1 / 36

Chapter 2 Introduction to Number Theory and Its applications

Chapter 2 Introduction to Number Theory and Its applications. Cheng-Chia Chen October 2002. outline. Division Prime Gcd and Lcm Modular Arithmetic Chinese Remainder Theorem Fermat’s little theorem The RSA algorithm. Division. Def: a,b  Z with a ≠ 0.

juliet
Download Presentation

Chapter 2 Introduction to Number Theory and Its applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 2Introduction to NumberTheory and Its applications Cheng-Chia Chen October 2002

  2. outline • Division • Prime • Gcd and Lcm • Modular Arithmetic • Chinese Remainder Theorem • Fermat’s little theorem • The RSA algorithm

  3. Division Def: a,b Z with a ≠ 0. • We say a divides b (written a | b) if 9k Z s.t. b = ka • a | b => • a is a factor (or divisor) of b and • b is a multiple of a. • Ex: • 3 | 12 ( * 12 = 4 x 3 ) • -4 | 8, • 13 | 0 (0 = 0 x 13) • 3 - 7

  4. Properties of | • a | b /\ a |c ) a | b + c • a | b ) a | bc for all c Z • | is reflexive ( a | a for all a Z ) • | is transitive ( a | b /\ b | c ) a | c ) • pf: a | b /\ b | c ) • b = k1 a and c = k2 b for some k1, k2Z • ) c = k2 (k1 a) = (k1 k2) a • | is antisymmetric ( a | b /\ b | a ) a = b) • Any relation satisfying 3,4,5 is called a partial order

  5. Primes • An integer p > 1 is said to be prime if •  n N+ ( p | n ! ( n = 1 \/ n = p ). • I.e., the only positive factors of p are 1 and p. • p > 1 is not prime => P is composite. • Examples: • 7 is prime • primes < 20 include : 2,3,5,7,11,13,17,19.

  6. The fundamental theorem of arithmetic (FTA) • n N+ > 1, there exists a unique increasing sequence of primes p1 ≤ p2 ≤ … ≤ pk ( k ≥ 0) s.t. n = p1 x p2 … x pk. • Ex: • 100 = 2 x 2 x 5 x 5 • 99 = 3 x 3 x 3 x 37.

  7. Proof of FTA • ( Existence) by Math Ind. • Basis: n = 1, 2 ok. • Ind. n = i + 1. • if n is prime, then n = p1, where p1 = n and k = 1 ). • if n is not prime then n = n1 x n2 with n1,n2 < n. • => by ind. hyp. n1 = q1 x q2 … x qt • n2 = r1 x r2 … rs • => n = n1 x n2 = q1 x … x qt x r1 x … x rs. • => n = p1 x … x ps+t. where p1,…,ps+t is an increasing reordering of q1,…,qt and r1,…,rt. • Uniqueness: • let n = p1 x … x pk x q1 x … x qs • = p1 x … x pk x r1 x … x rt where q1 ≠ r1 • => n – n = p1 x … x pk x (q1 x … x qt – r1 x … rt) • ≠ 0 ( a contradiction !!).

  8. Theorem 3 • If n is composite => 9 a ≤ s.t. a | n. pf: n is composite => n = p x q with p, q > 1. if p > /\ q > => p q > = n. a contradiction Hence n must have a factor ≤ Example: 101 is a prime. pf: x y = 10. But no prime ≤ 10 is a factor of 101.

  9. The division algorithm • a Z, d N+ i q,r s.t. a = qd + r where 0 ≤ r < d. Def: if a = dq + r Then • d is called the divisor(除數) • a : dividend(被除數) • q: quotient(商數) • r: remainder(餘數) • Examples: • 101 = 11 ∙ 9 + 2 • -11 = -4 ∙ 3 + 1 • Note: d | a iff r = 0.

  10. Proof of the division algorithm Consider the sequence : … a-3d, a-2d, a-d, a, a-(-d), a-(-2d), a-(-3d), … • Let r = a – qd be the smallest nonnegative number in the sequence. 1. since the sequence is strictly increasing toward infinity such q (and r) must exist and unique. 2. if r ≥ d  r’ =r-d =a – (q+1) d ≥ 0 is another nonnegative number in the sequence smaller than r. That’s a contradiction. Hence r must < d. QED

  11. gcd and lcm • a,b Z, ab ≠ 0. if d | a and d | b  d is a common divisor of a and b. • gcd(a,b) =def the greatest common divisor of a and b. Note: The set cd = {x > 0 |, x | a and x | b} is a finite subset of N+ (∵ {1}  cd  {1,… min(a,b)}  gcd(a,b) must exist. • Example: • gcd(24,36) = ? • factors of 24 : 1,2,3,4,6,12,24 • factors of 36: 1,2,3,4,6,9,12,18,36 •  cd(24,36) = {1,2,3,4,6,12} •  gcd(24,36) = 12.

  12. Relatively prime • If gcd(a,b) = 1 we say a and b are relatively prime(r.p.). • Ex: gcd(17,22) = 1. • a1,a2,…an are pairwise r.p. if gcd(ai,aj) = 1 for all 1 ≤ i < j ≤ n. • Ex: • 10,17,21 are p.r.p. • 10,19,24 are not p.r.p since gcd(10,24) = 2. • Proposition 1: If a = p1x1 p2x2 … pnxn , b = p1y1 p2y2 … pnyn, where p1 < p2 …< pn are primes and all xi, yj ≥ 0, then gcd(a,b) = s =def p1z1 p2z2 … pnzn where zi = min(xi,yi) for all 0 ≤ i ≤ n.

  13. The proof 1. s  cd(a,b). • what are the quotients of a and b when divided by s ? 2. t t  cd(a,b)  t = p1d1 p2d2 … pndn for some d1,…dn with di ≤ xi , di ≤ yi ,and di ≤ zi. • Ex: • 120 = 23 ∙31 ∙51 • 500 = 22 ∙53 •  gcd(120,500) = 22 ∙30 ∙51 = 20

  14. lcm ( least common multiplier) • a,b Z cN+ if a|c and b|c  d is a common multiplier of a and b. • lcm(a,b) =def the least common multiplier of a and b. Note: The set cm = {x > 0 |, a|x and b|x} ≠ ∅ (∵ { a∙b}  cm  lcm(a,b) must exist. Proposition 2: If a = p1x1 p2x2 … pnxn , b = p1y1 p2y2 … pnyn, where p1 < p2 …< pn are primes and all xi, yj ≥ 0, then lcd(a,b) = t =def p1z1 p2z2 … pnzn where zi = max(xi,yi) for all 0 ≤ i ≤ n. Theorem 5: gcd(a,b) ∙ lcm(a,b) = a b.

  15. Modular Arithmetic Def 8: m N+, a Z. a mod m =def the remainder of a when divided by m. • Ex: • 17 mod 5 = 2 • -133 mod 9 = 2. Def 9: a,b Z, m N+. a ≡ b (mod m) means m | (a-b). • i.e., a and b have the same remainder when divided by m. • i.e., a mod m = b mod m • we say a is congruent to b (module m). • Ex: • 17 ≡ 5 (mod 6) ? • 24 ≡ 14 (mod 6) ?

  16. Properties of congruence Theorem 6:a ≡ b (mod m) iff a = km + b for some k Z. pf: a ≡ b (mod m)  (a-b) = km  a = km + b. Theorem 7:If m > 0, a ≡ b (mod m) and c ≡ d (mod m), then (1) a + c ≡ b + d (mod m) (2) ac ≡ bd (mod m). pf: By the premise, a = km + b and c = sm + d for some k,s.  a + c = (b + d) + (k + s) m and ac = bd + (kd + sb + skm) m  (1) and (2) hold. Ex: 7 ≡ 2 (mod 5), 11 ≡ 1 (mod 5)  18 ≡ 3 and 77 ≡ 2.

  17. The Euclidean Algorithm Lemma 1: a = bq + r  gcd(a,b) = gcd(b,r). pf: it suffices to show that cd(a,b) = cd(b,r). But • d|a /\ d | b  d | (a-bq) = r, and • d | b /\ d | r  d | bq + r = a. Hence cd(a,b) = cd(b,r). Note: if a = bq + 0  gcd(a,b) = gcd(b,0) = b. • A simple algorithm: gcd(a,b) // a ≥ b ≥ 0. if (b == 0) return a; else return gcd(b, a mod b); Note: this algorithm is very efficient.

  18. gcd(662, 414) = ? ∴ gcd(662,414) = gcd(414,248) = … = gcd(2,0) = 2.

  19. Theorem 1 • a ≥ b ≥ 0  gcd(a,b) = sa + tb for some s,t Z. • i.e., gcd(a,b) is a linear combination of a and b. Pf: By induction on b. Basis: b = 0.  gcd(a,b) = a = 1 ∙ a + 0 ∙ b. Inductive case: b > 0. case1: b | a  gcd(a,b) = b = 0 a + 1 b. case2: b ∤ a  gcd(a,b) = gcd(b,r) where 0 ≤ r = mod(a,b) < b. By I.H. gcd(b,r) = sb + t r. But r = a - bq ∴ gcd(a,b) = gcd(b,r) = sb + tr = sb + t(a – bq) = t a + (s – qt) b. QED

  20. Example • gcd(252, 198) = 18 = ___∙ 252 + ___ ∙ 198. Sol: Exercise: Let L(a,b) = {sa + tb | s,t Z } is the set of all linear combinations of a and b. Show that gcd(a,b) = the smallest positive number of L(a,b). Hint: 1. By Induction 2. L(a,b) = L(b,r) if a = bq + r.

  21. Lemma 1 and Lemma 2 Lemma 1:gcd(a,b) = 1 /\ a | bc  a | c. pf: gcd(a,b) = 1  1 = sa + tb for some s,t Z  c = sac + tbc = sac + tka ∵ a | bc = (sc + tk) ∙ a ∴ a | c. Lemma 2’: p : prime /\ p ∤ a  gcd(p,a) = 1. Pf: cd(p,a)  factors of p = {1,p}. but p is not a factor of a. Hence gcd(p,a) = 1. Lemma 2: p : prime /\ p | a1 a 2 … an p | ai for some i. Pf: By ind. on n. Basis: n = 1. trivial. Ind. case: n = k + 1. p | a1 a 2 … ak a k+1. If p | a1 we are done. O/W p ∤ a1 and gcd(p, a1) = 1 by lem2’. By Lem 1 : p | ( a 2 … ak+1 )  p | ai for some 2 ≤ i ≤ k+1 by IH.

  22. Uniqueness of FTA Pf: Suppose  two distinct sequences p1 , … , ps and q1 , … , qt with n = p1 x … x ps = q1 x … x qt Removing all common primes on both sides : m =def pi1 x … piu = qj1x … x qjv where pi ≠ qj for all pi and qj.  pi1 | m = qj1x … x qjv  pi1 | qj for some j ( a contradiction!!).

  23. Theorem 2 m > 0 /\ ac ≡ bc (mod m) /\ gcd(m,c) = 1  a ≡ b (mod m). Pf: ac ≡ bc (mod m)  m | (ac – bc) = (a – b) c. ∵ gcd(m,c) = 1 ∴ m | (a – b) ∴ a ≡ b (mod m).

  24. Linear Congruence Ex: Find all x such that 7 x ≡ 2 (mod 5). Def: Equations of the form ax ≡ b (mod m) are called linear congruence equations. Def: Given (a,m), any integer a’ satisfying the condition: a a’ ≡ 1 (mod m) is called the inverse of a(mod m). Proposition:a a’ ≡ 1 (mod m)  x = a’ b + km is the general solution of the congruence equation ax ≡ b (mod m) Pf: 1. a’b + km is a solution for any k Z. 2. y is a solution  ay ≡ b (mod m) => y ≡ a’b (mod m) => m | (y – a’b)  y = a’b + k’ m for some k.

  25. Theorem 3 • m > 0, gcd(a,m) = 1. Then  bZ s.t. • 1. ab ≡ 1 (mod m) • 2. if ab ≡ ac [≡ 1]  b ≡ c (mod m). Pf: 1. gcd(a,m) = 1. Then  b,t with ba + tm =1. since m | ba –1 and hence ab ≡ 1 (mod m). 2. Direct from Theorem 2. Note: Theorem 3 means That the inverse of a mod m uniquely exists (and hence is well defined) if a and m are relatively prime.

  26. Examples Ex: Find a s.t. 3a ≡ 1 (mod 7). Sol: since gcd(3,7) = 1. the inverse of 3 (mod 7) exists and can be computed by the Euclidean algorithm: 7 = 3 X 2 + 1  1 = 7 + 3 (-2).  3 (-2 ) ≡ 1 (mod 7)  a = -2 + 7k for all k Z. EX: Find all solutions of 3x ≡ 4 (mod 7). Sol: -2 is an inverse of 3 (mod 7). Hence x = 4 (-2) + 7k where k Z are all solutions of x.

  27. The Chinese Remainder Theorem • EX: Find all integer x satisfying the equations simultaneously: • x ≡ 2 (mod 3) • x ≡ 3 (mod 5) • x ≡ 2 (mod 7) • Theorem 4: m1,m2,…,mn : pairwise relatively prime. The system of congruence equations: • x ≡ a1 (mod m1) • x ≡ a2 (mod m2) • … • x ≡ an (mod mn) • has a unique solution modulo m = m1 m2 … mn.

  28. Proof of the Chinese remainder theorem Pf: Let Mk = m / mk for 1 ≤ k ≤ n. Note: 1. gcd(mk, Mk) = 1 and 2. mi | Mk if i ≠ k. Hence  s, yk s.t. s mk + yk Mk = 1. Hence yk is an inverse of Mk mod mk. Now Mk yk ≡ 1 (mod mk) and Mk yk ≡ 0 (mod mj) for all j ≠ k. Let x = a1 M1 y1 + … + an Mn yn then x ≡ a1 M1 y1 + … + an Mn yn ≡ ak Mk yk ≡ ak (mod mk) for all 1 ≤ k ≤ n.

  29. Proof of the uniqueness part If x and y satisfying the equations, then x-y ≡ 0 (mod mk) for all k = 1..n. =>  s1,…,sn with x-y = s1 m1 = … = sn mn. since gcd(mi, mk) = 1 for all i ≠ k and mk | s1 m1, we have mk | s1 for all k ≠ 1. Hence s1 is a multiple of m2 m3 … mn and x-y = s1 m1 is a multiple of m = m1 m2 … mk. Hence x ≡ y (mod m). QED

  30. Example • Find x ≡ (2,3,2) (mod (3,5,7)) respectively. • Sol:

  31. Fermat’s little theorem • p: prime, a N. Then 1. if (p - a) then a p-1 ≡ 1 (mod p). Moreover, 2. for all a, ap ≡ a (mod p). Ex: 1. p = 17, a = 2  216 = 65536 = 3855 x 17 + 1  216 ≡ 1 (mod 17). 2. p = 3, a = 20  203 – 20 = 8000 –20 = 7980 is a multiple of 3. Hence 203 ≡ 20 (mod 3).

  32. Proof of Fermat’s little theorem Lemma:1≤i<j≤p-1, ia ≢ ja (mod p) and ia ≢ 0 (mod p). Pf: ia ≡ ja (mod p)  p | (j-i) a. Since p - a, p |(j-i). But 0 < j-i < p, p - (j-i), a contradiction. 1. Note the above lemma means ia and ja have different remainders when divided by p. Hence a x 2a x … (p-1) a ≡ 1 x 2 … x (p-1) = (p-1)! (mod p)  (p-1)! ap-1 ≡ (p-1) ! (mod p). Then p | (p-1)! (a p-1 –1). ∵ p - (p-1)!, p | ap-1 –1, and hence a p-1 ≡ 1 (mod p). 2. if p | a  p | a (ap-1–1) = ap – a  ap ≡ a (mod p). if p - a  ap-1 ≡ 1 (mod p)  ap ≡ a (mod p).

  33. public key Encryption (加密) Decryption (解密) M C cipher text M’ (plain text) Public key encryption and RSA private key • Public key can be known to the public • Private key is kept secret.

  34. The RSA algorithm • p.q: two large primes ( > 200 digits, 1024 digits recommended now), • n = pq • e = any number with gcd(e, (p-1)(q-1)) = 1. • d = inverse of e (mod (p-1)(q-1)). (i.e., de ≡ 1 (mod (p-1)(q-1)))  public key = (n,e) private key = (n,d) note : public and private keys are symmetric. C = Me (mod n) and M’ = Cd (mod n). Theorem : M’ ≡ M (mod n).

  35. Proof of the correctness of the RSA algorithm • M’ = Cd ≡ (Me)d ≡ Mde ≡ M1 +k(p-1)(q-1) (mod n) [∵ de ≡ 1 (mod (p-1)(q-1)) ] Assume gcd(M,p) = gcd(M,q) = 1. (i.e., p - M and q - M its probability is (p-1)(q-1)/pq ≈ 1. or we can let M < min(p,q)). Then Cd = M ∙ (M(p-1))k(q-1) ≡ M ∙ 1 k(q-1) (mod p) = M ∙ (M(q-1))k(p-1) ≡ M ∙ 1 k(p-1) (mod q) ( by Fermat’s little theorem)  M’ = Cd ≡ M (mod n). ∵ Cd-M is a multiple of p and q

  36. Example p = 43, q = 59  n = pq = 43 ∙ 59 = 2537. choose e = 13 with gcd(13, (43-1)(59-1)=2436)=1. d = 937 is an inverse of 13 mod 2436. 1. To transmit ‘STOP’=1819 1415 : 2 blocks of length 4.  181913 mod 2537 = 2081, 141513 mod 2537 = 2182  C = 2081 2182. 2. Receive 0981 0461  M’1 = 0981937 (mod 2537) =0704 M’2 = 0461937 (mod 2537) = 1115  M’ = 0704 1115 = ‘HELP’.

More Related