Códigos y Criptografía

Códigos y Criptografía Francisco Rodríguez Henríquez CINVESTAV e-mail: francisco@cs.cinvestav.mx

Number Theory: Some definitions and Theorems

The set of integers {…, -3, -2, -1, 0, 1, 2, 3, …} is denoted by the symbol Z. Let a, b be integers. Then a divides b if there exists an integer c such that b = ac. If a divides b, then it is denoted by a|b. Examples: -3|18, since 18 = (-3)(-6); any integer a divides 0, a|0, since 0 = (a)(0). Definitions

Definition (division algorithm for integers) If a and b are integers with b≥1, then ordinary long division of a by b yields integers q (the quotient) and r (the remainder) such that a = qb+r, where 0 ≤ r <b Moreover, q and r are unique. The remainder of the division is denoted a mod b, and the quotient is denoted a div b. Definition An integer c is a common divisor of a and b if c|a and c|b. Definitions: division for integers

Definition Anon-negative integer d is the greatest common divisor of integers a and b, namely d = gcd(a, b), if d is a common divisor of a and b; and Whenever c|a and c|b, then c|d. Equivalently, gcd(a, b) is the largest positive integer that divides both a and b, with the exception that gcd(0,0) = 0. Definition Two integers a and b are said to be relativelyprime or coprime if gcd(a, b)=1 DefinitionAn integer p≥2 is said to be prime if its only positive divisor are 1 and p. Otherwise, p is called composite. Definitions: gcd

Definition Anon-negative integer d is the least common multiple of integers a and b, namely d = lcm(a, b), if a|d is and b|d; and Whenever a|c and b|c, then d|c. Equivalently, lcm(a, b) is the smallest positive integer divisible by both a and b. Fact If a and b are positive integers, then lcm(a, b)=a*b/gcd(a, b). Definitions: lcm

Definitions: Prime Numbers DefinitionAn integer p≥2 is said to be prime if its only positive divisor are 1 and p. Otherwise, p is called composite. Fact If p is prime and p|ab, then either p|a or p|b or both. (is it true if p is composite?). Fact There are an infinite number of prime numbers (how can we prove it?) Fact (prime number theorem) Let (x) denote the number of prime numbers ≤ x. Then

Definitions: Prime Numbers Fact (upper and lower bounds for (x)). Let (x) denote the number of prime numbers ≤ x. Then for x≥17 and for x > 1,

Fundamental Theorem of Arithmetic • Every integer n ≥ 2 has a factorization as a product of prime powers: • Where the pi are distinct primes, and the ei are positive integers. Furthermore, the factorization is unique up to the rearrangement of factors.

Fundamental Theorem of Arithmetic • Proof:existence [sketch] Suppose there exist positive integers that are not product of primes. Let n be the smallest such integer. Then n cannot be 1 or a prime, so n must be composite. Therefore n = ab with 1 < a, b < n. Since n is the smallest positive integer that is not a product of primes, both a and b are product of primes. But a product of primes times a product of primes is a product of primes, so n = ab is a product of primes. Therefore, every positive integer is a product of primes.

Fundamental Theorem of Arithmetic • Proof:uniqueness [sketch] If p is a prime and p divides a product of integers ab, then either p|a or p|b (or both!), (is this statement true for composite numbers?). Suppose that an integer n can be written as a product of primes in two different ways: • If a prime occurs in both factorizations divide both sides by it to obtain a shorter relation. Now take a prime that occurs on the left side, say p1. Since p1 divides n then it must divide one of the factors of the right side, say qj. But since p1 is prime, we are forced to write p1= qj, which is a contradiction with the original hyphotesis.

Prime Numbers: How many? Fact There are an infinite number of prime numbers (how can we prove it?) Euclid did it! But how? Should we have a quizz???? Hint: Follow the same line of reasoning used for FTA… Any idea???

Fundamental Theorem of Arithmetic • Fact If where each ei≥ 0 and fi≥ 0, then

Fundamental Theorem of Arithmetic Example: Let a = 4864 = 2819, b = 3458 = 2 7 13 19. Then gcd(4864, 3458) = 2 19 = 38 and, lcm(4864, 3458)= 287 13 19 = 442624

Definitions: Euler phi Function Definition For n≥ 1, let (n) denote the number on integers in the interval [1,n], which are relatively prime to n. The function  is called the Euler phi function (or the Euler totient function). Fact (properties of Euler phi function) • If p is a prime, then (p) = p-1. • The Euler phi function is multiplicative. That is, if gcd(m, n) = 1, then (mn) = (m)(n).

Definitions: Euler phi Function • If is the prime factorization of n, then • For all integers n ≥ 5,

m , n gcd(m,n) Fact If a and b are positive integers with a>b, then gcd(a,b)=gcd(b, a modb); gcd(m, n) x = m, y = n while(y > 0) r = x mod y x = y y = r return x Euclidean algorithm Euclidean Algorithm

Example The following are the division steps for computing gcd(4864, 3458) = 38: 4864 = 1*3458 + 1406 3458 = 2*1406 + 646 1406 = 2*646 + 114 646 = 5*114 + 76 114 = 1*76 + 38 76 = 2*38 + 0 (Which method is more efficient and why??) Euclidean algorithm

integer euclid(m, n) x = m, y = n while( y > 0) r = x mod y x = y y = r return x K + ¿?  ( O (1) + K + O (1) + O (1) ) + O (1) = ¿?  K  O(1) gcd: Computational Complexity Assuming mod operation complexity is K: Where “¿?” is the number of while-loop iterations.

Facts: (x’ = next value of x, etc. ) x can only be less than y at very beginning of algorithm –once x > y, x’ = y > y’ = x mod y When x > y, two iterations of while loop guarantee that new x is < ½ original x –because x’’ = y’ = x mod y. Two cases: y > ½ x  x mod y = x – y < ½ x y ≤ ½ x  x mod y < y ≤ ½ x gcd: Computational Complexity

(1&2) After first iteration, size of x decreases by factor > 2 every two iterations. i.e. after 2i+1 iterations, x < original_x / 2i Q: When –in terms of number of iterations i– does this process terminate? gcd: Computational Complexity

After 2i+1 steps, x < original_x / 2i A: While-loop exits when y is 0, which is right before “would have” gotten x = 0. Exiting while-loop happens when 2i > original_x, (why??) so definitely by: i =log2 (original_x) Therefore running time of algorithm is: O(2i+1) = O(i) = O (log2 (max (a, b)) ) gcd: Computational Complexity

Measuring input size in terms of n = number of digits of max(a,b): n = (log10 (max(a,b)) ) = (log2 (max(a,b)) ) Therefore running time of algorithm is: O(log2 (max(a,b)) ) = O(n) (Except fot the mod operation complexity K, which in general is operand-size dependant) A more formal derivation of the complexity of Euclidean gcd can be found in section 4.5.3, Volume II of Knuth’s “The Art of Computing Programming” gcd: Computational Complexity

Properties: By definition gcd(0, 0) = 0. gcd(u, v) = gcd(v, u) gcd(u, v) = gcd(-u, v) gcd(u, 0) = |u| gcd(u, v)w = gcd(uw, vw) if w≥0 lcm(u, v)w = lcm(uw, vw) if w≥0 uv = gcd(u, v) lcm(u, v) if u, v≥0 gcd(lcm(u, v), lcm(u, w)) = lcm(u, gcd(v, w)); lcm(gcd(u, v), gcd(u, w)) = gcd(u, lcm(v, w)) Euclidean gcd: Revisited

Binary Properties: If u and v are both even, then gcd(u, v) = 2 gcd(u/2, v/2); If u is even and v is odd, then gcd(u, v) = gcd(u/2, v); gcd(u, v) = gcd(u-v, v). If u and v are both odd, then u-v is even and |u-v| < max(u, v). Euclidean gcd Revisited

Input: u, v positive integers, such that u >v. Output: w = gcd(u, v). for (k = 0; u, v both even; k++) { u /= 2; v /= 2; }; /* [Find power of 2] */ [Initialize]if (u is odd) t =-v elset = u; [halve t]while (t is even) t /= 2; if (t > 0) u = telsev = -t; [Subtract]t = u-v. If t≠ 0 go back to 3, otherwise output w = u2k. Binary gcd algorithm

Binary gcd algorithm: Example Example find the gcd of u =40902, v = 24140. w=17*21=34

The Euclidean algorithm can be extended so that it not only yields the greatest common divisor d of two integers a and b, but also generates x and y satisfying ax +by = d. Extended Euclidean Algorithm

THM1: e has an inverse modulo N if and only if e and N are relatively prime. This will follow from the following useful fact. THM2: If a and b are positive integers, the gcd of a and b can be expressed as an integer combination of a and b. I.e., there are integers s, t for which gcd(a,b) = sa + tb Modular Inverses

Proof of THM1 using THM2: If an inverse d exists for e modulo N, we have de  1(modN) so that for some k, de = 1 +kN, so 1 = de – kN. This equation implies that any number dividing both e and N must divide 1, so must be 1, so e,N are relatively prime. Modular Inverses

On the other hand, suppose that e,N are relatively prime. Using THM2, write 1 = se + tN. Rewrite this as se = 1-tN. Evaluating both sides mod N gives se  1(modN) . Therefore s is seemingly the inverse e except that it may be in the wrong range so set d = s mod N. Modular Inverses

A constructive version of THM2 which gives s and t will give explicit inverses. This is what the extended Euclidean algorithm does. The extended Euclidean algorithm works the same as the regular Euclidean algorithm except that we keep track of more details –namely the quotient q = x/y in addition to the remainder r = x mod y. This allows us to backtrack and write the gcd(a,b) as a linear combination of a and b. Extended Euclidean Algorithm

gcd(244,117): Extended Euclidean Algorithm

gcd(244,117): Extended Euclidean Algorithm inverse of 244 modulo 117

Summary: Extended Euclidean algorithm works by keeping track of how remainder r results from dividing x by y. Last such equation gives gcd in terms of last x and y. By repeatedly inserting r into the last equation, one can get the gcd in terms of bigger and bigger values of x,y until at the very top is reached, which gives the gcd in terms of the inputs a,b. Extended Euclidean Algorithm

Extended Euclidean Algorithm Input two positive integers a and b with a ≥ b. Outputd = gcd(a, b) and integers x, y satisfying ax+by =d. • if (b = 0) { d = a; x = 1; y = 0; return(d, x, y); } • x2 = 1; x1 = 0; y2 = 0; y1 = 1. • while (b >0) { } • d = a; x = x2; y = y2; return(d, x, y); Fact: This algorithm has a Running time of O((lg n)2) bit operations.

Extended Euclidean Algorithm Example: Let a = 4864 and b = 3458. Hence gcd(a, b) = 38 and (4864)(32) + (3458) (-45) = 38.

Quizz !! • Prove that there are an infinite number of prime numbers. • Prove that e has an inverse modulo N if and only if e and N are relatively prime.

Finite fields: definitions and operations FPfinite field operations : Addition, Squaring, multiplication and inversion

What is a Group? • An Abelian group <G, +> is an abstract mathematical object consisting of a set G together with an operation * defined on pairs of elements of G, here denoted by +: • In order to qualify as an Abelian group, the operation has to fulfill the following conditions: • Closed: • Associative: • Commutative: • Neutral element: • Inverse elements:

Códigos y Criptografía

Códigos y Criptografía

Presentation Transcript

Z y g om a ti c o -M a xilla r y C omplex Fracture s

C A B A C C

c c ➝ J/ y g

C a n d y L a n d

C a n d y l a n d

H e a v y B a c k p a c k s

C A S S O W A R Y

F A N C Y

C a n d y L a n d

A x + B y = C Form: x- and y- intercepts

T h e C a y

y c bercafé

The Keynesian Framework: A Structural Model Y = C + I + G + NX C = c 0 + mpc (Y - T)

Go C r a z y

A d a y w i t h C i c c i o