Download Chap4 Number Theory

The Fundamentals: Algorithms,
Integers, and Matrices
CSC-2259 Discrete Structures
Konstantin Busch - LSU
1
Integers and Division
Integers
a divides b :
a, b (a  0)
c, b  a  c
a|b
factor
Examples:
3 | 12
12  3  4
3| 7
Konstantin Busch - LSU
2
n
 2d
d
0
d
2d
3d
 n d
 d 
n 
    1  d
d  
Number of positive integers divisible by d
and not exceeding n :
n
 d 
Konstantin Busch - LSU
3
a , b, c
if
a|b
a|b
integers
then
a | bc
s b  a  s
Konstantin Busch - LSU
bc  a  (sc )
4
a , b, c
integers
if a | b and
a|c
then
a|b
s b  a  s
a|c
t c  a  t
Konstantin Busch - LSU
a | (b  c )
b  c  a  (s  t )
5
a , b, c
if
a|b
integers
and
b|c
then
a|b
s b  a  s
b|c
t c  b  t
Konstantin Busch - LSU
a|c
c  a  st
6
a, b, c, m, n
if
a|b
and
a|b
a | mb
a|c
a | mc
integers
a|c
then
a | mb  nc
a | mb  mc
Konstantin Busch - LSU
7
The division “algorithm”
aZ
There are unique
d Z
q, r  Z

such that:
a  d q  r
divisor
quotient
Konstantin Busch - LSU
remainder
0r d
8
a  d q  r
q  a div d
r  a mod d
a
q 
d 
Examples:
a
r  d  
d 
101  11 9  2
9  101 div 11 2  101 mod 11
 11  3(4)  1
 4  11 div 3
Konstantin Busch - LSU
1  11 mod 3
9
Division_algorithm(a, d ) {
q0
r | a |
while ( r  d ) {
r r d
q  q 1
}
}
if ( a  0 and r  0) { //a is negative
//adjust r
r d r
q  (q  1)
//adjust q
}
return q (a div d ) , r (a mod d )
Konstantin Busch - LSU
10
a  15
d 4
r
q
15
15  4  11
0
1
11  4  7
2
74 3
3
r  15 mod 4  3
q  15 div 4  3
Time complexity of division alg.:
O(q log a)
There is a better algorithm: O(log a  log d )
(based on binary search)
Konstantin Busch - LSU
11
Modular Arithmetic
mZ
a, b  Z

a  b (mod m)
“ a is congruent to
b
modulo m ”
a mod m  b mod m
Examples: 1  13 (mod 12)
11  5 (mod 6)
Konstantin Busch - LSU
0  m (mod m)
k  m  0 (mod m)
12
Equivalent definitions
a  b (mod m)
a mod m  b mod m
m| a b
k  Z , a  b  km
Konstantin Busch - LSU
13
3 mod 8  3
0
7
1
3
6
2
3
5
4
Length of line represents number
Konstantin Busch - LSU
14
11mod 8  3
0
7
1
11
6
2
3
5
4
Length of helix line represents number
Konstantin Busch - LSU
15
19 mod 8  3
0
7
1
19
6
2
3
5
4
Length of helix line represents number
Konstantin Busch - LSU
16
3  11  19(mod 8)
0
0
7
3
6
7
1
2
3
5
4
0
1
11
6
2
3
5
7
4
1
19
6
2
3
5
4
Helix lines terminate in same number
Konstantin Busch - LSU
17
Congruence class of
a
modulo
m:
Sa  {b | a  b (mod m)}
There are
m
congruence classes:
S0 , S1 ,, S m1
Konstantin Busch - LSU
18
a  b (mod m)
c  d (mod m)
a  b (mod m)
a  c  b  d (mod m)
a  b  sm
a  c  d  b  ( s  t )m
c  d (mod m)
c  d  tm
Konstantin Busch - LSU
19
a  b (mod m)
c  d (mod m)
a  c  b  d (mod m)
a  b (mod m)
a  b  sm
c  d (mod m)
c  d  tm
a  c  (b  sm)( d  tm)
 bd  m(bt  ds  stm)
Konstantin Busch - LSU
20
7  2 (mod 5)
11  1 (mod 5)
18  7  11  (2  1) (mod 5)  3 (mod 5)
77  7 11  (2 1) (mod 5)  2 (mod 5)
Konstantin Busch - LSU
21
(a  b) mod m  (( a mod m)  (b mod m)) mod m
ab mod m  (( a mod m)(b mod m)) mod m
Follows from previous results by using:
a mod m  (a mod m) mod m
b mod m  (b mod m) mod m
Konstantin Busch - LSU
22
Modular exponentiation
Compute
b mod m efficiently using
n
small numbers
Binary
expansion of
b b
n
n
ak 1 2 k 1  a1 2 a0
b
ak 1 2k 1
a1 2 a0
b b
n
b mod m
b
ak 1 2 k 1
 ((b
b a1 2b a0 mod m
ak 1 2 k 1
mod m)    (b
a1 2
mod m)  (b mod m)) mod m
Konstantin Busch - LSU
a0
23
Example:
644
3
mod 645  36
644  1010000100  2  2  2
9
644
3
644
3
29  2 7  2 2
3
7
2
3 3 3
29
27
22
mod 645
 (3 3 3 ) mod 645
29
27
22
 ((3 mod 645)(3 mod 645)(3 mod 645) mod 645)
29
27
22
Konstantin Busch - LSU
24
Compute all the powers of 3 efficiently
32 mod 645  9 mod 645  9
  mod 645  ((3
3 mod 645  3
22
2 2
2
  mod 645  ((3
3 mod 645  3

23
22
2
  mod 645  ((3
32 mod 645  32
9
8
2
mod 645)(32 mod 645)) mod 645  (9  9 mod 645)  81
22
mod 645)(3 mod 645)) mod 645  81  81 mod 645  111
28
mod 645)(32 mod 645)) mod 645  111
22
8
Use the powers of 3 to get result efficiently
3644
 (32 32 32 mod 645)
9
7
2
 (32 32 (32 mod 645) mod 645)  (32 32 81 mod 645)
9
7
2
9
7
 (32 (((32 mod 645)81) mod 645) mod 645)  (32 ((396  81) mod 645) mod 645)  (32  471 mod 645)
9
7
9
9
 (((32 mod 645)  471) mod 645)  111 471 mod 645  36
9
Konstantin Busch - LSU
25
Modular_Exponentiation( b, n, m) {
n  (an1an2 a1a0 ) 2
x 1
power  b mod m
for i  0 to k  1 {
if (ai  1) x  ( x  power ) mod m
power  ( power  power ) mod m
}
}
return x
n
(b mod m)
Time complexity: O(log m  log n)
bit operations
2
Konstantin Busch - LSU
26
Congruent application: Hashing functions
h(k )  k mod m
Example:
h(k )  k mod 111
Employer id
Folder#
h(064212848)  064212848 mod 111  14
h(037149212)  037149212 mod 111  65
h(107405723)  107405723 mod 111  14
Konstantin Busch - LSU
collision
27
Application: Pseudorandom numbers
Sequence of pseudorandom numbers
x 0 , x1 , x2 ,
Linear congruential method: x n1 (axn  c) mod m
2am
0cm
Example:
x n1 (7 xn  4) mod 9
seed
0  x0  m
seed
x0  3
3,7,8,6,1,2,0,4,5,3,7,8,6,1,2,0,4,5,3…
Konstantin Busch - LSU
28
Application: Cryptology
“MEET YOU IN THE PARK”
encryption
f ( x)  ( x  3) mod m
decryption
f 1 ( x)  ( x  3) mod m
“PHHW BRX LQ WKH SDUN”
Shift cipher: f ( x)  ( x  k ) mod m
Affine transformation: f ( x)  (ax  b) mod m
Konstantin Busch - LSU
29
Primes and Greatest Common Divisor
Prime p :
Positive integer greater than 1,
only positive factors are 1, p
Non-prime = composite
Primes: 2,3,5,7,11,13,17,19,23,29,31,37,41,…
Konstantin Busch - LSU
30
Fundamental theorem of arithmetic
Every positive integer is either prime
or a unique product of primes
Prime factorization: m  p p p  p
k1
1
k2
2
k3
3
kl
l
prime
Examples: 100  2  5
5
2
999  3  37
3
7007  7 11 13
2
Konstantin Busch - LSU
31
Theorem:
If n is composite then it has
prime divisor p  n
Proof:
n is composite
c  min( a, b)  n
a, b, 1  a, b  n, n  ab
since otherwise
ab  n n  n
From fundamental theorem of arithmetic
c is either prime or has a prime divisor
Konstantin Busch - LSU
End of Proof
32
Prime_factorization( n ) {
p  2 //first prime
n  n
while ( n' 1 and p  n) {
if ( p divides n ) {
p is a factor of n
n  n / p
}
else
p  next prime after p
}
}
return all prime factors found
Konstantin Busch - LSU
33
n  7007
p  2,3,5 do not divide 7007
p7
7007  7 1001 n
p7
1001  7 143
does not divide 143
p7
p  11
143  1113
(11  13 )
13
p  11
n  7  7 1113  7 1113
2
Konstantin Busch - LSU
34
Theorem: There are infinitely many primes
Proof:
Suppose finite primes
Let
p1 , p2 ,, pk
q  p1 p2  pk  1
If some prime
pi | q
Since pi |  p1 p2  pk
No prime divides q
(From fundamental
theorem of arithmetic)
pi | q  p1 p2  pk  1
impossible
q is prime
Konstantin Busch - LSU
Contradiction!
End of Proof
35
Largest prime known (as of 2006)
2
30, 402, 457
1
2 1
k
Mersenne primes have the form:
2 1  3
2
2 1  5
3
Konstantin Busch - LSU
2  1  31
5
36
Prime number theorem
The number of primes less or equal to
approaches to:
n
n
ln n
log e n
Konstantin Busch - LSU
37
Goldbach’s conjecture:
Every integer is the sum of two primes
4  22
6  33
6  53
10  7  3
Twin prime conjecture:
There are infinitely many twin primes
Twin primes differ by 2: 3,5 5,7 11,13 17,19
Konstantin Busch - LSU
38
Greatest common divisor
gcd( a, b)  largest integer d
such that d | a and d | b
a, b  Z
| a |  | b | 0
Examples:
gcd( 24,36)  12
Common divisors of 24, 36: 1, 2, 3, 4, 6, 12
gcd(17,22)  1
Common divisors of 17, 22: 1
Konstantin Busch - LSU
39
Trivial cases:
gcd( m,1)  1
gcd( m,0)  m
Konstantin Busch - LSU
m0
40
Theorem:
( a / b)
0r b
If a  b  q  r
then gcd( a, b)  gcd( b, r )
Proof:
d |a
d |b
a  ds
b  dt
r  d ( s  tq)
d |r
b  dt
d |b
Thus, (a, b) and (b, r ) have
the same set of common divisors
End of proof
Konstantin Busch - LSU
41
divisions
a  r0
b  r1
remainder
r0 / r1
r0

r1q1  r2
0  r2  r1
r1 / r2
r1


r2 q2  r3
0  r3  r2


rn2 / rn1
rn  2
 rn 1qn 1  rn
rn1 / rn
rn 1

0  rn  rn 1
rn qn  0
first zero
result
gcd( a, b)  gcd( r0 , r1 )  gcd( r1 , r2 )  gcd( r2 , r3 ) 
  gcd( rn 2 , rn 1 )  gcd( rn 1 , rn )  gcd( rn ,0)  rn
Konstantin Busch - LSU
42
a  662
662
414
248
166
82
b  414
 414 1  248
 248 1  166
 166 1  82

82  2  2

2  41  0
r2  248  414  r1
r3  166  248  r2
r4  82  166  r3
r5  2  r4  82
result
gcd( 662,414)  gcd( 414,248)  gcd( 248,166)
 gcd(166,82)  gcd( 82,2)  gcd( 2,0)  2
Konstantin Busch - LSU
43
Euclidian Algorithm
gcd( a, b ) {
x a
yb
while ( y
 0) {
r  x mod y
x y
yr
}
}
return x
Time complexity:
O(log b) divisions
Konstantin Busch - LSU
44
Relatively prime numbers
If gcd ( a, b)  1 then a, b are relatively prime
a and b have no common factors in
their prime factorization
Example:
21, 22 are relatively prime
gcd( 21,22)  1
21  3  7
22  2 11
Konstantin Busch - LSU
45
Least common multiple
lcm ( a, b)  smallest positive integer d
such that a | d and b | d
a, b  Z

Examples:
lcm (3,4)  12
lcm (5,10)  10
Konstantin Busch - LSU
46
Applications of Number Theory
Linear combination:

if a, b  Z then there are
s, t  Z such that
gcd( a, b)  sa  tb
Example:
gcd( 6,14)  2  (2)  6  114
Konstantin Busch - LSU
47
The linear combination can be found
by reversing the Euclidian algorithm steps
gcd( 252,198)  18  4  252  5 198
252  1 198  54
198 
54 
36 
3  54  36
1  36  18
2 18  0
gcd( 252,198)  18
 54  1 36  54  1 (198  3  54)
 4  54  1198  4  (252  1198)  1198
 4  252  5 198
Konstantin Busch - LSU
48
Linear congruences
We want to solve the equation for x
a  x  b(mod m)
x  ? (mod m)
Konstantin Busch - LSU
49
Inverse of
a:
a  x  b(mod m)
a  a mod m
a a  1(mod m)
x  x(mod m)
a a  1(mod m)
a a  x  a b(mod m)
a a  x  1 x(mod m)
x  a b(mod m)
Konstantin Busch - LSU
50
Theorem: If a and m are relatively prime
then the inverse a modulo m exists
Proof:
gcd( a, m)  1  sa  tm
sa  tm  1(mod m)
tm  0(mod m)
sa  1(mod m)
a s
End of proof
Konstantin Busch - LSU
51
Example: solve equation
3x  4(mod 7)
a  3, b  4, m  7
Inverse of 3: a  2
gcd( 3,7)  1  2  3  1 7
 2  3  1(mod m)
x  a b(mod m)
x  2  4(mod 7)  8(mod 7)  6 mod 7
Konstantin Busch - LSU
52
Chinese remainder problem
m1 , m2 ,, mn
:pairwise relatively prime
x  a1 (mod m1 )
x  a2 (mod m2 )

x  an (mod mn )
Has unique solution for
x modulo m  m1  m2 mn
Konstantin Busch - LSU
53
Solution:
x  a1M1 y1  a2 M 2 y2    an M n yn
m
Mk 
mk
yk
:inverse of M k modulo mk
Konstantin Busch - LSU
54
Explanation:
m
Mk 
mk
y k :inverse of M k modulo mk
M k yk  1 mod mk
0(mod m1 )
0(mod m1 )
x  a1M1 y1  a2 M 2 y2    an M n yn
x  a1M 1 y1 (mod m1 )
M k 1  0(mod m1 )
x  a1 (mod m1 )
Similar for any
Konstantin Busch - LSU
mj
55
Example:
x  2(mod 3)
x  3(mod 5)
x  2(mod 7)
m  3  5  7  105
M 1  m / 3  105 / 3  35
M 2 m / 5  105 / 5  21
M 3  m / 7  105 / 7  15
y1  2
y2  1
y3  1
x  a1M 1 y1  a2 M 2 y2  a3 M 3 y3
 2  35  2  3  211  2 15 1
 233  23(mod 105)
Konstantin Busch - LSU
56
Solution x is unique modulo m,
since for any other solution y it holds
x  y  a1 (mod m1 )
x  y  a2 (mod m2 )
iff

x  y (mod m)
x  y  an (mod mn )
Konstantin Busch - LSU
57
Application of Chinese remainder problem
Perform arithmetic with large numbers
using arithmetic modulo small numbers
Example:
relatively prime numbers
m1  99, m2  98, m3  97, m4  95
m  99  98  97  95  89,403,930
123,684  (33, 8, 9, 89)
Any number smaller
than m has unique
representation
123,684 mod 99  33
123,684 mod 98  8
123,684 mod 97  9
123,684 mod 95  89
Konstantin Busch - LSU
58
123,684  (33, 8, 9, 89)
+
+
+
+
+ 413,456  (32, 92, 42, 16)
(65 mod 99, 100 mod 98, 51 mod 97, 105 mod 95)
537,140  (65, 2, 51, 10)
We obtain this by using the
Chinese remainder problem solution
Konstantin Busch - LSU
59
Fermat’s little theorem
For any prime p and integer a
not divisible by p ( gcd( a, p )  1):
a
Example:
2
p 1
340
 1(mod) p
 1(mod) 341
a  2 p  341
Konstantin Busch - LSU
60
RSA cryptosystem
“MEET YOU IN THE PARK”
encryption
decryption
1
f ( x)  x mod n
f ( x)  x mod n
e
d
“9383772909383637467”
n  pq
Large primes
n, e are public keys
p, q, d are private keys
Konstantin Busch - LSU
61
Encryption example: p  43
q  59
e  13
n  p  q  2537
gcd( e, ( p  1)( q  1))  gcd(13,42  58)  1
Message to encrypt: “STOP”
Translate
to equivalent
numbers
“18 19 14 15”
“1819 1415”
Konstantin Busch - LSU
Group into
blocks of two
numbers
62
“1819 1415”
Apply encryption
function
to each block
f ( x)  x mod n
e
Encrypted
message: “2081 2182”
 x mod 2537
13
f (1819)  1819 mod 2537  2081
13
f (1415)  1415 mod 2537  2182
13
Konstantin Busch - LSU
63
Message decryption
M :an original block of the message
“1819
1415”
“2081
2182”
C :respective encrypted block
C  M (mod n)
e
We want to find M by knowing C , p, q, e
Konstantin Busch - LSU
d
:inverse of
e modulo ( p  1)( q  1)
de  1(mod( p  1)( q  1))
by definition of congruent
de  1  k ( p  1)( q  1)
Inverse exists because
gcd( e, ( p  1)( q  1))  1
gcd( e, ( p  1)( q  1))  1  se  t ( p  1)( q  1)  se mod( p  1)( q  1)
d s
Konstantin Busch - LSU
65
C  M (mod n)
e
C  M
d
 (mod n)
e d
de  1  k ( p  1)( q  1)
C M
d
de
M
1 k ( p 1)( q 1)
Konstantin Busch - LSU
(mod n)
66
Very likely it holds gcd( M , p )  1
(because p is a large prime and M is small)
gcd( M , p )  1
By Fermat’s
little theorem
M
p 1
 1(mod p)
Konstantin Busch - LSU
67
M
p 1
M 
p 1 k ( q 1)
 1(mod p)
 1k ( q 1)  1(mod p)
M  M (mod p)
M  M
M

p 1 k ( q 1)
1 k ( p 1)( q 1)
 M 1(mod p)
 M (mod p)
Konstantin Busch - LSU
68
We showed:
M
1 k ( p 1)( q 1)
 M (mod p)
By symmetry, when replacing p with q :
M
1 k ( p 1)( q 1)
 M (mod q)
By the Chinese remainder problem:
M
1 k ( p 1)( q 1)
 M (mod pq)  M (mod n)
Konstantin Busch - LSU
69
We showed:
C M
d
1 k ( p 1)( q 1)
(mod n)
C  M (mod n)
d
M
1 k ( p 1)( q 1)
 M (mod n)
In other words:
M  C mod n
d
Konstantin Busch - LSU
70
q  59
n  p  q  2537
Decryption example: p  43
e  13
gcd( e, ( p  1)( q  1))  gcd(13,42  58)  1
It can be shown that:
“2081
2182”
2081937 mod 2537  1819
d  937
f 1 (C )  C d mod n
2182937 mod 2537  1415
“1819
1415”
“18 19 14 15” =
Konstantin Busch - LSU
71