chapter 2 introduction to number theory and its applications

Theory of Computation

Transparency No. 1-1

Chapter 2Introduction to Number

Theory and Its applications

Cheng-Chia Chen

October 2002

Introduction


outline

Division Prime Gcd and Lcm Modular Arithmetic Chinese Remainder Theorem Fermat’s little theorem The RSA algorithm

Introduction


Division

Def: a,b Z with a ≠ 0. We say a divides b (written a | b) if

9 k Z s.t. b = ka a | b =>

a is a factor (or divisor) of b and b is a multiple of a.

Ex: 3 | 12 ( * 12 = 4 x 3 ) -4 | 8, 13 | 0 (0 = 0 x 13) 3 - 7

Introduction


Properties of |

1. a | b /\ a |c ) a | b + c

2. a | b ) a | bc for all c Z3. | is reflexive ( a | a for all a Z )

4. | is transitive ( a | b /\ b | c ) a | c ) pf: a | b /\ b | c ) b = k1 a and c = k2 b for some k1, k2 Z ) c = k2 (k1 a) = (k1 k2) a

5. | is antisymmetric ( a | b /\ b | a ) a = b)

6. Any relation satisfying 3,4,5 is called a partial order

Introduction


Primes

An integer p > 1 is said to be prime if n N+ ( p | n ! ( n = 1 \/ n = p ). I.e., the only positive factors of p are 1 and p.

p > 1 is not prime => P is composite. Examples:

7 is prime primes < 20 include : 2,3,5,7,11,13,17,19.

Introduction


The fundamental theorem of arithmetic (FTA)

n N+ > 1, there exists a unique increasing sequence of primes p1 ≤ p2 ≤ … ≤ pk ( k ≥ 0) s.t.

n = p1 x p2 … x pk.

Ex: 100 = 2 x 2 x 5 x 5 99 = 3 x 3 x 3 x 37.

Introduction


Proof of FTA

( Existence) by Math Ind. Basis: n = 1, 2 ok. Ind. n = i + 1. if n is prime, then n = p1, where p1 = n and k = 1 ). if n is not prime then n = n1 x n2 with n1,n2 < n. => by ind. hyp. n1 = q1 x q2 … x qt

n2 = r1 x r2 … rs => n = n1 x n2 = q1 x … x qt x r1 x … x rs. => n = p1 x … x ps+t. where p1,…,ps+t is an increasing reordering

of q1,…,qt and r1,…,rt. Uniqueness:

let n = p1 x … x pk x q1 x … x qs = p1 x … x pk x r1 x … x rt where q1 ≠ r1 => n – n = p1 x … x pk x (q1 x … x qt – r1 x … rt) ≠ 0 ( a contradiction !!).

Introduction


Theorem 3

If n is composite => 9 a ≤ s.t. a | n.

pf: n is composite => n = p x q with p, q > 1.

if p > /\ q > =>

p q > = n. a contradiction

Hence n must have a factor ≤

Example: 101 is a prime.

pf: x y = 10.

But no prime ≤ 10 is a factor of 101.

Introduction


The division algorithm

a Z, d N+

i q,r s.t. a = qd + r where 0 ≤ r < d.

Def: if a = dq + r Then d is called the divisor(除數 ) a : dividend(被除數 ) q: quotient(商數 ) r: remainder(餘數 )

Examples: 101 = 11 ∙ 9 + 2 -11 = -4 ∙ 3 + 1

Note: d | a iff r = 0.

Introduction


Proof of the division algorithm

Consider the sequence :

… a-3d, a-2d, a-d, a, a-(-d), a-(-2d), a-(-3d), … Let r = a – qd be the smallest nonnegative number in

the sequence.

1. since the sequence is strictly increasing toward infinity such q (and r) must exist and unique.

2. if r ≥ d r’ =r-d =a – (q+1) d ≥ 0 is another nonnegative number in the sequence smaller than r. That’s a contradiction.

Hence r must < d. QED

Introduction


gcd and lcm

a,b Z, ab ≠ 0.

if d | a and d | b d is a common divisor of a and b. gcd(a,b) =def the greatest common divisor of a and b.

Note: The set cd = {x > 0 |, x | a and x | b} is a finite subset of N+ ( {1} ∵ cd {1,… min(a,b)} gcd(a,b) must exist.

Example: gcd(24,36) = ? factors of 24 : 1,2,3,4,6,12,24 factors of 36: 1,2,3,4,6,9,12,18,36 cd(24,36) = {1,2,3,4,6,12} gcd(24,36) = 12.

Introduction


Relatively prime

If gcd(a,b) = 1 we say a and b are relatively prime(r.p.). Ex: gcd(17,22) = 1.

a1,a2,…an are pairwise r.p. if

gcd(ai,aj) = 1 for all 1 ≤ i < j ≤ n. Ex: 10,17,21 are p.r.p. 10,19,24 are not p.r.p since gcd(10,24) = 2.

Proposition 1:

If a = p1x

1 p2x

2 … pnx

n , b = p1y

1 p2y

2 … pny

n, where

p1 < p2 …< pn are primes and all xi, yj ≥ 0,

then gcd(a,b) = s =def p1z

1 p2z

2 … pnz

n

where zi = min(xi,yi) for all 0 ≤ i ≤ n.

Introduction


The proof

1. s cd(a,b). what are the quotients of a and b when divided by s ?

2. t t cd(a,b)

t = p1d

1 p2d

2 … pnd

n

for some d1,…dn with di ≤ xi , di ≤ yi ,and di ≤ zi.

Ex: 120 = 23 ∙31 ∙51

500 = 22 ∙53

gcd(120,500) = 22 ∙30 ∙51 = 20

Introduction


lcm ( least common multiplier)

a,b Z c N+

if a|c and b|c d is a common multiplier of a and b. lcm(a,b) =def the least common multiplier of a and b.

Note: The set cm = {x > 0 |, a|x and b|x} ≠ ( { a∙b} ∅ ∵ cm lcm(a,b) must exist.

Proposition 2:

If a = p1x

1 p2x

2 … pnx

n , b = p1y

1 p2y

2 … pny

n, where

p1 < p2 …< pn are primes and all xi, yj ≥ 0,

then lcd(a,b) = t =def p1z

1 p2z

2 … pnz

n

where zi = max(xi,yi) for all 0 ≤ i ≤ n.

Theorem 5: gcd(a,b) ∙ lcm(a,b) = a b.

Introduction


Modular Arithmetic

Def 8: m N+, a Z.

a mod m =def the remainder of a when divided by m. Ex:

17 mod 5 = 2 -133 mod 9 = 2.

Def 9: a,b Z, m N+. a ≡ b (mod m) means m | (a-b).

i.e., a and b have the same remainder when divided by m. i.e., a mod m = b mod m we say a is congruent to b (module m).

Ex: 17 ≡ 5 (mod 6) ? 24 ≡ 14 (mod 6) ?

Introduction


Properties of congruence

Theorem 6: a ≡ b (mod m) iff a = km + b for some k Z.pf: a ≡ b (mod m) (a-b) = km a = km + b.Theorem 7: If m > 0, a ≡ b (mod m) and c ≡ d (mod m), t

hen (1) a + c ≡ b + d (mod m) (2) ac ≡ bd (mod m).pf: By the premise, a = km + b and c = sm + d for some

k,s. a + c = (b + d) + (k + s) m and ac = bd + (kd + sb + skm) m (1) and (2) hold. Ex: 7 ≡ 2 (mod 5), 11 ≡ 1 (mod 5) 18 ≡ 3 and 77 ≡ 2.

Introduction


The Euclidean Algorithm

Lemma 1: a = bq + r gcd(a,b) = gcd(b,r).pf: it suffices to show that cd(a,b) = cd(b,r). But

d|a /\ d | b d | (a-bq) = r, and d | b /\ d | r d | bq + r = a. Hence cd(a,b) = cd(b,r).

Note: if a = bq + 0 gcd(a,b) = gcd(b,0) = b. A simple algorithm: gcd(a,b) // a ≥ b ≥ 0. if (b == 0) return a; else return gcd(b, a mod b);Note: this algorithm is very efficient.

Introduction


gcd(662, 414) = ?

∴ gcd(662,414) = gcd(414,248) = …

= gcd(2,0) = 2.

a b a = qb+ r q r

662 414 662=1x414+248 1 248

414 248 414= 1x 248 + 166 1 166

248 166 248= 1 x 166 + 82 1 82

166 82 166= 2 x 82 + 2 2 2

82 2 82=42 x 2 + 0 42 0

2 0

Introduction


Theorem 1

a ≥ b ≥ 0 gcd(a,b) = sa + tb for some s,t Z. i.e., gcd(a,b) is a linear combination of a and b.

Pf: By induction on b.

Basis: b = 0. gcd(a,b) = a = 1 ∙ a + 0 ∙ b.

Inductive case: b > 0.

case1: b | a gcd(a,b) = b = 0 a + 1 b.

case2: b a ∤ gcd(a,b) = gcd(b,r) where

0 ≤ r = mod(a,b) < b.

By I.H. gcd(b,r) = sb + t r. But r = a - bq

∴ gcd(a,b) = gcd(b,r) = sb + tr

= sb + t(a – bq) = t a + (s – qt) b. QED

Introduction


Example

gcd(252, 198) = 18 = ___∙ 252 + ___ ∙ 198.

Sol:

Exercise: Let L(a,b) = {sa + tb | s,t Z } is the set of all linear combinations of a and b. Show that gcd(a,b) = the smallest positive number of L(a,b).

Hint: 1. By Induction

2. L(a,b) = L(b,r) if a = bq + r.

Introduction


Lemma 1 and Lemma 2

Lemma 1:gcd(a,b) = 1 /\ a | bc a | c.

pf: gcd(a,b) = 1 1 = sa + tb for some s,t Z c = sac + tbc = sac + tka a | bc∵ = (sc + tk) ∙ a a | c.∴Lemma 2’: p : prime /\ p a ∤ gcd(p,a) = 1.

Pf: cd(p,a) factors of p = {1,p}. but p is not a factor of a.

Hence gcd(p,a) = 1.

Lemma 2: p : prime /\ p | a1 a 2 … an p | ai for some i.

Pf: By ind. on n. Basis: n = 1. trivial.

Ind. case: n = k + 1. p | a1 a 2 … ak a k+1.

If p | a1 we are done.

O/W p a∤ 1 and gcd(p, a1) = 1 by lem2’.

By Lem 1 : p | ( a 2 … ak+1 ) p | ai for some 2 ≤ i ≤ k+1 by IH.

Introduction


Uniqueness of FTA

Pf: Suppose two distinct sequences

p1 , … , ps and q1 , … , qt with

n = p1 x … x ps = q1 x … x qt

Removing all common primes on both sides :

m =def pi1 x … piu = qj1x … x qjv

where pi ≠ qj for all pi and qj.

pi1 | m = qj1x … x qjv

pi1 | qj for some j ( a contradiction!!).

Introduction


Theorem 2

m > 0 /\ ac ≡ bc (mod m) /\ gcd(m,c) = 1

a ≡ b (mod m).

Pf: ac ≡ bc (mod m)

m | (ac – bc) = (a – b) c.

∵ gcd(m,c) = 1 m | (a – b)∴ ∴ a ≡ b (mod m).

Introduction


Linear Congruence

Ex: Find all x such that 7 x ≡ 2 (mod 5).Def: Equations of the form ax ≡ b (mod m) are called linear congruence equations.Def: Given (a,m), any integer a’ satisfying the condition: a a’ ≡ 1 (mod m) is called the inverse of a (mod m).Proposition: a a’ ≡ 1 (mod m) x = a’ b + km is the general solution of the congruence

equation ax ≡ b (mod m)Pf: 1. a’b + km is a solution for any k Z. 2. y is a solution ay ≡ b (mod m) => y ≡ a’b (mod

m) => m | (y – a’b) y = a’b + k’ m for some k.

Introduction


Theorem 3

m > 0, gcd(a,m) = 1. Then b Z s.t. 1. ab ≡ 1 (mod m) 2. if ab ≡ ac [≡ 1] b ≡ c (mod m).

Pf: 1. gcd(a,m) = 1. Then b,t with ba + tm =1.

since m | ba –1 and hence ab ≡ 1 (mod m).

2. Direct from Theorem 2.

Note: Theorem 3 means That the inverse of a mod m uniquely exists (and hence is well defined) if a and m are relatively prime.

Introduction


Examples

Ex: Find a s.t. 3a ≡ 1 (mod 7).

Sol: since gcd(3,7) = 1. the inverse of 3 (mod 7) exists and can be computed by the Euclidean algorithm:

7 = 3 X 2 + 1 1 = 7 + 3 (-2). 3 (-2 ) ≡ 1 (mod 7)

a = -2 + 7k for all k Z.

EX: Find all solutions of 3x ≡ 4 (mod 7).

Sol: -2 is an inverse of 3 (mod 7). Hence

x = 4 (-2) + 7k where k Z are all solutions of x.

Introduction


The Chinese Remainder Theorem

EX: Find all integer x satisfying the equations simultaneously: x ≡ 2 (mod 3) x ≡ 3 (mod 5) x ≡ 2 (mod 7)

Theorem 4: m1,m2,…,mn : pairwise relatively prime. The system of congruence equations: x ≡ a1 (mod m1)

x ≡ a2 (mod m2)

… x ≡ an (mod mn)

has a unique solution modulo m = m1 m2 … mn.

Introduction


Proof of the Chinese remainder theorem

Pf: Let Mk = m / mk for 1 ≤ k ≤ n.

Note:

1. gcd(mk, Mk) = 1 and

2. mi | Mk if i ≠ k. Hence

s, yk s.t. s mk + yk Mk = 1. Hence

yk is an inverse of Mk mod mk. Now

Mk yk ≡ 1 (mod mk) and

Mk yk ≡ 0 (mod mj) for all j ≠ k. Let

x = a1 M1 y1 + … + an Mn yn then

x ≡ a1 M1 y1 + … + an Mn yn ≡ ak Mk yk ≡ ak (mod mk) for all 1 ≤ k ≤ n.

Introduction


Proof of the uniqueness part

If x and y satisfying the equations, then

x-y ≡ 0 (mod mk) for all k = 1..n. =>

s1,…,sn with x-y = s1 m1 = … = sn mn.

since gcd(mi, mk) = 1 for all i ≠ k and

mk | s1 m1, we have mk | s1 for all k ≠ 1.

Hence s1 is a multiple of m2 m3 … mn and

x-y = s1 m1 is a multiple of m = m1 m2 … mk.

Hence x ≡ y (mod m). QED

Introduction


Example

Find x ≡ (2,3,2) (mod (3,5,7)) respectively. Sol:

i mi ai Mi yi = Mi-1 (mod mi) ai Mi yi

1 3 2 m/3=35 35 y1 ≡ 1 (mod 3)

-1

2 x 35 x -1

2 5 3 m/5=21 21 y2 ≡ 1 (mod 5)

1

3 x 21 x 1

3 7 2 m/7=15 15 y3 ≡ 1 (mod 7)

1

2 x 15 x 1

m =

105

x = -70 + 63 + 30 = 23.

Introduction


Fermat’s little theorem

p: prime, a N. Then

1. if (p - a) then a p-1 ≡ 1 (mod p). Moreover,

2. for all a, ap ≡ a (mod p).

Ex:

1. p = 17, a = 2 216 = 65536 = 3855 x 17 + 1

216 ≡ 1 (mod 17).

2. p = 3, a = 20 203 – 20 = 8000 –20 = 7980 is a multiple of 3. Hence 203 ≡ 20 (mod 3).

Introduction


Proof of Fermat’s little theorem

Lemma:1≤i<j≤p-1, ia ≢ ja (mod p) and ia ≢ 0 (mod p).

Pf: ia ≡ ja (mod p) p | (j-i) a. Since p - a, p |(j-i).

But 0 < j-i < p, p - (j-i), a contradiction.

1. Note the above lemma means ia and ja have different remainders when divided by p. Hence

a x 2a x … (p-1) a ≡ 1 x 2 … x (p-1) = (p-1)! (mod p)

(p-1)! ap-1 ≡ (p-1) ! (mod p). Then

p | (p-1)! (a p-1 –1). p ∵ - (p-1)!, p | ap-1 –1, and

hence a p-1 ≡ 1 (mod p).

2. if p | a p | a (ap-1–1) = ap – a ap ≡ a (mod p).

if p - a ap-1 ≡ 1 (mod p) ap ≡ a (mod p).

Introduction


Public key encryption and RSA

Encryption(加密 )

Decryption(解密 )

M

M’ (plain text)

cipher textC

public key private key

• Public key can be known to the public• Private key is kept secret.

Introduction


The RSA algorithm

p.q: two large primes ( > 200 digits, 1024 digits recommended now),

n = pq e = any number with gcd(e, (p-1)(q-1)) = 1. d = inverse of e (mod (p-1)(q-1)). (i.e., de ≡ 1 (mod (p-1)(q-1))) public key = (n,e) private key = (n,d)note : public and private keys are symmetric. C = Me (mod n) and M’ = Cd (mod n).Theorem : M’ ≡ M (mod n).

Introduction


Proof of the correctness of the RSA algorithm

M’ = Cd ≡ (Me)d ≡ Mde

≡ M1 +k(p-1)(q-1) (mod n) [ de ≡ 1 (mod (p-1)(q-1)) ]∵

Assume gcd(M,p) = gcd(M,q) = 1.

(i.e., p - M and q - M its probability is (p-1)(q-1)/pq ≈ 1.

or we can let M < min(p,q)).

Then Cd = M ∙ (M(p-1))k(q-1) ≡ M ∙ 1 k(q-1) (mod p)

= M ∙ (M(q-1))k(p-1) ≡ M ∙ 1 k(p-1) (mod q)

( by Fermat’s little theorem)

M’ = Cd ≡ M (mod n).

∵ Cd-M is a multiple of p and q

Introduction


Example

p = 43, q = 59 n = pq = 43 ∙ 59 = 2537.

choose e = 13 with gcd(13, (43-1)(59-1)=2436)=1.

d = 937 is an inverse of 13 mod 2436.

1. To transmit ‘STOP’=1819 1415 : 2 blocks of length 4.

181913 mod 2537 = 2081,

141513 mod 2537 = 2182

C = 2081 2182.

2. Receive 0981 0461 M’1 = 0981937 (mod 2537) =0704

M’2 = 0461937 (mod 2537) = 1115

M’ = 0704 1115 = ‘HELP’.

chapter 2 introduction to number theory and its applications

Documents