Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Birkhoff's representation theorem wikipedia , lookup
Field (mathematics) wikipedia , lookup
Polynomial ring wikipedia , lookup
Fundamental theorem of algebra wikipedia , lookup
Factorization wikipedia , lookup
Eisenstein's criterion wikipedia , lookup
Polynomial greatest common divisor wikipedia , lookup
Factorization of polynomials over finite fields wikipedia , lookup
UNIT II FINITE FIELDS AND NUMBER THEORY Group • A group G, sometimes denoted by {G, .}, is a set of elements with binary operations denoted as ., that associates to each ordered pair (a,b) of elements in G an element(a . b) in G, such that the following axioms are obeyed Axioms obeyed – (A1)Closure : If a and b belong to G, then a.b is also in G – (A2)Associative law:(a.b).c = a.(b.c) – (A3)Identity e: e.a = a.e = a – (A4)Inverse a-1: a.a-1 = e • if (A5)commutative a.b = b.a – then forms an abelian group Group • If a group has a finite no. of elements FINITE Group • Order is equal to the no. of elements in the group • if commutative a.b = b.a – then forms an abelian group Cyclic Group • Exponentiation is repeated application of group operator – example: a3 = a.a.a • and let identity be: e=a0 • a group is cyclic if every element is a power of some fixed element – ie b = ak for some a and every b in group • a is said to be a generator G of the group • Eg: Additive group of integers is an infinite cyclic group, generated by element 1. Ring • A ring R, sometimes denoted by {R, +, x}, is a set of elements with two binary operations, called addition and multiplication, such that for all a, b, c in R the following axioms are obeyed Ring • an abelian group with addition operation • (M1) closure under multiplication • (M2) associativity of multiplication • (M3) distributive : a(b+c) = ab + ac (a+b)c = ac + bc • Eg: n‐square matrices over the real numbers form a ring • (M4) commutative • Eg: S be the set of even integers under usual operations of addition and multiplication is a commutative ring Ring • Integral Domain – (M5) Multiplicative identity : There is an element 1 in R such that a1= 1a=a – (M6) No Zero divisors : If a, b in R and ab=0, then either a=0 0r b=0 • Eg: Set of integers positive, negative, Zero under usual operations of addition and multiplication Field • A field F, sometimes denoted by {F, +, x}, is a set of elements with two binary operations, called addition and multiplication, such that for all a, b, c in F the following axioms are obeyed • (A1‐M6) F is an integral domain • (M7) multiplicative inverse: For each a in F, except 0, there is an element a‐1 such that aa‐1 =(a‐1)a=1 • Eg : rational numbers, real numbers, complex numbers Divisors • We say that a nonzero b divides a if a=mb for some m, where a, b, and m are integers. That is, b divides a if there is no remainder on division. The notation b|a is commonly used to mean b divides a. Also, if b|a, we say that b is divisor of a Relations • • • • If a|1, then a=±1 If a|b and b|a, then a=±b Any b ≠ 0 divides 0; If b|g and b|h, then b|(mg+nh) for arbitary integers m and n. – If b|g, then g is of the form g=b×g1 for some integer g1 – If b|h, then h is of the form h=b×h1 for some integer h1 Properties of Congruences • Congruences have the following properties: – a ≡ b(mod n) if n|(a-b) – a ≡ b(mod n) implies b ≡ a(mod n)... – a ≡ b(mod n) and b ≡ c(mod n) imply a ≡ c(mod n) Modular Arithmetic operations • Properties – [(a mod n)+(b mod n)] mod n=(a+b) mod n – [(a mod n)‐(b mod n)] mod n=(a‐b) mod n – [(a mod n)×(b mod n)] mod n=(a×b) mod n Exponentiation • 117 mod 13 • 112= 121 ≡ 4(mod 13) • 114= (112)2 = 42 ≡ 3 mod 13 • 117 mod 13 = 11×4×3 ≡ 132 ≡ 2 mod 13 Modulo 8 Example Properties of Modular Arithmetic • Define the set Zn as the set of non negative integers less than n: Zn={0,1,…..(n‐1)} • This is set of residues or residue classes modulo n. • • • • • Eg: residue class modulo 4 are [0]={…,‐16,‐12,‐8,‐4,0,4,8,12,16,….} [1]={….,‐15,‐11,‐7,‐3,1,5,9,13,17,……} [2]={….,‐14,‐10,‐6,‐2,2,6,10,14,18,…} [3]={….,‐13,‐9,‐5,‐1,3,7,11,15,19,….} Modulo 7 Example ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... Modular Arithmetic • (a+b) • (a×b) ≡ (a+c) mod n then b ≡ c mod n ≡ (a×c) mod n then b ≡ c mod n if a and n are relatively prime Greatest Common Divisor (GCD) • a common problem in number theory • GCD (a,b) of a and b is the largest number that divides evenly into both a and b – eg GCD(60,24) = 12 • often want no common factors (except 1) and hence numbers are relatively prime – eg GCD(8,15) = 1 – hence 8 & 15 are relatively prime Euclid's GCD Algorithm • an efficient way to find the GCD(a,b) • uses theorem that: – GCD(a,b) = GCD(b, a mod b) • Euclid's Algorithm to compute GCD(a,b): • Assumption : a > b > 0 1. A->a, B->b 2. If B=0 return A=gcd(a,b) 3. R = A mod B 4. A <- B 5. B <- R 6. goto 2 Algorithm Progression • A1=B1×Q1+R1 • A2=B2 ×Q2+R2 • A3=B3 ×Q3+R3 • A4=B4 ×Q4+R4 Find GCD • • • • • • • • 465,527 1970,1066 24140,16762 4655,12075 46189,1066 1197,5320 4389,133 2106,2784 Example GCD(1970,1066) 1970 = 1 x 1066 + 904 1066 = 1 x 904 + 162 904 = 5 x 162 + 94 162 = 1 x 94 + 68 94 = 1 x 68 + 26 68 = 2 x 26 + 16 26 = 1 x 16 + 10 16 = 1 x 10 + 6 10 = 1 x 6 + 4 6 = 1 x 4 + 2 4 = 2 x 2 + 0 gcd(1066, 904) gcd(904, 162) gcd(162, 94) gcd(94, 68) gcd(68, 26) gcd(26, 16) gcd(16, 10) gcd(10, 6) gcd(6, 4) gcd(4, 2) gcd(2, 0) Galois Fields • finite fields play a key role in cryptography • can show number of elements in a finite field must be a power of a prime pn • known as Galois fields • denoted GF(pn) • in particular often use the fields: – GF(p) – GF(2n) Galois Fields GF(p) • GF(p) is the set of integers {0,1, … , p‐1} with arithmetic operations modulo prime p • these form a finite field – since have multiplicative inverses • hence arithmetic is “well‐behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p) Example GF(7) Finding Inverses • • can extend Euclid’s algorithm: Gcd(m,b) = 1 & m > b EXTENDED EUCLID(m, b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2 – mT1+bT2=T3 mA1+bA2=A3 mB1+bB2=B3 Find Multiplicative Inverse • • • • 1759,550 23,120 1234 mod 4321 550 mod 1769 Inverse of 550 in GF(1759) Polynomial Arithmetic • can compute using polynomials • several alternatives available – ordinary polynomial arithmetic – poly arithmetic with coords mod p – poly arithmetic with coords mod p and polynomials mod M(x) Ordinary Polynomial Arithmetic • add or subtract corresponding coefficients • multiply all terms by each other • eg – let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1 f(x) + g(x) = x3 + 2x2 – x + 3 f(x) – g(x) = x3 + x + 1 f(x) x g(x) = x5 + 3x2 – 2x + 2 Polynomial Arithmetic with Modulo Coefficients • when computing value of each coefficient do calculation modulo some value • could be modulo any prime • but we are most interested in mod 2 – ie all coefficients are 0 or 1 – eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1 f(x) x g(x) = x5 + x2 Modular Polynomial Arithmetic • can write any polynomial in the form: – f(x) = q(x) g(x) + r(x) – can interpret r(x) as being a remainder – r(x) = f(x) mod g(x) • if have no remainder say g(x) divides f(x) • if g(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial • arithmetic modulo an irreducible polynomial forms a field Polynomial GCD • can find greatest common divisor for polys – c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree which divides both a(x), b(x) – can adapt Euclid’s Algorithm to find it: – EUCLID[a(x), b(x)] 1. A(x) = a(x); B(x) = b(x) 2. 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 3. R(x) = A(x) mod B(x) 4. A(x) ¨ B(x) 5. B(x) ¨ R(x) 6. goto 2 Modular Polynomial Arithmetic • can compute in field GF(2n) – polynomials with coefficients modulo 2 – whose degree is less than n – hence must reduce modulo an irreducible poly of degree n (for multiplication only) • form a finite field • can always find an inverse – can extend Euclid’s Inverse algorithm to find Example GF(23) Prime Numbers • prime numbers only have divisors of 1 and self – they cannot be written as a product of other numbers • eg. 2,3,5,7 are prime • prime numbers are central to number theory • list of prime number less than 200 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 Prime Factorisation • to factor a number n is to write it as a product of other numbers: n=a x b x c • note that factoring a number is relatively hard compared to multiplying the factors together to generate the number • the prime factorisation of a number n is when its written as a product of primes – eg. 91=7x13 ; 3600=24x32x52 Prime Factorisation • Any positive integer a can be written uniquely as • The integer 12 is represented by { a2=2,a3=1} • The integer 18 is represented by { a2=1,a3=2} Relatively Prime Numbers & GCD • two numbers a, b are relatively prime if have no common divisors apart from 1 – eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor • conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers – eg. 300=22x31x52 18=21x32 hence GCD(18,300)=21x31x50=6 Fermat's Theorem • ap-1 ≡ 1 (mod p) – where p is prime and gcd(a,p)=1 • also known as Fermat’s Little Theorem • also ap ≡ a (mod p) • useful in public key and primality testing Fermat’s theorem • Consider the set of positive integers less than p : {1,2,…p‐1} • Multiply each element by a, modulo p • X= {a mod p,2a mod p…(p‐1)a mod p} • So none of the elements of X is Zero because p does not divide a and no two integers are equal • To see, • Assume ja ≡ ka(mod p) 1 ≤ j < k ≤ p-1 • Since a and p are relatively prime eliminate a resulting in j ≡ k(mod p) • This is not possible as j and k are positive integer less than p • So (p‐1) elements of X are all positive integers and no two numbers are equal Fermat’s Theorem • a × 2a × ….. × (p‐1) ≡ [1 × 2 × ….. × (p‐1)](mod p) • ap-1 (p-1)!≡ (p-1)!(mod p) • We cancel (p-1)! Term because it is relatively prime to p Ex. a=7,p=19 72=49 ≡ 11 mod 19 74 ≡121 ≡ 7 mod 19 78 ≡49 ≡11 mod 19 716 ≡121 ≡7 mod 19 718= 716 x 72 ≡ 7x11 ≡ 1 mod 19 Euler Totient Function ø(n) • when doing arithmetic modulo n the complete set of residues is: 0..n-1 • reduced set of residues is those numbers (residues) which are relatively prime to n – eg for n=10, – complete set of residues is {0,1,2,3,4,5,6,7,8,9} – reduced set of residues is {1,3,7,9} • number of elements in reduced set of residues is called the Euler Totient Function ø(n) Euler Totient Function ø(n) • to compute ø(n) need to count number of residues to be excluded • in general need prime factorization, but – for p (p prime) – for p.q (p,q prime) ø(p) ø(pq) = p-1 =(p-1)x(q-1) • eg. ø(37) = 36 ø(21) = (3–1)x(7–1) = 2x6 = 12 Euler's Theorem • a generalisation of Fermat's Theorem • aø(n) ≡ 1 (mod n) – for any a,n where gcd(a,n)=1 • eg. a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 210 = 1024 = 1 mod 11 Proof of Euler’s Thorem • Theorem true if n is prime, because ø(n) =(n‐1) & fermat’s thm holds. • Consider the set of integers, as R={x1,x2,..x ø(n)} • That is each element xi of R is a unique positive integer less than n with gcd(x i,n)=1 • Now multiply with a, modulo n • S={(ax1 mod n), (ax2 mod n).....(a x ø(n) mod n)} • The set S is permutation of R, by the reasons below – Because a is relatively prime to n & xi is relatively prime to n, axi must also be relatively prime – No duplicates if ax i mod n ≡ axj mod n, then xi =xj Testing of Primality • To test a large no for primality Miller Rabin Algorithm is used • Any positive odd integer n ≥ 3 can be expressed as • n‐1 =2kq with k>0, q odd • To see • n‐1 is an even integer • Divide (n‐1) by 2 until we get a odd number q as result for a total of k divisions • If n a binary no just shift the no to right until the rightmost is 1, for a total of k shifts Properties of Prime no • First Property – If p is prime and a is a positive integer less than p, then a2 mod p=1 if and only if either a mod p= 1 or a mod p = ‐1 mod p= p‐1 – (a mod p)( a mod p) = a2 mod p – Thus either a mod p = 1 or a mod p = ‐1 then a2 mod p =1 – Conversly if a2 mod p =1, (a mod p)2 = 1 which is true only for a mod p= 1 or a mod p = ‐1 Properties of Prime no • Second Property Let p be a prime number >2,then p‐1=2kq,with k>0, q odd.[1 of the following conditions is true] 1. aq ≡ 1 mod p 2. One of the numbers k-1 aq,a2q,a4q,…a2 q is congruent to 1 mod p. Miller Rabin Algorithm • a test based on Fermat’s Theorem • algorithm is: TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq 2. Select a random integer a, 1<a<n–1 3. if aq mod n = 1 then return (“maybe prime"); 4. for j = 0 to k – 1 do jq 2 mod n = n-1) 5. if (a then return(" maybe prime ") 6. return ("composite") Probabilistic Considerations • if Miller‐Rabin returns “composite” the number is definitely not prime • otherwise is a prime or a pseudo‐prime • chance it detects a pseudo‐prime is < 1/4 • hence if repeat test with different random a then chance n is prime after t tests is: – Pr(n prime after t tests) = 1‐4‐t – eg. for t=10 this probability is > 0.99999 Distribution of primes • prime number theorem states that primes near n are spaced on the average one every (ln n) integers • All even numbers can be immediately rejected, so it is 0.5 ln(n). • so in practice need only test 0.5 ln(n) numbers of size n to locate a prime • Eg: for numbers round 2^200 would check 0.5ln(2^200) = 69 numbers on average. • This is only an average, can see successive odd primes, or long runs of composites. Chinese Remainder Theorem • CRT says it is possible to reconstruct integers in a certain range from their residues modulo a set of pair wise relatively prime moduli. • Ex., 10 integers in Z10(0 to 9),can be reconstructed from their two residues modulo 2 and 5 (relatively prime factors of 10). • The known residues of a digit x are • r2=0 (x mod 2=0 )and r5=3(x mod 5=3) • Unique solution for x? CRT k • Let M = ∏ m i i = 1 are pair wise relatively prime. where the m i • Represent any integer A in ZM by a k‐tuple whose elements are in Zm using the following i correspondence A ↔ (a1,a2,….,ak) where ai = A mod mi . CRT makes 2 assertions 1. The mapping of above equation is one‐to‐one correspondence between ZM and cartesian product Zm1 x Zm2 x ….. Zmk. 2. Operations performed on the elements of ZM can be equivalently performed on corresponding k‐tuples. First assertion: • Transformation from A to (a1,a2,…ak) is unique. • i.e., ai=A mod mi.(ai is unique) • to compute A(mod M) – Let Mi = M/mi for 1≤i≤ K [Mi=m1 x m2…x mi‐1 x mi+1x…mk]. Let • Now compute, • Second assertion can be stated as follows. If A ↔ (a1,a2,….,ak)and B ↔ (b1,b2,….,bk) then (A+B) mod m↔((a1+b1)mod m1,…,(ak+bk)mod mk) (A-B) mod m↔((a1-b1)mod m1,…,(ak-bk)mod mk) (AxB) mod m↔((a1xb1)mod m1,…,(akxbk)mod mk) Discrete Logarithms • from Euler’s theorem have aø(n) ≡ 1 mod n • Consider general expression am≡1(mod n), • If a and n are relatively prime, then there is at least 1 integer m that satisfies above equation. The least positive exponent is referred in many ways – The order of a(mod n) – The exponent to which a belongs (mod n) – The length of the period generated by a. • Consider the powers of 7 mod 19 71 ≡7 mod 19,72 ≡11 mod 19,73 ≡1 mod 19, 74 ≡7 mod 19,75 ≡11 mod 19 Length of the period is smallest +ve exponent m such that 7m ≡1 mod 19 Primitive root • Some of the sequences are of length 18. • If a is a primitive root of p(prime number),then a,a2,…ap-1 are distinct(mod p). Primitive roots of 19 -? • Not all integers have primitive roots. Only integers with primitive roots are of the form 2,4,pα and 2pα , where p is any odd prime and α is positive integer. a a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12 a13 a14 a15 a16 a17 a18 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1 3 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 1 4 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 1 5 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 1 6 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 8 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 1 9 5 7 6 16 11 4 17 1 9 14 7 13 16 8 4 2 1 10 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1 12 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 1 13 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 1 14 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 1 15 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 1 16 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 1 17 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 1 Logarithms for Modular Arithmetic • the inverse problem to exponentiation is to find the discrete logarithm of a number modulo p • that is to find x such that y = gx (mod p) • this is written as x = logg y (mod p) • if g is a primitive root then it always exists, otherwise it may not, eg. x = log3 4 mod 13 has no answer x = log2 3 mod 13 = 4 by trying successive powers Logarithms for Modular Arithmetic • while exponentiation is relatively easy, finding discrete logarithms is generally a hard problem • For any integer b and primitive root a of prime p, find a unique exponent such that b≡ai(mod p) i is referred to as discrete logarithm of number b for the base a(mod p) • dloga,p(1)=0 since a0 mod p=1 • dloga,p(a)=1 since a1 mod p=a