Download Introduction to Number Theory

Introduction to Number Theory
Chang Choi
Outline

Prime Numbers

Fermat’s and Euler’s Theorems

Testing for Primality

The Chinese Remainder Theorem

Discrete Logarithms
2 / 32
Chang Choi
Prime Numbers (1/4)

Primes numbers
 An integer p > 1 is a prime number if and only if it is divisible by only 1 and p.
< Primes under 2000>
3 / 32
Chang Choi
Prime Numbers (2/4)

Integer factorization
91 = 7 × 13
11101 = 7 × 112 ×13
 Any integer a > 1 can be factored in a unique way as
a  p1a1 p2a2 p3a3 ... ptat
where p1 < p2 < … < pt are prime numbers and each ai is a positive integer.

Another integer factorization
 If P is the set of all prime numbers, then any positive integer can be written uniquely in the
following form:
ap
ap
where each a p  0
pP
 The right side is the product over all possible prime numbers p.
 Most of the exponents ap will be 0.
3600 = 24×32×52×70×110×….
4 / 32
Chang Choi
Prime Numbers (3/4)

Another integer factorization
 The value of any given positive integer can be specified by listing all the nonzero exponents.
The integer 12 =22×31 is represented by {a2=2, a3=1}.
The integer 18 =21×32 is represented by {a2=1, a3=2}.
The integer 91= 72×131 is represented by {a7= 2, a13= 1}.

Multiplication
 Multiplication of two numbers is adding the corresponding exponents.
k = 12 × 18 = 216
12 = 22 × 31
18 = 21 × 32
-----------------216 = 23 × 33
5 / 32
Chang Choi
Prime Numbers (4/4)

Divisibility
 a|b → ap ≤ bp for all p
a = 12;
b= 36;
12|36
12 = 22×3;
36 = 22×32
a2 = 2 = b2
a3 = 1 ≤ 2 = b3

GCD (Greatest common divisor)
 k = gcd (a, b) → kp = min(ap, bp) for all p
300
18
= 22×31×52
= 21×32×50
gcd (18, 300) = 21×31×50 = 6
6 / 32
Chang Choi
Fermat’s and Euler’s Theorems (1/7)

Fermat’s theorem
 If p is prime and a is a positive integer not divisible by p, then
 ap-1 ≡ 1 (mod p)

Proof of Fermat’s theorem.









{1, 2, 3, …, p-1} is positive integer.
{a, 2a, 3a …, (p-1)a} and p are the relatively prime because p is prime.
a×0 ≡ 0 mod p
So, {1, 2, …, p-1}={1a mod p, 2a mod p, …, (p-1)a mod p}
Show a×2a× … ×(p-1)a ≡ {(a mod p) ×(2a mod p) × … ×((p-1)a mod p)} mod p
≡ (p-1)! mod p
And a×2a× … ×(p-1)a = (p-1)ap-1
(p-1)ap-1 ≡ (p-1)! mod p
P is prime so (p-1) and p are the relatively prime.
Therefore divide by (p-1), ap-1 ≡ 1 (mod p)
7 / 32
Chang Choi
Fermat’s and Euler’s Theorems (2/7)
a = 7, p = 19
72 ≡ 49 ≡ 11 mod 19
78 ≡ 49 ≡ 11 mod 19
74 ≡ 121 ≡ 7 mod 19
716 ≡ 121 ≡ 7 mod 19
ap-1 = 718 = 716×72 ≡ 7×11 ≡ 1 mod 19

Another Fermat’s theorem
 If p is prime and a is a positive integer, then
 ap ≡ a (mod p)
p = 5, a = 3
35 = 243 ≡ 3 mod 5
p = 5, a = 10
105 = 100000 ≡ 10 mod 5 ≡ 0 mod 5
8 / 32
Chang Choi
Fermat’s and Euler’s Theorems (3/7)

Euler’s Totient Function
 The number of positive integers less than n and relatively prime to n.
ø(37)= 36
37 is prime, so all the positive number from 1 to 36
are relatively prime to 37.
ø(35)= 24
35 = 5×7
1, 2, 3, 4, 6, 8, 9,11, 12, 13, 16, 17, 18, 19, 22,
23, 24, 26, 27, 29, 31, 32, 33, 34
 For a prime n, (Zn = {1,2,…, n-1})
ø(n) = n-1
 For n = pq, p and q are prime numbers and p≠ q
ø(n) = (p-1) ×(q-1)
9 / 32
Chang Choi
Fermat’s and Euler’s Theorems (4/7)

Proof of ø(n) = (p-1) ×(q-1)
 ø(n) is the number of positive integers less than pq that are relatively prime to pq.
 ø(n) can be computed by subtract from pq – 1 the number of positive integers in {1, …, pq – 1}
that are not relatively prime to pq.
 The positive integers that are not relatively prime to pq are a multiple of either p or q.
• { p, 2p,…,(q – 1)p}, {q, 2q, …,(p – 1)q} and 0
• There is no same elements in the two sets.
• So, there are p + q – 2 elements that are not relatively prime to pq.
ø(21) = ø (3)×ø (7) = (3-1)×(7-1) = 2 ×6 = 12
• Hence, ø(n) = pq – 1– (p + q – 2)
= pq – p – q +1
Z21={1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20}
= (p – 1)(q – 1)
ø(3)={3,6,9,12,15,18}
ø(7)={7,14}
where the 12 integers are {1,2,4,5,8,10,11,13,16,17,19,20}
10 / 32
Chang Choi
Fermat’s and Euler’s Theorems (5/7)

Euler’s theorem
 For every a and n that are relatively prime: aØ(n) ≡ 1 mod n
a = 3;
a = 2;
Ø(n) = (p-1)(q-1) = 1 × 4 = 4
n = 10;
ø(10) = 4;
34 =
81 ≡ 1 mod 10
n = 11;
ø(11) = 10;
210 = 1024 ≡ 1 mod 11
Ø(n) = p-1 = 10

Proof of Euler’s theorem
 If n is prime, it holds due to Fermat’s theorem.
 an-1 ≡ 1 mod n
 Otherwise (If n is not prime),
• define two sets R and S.
• show the sets R and S are the same.
• then, show a Ø(n) ≡ 1 mod n
11 / 32
Chang Choi
Fermat’s and Euler’s Theorems (6/7)

Proof of Euler’s theorem
 Set R
• The elements are positive integers less than n and relatively prime to n.
• The number of elements is ø(n)
• R={x1, x2,…, xØ(n)} where x1< x2<…< xΦ(n)
 Set S
• Multiplying each element of R by a∈R modulo n
• S ={(ax1 mod n), (ax2 mod n),…(axØ(n) mod n)}
 The sets R and S are the same.
• We show S has all integers less than n and relatively prime to n.
S ={(ax1 mod n), (ax2 mod n),…(axØ(n) mod n)}
1.
2.
All the elements of S are integers less than n that are relatively prime to n because a is
relatively prime to n and xi is relatively prime to n, axi must also be relatively prime to n.
There are no duplicates in S.
If axi mod n = axj mod n, then xi = xj. by cancellation law.
(a×b) = (a × c) mod n, b = c mod n (a and n is relative prime)
12 / 32
Chang Choi
Fermat’s and Euler’s Theorems (7/7)

Proof of Euler’s theorem
 Since R and S are the same sets,
 (n)
 (n)
 (ax mod n)   x
i
i
i 1
i 1
 (n)
 (n)
 ax   x (mod n)
i
i 1
i
i 1
 ( n )   ( n )
a   xi    xi (mod n)
 i 1  i 1
a ( n )  1(mod n)
 (n)

Alternative form of the theorem
 If a and n are relatively prime, it is true due to Euler’s theorem.
a ( n )1  a(mod n)
13 / 32
Chang Choi
Testing for Primality (1/5)

We often need to find large prime numbers
 Traditionally sieve using trial division
 ie. divide by all numbers (primes) in turn less than the square root of the number
 only works for small numbers

Alternatively can use statistical primality tests based on properties of primes
 for which all primes numbers satisfy property
 but some composite numbers, called pseudo-primes, also satisfy the property

A slower deterministic primality test can be used
 Miller-Ravin primality test
 Can be used to determine if a large number is prime

Based on the following theorem
 If p is an odd prime, then the equation
x2 ≡ 1 (mod p)
has only two solutions – namely, x ≡ 1 (mod p) and x ≡ 1 (mod p)

If there exist solutions to x2 ≡ 1 (mod n) other than  1, then n is not prime
14 / 32
Chang Choi
Testing for Primality (2/5)

Miller Rabin Algorithm
 a test based on Fermat’s Theorem
 algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq
2. Select a random integer a, 1<a<n–1
3. if aq mod n = 1 then return (“maybe prime");
4. for j = 0 to k – 1 do
j
5. if (a2 q mod n = n-1)
then return(" maybe prime ")
6. return ("composite")
15 / 32
Chang Choi
Testing for Primality (3/5)

Sample of Miller Rabin Algorithm
 n = 29
1. (n-1) = 28 = 22(7) 2kq, so K = 2, q = 7
2. Select a random integer a 1<a<n–1 so Let’s a = 10
3. if aq mod n = 1 → (107)2 mod 29 = 28 so we can’t decide
4. Let’s reselecting a=2
5. 27 mod 29 = 12, (27)2 mod 29 = 28 so we also can’t decide
If result is a same from 1 to 28, we can’t decide about prime.
 N=13 × 17 = 221
1. (n-1)=220 = 22(55) = skq
2. If a =5
3. 555 mod 221 =112 (1 ~ 220)
4. (555)2 mod 221 = 168
If result is a same from 1 to 220, we can’t decide about prime.
16 / 32
Chang Choi
Testing for Primality (4/5)

Sample of Miller Rabin Algorithm





a=21
2155 mod 221 = 200
(2155)2 mod 221 = 220
Maybe 221 is prime.
In fact, of the 218 integers from 2 through 219, four of these will return an inconclusive result,
namely 21, 47, 174, and 200.
17 / 32
Chang Choi
Testing for Primality (5/5)

Repeated Use of the Miller-Rabin Algorithm




If Miller-Rabin returns “composite” the number is definitely not prime
Otherwise is a prime or a pseudo-prime
chance it detects a pseudo-prime is < 1/4
hence if repeat test with different random a then chance n is prime after t tests is:
• Pr(n prime after t tests) = 1-4-t
• eg. for t=10 this probability is > 0.99999

Prime Distribution
 prime number theorem states that primes occur roughly every (ln n) integers
 but can immediately ignore evens
 so in practice need only test 0.5 ln(n) numbers of size n to locate a prime
• note this is only the “average”
• sometimes primes are close together
• other times are quite far apart
18 / 32
Chang Choi
The Chinese Remainder Theorem

Used to speed up modulo computations.
 If working modulo a product of numbers.
 eg. mod M = m1m2..mk

Chinese Remainder theorem lets us work in each modulo mi separately .
The 10 integers in Z10, that is the integers 0 through 9, can be reconstructed from their
two residues modulo 2 and 5 (the relatively prime factors of 10). Say the known
residues of a decimal digit x are r2 = 0 and r5 = 3; that is, x mod 2 =0 and x mod 5 = 3.
Therefore, x is an even integer in Z10 whose remainder, on division by 5, is 3.
The unique solution is x = 8.
k
M   mi
i 1
mi are pairwise relatively prime.
gcd(mi, mj) = 1,
1 ≤ i, j ≤ k, i ≠ j,
A ↔ (a1, a2, …, an)
A ∈ ZM, ai ∈ Zmi, ai = A mod mi 1 ≤ I ≤ k
19 / 32
Chang Choi
The Chinese Remainder Theorem

The CRT makes two assertions.
 The mapping of A ↔ (a1, a2, …, an) is a one-to-one correspondence between ZM and the
Cartesian product Zm1 × Zm2 × ... × Zmk.
• A ↔ (a1, a2, …, ak)
• ai = A mod mi
• 1 ≤ i ≤ k, Mi = M / mi
• Mi = m1 × m2 × … × mi-1 × mi+1 × … × mk
• So that Mi ≡ 0(mod mj) for all j≠i.
ci  M i  ( M i1 mod mi ),1  i  k
• By the definition of Mi it is relatively prime to mi and therefore has a unique multiplicative
inverse mod mi
20 / 32
Chang Choi
The Chinese Remainder Theorem

The CRT makes two assertions.
 Operations performed on the elements of ZM can be equivalently performed on the corresponding
k-tuples by performing the operation independently in each coordinate position
• ex) A ↔ (a1, a2, ... ,ak), B ↔ (b1, b2, … ,bk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
 CRT provides a way to manipulate (potentially large) numbers mod M in term of tuples of smaller
numbers
21 / 32
Chang Choi
The Chinese Remainder Theorem

To represent 973 mod 1813 as a pair of numbers mod 37 and 49







m1 = 37, m2 = 49, M = 1813, A=973
M1=49, M2=37
Using the extended Euclidean algorithm : M1-1=34, M2-1=4
973 mod 37 = 11, 973 mod 49 = 42 → (11, 42)
Now suppose we want to add 678 to 973.
(678) ↔ (678 mod 37, 678 mod 49) = (12, 41)
(11 + 12 mod 37, 42 + 41 mod 49) = (23, 34)
• (23, 34) ↔ a1M1M1-1 + a2M2M2-1 mod M
= [(23)49)(34) + (34)(37)(4)] mod 1813
= 43350 mod 1813
= 1651
• check that it is equal to (973 + 678) mod 1813 = 1651
• Suppose we want to multiply 1651 (mod 1813) by 73
• (23 × 73 mod 37, 34 × 73 mod 49) = (14, 32) = (23 × 73 mod 37, 34 × 73 mod 49) = (14, 32)
= (14, 32) ↔ [(14)(49)(34) + (32)(37)(4)] mod 1813
= 865
22 / 32
= 1651 × 73 mod 1813
Chang Choi
Discrete Logarithms (1/9)

Consider the powers of an integer a, modulo n
 a mod n, a2 mod n, a3 mod n, …, am mod n, …

The least positive exponent m for which am ≡ 1 mod n is referred to:
 The order of a (mod n)
 The exponent to which a belongs (mod n)
 The length of the period generated by a

If a and m are relatively prime, there is at least one integer m that satisfies
am ≡ 1 mod n, namely m = f(n)
23 / 32
Chang Choi
Discrete Logarithms (2/9)

To see this last point, consider the powers of 7, modulo 19:
• 71 = 7 mod 19
• 72 = 49 = 2 × 19 + 11 = 11 mod 19
• 73 = 343 = 18 × 19 + 1 = 1 mod 19
• 74 = 2401 = 126 × 19 + 7 = 7 mod 19
• 75 = 16807 = 884 × 19 + 11 = 11 mod 19
• The sequence is repeating
• 73 = 1 (mod 19), 73+j = 737j = 7j (mod 19)
• Any two powers of 7 whose exponents differ by 3 are congruent to each other (mod 19)
• The sequence is periodic, and the length of the period is the smallest positive exponent m
such that 7m = 1 (mod 19)
24 / 32
Chang Choi
Discrete Logarithms (3/9)

Powers of Integers, Modulo 19
a : primitive root
25 / 32
Chang Choi
Discrete Logarithms (4/9)

Powers of Integers, Modulo 19
 All sequences end in 1. This is consistent with the reasoning of the preceding few paragraphs.
 The length of a sequence divides f(19) = 18. That is, an integral number of sequences occur in
each row of the table.
 Some of the sequences are of length 18. In this case, it is said that the base integer a generates
(via powers) the set of
 nonzero integers modulo 19. Each such integer is called a primitive root of the modulus 19.
26 / 32
Chang Choi
Discrete Logarithms (5/9)

Logarithms for Modular Arithmetic
 The logarithm function is the inverse of exponentiation.

y = xlogx(y)
 Properties of logarithms
•
•
•
•
logx(1) = 0
logx(x) = 1
logx(xz) = logx(y) + logx(z)
logx(yr) = r × logx(y)
 We know that the powers of a from 1 through (p-1) produce each integer from 1 through (p-1)
exactly once.
• b ≡ r mod p,
any integer b and some r, where 0 ≤ r ≤ (p-1)
 It follows that for any integer b and a primitive root a of prime number p, we can find a unique
exponent i such that
• b ≡ ai mod p ,
any integer b and some r, where 0 ≤ r ≤ (p-1)
27 / 32
Chang Choi
Discrete Logarithms (6/9)

Logarithms for Modular Arithmetic
 This exponent i is referred to as the discrete logarithm of the number b for the base a (mod p).
• dloga,p(1) = 0,
because a0 mod p = 1 mod p = 1
• dloga,p(a) = 1,
because a1 mod p = a
Here is an example using a nonprime modulus, n = 9. Here f(n) = 6 and a = 2 is a primitive root.
We compute the various powers of a and find
• 20 = 1
21 = 2
22 = 4
23 = 8
24 = 7
25 = 5
26 = 1
(mod 9)
 The numbers with given discrete logarithms (mod 9) for the root a= 2:
Index
0
1
2
3
4
5
Number
1
2
4
8
7
5
 The discrete logarithms of a given number, we rearrange the table
Index
0
1
2
3
4
5
Number
1
2
4
8
7
5
28 / 32
Chang Choi
Discrete Logarithms (7/9)

Logarithms for Modular Arithmetic
 Now consider
• x = ad log a,p(x) mod p, x = ad log a,p(y) mod p, x = ad log a,p(xy) mod p
 Using the rules of modular multiplication
• xy mod p = [(x mod p)(y mod p)] mod p
• ad log a,p(xy) mod p = [(ad log a,p(x) mod p)(ad log a,p(y) mod p)] mod p = (ad log a,p(x)+d log a,p(y)) mod p
 But now consider Euler's theorem, which states that, for every a and n that are relatively prime:
• af(n) ≡ 1(mod n)
 Applying this to the foregoing equality, we have
• d log a,p(x,y) ≡ [d log a,p(x) + d log a,p(y)] (mod f(p))
• d log a,p(yr) ≡ [r × + d log a,p(y)] (mod f(n))
 This demonstrates the analogy between true logarithms and discrete logarithms.
 Keep in mind that unique discrete logarithms mod m to some base a exist only if a is a primitive
root of m.
29 / 32
Chang Choi
Discrete Logarithms (8/9)

Tables of Discrete Logarithms, Modulo 19
a
1
log2,19(a) 18
2
1
3
13
4
2
5
16
6
14
7
6
8
3
9
8
10
17
11
12
12
15
13
5
14
7
15
11
16
4
17
10
18
9
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
log3,19(a) 18
7
1
14
4
8
6
3
2
11
12
15
17
13
5
10
16
9
1 2
log10,19(a) 18 17
3
5
4
16
5
2
6
4
7
12
8
15
9
10
10
1
11
6
12
3
13
13
14
11
15
7
16
14
17
8
18
9
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
log13,19(a) 18 11 17
4
14
10
12
15
16
7
6
3
1
5
13
8
2
9
a
a
a
1
2
30 / 32
Chang Choi
Discrete Logarithms (9/9)

Calculation of Discrete Logarithms





y = gx mod p
Given g, x, p, it is a straightforward matter to calculate y.
Given g, y, p, it is very difficult to calculate to x. (discrete logarithm)
The asymptotically fast.est known algorithm for taking discrete logarithms.
1/3
2/3
Time complexity: O(e((ln p) ln(ln p)) )
31 / 32
Chang Choi
Are there any questions?
Thank you for your Attention.