Introduction to Number Theory - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Introduction to Number Theory

Description:

Introduction to Number Theory. Prime and Relative Prime Numbers. Modular Arithmetic ... If a|b and b|a, then a = b Any b 0 divides 0 ... – PowerPoint PPT presentation

Number of Views:2008
Avg rating:3.0/5.0
Slides: 36
Provided by: hyo5
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Number Theory


1
Introduction to Number Theory
  • Prime and Relative Prime Numbers
  • Modular Arithmetic
  • Fermats and Eulers Theorem
  • Testing for Primality
  • Euclids Algorithm
  • Chinese Remainder Theorem
  • Discrete Logarithms

2
Divisors
Prime and Relatively Prime Numbers
  • ba (b divides a, b is a divisor of a) if a
    kb for some k, where a, b, and k are integers,
    and b ? 0
  • If a1, then a ?1
  • If ab and ba, then a ?b
  • Any b ? 0 divides 0
  • If bg and bh, then b(mg nh) for arbitrary
    integers m and n

3
Prime Numbers
Prime and Relatively Prime Numbers
  • An integer p gt 1 is a prime number if its only
    divisors are ?1 and ?p
  • Prime Factorization
  • Any integer agt1 can be factored in a unique way
    as
  • a p1?1 p2?2 pt?t where p1 lt p2 lt lt pt
    are prime numbers and where each ?i gt 0
  • If P is the set of all prime numbers, then any
    positive integer can be written uniquely in the
    following form
  • The value of any positive integer can be
    specified by listing all nonzero exponents (ap)
  • Multiplication of two numbers is equivalent to
    adding two corresponding exponents
  • k mn ? kp mp np for all p
  • ab ? ap ? bp for all p

4
Prime and Relatively Prime Numbers
Primes Under 2000
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61
67 71 73 79 83 89 97101 103 107 109 113 127 131
137 139 149 151 157 163 167 173 179 181 191 193
197 199211 223 227 229 233 239 241 251 257 263
269 271 277 281 283 293307 311 313 317 331 337
347 349 353 359 367 373 379 383 389 397401 409
419 421 431 433 439 443 449 457 461 463 467 479
487 491 499503 509 521 523 541 547 557 563 569
571 577 587 593 599601 607 613 617 619 631 641
643 647 653 659 661 673 677 683 691701 709 719
727 733 739 743 751 757 761 769 773 787 797809
811 821 823 827 829 839 853 857 859 863 877 881
883 887907 911 919 929 937 941 947 953 967 971
977 983 991 9971009 1013 1019 1021 1031 1033
1039 1049 1051 1061 1063 1069 1087 1091 1093
10971103 1109 1117 1123 1129 1151 1153 1163 1171
1181 1187 1193 1201 1213 1217 1223 1229 1231
1237 1249 1259 1277 1279 1283 1289 1291 12971301
1303 1307 1319 1321 1327 1361 1367 1373 1381
13991409 1423 1427 1429 1433 1439 1447 1451 1453
1459 1471 1481 1483 1487 1489 1493 14991511 1523
1531 1543 1549 1553 1559 1567 1571 1579 1583 1597
1601 1607 1609 1613 1619 1621 1627 1637 1657
1663 1667 1669 1693 1697 16991709 1721 1723 1733
1741 1747 1753 1759 1777 1783 1787 17891801 1811
1823 1831 1847 1861 1867 1871 1873 1877 1879
18891901 1907 1913 1931 1933 1949 1951 1973 1979
1987 1993 1997 1999
5
Relatively Prime Numbers
Prime and Relatively Prime Numbers
  • Greatest common divisor
  • c gcd(a, b) if ca and cb and ?d that divides
    a and b dc
  • Equivalently, gcd(a, b) maxc ca and cb
  • k gcd(a, b) ? kp min(ap, bp) for all p
  • a and b are relatively prime if gcd(a, b) 1

6
Modular Arithmetic
Modular Arithmetic
  • For any integer a and positive integer n, if a is
    divided by n, the following relationship holds
  • a qn r 0 ? r ? n q ?a/n? (q quotient,
    r remainder or residue)
  • If a is an integer and n is a positive integer, a
    mod n is defined to be the remainder when a is
    divided by n
  • a ?a/n? ? n (a mod n)
  • Two integers a and b are said to be congruent
    modulo n if (a mod n) (b mod n), and this is
    written a ? b mod n
  • Properties of modulo operator
  • a ? b mod n if n(a b)
  • (a mod n) (b mod n) implies a ? b mod n
  • a ? b mod n implies b ? a mod n
  • a ? b mod n and b ? c mod n implies a ? c mod n

7
Modular Arithmetic Operations
Modular Arithmetic
  • Modulo arithmetic operation over Zn 0, 1, ,
    n-1
  • Properties
  • (a mod n) (b mod n) mod n (a b) mod n
  • (a mod n) ? (b mod n) mod n (a ? b) mod n
  • (a mod n) ? (b mod n) mod n (a ? b) mod n

8
Properties of Modular Arithmetic
Modular Arithmetic
  • Modulo arithmetic over Zn 0, 1, , n-1
    (called a set of residues of modulo n)
  • Integers modulo n with addition and
    multiplication form a commutative ring
  • Commutative laws (a b) mod n (b a) mod n
  • (a ? b) mod n (b ? a) mod n
  • Associative laws (a b) c mod n a (b
    c) mod n
  • (a ? b) ? c mod n a ? (b ? c) mod n
  • Distributive laws a ? (b c) mod n (a ? b)
    (a ? c) mod n
  • Identities (a 0) mod n a mod n
  • (a ? 1) mod n a mod n
  • Additive inverse (-a) ?a ? Zn ?b s.t. a b ? 0
    mod n
  • Multiplicative inverse (a-1) ?a (?0) ? Zn, if a
    is relative prime to n, ?b s.t. a ? b ?
    1 mod n
  • If n is not prime, Zn is a ring, but not a field
  • Zp is a field

9
Modular 7 Arithmetic
Modular Arithmetic
10
Groups, Rings, Fields
Modular Arithmetic
  • Group
  • A set of numbers with some addition operation
    whose result is also in the set (closure)
  • Obeys associative law, has an identity, has
    inverses
  • If also is commutative its an abelian group
  • Ring
  • An abelian group with a multiplication operation
    also
  • Multiplication is associative and distributive
    over addition
  • If multiplication is commutative, its a
    commutative ring
  • e.g., integers mod N for any N
  • Field
  • An abelian group for addition
  • A ring
  • An abelian group for multiplication (ignoring 0)
  • e.g., integers mod P where P is prime

11
Fermats Little Theorem
Fermats and Eulers Theorems
  • If p is prime and a is a positive integer not
    divisible by p, then
  • ap-1 ? 1 mod p
  • Proof
  • Start by listing the first p 1 positive
    multiples of a
  • a, 2a, 3a, , (p-1)a
  • Suppose that ra and sa are the same modulo p,
    then we have
  • r ? s mod p, so the p-1 multiples of a above are
    distinct and nonzero that is, they must be
    congruent to 1, 2, 3, , p-1 in some order.
    Multiply all these congruences together and we
    find
  • a ? 2a ? 3a ? ? (p-1)a ? 1 ? 2 ? 3 ? ? (p-1)
    mod p
  • or better, ap-1(p-1)! ? (p-1)! mod p. Divide
    both side by (p-1)! to complete the proof
  • Corollary
  • If p is prime and a is any positive integer, then
  • ap ? a mod p

12
Eulers Totient Function
Fermats and Eulers Theorems
  • Eulers totient function ?(n) is the number of
    positive integers less than n (including 1) and
    relatively prime to n
  • ?(p) p-1
  • ?(1) 1 (Definition)
  • Let p and q be distinct prime numbers, n pq.
    Then ?(pq) ?(p)?(q) (p-1)(q-1)
  • Proof
  • Consider Zn 0, 1, , pq-1
  • The residues not relatively prime to n are 0, p,
    2p, , (q-1)p, and q, 2q, , (p-1)q
  • So ?(pq) pq - (1 (q-1) (p-1)) pq - p - q
    1 (p-1)(q-1)

13
Fermats and Eulers Theorems
Eulers Totient Function
14
Eulers Theorem
Fermats and Eulers Theorems
  • Generalization of Fermats little theorem
  • For every a and n that are relatively
    prime, a?(n) ? 1 mod n
  • Proof
  • The proof is completely analogous to that of the
    Fermat's Theorem except that instead of the set
    of residues 1,2,...,n-1 we now consider the set
    of residues x1,x2,...,x?(n) which are
    relatively prime to n. In exactly the same manner
    as before, multiplication by a modulo n results
    in a permutation of the set x1, x2, ..., x?(n).
    Therefore, two products are congruent
  • x1x2 ... x?(n) ? (ax1)(ax2) ... (ax?(n)) mod n
  • dividing by the left-hand side proves the
    theorem.
  • Corollary
  • a?(n)1 ? a mod n

15
Eulers Theorem
Fermats and Eulers Theorems
  • Corollaries
  • Given two prime numbers, p and q, and integers n
    pq and m, with 0ltmltn,
  • m?(n)1 m(p-1)(q-1)1 ? m mod n
  • (Demonstrate the validity of the RSA
    algorithm)
  • mk?(n) ? 1 mod n
  • mk?(n)1 ? m mod n

16
Testing for Primality (Miller-Ravins)
Testing for Primality
  • Miller-Ravin primality test
  • Can be used to determine if a large number is
    prime
  • Based on the following theorem
  • If p is an odd prime, then the equation
  • x2 1 (mod p)
  • has only two solutions namely, x 1 (mod p)
    and x ?1 (mod p)
  • Proof
  • Omitted
  • If there exist solutions to x2 1 (mod n) other
    than ? 1, then n is not prime

17
Modular Exponentiation
Testing for Primality
  • An efficient way to compute ab mod n
  • Repeated squaring
  • Computes ac mod n as c is
  • increased from 0 to b
  • Each exponent computed
  • in a sequence is either twice
  • the previous exponent or
  • one more than the previous
  • exponent
  • Each iteration of the loop
  • uses one of the identities
  • a2c mod n (ac)2 mod n,
  • a2c1 mod n a ? (ac)2 mod n
  • depending on whether bi 0 or 1
  • Just after bit bi is read and processed, the
    value of c is the same as the prefix bkbk-1bi
    of the binary representation of b
  • Variable c is not needed (included just for
    explanation)
  • Modular-Exponentiation(a, b, n)
  • c ? 0
  • d ? 1
  • let bkbk-1b0 be the binary representation of b
  • for i ? k downto 0
  • do c ? 2c
  • d ? (d ? d) mod n
  • if bi 1
  • then c ? c 1
  • d ? (d ? a) mod n
  • return d

18
Modular Exponentiation - Example
Testing for Primality
  • Modular-Exponentiation(a, b, n)
  • c ? 0
  • d ? 1
  • let bkbk-1b0 be the binary representation of b
  • for i ? k downto 0
  • do c ? 2c
  • d ? (d ? d) mod n
  • if bi 1
  • then c ? c 1
  • d ? (d ? a) mod n
  • return d
  • Example
  • Result of Modular-Exponentiation algorithm for ab
    mod n, where a 7, b 560 1000110000, n
    561. The values are shown after each execution of
    the for loop

19
Testing for Primality (Miller-Ravins)
Testing for Primality
  • Core algorithm is WITNESS(a, n)
  • n inputs to WITNESS, to be tested for
    primality,
  • a some randomly chosen integer, 1 ? a lt n
  • WITNESS(a, n) is TRUE if and only if a is a
    witness to the compositeness of n that is, if
    it is possible using a to prove that n is
    composite
  • If WITENSS returns FALSE, then n may be prime
  • WITNESS (a, n)
  • let bkbk-1b0 be the binary rep. of (n-1)
  • d ? 1
  • for i ? k downto 0
  • do x ? d
  • d ? (d ? d) mod n
  • if d 1 and x ? 1 and x ? n 1
  • then return TRUE
  • if bi 1
  • then d ? (d ? a) mod n
  • if d ? 1
  • then return TRUE
  • return FALSE

20
Testing for Primality (Miller-Ravins)
Testing for Primality
  • WITNESS (a, n)
  • let bkbk-1b0 be the binary rep. of (n-1)
  • d ? 1
  • for i ? k downto 0
  • do x ? d
  • d ? (d ? d) mod n
  • if d 1 and x ? 1 and x ? n 1
  • then return TRUE
  • if bi 1
  • then d ? (d ? a) mod n
  • if d ? 1
  • then return TRUE
  • return FALSE

21
Testing for Primality (Miller-Ravins)
Testing for Primality
  • Miller-Ravin Primaility Test
  • Probabilistic search
  • Repeatedly invoke s times WITNESS(n,a) using
    randomly chosen values for a, if return false,
    then the probability that n is prime is at least
    1 2-s
  • MILLER_RAVIN (n, s)
  • for j ? 1 to s
  • do a ? RANDOM(1, n-1)
  • if WITNESS(a, n)
  • then return COMPOSITE
  • return PRIME

22
Euclids Algorithm Finding GCD
Euclids Algorithm
  • Based on the following theorem
  • gcd(a, b) gcd(b, a mod b)
  • Proof
  • If d gcd(a, b), then da and db
  • For any positive integer b, a kb r r mod b,
    a mod b r
  • a mod b a kb (for some integer k)
  • because db, dkb
  • because da, d(a mod b)
  • ? d is a common divisor of b and (a mod b)
  • Conversely, if d is a common divisor of b and (a
    mod b), then dkb and d kb(a mod b)
  • d kb(a mod b) da
  • ? Set of common divisors of a and b is equal to
    the set of common divisors of b and (a mod b)
  • ex) gcd(18,12) gcd(12,6) gcd(6,0) 6
  • gcd(11,10) gcd(10,1) gcd(1,0) 1

23
Euclids Algorithm Finding GCD
Euclids Algorithm
  • Recursive algorithm
  • Function Euclid (a, b) / assume a ? b ? 0 /
  • if b 0 then return a
  • else return Euclid(b, a mod b)
  • Iterative algorithm
  • Euclid(d, f) / assume d gt f gt 0 /
  • 1. X ? d Y ? f
  • 2. if Y0 return X gcd(d, f)
  • 3. R X mod Y
  • 4. X ? Y
  • 5. Y ? R
  • 6. goto 2

24
Euclids Alg. Finding Multiplicative Inverse
Euclids Algorithm
  • If gcd(d, f) 1, d has a multiplicative inverse
    modulo f
  • Euclids algorithm can be extended to find the
    multiplicative inverse
  • In addition to finding gcd(d, f), if the gcd is
    1, the algorithm returns multiplicative inverse
    of d (modulo f)
  • Extended Euclid(d, f)
  • (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
    d)
  • If Y3 0 return X3 gcd(d, f) no inverse
  • If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
  • Q ?X3/Y3?
  • (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
  • (X1, X2, X3) ? (Y1, Y2, Y3)
  • (Y1, Y2, Y3) ? (T1, T2, T3)
  • goto 2

25
Euclids Alg. Finding Multiplicative Inverse
Euclids Algorithm
  • Extended Euclid(d, f)
  • (X1, X2, X3) ? (1, 0, f) (Y1, Y2, Y3) ? (0, 1,
    d)
  • If Y3 0 return X3 gcd(d, f) no inverse
  • If Y3 1 return Y3 gcd(d, f) Y2 d-1 mod f
  • Q ?X3/Y3?
  • (T1, T2, T3) ? (X1 ? QY1, X2 ? QY2, X3 ? QY3)
  • (X1, X2, X3) ? (Y1, Y2, Y3)
  • (Y1, Y2, Y3) ? (T1, T2, T3)
  • goto 2

Note Always f ? Y1 d ? Y2 Y3
26
Chinese Remainder Theorem
Chinese Remainder Theorem
  • Let M m1 ? m2 ? m3 ? ? mk, where mis are
    pairwise relatively prime, i.e., gcd(mi, mj) 1,
    1 i?j k
  • Assertion
  • A ? (a1, a2,..,ak), where A ? ZM, ai ? Zmi, and
    ai A mod mi for 1 i k
  • One to one correspondence(bijection) between ZM
    and the Cartesian product Zm1 ? Zm2 ? . ? Zmk
  • For every integer A such that 0 A lt M, there is
    a unique k-tuple (a1, a2,..,ak) with 0 ai lt
    mi
  • For every such k-tuple (a1, a2,..,ak), there is
    a unique A in ZM
  • Transformation from A to (a1, a2,..,ak) is
    unique
  • Computing A from (a1, a2,..,ak) is done as
    follows
  • Let Mi M/mi for 1 i k, i.e., Mi m1 ? m2 ?
    ? mi-1 ? mi1 ? ? mk
  • Note that Mi 0 (mod mj) for all j ? i
  • Let ci Mi x (Mi-1 mod mi) for 1 i k
  • Then A (a1c1 a2c2 akck) mod M
  • ? ai A mod mi, since cj Mj 0 (mod mi) if j?
    i and ci 1 (mod mi)

27
Chinese Remainder Theorem
Chinese Remainder Theorem
  • Operations performed on the elements of ZM can be
    equivalently performed on the corresponding
    k-tuples by performing the operation
    independently in each coordinate position
  • ex) A ? (a1, a2, ... ,ak), B ? (b1, b2, ,bk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ?
    bk) mod mk)
  • CRT provides a way to manipulate (potentially
    large) numbers mod M in term of tuples of smaller
    numbers

28
Chinese Remainder Theorem
Chinese Remainder Theorem
  • Example
  • Let m1 37, m2 49, M m1 ? m2 1813, A 973
  • M1 49, M2 37
  • Using the extended Euclids alg. M1-1 34 mod m1
    and M2-1 4 mod m2
  • Taking residues modulo 37 and 49, 973 ? (11,
    42)
  • Suppose we want to add 678 to 973
  • 678 ? (12, 41)
  • Add the tuples element-wise ? (1112 mod 37,
    4241 mod 49) (23, 34)
  • To verify, we compute
  • (23, 34) ? (a1c1 a2c2) mod M (a1M1M1-1
    a2M2M2-1 ) mod M
  • (23)(49)(34) (34)(37)(4) mod 1813 1651
  • which is equal to (678 973) mod 1813 1651

29
Discrete Logarithms
Discrete Logarithms
  • Consider the powers of an integer a, modulo n
  • a mod n, a2 mod n, a3 mod n, , am mod n,
  • The least positive exponent m for which am 1
    mod n is referred to
  • The order of a (mod n)
  • The exponent to which a belongs (mod n)
  • The length of the period generated by a
  • If a and m are relatively prime, there is at
    least one integer m that satisfies am 1 mod n,
    namely m ?(n)
  • If a, a2, , a?(n) are distinct (mod n) and all
    are relatively prime to n, a is called a
    primitive root (generator)
  • In particular, for a prime number p, if a is a
    primitive root of p, then a, a2, , ap-1 are
    distinct
  • Not all integers have primitive roots. The only
    integers with primitive roots are those of the
    form 2, 4, p?, and 2p?, where p is any odd prime

30
Powers of Integers, modulo 19
Discrete Logarithms
31
Discrete Logarithms - Indices
Discrete Logarithms
  • For any integer b and primitive root a of prime
    number p, there is a unique exponent i s.t.
  • b ai mod p where 0 i (p-1)
  • This exponent i is referred to as the index of
    the number b for the base a (mod p), and denoted
    as inda,p(b)
  • inda,p(1) 0, (a0 mod p 1 mod p 1)
  • inda,p(a) 1, (a1 mod p a)
  • Example
  • Ind2,19(a)

32
Derivation of Indices (Discrete Logarithms)
Discrete Logarithms
  • By def. of indices, x ainda,p(x) mod p, y
    ainda,p(y) mod p, xy ainda,p(xy) mod p
  • Using the rules of modular multiplication,
    ainda,p(xy) mod p (ainda,p(x) mod p)(ainda,p(y)
    mod p) (ainda,p(x)inda,p(y)) mod p
  • Eulers theorem state that for every a and n that
    are relatively prime, a?(n) 1 mod n
  • Any positive integer z can be expressed in the
    form z q k?(n). Therefore, by Eulers
    theorem az aq mod n if z q mod ?(n)
  • ? inda,p(xy) inda,p(x) inda,p(y) mod ?(p)
  • ? inda,p(yr) r ? inda,p(y) mod ?(p)
  • Demonstrates the analogy between true logarithms
    and indices. Indices often referred to as
    discrete logarithms

33
Tables of Discrete Logarithms, modulo 19
Discrete Logarithms
34
Discrete Logarithms
Discrete Logarithms
  • Calculation of Discrete Logarithms
  • y gx mod p
  • Given g, x, p, it is a straightforward matter to
    calculate y
  • Given g, y, p, it is very difficult to calculate
    to x (discrete logarithm)
  • The difficulty seems to be on the same order as
    that of factoring primes required for RSA
  • Time complexity O(e((ln p)1/3 ln(ln p))2/3)

35
Chapter 7 HW
  • Prob. 7.1 (See the errata table)
  • Prob. 7.6
  • Prob. 7.13
  • Prob. 7.14
  • Prob. 7.15
Write a Comment
User Comments (0)
About PowerShow.com