve: 7y ≡ 3 (mod 26) We computed that 15 is the multiplicative inverse of 7 modulo 26: That is, 7 ∗ 15 ≡ 1 (mod 26). By the multiplication property of mod, we have That is, 7 ∗ 15 ∗ 3 ≡ 1 ∗ 3 (mod 26). So, any y ≡ 15 ∗ 3 (mod 26) is a solution. That is, y = 19 + 26k for any k ∈ ℤ is a solution. 6 A useful proof technique based on modular equations Suppose that x, y ∈ ℤ and (x, y) satisfies linear equations ax + by = c and dx + ey = f , where a, b, c, d, e, f are integer coefficients. Then (x, y) also satisfies the corresponding equations mod m > 0 ∈ ℤ: ax + by ≡ c (mod m) and dx + ey ≡ f (mod m). 7 A useful proof technique based on modular equations Suppose that x, y ∈ ℤ and (x, y) satisfies linear equations ax + by = c and dx + ey = f , where a, b, c, d, e, f are integer coefficients. Then (x, y) also satisfies the corresponding equations mod m > 0 ∈ ℤ: ax + by ≡ c (mod m) and dx + ey ≡ f (mod m). The reverse doesn’t hold. Can you think of a counterexample? 7 A useful proof technique based on modular equations Suppose that x, y ∈ ℤ and (x, y) satisfies linear equations ax + by = c and dx + ey = f , where a, b, c, d, e, f are integer coefficients. Then (x, y) also satisfies the corresponding equations mod m > 0 ∈ ℤ: ax + by ≡ c (mod m) and dx + ey ≡ f (mod m). The reverse doesn’t hold. Can you think of a counterexample? (0, 0) is a solution to x + y ≡ 2 (mod 2) and 2x + 2y ≡ 4 (mod 2). But it’s not a solution to x + y = 2 and 2x + 2y = 4. 7 A useful proof technique based on modular equations Suppose that x, y ∈ ℤ and (x, y) satisfies linear equations ax + by = c and dx + ey = f , where a, b, c, d, e, f are integer coefficients. Then (x, y) also satisfies the corresponding equations mod m > 0 ∈ ℤ: ax + by ≡ c (mod m) and dx + ey ≡ f (mod m). The reverse doesn’t hold. Can you think of a counterexample? (0, 0) is a solution to x + y ≡ 2 (mod 2) and 2x + 2y ≡ 4 (mod 2). But it’s not a solution to x + y = 2 and 2x + 2y = 4. The contrapositive is a useful proof technique: You can prove that a system of linear equations with integer coefficients has no integer solutions by showing that those equations modulo m have no solutions. 7 Modular exponentiation k A fast algorithm for computing a mod m. 8 k The modular exponentiation problem: a mod m 81453 How would you compute 78365 mod 104729? 9 k The modular exponentiation problem: a mod m 81453 How would you compute 78365 mod 104729? Naive approach First compute 7836581453 . Then take the result modulo 104729. 9 k The modular exponentiation problem: a mod m 81453 How would you compute 78365 mod 104729? Naive approach First compute 7836581453 . Then take the result modulo 104729. This works but is very inefficient … The intermediate result 7836581453 is a 1,324,257-bit number! But we only need the remainder mod 104,729, which is 17 bits. 9 k The modular exponentiation problem: a mod m 81453 How would you compute 78365 mod 104729? Naive approach First compute 7836581453 . Then take the result modulo 104729. This works but is very inefficient … The intermediate result 7836581453 is a 1,324,257-bit number! But we only need the remainder mod 104,729, which is 17 bits. To keep the intermediate results small, we use fast modular exponentiation. 9 k i Repeated squaring: a mod m for k = 2 If k = 2i , we can compute ak mod m in just i steps. Note that a mod m ≡ a (mod m) and b mod m ≡ b (mod m). So, we have ab mod m = ((a mod m)(b mod m)) mod m. 10 k i Repeated squaring: a mod m for k = 2 If k = 2i , we can compute ak mod m in just i steps. Note that a mod m ≡ a (mod m) and b mod m ≡ b (mod m). So, we have ab mod m = ((a mod m)(b mod m)) mod m. For example: 2 2 a mod m = (a mod m) mod m 4 2 2 a mod m = (a mod m) mod m 8 4 2 a mod m = (a mod m) mod m 16 8 2 a mod m = (a mod m) mod m 32 16 2 a mod m = (a mod m) mod m 10 k i Repeated squaring: a mod m for k = 2 If k = 2i , we can compute ak mod m in just i steps. Note that a mod m ≡ a (mod m) and b mod m ≡ b (mod m). So, we have ab mod m = ((a mod m)(b mod m)) mod m. For example: What if k is not a power of 2? 2 2 a mod m = (a mod m) mod m 4 2 2 a mod m = (a mod m) mod m 8 4 2 a mod m = (a mod m) mod m 16 8 2 a mod m = (a mod m) mod m 32 16 2 a mod m = (a mod m) mod m 10 k Fast exponentiation: a mod m for all k Note that 81453 is 10011111000101101 in binary. 81453 = 216 + 213 + 212 + 211 + 210 + 29 + 25 + 23 + 22 + 20 16 13 12 11 10 9 5 3 2 0 a81453 = a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 11 k Fast exponentiation: a mod m for all k Note that 81453 is 10011111000101101 in binary. 81453 = 216 + 213 + 212 + 211 + 210 + 29 + 25 + 23 + 22 + 20 16 13 12 11 10 9 5 3 2 0 a81453 = a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 ∗ a2 81453 216 a mod m = ((((((((((a mod m ∗ 213 a mod m) mod m ∗ 212 a mod m) mod m ∗ 211 a mod m) mod m ∗ 210 a mod m) mod m ∗ 29 a mod m) mod m ∗ 25 a mod m) mod m ∗ 23 a mod m) mod m ∗ 22 a mod m) mod m ∗ 20 a mod m) mod m) 11 k Fast exponentiation: a mod m for all k Note that 81453 is 10011111000101101 in binary.