Download Document

Modular Arithmetic (1/4)
• If a and b are integers and m is a positive integer, then
a is congruent to b modulo m if m \ (a-b), demoted by
a ≡ b (mod m). m is its modulus.
• Let a and b be integers, and let m be a positive
integer. a ≡ b (mod m) iff a mod m = b mod m.
• Let a,b,m be (positive) integers.
a ≡ b iff there is an integer k s.t. a=b+km
• Let m be a positive integer. If a ≡ b (mod m) and c ≡ d
(mod m), then a+c ≡ b+d (mod m) and
ac ≡ bd (mod m)
2013/11/19
DISC MATH, NCHU
1
Modular Arithmetic (2/4)

Let a be an integer and d be a positive integer.
Then there are unique integer q and r, with
0≦ r <d, such that a = dq+r
 In the equality above, d is called the divisor, a
is called the dividend, q is called the quotient,
and r is the reminder. We denote them as
q = a div d, r = a mod d
2013/11/19
DISC MATH, NCHU
2
Modular Arithmetic (3/4)
• Let m be a positive integer.
If a ≡ b (mod m) and c ≡ d (mod m), then
a+c ≡ b+d (mod m) and ac ≡ bd (mod m)
• Let m be a positive integer and let a and b be
integers. Then,
(i) (a+b) mod m = ((a mod m) + (b mod m)) mod m
(ii) ab mod m = ((a mod m)(b mod m)) mod m
2013/11/19
DISC MATH, NCHU
3
Modular Arithmetic (4/4)
 Arithmetic operation on Zm, where Zm is the set of
nonnegative integers less than m , that is the set {0,1,2,…,
m-1}
 +m, ．m are defined as addition and multiplication on Zm
by a +mb = (a+b) mod m and a ．m b = (a．b) mod m.
 Operations on Zm satisfies closure, associative,
commutativity, Identity elements, Additive inverse, and
distributivity.
 Note that not every element on Zm has a multiplicative
inverse.
2013/11/19
DISC MATH, NCHU
4
The Fundamental Theorem of Arithmetic



Every positive integer greater than 1 can be written as
a prime or as the product of two or more primes
where the prime factors are written in order of
nondecreasing size.
For examples
 100 = 2x2x5x5
 999 = 3x3x3x37
Theorems
 If n is a composite integer, then n has a prime
divisor less than or equal to n1/2
 Let a and b be positive integers.
Then ab = gcd(a,b) x lcm(a,b)
2013/11/19
DISC MATH, NCHU
5
Representation of Integers



Base B expansion of an integer N
B could be 2,8,10,16 or others
Q1: How many additions of bits required to
add two integers with n bits in their binary
representations? (O(n))
Q2: How many additions of bits and shifts of
bits are used to multiply two integers with n
bits in their binary representations? (O(n2)) or
more precisely (O(n1.585))
2013/11/19
DISC MATH, NCHU
6
Modular Exponentiation



What is the value of bn mod m ?
Idea: represent n in binary notation
then calculate bj term by term
until the most significant bit
Example: find 3644 mod 645
644 = 29 + 27 + 22
Calculate 3 terms to the power of 21 22 23 24 25
26 27 28 29 modulo 645 individually.
Finally, multiply the 2nd, 7th, and 9th term
together
(with mod 645)
2013/11/19
DISC MATH, NCHU
7
There are indefinitely many primes
Proof: by contradiction.
Assume there are only finitely many primes,
p1,p2,p3 ,…,pn.
Let Q= p1p2…pn + 1 , Q is a prime or it can be
written as the product of two or more primes.
However, none of primes divides Q, or if pj | Q then
pj divides Q - p1p2…pn =1 , Hence there is a prime
not listed in the list p1,p2,p3 ,…,pn. This is a
contradiction to our assumption.
2013/11/19
DISC MATH, NCHU
8
Euclidean Algorithm
Procedure gcd(a,b: positive integers)
x=: a, y =: b
while y =! 0
begin
r =: x mod y
x =: y
y =: r
end {gcd(a,b) is x}
 Lemma
Let a = bq+r, where a,b,q and r are integers.
Then gcd(a,b) = gcd(b,r)
2013/11/19
DISC MATH, NCHU
9
Linear Congruence


Theorem 1( Bezout’s Theorem)
If a and b are positive integers, then there exist integers s
and t such that gcd(a,b) = sa + tb
Theorem 2
If a and m are relative prime integers and m > 1, then an
inverse of a modulo m uniquely exists.
proof:
Since gcd(a,m) = 1, there are integers s and t such that
sa + tm = 1, this implies sa + tm ≡ 1 mod m,
it follows that sa ≡ 1 mod m
consequently, s is a multiplication inverse of a modulo m.
(uniqueness part is left as exercise)
2013/11/19
DISC MATH, NCHU
10
Inverse of a modulo m



An integer a’ is called an inverse of a modulo m if
a’a ≡ 1 mod m
Find an inverse of 101 modulo 4620
(hint: using the reverse procedure of Euclidean algorithm,
shown in next page)
What are the solutions of the linear congruence
3x ≡ 4 mod 7?
(hint: multiple the inverse of 3 modulo 7 to both sides,
both 5 and -2 are inverses of 3 modulo 7)
2013/11/19
DISC MATH, NCHU
11
Find an Inverse of a modulo m

Find an inverse of 101 modulo 4620
4620 = 45 ﹡101 + 75
75 = 2 ﹡26 + 23
23 = 7 ﹡3 + 2
101 = 1 ﹡75 + 26
26 = 1 ﹡23 + 3
3 = 1 ﹡2 + 1
1 = 3 - 1 ﹡2 = 3 - 1 ﹡(23 - 7 ﹡3) = -1 ﹡23 + 8 ﹡3
= -1 ﹡23 + 8 ﹡(26 – 23) = 8 ﹡26 - 9 ﹡23
= 8 ﹡26 - 9 ﹡(75 - 2 ﹡26)
= -9 ﹡75 +26 ﹡(101 - 75) = 26 ﹡101 - 35 ﹡75
= 26 ﹡101 - 35 ﹡(4620 - 45 ﹡101)
= -35 ﹡4620 + 1601 ﹡101
hence, 1601 is the inverse of 101 modulo 4620.
2013/11/19
DISC MATH, NCHU
12
The Chinese Reminder theorem

Let m1, m2, …, mn be pairwise relatively prime
positive integers and a1, a2, …, an arbitrary
integers. Then the system x ≡ a1 (mod m1),
x ≡ a2 (mod m2),
…
x ≡ an (mod mn)
has a unique solution modulo m = m1m2… mn
2013/11/19
DISC MATH, NCHU
13
Proof of the Chinese Reminder Theorem

Let Mk = m/mk , k = 1,2,…,n
From the previous theorem, there exists a unique
inverse of Mk mod mk, say yk
Mk yk ≡ 1 (mod mk)
construct x = a1M1y1 + a2M2y2 + … + anMnyn
we have x ≡ akMkyk ≡ ak (mod mk) #
(uniqueness part is left as an exercise)
2013/11/19
DISC MATH, NCHU
14
Example of the Chinese Reminder Theorem

Solve x ≡ 2 (mod 3),
x ≡ 3 (mod 5),
x ≡ 2 (mod 7)
sol:
m = 3x5x7 = 105
M1 = m/3 = 35, y1 = 2
M2 = m/5 = 21, y2 = 1
M3 = m/7 = 15, y3 = 1
x = a1M1y1 + a2M2y2 + a3M3y3
= 233
≡ 23 (mod 105)
2013/11/19
DISC MATH, NCHU
15
Application of the Chinese Reminder Theorem

A large integer a can be uniquely represented using n
pairwise integers m1, m2, m3, …, mn as
(a mod m1, a mod m2, a mod m3, …, a mod mn)

Find the sum of 123684 and 413456 using 99,98,97,95
123684 + 413456 = (33,8,9,89) + (32,92,42,16)
= (65 mod 99,100 mod 98,51 mod 97,105 mod 95)
= (65,2,51,10)

To find the sum, we need to solve the congruenecs
x ≡ 65 (mod 99), x ≡ 2 (mod 98)
x ≡ 51 (mod 97), x ≡ 10 (mod 95)
The answer is 537140
2013/11/19
DISC MATH, NCHU
16
Back Substitution


Find all integer x such that x ≡ 1 (mod 5), x ≡ 2 (mod 6),
and x ≡ 3 (mod 7)
From x ≡ 1 (mod 5) we have x = 5t + 1, that is,
5t + 1 ≡ 2 mod 6. Hence, t ≡ 5 mod 6.
from t ≡ 5 mod 6, we get t = 6u + 5, put back to 5t+1,
we get x = 30u + 26, that is 30u + 26 ≡ 3 (mod 7),
we have u = 6 (mod 7), that is u = 7v + 6, put in
x = 30u + 26 = 210v + 206
Hence x = 206 mod 210
2013/11/19
DISC MATH, NCHU
17
Fermat’s Little Theorem

If p is prime and a is an integer not divisible by p, then
ap-1 ≡ 1 (mod p).
Furthermore, for every integer a, we have
ap ≡ a (mod p).
If ap-1 ≡ 1 (mod p)
then is p a prime?
NO !!
For example, 2340 ≡ 1 (mod 341), 341=11*31
2013/11/19
DISC MATH, NCHU
18
Pseudoprimes



An example using the Fermat’s Little Theorem
7222 mod 11 =?
7222 = 722x10+2 = (710)2272 = 1x49 ≡ 5 mod 11
Is it true that n is odd prime iff 2n-1 ≡ 1 (mod n)?
the answer is NO !!
For example, 2340 ≡ 1 (mod 341), 341=11*31
The composite integer n such that 2n-1 ≡ 1 (mod n) is
called a pseudoprime number to the base 2. In general,
n is a pseudoprime to the base b if bn-1 ≡ 1 (mod n).
2013/11/19
DISC MATH, NCHU
19
Carmichael number


A composite integer n that satisfies the congruence bn-1 ≡
1 (mod n) for all positive integers b with gcd(b,n) =1 is
called a Carmichael number.
561 is a Carmichael number.
561 = 3 x 11 x 17
if gcd(b,561)= 1 then gcd(b,3)= gcd(b,11)= gcd(b,17)=1
by Fermat’s Little theorem, we find that
b2 ≡ 1 mod 3, b10 ≡ 1 mod 11, b16 ≡ 1 mod 17, hence
b560= (b2)280= (b10)56= (b16)35 they are ≡ 1 mod 3,11,17
respectively.
2013/11/19
DISC MATH, NCHU
20
Applications of Congruences
• Hashing function
h(k) = k mod m
• Pseudorandom numbers
xn+1 = (axn +c) mod m
• Cryptology (for example: Caesar’s cipher)
f(p) = (p+3) mod 26
2013/11/19
DISC MATH, NCHU
21
Hash Functions
 Using Hashing functions, records can be
identified using a key, e.g., h(k) = k mod m.
However, a collision could occur.
Example: Find the locations assigned by the hashing
function h(k) = k mod 111 to the records of customers
with SSN 064212848 and 037149212. Then, what is the
location assigned for 107405723?
Ans: h(064212848) = 14, and h(037149212) = 65, while
h(107405423) = 14, the location is already assigned,
hence the first free location following the occupied
memory
is assigned.
2013/11/19
DISC MATH, NCHU
22
Pusedorandom numbers
 Numbers generated by systematic methods
are not truly random, called pusedorandom
numbers.
Example: xn+1 = (axn +c) mod m
xn+1 = (75 xn) mod 231-1 is widely used.
With this values, it can be shown that 231-2 numbers
generated before repetition begins.
2013/11/19
DISC MATH, NCHU
23
Check Digits
 Parity Check Bits xn+1 = x1+x2+…+xn-1+xn mod 2
 Universal Product Codes (UPCs)
3x1+x2+3x3+x4+3x5+x6+3x7+x8+3x9+x10+3x11+x12 ≡ 0 mod 10
x1 is the product category
x2 to x6 identify the manufacturer
x7 to x11 identify the particular product
x12 is a check digit
 International Standard Book Number (ISBN-10)
x10 ≡ x1+2x2+3x3+4x4+5x5+6x6+7x7+8x8+9x9 mod 11
Or x1+2x2+3x3+4x4+5x5+6x6+7x7+8x8+9x9+10x10 ≡ 0 mod 11
2013/11/19
DISC MATH, NCHU
24
Example of Caesar’s Encryption


A shift cipher can be used with encryption key k, a
number p representing a letter is sent to
c = (p + k) mod 26.
Decryption is carried out by shifting by –k; that is,
p = (c – k ) mod 26.
Example: “Meet you in the park” using k=3
Original: 12 4 4 19 24 14 20 8 13 19 7 4 15 0 17 10
Become: 15 7 7 22 1 17 23 11 16 22 10 7 18 3 20 13
which is encoded as “PHHW BRX LQ WKH SDUN”
2013/11/19
DISC MATH, NCHU
25
RSA (1/2)


Plaintext M, encrypted text C, key (n,e), C= Me mod n
The plaintext message can be quickly recovered when
the decryption key d, an inverse of e modulo (p – 1)(q – 1),
is known. [ n = p * q, such an inverse exists because
gcd(e, (p – 1)(q – 1) = 1. ]
To see this, note that if de ≡ 1 (mod (p – 1)(q – 1)),
there is an integer k such that de = 1 + k(p – 1)(q – 1).
It follows that
Cd ≡ (Me)d = Mde = M1+k(p-1)(q-1)(mod n) ≡ M mod p (or q).
2013/11/19
DISC MATH, NCHU
26
RSA (2/2)

By Fermat’s Little Theorem [assuming that gcd(M,
p) = gcd(M, q) = 1, which holds except in rare
cases], it follows that Mp-1 ≡ 1 (mod p) and Mq-1 ≡
1(mod q). Consequently,
Cd ≡ M．(Mp-1)k(q-1) ≡ M．1 ≡ M (mod p)
and
Cd ≡ M．(Mq-1)k(p-1) ≡ M．1 ≡ M (mod q)
Because gcd(p , d) = 1, it follows by p\ (Cd –M) &
q\ (Cd –M), hence Cd ≡ M( mod pq ).
2013/11/19
DISC MATH, NCHU
27
Example 1 of RSA Cryptosystem

Encrypt the message STOP (18 19 14 15) using the RSA
cryptosystem with p = 43 and q = 59, so that n = 43‧59 =
2537, and with e = 13. (2537, 13) is a public key.
Note that gcd(e, (p – 1)(q – 1) = gcd(13, 42．58) = 1.
We encrypt each block using the mapping
C = Me mod n, that is, C = M13 mod 2537.
Computations using fast modular multiplication show that
181913 mod 2537 = 2081 and 141513 mod 2537 = 2182.
The encrypted message is 2081 2182.
2013/11/19
DISC MATH, NCHU
28
Example 2 of RSA Cryptosystem (1/2)

We receive the encrypted message 0981 0461. What is
the decrypted message if it was encrypted using the RSA
cipher from Example 1?
Solution: The message was encrypted using the RSA
cryptosystem with n = 43．59 and exponent 13. As
Exercise shows, d = 937 is an inverse of 13 modulo 42．
58 = 2436. We use 937 as our decryption exponent.
Consequently, to decrypt a block C, we compute
P = C937 mod 2537.
2013/11/19
DISC MATH, NCHU
29
Example 2 of RSA Cryptosystem (2/2)



To decrypt the message, By the fast modular
exponentiation algorithm, 0981937 mod 2537 = 0704 and
0461937 mod 2537 = 1115.
Consequently, the numerical version of the original
message is 0704 1115. Translating this back to English
letters, we see that the massage is HELP.
In summary, given 2 large prime numbers p and q
(usually more than 200 digits) and e with gcd(e,(p-1)(q1))=1, taking (n=pq,e) as the public key, and d as the
private key for the Public Key System.
2013/11/19
DISC MATH, NCHU
30
MEMO





Read section 4.1 through 4.6
Get familiar with modular arithmetic and its
applications.
What is The Fundamental Theorem of Arithmetic?
What is the public key cryptography?
HW #16,17,19 of §4.1, #13-15, #19-21 of §4.2,
#3-5,15,17-19 of §4.3, #7-9,15, 17-19, 21-22,
25 of §4.4, #6-7, 11, 13 of §4.5. #3-7 of §4.6.
2013/11/19
DISC MATH, NCHU
31