Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Modular Arithmetic (1/4) • If a and b are integers and m is a positive integer, then a is congruent to b modulo m if m \ (a-b), demoted by a ≡ b (mod m). m is its modulus. • Let a and b be integers, and let m be a positive integer. a ≡ b (mod m) iff a mod m = b mod m. • Let a,b,m be (positive) integers. a ≡ b iff there is an integer k s.t. a=b+km • Let m be a positive integer. If a ≡ b (mod m) and c ≡ d (mod m), then a+c ≡ b+d (mod m) and ac ≡ bd (mod m) 2013/11/19 DISC MATH, NCHU 1 Modular Arithmetic (2/4) Let a be an integer and d be a positive integer. Then there are unique integer q and r, with 0≦ r <d, such that a = dq+r In the equality above, d is called the divisor, a is called the dividend, q is called the quotient, and r is the reminder. We denote them as q = a div d, r = a mod d 2013/11/19 DISC MATH, NCHU 2 Modular Arithmetic (3/4) • Let m be a positive integer. If a ≡ b (mod m) and c ≡ d (mod m), then a+c ≡ b+d (mod m) and ac ≡ bd (mod m) • Let m be a positive integer and let a and b be integers. Then, (i) (a+b) mod m = ((a mod m) + (b mod m)) mod m (ii) ab mod m = ((a mod m)(b mod m)) mod m 2013/11/19 DISC MATH, NCHU 3 Modular Arithmetic (4/4) Arithmetic operation on Zm, where Zm is the set of nonnegative integers less than m , that is the set {0,1,2,…, m-1} +m, .m are defined as addition and multiplication on Zm by a +mb = (a+b) mod m and a .m b = (a.b) mod m. Operations on Zm satisfies closure, associative, commutativity, Identity elements, Additive inverse, and distributivity. Note that not every element on Zm has a multiplicative inverse. 2013/11/19 DISC MATH, NCHU 4 The Fundamental Theorem of Arithmetic Every positive integer greater than 1 can be written as a prime or as the product of two or more primes where the prime factors are written in order of nondecreasing size. For examples 100 = 2x2x5x5 999 = 3x3x3x37 Theorems If n is a composite integer, then n has a prime divisor less than or equal to n1/2 Let a and b be positive integers. Then ab = gcd(a,b) x lcm(a,b) 2013/11/19 DISC MATH, NCHU 5 Representation of Integers Base B expansion of an integer N B could be 2,8,10,16 or others Q1: How many additions of bits required to add two integers with n bits in their binary representations? (O(n)) Q2: How many additions of bits and shifts of bits are used to multiply two integers with n bits in their binary representations? (O(n2)) or more precisely (O(n1.585)) 2013/11/19 DISC MATH, NCHU 6 Modular Exponentiation What is the value of bn mod m ? Idea: represent n in binary notation then calculate bj term by term until the most significant bit Example: find 3644 mod 645 644 = 29 + 27 + 22 Calculate 3 terms to the power of 21 22 23 24 25 26 27 28 29 modulo 645 individually. Finally, multiply the 2nd, 7th, and 9th term together (with mod 645) 2013/11/19 DISC MATH, NCHU 7 There are indefinitely many primes Proof: by contradiction. Assume there are only finitely many primes, p1,p2,p3 ,…,pn. Let Q= p1p2…pn + 1 , Q is a prime or it can be written as the product of two or more primes. However, none of primes divides Q, or if pj | Q then pj divides Q - p1p2…pn =1 , Hence there is a prime not listed in the list p1,p2,p3 ,…,pn. This is a contradiction to our assumption. 2013/11/19 DISC MATH, NCHU 8 Euclidean Algorithm Procedure gcd(a,b: positive integers) x=: a, y =: b while y =! 0 begin r =: x mod y x =: y y =: r end {gcd(a,b) is x} Lemma Let a = bq+r, where a,b,q and r are integers. Then gcd(a,b) = gcd(b,r) 2013/11/19 DISC MATH, NCHU 9 Linear Congruence Theorem 1( Bezout’s Theorem) If a and b are positive integers, then there exist integers s and t such that gcd(a,b) = sa + tb Theorem 2 If a and m are relative prime integers and m > 1, then an inverse of a modulo m uniquely exists. proof: Since gcd(a,m) = 1, there are integers s and t such that sa + tm = 1, this implies sa + tm ≡ 1 mod m, it follows that sa ≡ 1 mod m consequently, s is a multiplication inverse of a modulo m. (uniqueness part is left as exercise) 2013/11/19 DISC MATH, NCHU 10 Inverse of a modulo m An integer a’ is called an inverse of a modulo m if a’a ≡ 1 mod m Find an inverse of 101 modulo 4620 (hint: using the reverse procedure of Euclidean algorithm, shown in next page) What are the solutions of the linear congruence 3x ≡ 4 mod 7? (hint: multiple the inverse of 3 modulo 7 to both sides, both 5 and -2 are inverses of 3 modulo 7) 2013/11/19 DISC MATH, NCHU 11 Find an Inverse of a modulo m Find an inverse of 101 modulo 4620 4620 = 45 ﹡101 + 75 75 = 2 ﹡26 + 23 23 = 7 ﹡3 + 2 101 = 1 ﹡75 + 26 26 = 1 ﹡23 + 3 3 = 1 ﹡2 + 1 1 = 3 - 1 ﹡2 = 3 - 1 ﹡(23 - 7 ﹡3) = -1 ﹡23 + 8 ﹡3 = -1 ﹡23 + 8 ﹡(26 – 23) = 8 ﹡26 - 9 ﹡23 = 8 ﹡26 - 9 ﹡(75 - 2 ﹡26) = -9 ﹡75 +26 ﹡(101 - 75) = 26 ﹡101 - 35 ﹡75 = 26 ﹡101 - 35 ﹡(4620 - 45 ﹡101) = -35 ﹡4620 + 1601 ﹡101 hence, 1601 is the inverse of 101 modulo 4620. 2013/11/19 DISC MATH, NCHU 12 The Chinese Reminder theorem Let m1, m2, …, mn be pairwise relatively prime positive integers and a1, a2, …, an arbitrary integers. Then the system x ≡ a1 (mod m1), x ≡ a2 (mod m2), … x ≡ an (mod mn) has a unique solution modulo m = m1m2… mn 2013/11/19 DISC MATH, NCHU 13 Proof of the Chinese Reminder Theorem Let Mk = m/mk , k = 1,2,…,n From the previous theorem, there exists a unique inverse of Mk mod mk, say yk Mk yk ≡ 1 (mod mk) construct x = a1M1y1 + a2M2y2 + … + anMnyn we have x ≡ akMkyk ≡ ak (mod mk) # (uniqueness part is left as an exercise) 2013/11/19 DISC MATH, NCHU 14 Example of the Chinese Reminder Theorem Solve x ≡ 2 (mod 3), x ≡ 3 (mod 5), x ≡ 2 (mod 7) sol: m = 3x5x7 = 105 M1 = m/3 = 35, y1 = 2 M2 = m/5 = 21, y2 = 1 M3 = m/7 = 15, y3 = 1 x = a1M1y1 + a2M2y2 + a3M3y3 = 233 ≡ 23 (mod 105) 2013/11/19 DISC MATH, NCHU 15 Application of the Chinese Reminder Theorem A large integer a can be uniquely represented using n pairwise integers m1, m2, m3, …, mn as (a mod m1, a mod m2, a mod m3, …, a mod mn) Find the sum of 123684 and 413456 using 99,98,97,95 123684 + 413456 = (33,8,9,89) + (32,92,42,16) = (65 mod 99,100 mod 98,51 mod 97,105 mod 95) = (65,2,51,10) To find the sum, we need to solve the congruenecs x ≡ 65 (mod 99), x ≡ 2 (mod 98) x ≡ 51 (mod 97), x ≡ 10 (mod 95) The answer is 537140 2013/11/19 DISC MATH, NCHU 16 Back Substitution Find all integer x such that x ≡ 1 (mod 5), x ≡ 2 (mod 6), and x ≡ 3 (mod 7) From x ≡ 1 (mod 5) we have x = 5t + 1, that is, 5t + 1 ≡ 2 mod 6. Hence, t ≡ 5 mod 6. from t ≡ 5 mod 6, we get t = 6u + 5, put back to 5t+1, we get x = 30u + 26, that is 30u + 26 ≡ 3 (mod 7), we have u = 6 (mod 7), that is u = 7v + 6, put in x = 30u + 26 = 210v + 206 Hence x = 206 mod 210 2013/11/19 DISC MATH, NCHU 17 Fermat’s Little Theorem If p is prime and a is an integer not divisible by p, then ap-1 ≡ 1 (mod p). Furthermore, for every integer a, we have ap ≡ a (mod p). If ap-1 ≡ 1 (mod p) then is p a prime? NO !! For example, 2340 ≡ 1 (mod 341), 341=11*31 2013/11/19 DISC MATH, NCHU 18 Pseudoprimes An example using the Fermat’s Little Theorem 7222 mod 11 =? 7222 = 722x10+2 = (710)2272 = 1x49 ≡ 5 mod 11 Is it true that n is odd prime iff 2n-1 ≡ 1 (mod n)? the answer is NO !! For example, 2340 ≡ 1 (mod 341), 341=11*31 The composite integer n such that 2n-1 ≡ 1 (mod n) is called a pseudoprime number to the base 2. In general, n is a pseudoprime to the base b if bn-1 ≡ 1 (mod n). 2013/11/19 DISC MATH, NCHU 19 Carmichael number A composite integer n that satisfies the congruence bn-1 ≡ 1 (mod n) for all positive integers b with gcd(b,n) =1 is called a Carmichael number. 561 is a Carmichael number. 561 = 3 x 11 x 17 if gcd(b,561)= 1 then gcd(b,3)= gcd(b,11)= gcd(b,17)=1 by Fermat’s Little theorem, we find that b2 ≡ 1 mod 3, b10 ≡ 1 mod 11, b16 ≡ 1 mod 17, hence b560= (b2)280= (b10)56= (b16)35 they are ≡ 1 mod 3,11,17 respectively. 2013/11/19 DISC MATH, NCHU 20 Applications of Congruences • Hashing function h(k) = k mod m • Pseudorandom numbers xn+1 = (axn +c) mod m • Cryptology (for example: Caesar’s cipher) f(p) = (p+3) mod 26 2013/11/19 DISC MATH, NCHU 21 Hash Functions Using Hashing functions, records can be identified using a key, e.g., h(k) = k mod m. However, a collision could occur. Example: Find the locations assigned by the hashing function h(k) = k mod 111 to the records of customers with SSN 064212848 and 037149212. Then, what is the location assigned for 107405723? Ans: h(064212848) = 14, and h(037149212) = 65, while h(107405423) = 14, the location is already assigned, hence the first free location following the occupied memory is assigned. 2013/11/19 DISC MATH, NCHU 22 Pusedorandom numbers Numbers generated by systematic methods are not truly random, called pusedorandom numbers. Example: xn+1 = (axn +c) mod m xn+1 = (75 xn) mod 231-1 is widely used. With this values, it can be shown that 231-2 numbers generated before repetition begins. 2013/11/19 DISC MATH, NCHU 23 Check Digits Parity Check Bits xn+1 = x1+x2+…+xn-1+xn mod 2 Universal Product Codes (UPCs) 3x1+x2+3x3+x4+3x5+x6+3x7+x8+3x9+x10+3x11+x12 ≡ 0 mod 10 x1 is the product category x2 to x6 identify the manufacturer x7 to x11 identify the particular product x12 is a check digit International Standard Book Number (ISBN-10) x10 ≡ x1+2x2+3x3+4x4+5x5+6x6+7x7+8x8+9x9 mod 11 Or x1+2x2+3x3+4x4+5x5+6x6+7x7+8x8+9x9+10x10 ≡ 0 mod 11 2013/11/19 DISC MATH, NCHU 24 Example of Caesar’s Encryption A shift cipher can be used with encryption key k, a number p representing a letter is sent to c = (p + k) mod 26. Decryption is carried out by shifting by –k; that is, p = (c – k ) mod 26. Example: “Meet you in the park” using k=3 Original: 12 4 4 19 24 14 20 8 13 19 7 4 15 0 17 10 Become: 15 7 7 22 1 17 23 11 16 22 10 7 18 3 20 13 which is encoded as “PHHW BRX LQ WKH SDUN” 2013/11/19 DISC MATH, NCHU 25 RSA (1/2) Plaintext M, encrypted text C, key (n,e), C= Me mod n The plaintext message can be quickly recovered when the decryption key d, an inverse of e modulo (p – 1)(q – 1), is known. [ n = p * q, such an inverse exists because gcd(e, (p – 1)(q – 1) = 1. ] To see this, note that if de ≡ 1 (mod (p – 1)(q – 1)), there is an integer k such that de = 1 + k(p – 1)(q – 1). It follows that Cd ≡ (Me)d = Mde = M1+k(p-1)(q-1)(mod n) ≡ M mod p (or q). 2013/11/19 DISC MATH, NCHU 26 RSA (2/2) By Fermat’s Little Theorem [assuming that gcd(M, p) = gcd(M, q) = 1, which holds except in rare cases], it follows that Mp-1 ≡ 1 (mod p) and Mq-1 ≡ 1(mod q). Consequently, Cd ≡ M.(Mp-1)k(q-1) ≡ M.1 ≡ M (mod p) and Cd ≡ M.(Mq-1)k(p-1) ≡ M.1 ≡ M (mod q) Because gcd(p , d) = 1, it follows by p\ (Cd –M) & q\ (Cd –M), hence Cd ≡ M( mod pq ). 2013/11/19 DISC MATH, NCHU 27 Example 1 of RSA Cryptosystem Encrypt the message STOP (18 19 14 15) using the RSA cryptosystem with p = 43 and q = 59, so that n = 43‧59 = 2537, and with e = 13. (2537, 13) is a public key. Note that gcd(e, (p – 1)(q – 1) = gcd(13, 42.58) = 1. We encrypt each block using the mapping C = Me mod n, that is, C = M13 mod 2537. Computations using fast modular multiplication show that 181913 mod 2537 = 2081 and 141513 mod 2537 = 2182. The encrypted message is 2081 2182. 2013/11/19 DISC MATH, NCHU 28 Example 2 of RSA Cryptosystem (1/2) We receive the encrypted message 0981 0461. What is the decrypted message if it was encrypted using the RSA cipher from Example 1? Solution: The message was encrypted using the RSA cryptosystem with n = 43.59 and exponent 13. As Exercise shows, d = 937 is an inverse of 13 modulo 42. 58 = 2436. We use 937 as our decryption exponent. Consequently, to decrypt a block C, we compute P = C937 mod 2537. 2013/11/19 DISC MATH, NCHU 29 Example 2 of RSA Cryptosystem (2/2) To decrypt the message, By the fast modular exponentiation algorithm, 0981937 mod 2537 = 0704 and 0461937 mod 2537 = 1115. Consequently, the numerical version of the original message is 0704 1115. Translating this back to English letters, we see that the massage is HELP. In summary, given 2 large prime numbers p and q (usually more than 200 digits) and e with gcd(e,(p-1)(q1))=1, taking (n=pq,e) as the public key, and d as the private key for the Public Key System. 2013/11/19 DISC MATH, NCHU 30 MEMO Read section 4.1 through 4.6 Get familiar with modular arithmetic and its applications. What is The Fundamental Theorem of Arithmetic? What is the public key cryptography? HW #16,17,19 of §4.1, #13-15, #19-21 of §4.2, #3-5,15,17-19 of §4.3, #7-9,15, 17-19, 21-22, 25 of §4.4, #6-7, 11, 13 of §4.5. #3-7 of §4.6. 2013/11/19 DISC MATH, NCHU 31