Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
Document related concepts

Addition wikipedia , lookup

List of important publications in mathematics wikipedia , lookup

Vincent's theorem wikipedia , lookup

List of prime numbers wikipedia , lookup

Georg Cantor's first set theory article wikipedia , lookup

Four color theorem wikipedia , lookup

Factorization wikipedia , lookup

Mathematical proof wikipedia , lookup

Elementary mathematics wikipedia , lookup

Wiles's proof of Fermat's Last Theorem wikipedia , lookup

Fermat's Last Theorem wikipedia , lookup

Algorithm wikipedia , lookup

Theorem wikipedia , lookup

Fundamental theorem of algebra wikipedia , lookup

Factorization of polynomials over finite fields wikipedia , lookup

Proofs of Fermat's little theorem wikipedia , lookup

Transcript 
Textbook: Introduction to Cryptography 2nd ed.
By J.A. Buchmann
Chap 1 Integers
Department of Computer Science and Information Engineering,
Chaoyang University of Technology
朝陽科技大學資工系
Speaker: Fuw-Yi Yang 楊伏夷
伏夷非征番,
道德經 察政章(Chapter 58) 伏者潛藏也
道紀章(Chapter 14) 道無形象, 視之不可見者曰夷
Fuw-Yi Yang
1
Contents
Basics
Divisibility
Representation of integers
O- and -notation
Cost of +, *,  with remainder
Polynomial time
Greatest common divisor
Euclidean algorithm
Extended Euclidean algorithm
Analysis of the Extended Euclidean algorithm
Factoring into primes
Exercise
Fuw-Yi Yang
2
1.1 Basics
N = {1, 2, 3, 4, 5,…} is the set of positive integers and
Z = {0, 1,  2,  3, …} is the set of integers.
The rational numbers are denoted by Q and the real number by R.
NZQR
A set M of real numbers is called bounded from below if there is a
real number  such that all elements of M are greater than .
We also say that M is bounded from below by .
Example. The set of positive integers is bounded from below by 0,
but the set of even integers is not bounded from below.
Fuw-Yi Yang
3
1.1 Basics
For any real number , we write
 = max{b  Z: b  }.
Hence,  is the greatest integer, which is less than or equal to .
This number exists because the set {b  Z: b  } is bounded from
above.
Example 1.1.1 We have 3.43 = 3 and -3.43 = -4.
Fuw-Yi Yang
4
1.1 Basics
Finally we need induction. If a statement, which dependents on a
positive integer n, is true for n = 1 and if the truth for any integer m
with 1  m  n implies the truth for n + 1, then the statement is true
for any positive integer n.
Example 1.1.1
We wish to prove 1 + 2 + 3 + …+ n = n(n + 1) / 2. next page
Fuw-Yi Yang
5
1.1 Basics
Example 1.1.1 We wish to prove 1 + 2 + 3 + …+ n = n(n + 1) / 2.
1. basis: prove that the statement holds true for n =1.
 It is clear that the statement holds true for n =1.
2. Inductive step: prove that if the statement holds for n = m, then the
same statement also holds for n = m + 1.
 Assume the statement holds true for n = m, then the same
statement also holds for n = m + 1 as shown below.
 m(m + 1) / 2 + (m + 1)
= (m2 + m + 2m + 2) / 2
= (m + 1)(m + 2) / 2
Fuw-Yi Yang
6
1.2 Divisibility
Definition 1.2.1
We say that a divides n if there is an integer b with n = ab.
If a divides n, then a is called a divisor of n, n is called a multiple of a,
and we write a | n.
Example 1.2.2 We have 13 | 182 because 182 = 14 * 13.
Likewise, we have -5 | 30 because 30 = (-6) * (-5).
The divisors of 30 are  1,  2,  3,  5,  6,  10,  15,  30.
Any integer a divides 0 (a | 0) because 0 = a * 0. The only integer
that is divisible by 0 is 0 because n = 0 * b implies n = 0.
Fuw-Yi Yang
7
1.2 Divisibility
Theorem 1.2.3
1. If a | b and b | c, then a | c.
2. If a | b, then ac | bc for all c.
3. If c | a and c | b, then c | da + eb for all d and e.
4. If a | b and b  0, then |a|  |b|.
5. If a | b and b | a, then |a| = |b|.
Proof:…
Fuw-Yi Yang
8
1.2 Divisibility
Theorem 1.2.4 If a and b are integers, b > 0, then there are uniquely
determined integers q and r such that a = qb + r and 0  r < b, namely
q = a/b and r = a - bq.
Proof: If a = qb + r and 0  r < b, then 0  r/b < b/b,
0  a/b - q < 1,
a/b  q > a/b - 1.
Hence q = a/b and r = a - bq.
In the above, the integer q is called the (intergral) quotient and r is
the remainder of the division of a and b. We write r = a mod b. If a is
replaced by a mod b, then we say that a is reduced modulo b.
Fuw-Yi Yang
9
1.3 Representation of Integers
In books, integers are written in decimal expansion. On computers,
binary expansion is used. More generally, integers can be
represented using the co-called g-adic expansion.
Example 1.3.1 We have log2 8 = 3 because 23 = 8.
Also log8 8 = 1 because 81 = 8.
Example 1.3.2 The sequence (0, 1, 1, 1, 0) is an element of {0, 1}5.
Also {1, 2}2 = {(1, 1), (1, 2), (2, 1), (2, 2)}.
Fuw-Yi Yang
10
1.3 Representation of Integers
Theorem 1.3.3 Let g be an integer, g > 1. For each positive integer a,
there is a uniquely determined positive integer k and a uniquely
determined sequence (a1, …, ak)  {0,…,g - 1}k with a1  0 and
k a g k i (Eq. 1.1). In addition, k = logg a + 1, and ai is the
i 1 i
k j
intergral quotient of (a -  ij11 a j g
) by gk - i for 1  i  k .
Proof: see next page.
Fuw-Yi Yang
11
1.3 Representation of Integers
Proof: 1. uniqueness of k: gk - 1  a  gk , hence k = logg a + 1.
2. uniqueness of sequence (a1, …, ak):
2.1 basis: for k = 1, set a1 = a.
2.2 inductive step: let k > 1 and there is a representation as Eq. 1.1,
then , 0  a - a1 gk - 1 < gk – 1 and therefore
0  a / gk - 1 - a1 < 1.
Therefore, a1 is the intergral quotient of a divided by gk – 1 and is
uniquely determined. Set a = a - a1 gk - 1. Either we have a = 0, in
which case ai = 0, 0  i  k or a = k ai g k i is the uniquely
i 2
determined representation of a by the induction hypothesis (the
statement is true for k = m). Next page
Fuw-Yi Yang
12
1.3 Representation of Integers
It is clear that a representation Eq. 1.1 exists. We only need to set
a1 = a / gk - 1 and to take the other coefficients from the
representation a = a - a1 gk - 1. end of proof
Fuw-Yi Yang
13
1.3 Representation of Integers
Definition 1.3.4 The sequence (a1, …, ak) from Theorem 1.3.3 is
called the g-adic expansion of a. Its element are called digits. Its
length is k = logg a + 1. If g = 2, the sequence is called the binary
expansion of a. If g = 16, then the sequence is called the hexadecimal
expansion of a. Instead of (a1, …, ak), we also write a1a2 … ak.
Example 1.3.5
The sequence 10101 is the binary expansion of 24 + 22 + 20 = 21.
Fuw-Yi Yang
14
1.3 Representation of Integers
Example 1.3.6 Determine the binary expansion of 105.
Since 26 < 105 < 27, it is of length 7.
a1 = 105 / 26  = 1, a = a - a1 26 = 41, a = a;
a2 = 41 / 25  = 1, a = a - a2 25 = 9 , a = a;
a3 = 9 / 24  = 0, a = a - a3 24 = 9 , a = a;
a4 = 9 / 23  = 1, a = a - a4 23 = 1 , a = a;
a5 = 1 / 22  = 0, a = a - a5 22 = 1 , a = a;
a6 = 1 / 21  = 0, a = a - a6 23 = 1 , a = a;
a7 = 1 / 20  = 1, a = a - a7 20 = 0;
Fuw-Yi Yang
15
1.4 O- and -Notation
When designing a cryptographic algorithm, it is necessary to
estimate how much computing time and how much storage it requires.
To simplify such estimates, we introduce the O- and -notation.
Let k be a positive integer, X, Y,  Nk and f : X R 0, g : Y R 0,
functions. We write f = O(g) if there are positive integers B and C
such that for all (n1, …, nk)  Nk with ni > B, 1  i  k the following is
true:
1. (n1, …, nk)  XY; that is,f(n1, …, nk) and g(n1, …, nk) are defined.
2. f(n1, …, nk)  Cg(n1, …, nk).
This means that almost always f(n1, …, nk)  Cg(n1, …, nk).
We also write g = (f). If g is constant, then we write f = O(1).
Fuw-Yi Yang
16
1.5 Cost of +, *, and / with remainder
In many cryptographic applications, multi-precision integers must
be added, multiplied, and divided with remainder. To estimate the
running time of such applications, we must study how long such
operations take.
To do so, one has to choose a model of computation that is as
similar as possible to real computations.
Fuw-Yi Yang
17
1.5 Cost of +, *, and / with remainder
Here we only use a naïve model, which, however, yields reasonable
estimates.
Let a and b be integers.
1. Adding a and b requires time O(max{size a, size b}).
2. Multiplying a and b requires time O((size a)( size b)).
3. Dividing a with remainder by b requires time O((size b)( size q)),
where q is the quotient.
All algorithms use space O(size a + size b).
Fuw-Yi Yang
18
1.6 Polynomial time
When analyzing a cryptographic algorithm, we must show that it
works efficiently but is difficult to break.
We make the notion of efficiency more precise.
Suppose an algorithm receives as input integers z1,…,zn. We say that
the algorithm has polynomial running time if there are nonnegative
integers e1,…,en such that the running time of the algorithm is
O((size z1)e1) ((size z2)e2)…((size zn)en).
An algorithm is considered to be efficient if it has polynomial
running time. Observe, however, that in order for the algorithm to be
efficient in practice, the exponent ei and the O-constant must be small.
Fuw-Yi Yang
19
1.7 Greatest common divisor
We define the greatest common divisor of two integers.
Definition 1.7.1 A common divisor of a and b is an integer that
divides both a and b.
Theorem 1.7.2 Among all common divisors of two integers a and b,
which are not both zero, there is exactly one greatest (with respect to
). It is called the greatest common divisor (gcd) of a and b.
Proof. Let a  0, By Theorem 1.2.3, all divisors of a are bounded by
|a|. Therefore, among the common divisors of a and b there is a
unique greatest. end of proof
Fuw-Yi Yang
20
1.7 Greatest common divisor
For completeness, we set the greatest common divisor of 0 and 0 to 0.
Hence, the greatest common divisor of two numbers is never negative.
Example 1.7.3 The greatest common divisor of 18 and 30 is 6.
The greatest common divisor of -10 and 30 is 10.
The greatest common divisor of integers a1, …, ak, k  1 is defined
as follows.
If at least one of the ai is nonzero, then gcd(a1, …, ak) is the greatest
positive integer that divides all the ai.
If all the ai are zero, then we set gcd(a1, …, ak) = 0.
Fuw-Yi Yang
21
1.7 Greatest common divisor
We present an important way of representing a greatest common
divisor. We need the following notion.
If 1, …, k are real numbers, then we have
1Z + …+ kZ = {1z1 + …+ kzk : zk  Z, 1  i  k}.
This is the set of all integer linear combination of the ai.
Example 1.7.4 The set of all integer linear combination of 3 and 4 is
3Z + 4Z. It contains 1 = 3*(-1) + 4*(1). It therefore also contains all
integer multiples of 1. Hence, this set is Z.
Fuw-Yi Yang
22
1.7 Greatest common divisor
Theorem 1.7.5 The set of all integer linear combination of a and b is
the set of all integers multiples of gcd(a, b); i.e. aZ + bZ = gcd(a, b)Z.
Proof. For a = b = 0, the assertion is obviously correct, so let a or b be
nonzero. Set I = aZ + bZ.
Let g be the smallest positive integer in I. We claim that I = gZ.
1. Choose a nonzero element c in I.
2. By Theorem 1.2.4, there are q, r with c = qg + r and 0  r < g.
3. Therefore, r = c - qg belongs to I.
4. But g is the smallest positive integer in I, it must r = 0 and c = qg.
It remains to be shown that g = gcd(a, b). Next page
Fuw-Yi Yang
23
1.7 Greatest common divisor
It remains to be shown that g = gcd(a, b).
1. g is a common divisor of a and b, since a, b  I, and I = gZ.
2. g  I, there are x, y with g = ax + by.
3. If d is a common divisor of a and b, then d is also a divisor of g.
4. Theorem 1.2.3 implies |d|  g. (d | g , g  0,  |d|  g)
5. g = gcd(a, b). end of proof
Fuw-Yi Yang
24
1.7 Greatest common divisor
Corollary 1.7.6 For all a, b, n the equation ax + by = n is solvable in
integers x and y if and only if gcd(a, b) divides n.
Proof.
If there are x and y with ax + by = n, then n  aZ + bZ and by
Theorem 1.7.5 we have n  gcd(a, b) Z, which implies that n is a
multiple of gcd(a, b).
Conversely, if n is a multiple of gcd(a, b), then n is an element of
gcd(a, b) Z. It follows from Theorem 1.7.5 that n  aZ + bZ.
Therefore, there are integers x and y with ax + by = n. end of proof
Fuw-Yi Yang
25
1.7 Greatest common divisor
Corollary 1.7.7 There are integers x and y with ax + by = gcd(a, b).
Proof. From Corollary 1.7.6.
Corollary 1.7.8 There is exactly one nonnegative common divisor of
a and b, which is divisible by all other common divisors of a and b,
namely the greatest common divisor of a and b.
Proof.
By Corollary 1.7.7 there are integers x and y with ax + by = gcd(a, b).
Therefore every common divisor of a and b is a divisor of gcd(a, b).
Conversely, let g be a nonnegative divisor of a and b that is divisible
by every common divisors of a and b. If a = b = 0, then g = 0. If a or
b is nonzero, then by Theorem 1.2.3 every common divisor of a and b
is  g. Therefore g = gcd(a, b). end of proof
Fuw-Yi Yang
26
1.8 Euclidean algorithm
The Euclidean algorithm determines the greatest common divisor of
two integers very efficiently. It is based on the following theorem.
Theorem 1.8.1 (|a|  |b|)
1. If b = 0, then gcd(a, b) = |a|.
2. If b  0, then gcd(a, b) = gcd(|b|, a mod |b|).
Proof. The first assertion is obviously correct.
We prove the second assertion. By Theorem 1.2.4, there is an integer
q with a = q|b| + (a mod |b|). (a = qb + r)
Therefore the greatest common divisor of a and b divides the
greatest common divisor of |b| and (a mod |b|) and vice versa.
Since both greatest common divisors are nonnegative, the assertion
follows from Theorem 1.2.3. end of proof
Fuw-Yi Yang
27
1.8 Euclidean algorithm
Example 1.8.2
We want to compute gcd(100, 35).
From Theorem 1.8.1, we obtain gcd(100, 35)
= gcd(35, 100 mod 35)
= gcd(35, 5)
= gcd(5, 35 mod 5)
= gcd(5, 0)
= 5.
Fuw-Yi Yang
28
1.8 Euclidean algorithm
The following Theorem prove the correctness of the Euclidean
algorithm (euclid(int a, int b, int gcd)).
euclid(int a, int b, int gcd)
{ int r
a = |a|, b = |b|
while (b  0) { r = a % b, a = b, b = r}
gcd = a }
Theorem 1.8.3 The Euclidean algorithm computes the greatest
common divisor of a and b. next page
Fuw-Yi Yang
29
1.8 Euclidean algorithm
Theorem 1.8.3 The Euclidean algorithm computes the greatest
common divisor of a and b.
Proof. To prove that the Euclidean algorithm terminates and yields
gcd(a, b), we introduce some notation. We set
r0 = |a|, r1 = |b| and for k  1 and rk  0
rk+1 = rk-1 mod rk. --- 1.3
Then r2, r3,… is the sequence of remainders that are computed in the
while-loop of the Euclidean algorithm. Also after the kth iteration of
the while-loop, we have
a = rk, b = rk +1. next page
Fuw-Yi Yang
30
1.8 Euclidean algorithm
Then r2, r3,… is the sequence of remainders that are computed in the
while-loop of the Euclidean algorithm. Also after the kth iteration of
the while-loop, we have
a = rk, b = rk +1.
It follows from Theorem 1.8.1 that the greatest common divisor of a
and b is not changed in the algorithm, so we only need to prove that
there is k such that rk = 0. But this follows from the fact that by
Eq. 1.3 the sequence (rk)k  1 is strictly decreasing. This concludes the
correctness proof for the Euclidean algorithm. end of proof
Fuw-Yi Yang
31
1.8 Euclidean algorithm
The Euclidean algorithm compute gcd(a, b) very efficiently. To
prove the efficiency, we estimate the number of iterations required
by the algorithm. For simplicity, we assume a > b > 0.
This is no restriction, since the Euclidean algorithm requires one
step to determine gcd(a, b) (if b = 0) or to produce this situation.
Let rn be the last nonzero remainder in the sequence (rk). Then n is
the number of iterations, which the algorithm requires to compute
gcd(a, b).
Furthermore, since rk+1 = rk-1 mod rk,
--- 1.3
let qk = rk-1 / rk, 1  k  n. --- 1.4
Then qk is the quotient of rk-1 divided by rk, and we have
rk-1 = qk rk + rk+1.
--- 1.5
Fuw-Yi Yang
32
1.8 Euclidean algorithm
Example 1.8.4 If a = 100 and b = 35, then we obtain the remainder
sequence: k
0 1 2 3 4
rk 100 35 30 5 0
qk
2 1 6
Lemma 1.8.5 We have qk  1 for 1  k  n - 1 and qn  2.
Proof. Since rk-1 > rk > rk+1, it follows from Eq. 1.5
that qk  1 for 1  k  n.
Suppose qn = 1. Then rn-1 = rn, and this is impossible because the
sequence of remainders is strictly decreasing. Therefore qn  2.
end of proof
Fuw-Yi Yang
33
1.8 Euclidean algorithm
Theorem 1.8.7 In the Euclidean algorithm, let a > b > 0. Also, let
 = (1 + 51/2) / 2. Then the number of iterations in the algorithm is at
most (log b) / (log ) + 1 < 1.441 * log2 b + 1.
Proof.
end of proof
Fuw-Yi Yang
34
1.9 Extended Euclidean algorithm
Corollary 1.7.7 tells us that there are integers x, y with
gcd(a, b) = ax + by.
In this section, we extend the Euclidean algorithm in such a way
that it also determines such coefficients x and y.
Fuw-Yi Yang
35
1.9 Extended Euclidean algorithm—example
Example: Compute x, y s.t. ax + by = gcd(a, b)
The example computes expressions of the form
ri = a xi + b yi --- 11
for the remainder in each step i of the Euclidean algorithm.
From
rk+1 = rk-1 mod rk, --- 1.3
we have ri = ri-2 - ri-2 / ri-1 ri-1. Also, by Eq. 11,
ri = axi-2 + byi-2 - ri-2 / ri-1(axi-1 + byi-1 )
= a (xi-2 - ri-2 / ri-1 xi-1) + b (yi-2 - ri-2 / ri-1 yi-1)
The first two argument r1 and r2:
r1 = a = a 1 + b 0 (x1 = 1, y1 = 0)
r2= b = a 0 + b 1 (x2 = 0, y2 = 1)
Example: next page
Fuw-Yi Yang
36
1.9 Extended Euclidean algorithm --example
Example: Compute x, y s.t. 120x + 23y = gcd(120, 23)
r1 = 120 = 120 * 1 + 23 * 0 (x1 = 1, y1 = 0)
r2= 23 = 120 * 0 + 23 * 1 (x2 = 0, y2 = 1)
ri = ri-2 - ri-2/ri-1 ri-1, ri = a (xi-2 - ri-2/ri-1 xi-1) + b (yi-2 - ri-2/ri-1 yi-1)
r3= 5 = 120 - 5 * 23 = (120 * 1 + 23 * 0) - 5 * (120 * 0 + 23 * 1)
= 120 * 1 + 23 * (-5)
r4= 3 = 23 - 4 * 5 = (120 * 0 + 23 * 1) - 4 * (120 * 1 + 23 * (-5))
= 120 * (-4) + 23 * (21)
r5= 2 = 5 - 1 * 3 = (120 * 1 + 23 * (-5)) - 1 * (120 * (-4) + 23 * (21))
= 120 * (5) + 23 * (-26)
r6= 1 = 3 - 1 * 2 = (120 * (-4) + 23 * (21)) - (120 * (5) + 23 * (-26))
= 120 * (-9) + 23 * (47)
r7= 0 = 2 - 1 * 2 end of example
Fuw-Yi Yang
37
1.9 Extended Euclidean algorithm
Corollary 1.7.7 tells us that there are integers x, y with
gcd(a, b) = ax + by.
As in Section 1.8, we denote by r0, …, rn+1 the sequence of
remainders and by q1, …, qn the sequence of quotients that are
computed in the course of the algorithm.
We now explain the construction of two sequence (xk) and (yk), such
that x = (-1)nxn and y = (-1)n+1yn are the required coefficients.
Fuw-Yi Yang
38
1.9 Extended Euclidean algorithm
We set x0 = 1, x1 = 0, y0 = 0, y1 = 1.
Furthermore, we let
xk+1 = qk xk + xk-1, yk+1 = qk yk + yk-1, 1 k  n. ---1.7
(normal form ri = a (xi-2 - ri-2 / ri-1 xi-1) + b (yi-2 - ri-2 / ri-1 yi-1))
We assume that a and b are nonnegative.
Theorem 1.9.1 We have rk = a (-1)kxk + b (-1)k+1yk for 0  k  n + 1.
Proof. 1. r0 = a = a * 1 + b * 0 = a x0 + b y0
2. r1 = b = a * 0 + b * 1 = a x1 + b y1
end of proof
Fuw-Yi Yang
39
1.9 Extended Euclidean algorithm
Theorem 1.9.1 We have rk = a (-1)kxk + b (-1)k+1yk for 0  k  n + 1.
Proof. 1. r0 = a = a * 1 - b * 0 = a x0 - b y0
2. r1 = b = a * (-1)0 + b * 1 = -a x1 + b y1
3. let k  2 and suppose that the assertion is true for all k< k.
4. Then rk = rk-2 - rk-2 / rk-1 rk-1= rk-2 - qk-1rk-1
rk = a (-1)k-2xk-2 + b (-1)k-1yk-2 - qk-1(a (-1)k-1xk-1 + b (-1)kyk-1)
= a (-1)k(xk-2 + qk-1xk-1) + b (-1)k+1(yk-2 + qk-1yk-1)
= a (-1)kxk + b (-1)k+1yk .
end of proof
Note we have x = (-1)nxn, y = (-1)n+1yn, and
rn = a (-1)nxn + b (-1)n+1yn.
Fuw-Yi Yang
40
1.9 Extended Euclidean algorithm
Example 1.9.2 Compute x, y s.t. 100x + 35y = gcd(100, 35)
r1 = 100 = 100 * 1 + 35 * 0 (x1 = 1, y1 = 0)
r2= 35 = 100 * 0 + 35 * 1 (x2 = 0, y2 = 1)
ri = ri-2 - ri-2/ri-1 ri-1, ri = a (xi-2 - ri-2/ri-1 xi-1) + b (yi-2 - ri-2/ri-1 yi-1)
r3= 30 = 100 - 2 * 35 = (100 * 1 + 35 * 0) - 2 * (100 * 0 + 35 * 1)
= 100 * 1 + 35 * (-2)
r4= 5 = 35 - 1 * 30 = (100 * 0 + 35 * 1) - 1 * (100 * 1 + 35 * (-2))
= 100 * (-1) + 35 * (3)
r5= 0 = 30 - 6 * 5 end of example
Fuw-Yi Yang
41
1.10 Analysis of the extended Euclidean algorithm
Theorem 1.10.5 The extended Euclidean algorithm uses
O((size a) (size b)) to compute gcd(a, b) including a representation
gcd(a, b) = ax + by. end of theorem
Fuw-Yi Yang
42
1.11 Factoring into primes
A central notion of elementary number theory is that of a prime
number. Prime numbers are used in many cryptographic algorithms.
In this section, we introduce prime numbers and prove that every
positive integer is a product of primes in which the factors are unique
up to permutation.
Definition 1.11.1 An integer p > 1 is called a prime number if it has
exactly two positive divisors, namely 1 and p.
We denote the set of all primes (prime numbers) by P. An integer
a > 1 that is not a prime is called composite.
Fuw-Yi Yang
43
1.11 Factoring into primes
Theorem 1.11.2 Every integer a > 1 has a prime divisor.
Proof. The integer a has a divisor that is greater than 1, namely a.
Among all divisors of a that are greater than 1, let p be the smallest.
Then p must be prime.
Otherwise, p would have a divisor b with
1 < b < p  a.
This contradicts the assumption that p is the smallest divisor of a
that is greater than 1.
end of proof
Fuw-Yi Yang
44
1.11 Factoring into primes
Theorem 1.11.3 If a prime number divides the product of two
integers, then it divides at least one factor.
Proof. Suppose that the prime number p divides ab but not a.
1. p is a prime number,  gcd(a, p) = 1.
2. By Corollary 1.7.7, there are integers x, y with 1 = ax + py.
3. 1 = ax + py  b = axb + pyb.
4. p divides ab  p divides b.
end of proof
Fuw-Yi Yang
45
1.11 Factoring into primes
Corollary 1.11.4 If a prime number p divides a product q1…qk of
prime numbers, then p is equal to one of the factors q1,…,qk.
Proof. The proof uses induction on k.
1. If k = 1, then p is a divisor of q1 which is greater than 1,
hence p = q1.
2. If k > 1, then p divides q1(q2 …qk). By Lemma 1.11.3, the prime p
divides q1 or (q2 …qk).
3. Both q1 and (q2 …qk) have fewer than k factors, the assertion
follows from the induction hypothesis.
end of proof
Fuw-Yi Yang
46
1.11 Factoring into primes
Theorem 1.11.5 Every integer a > 1 can be written as the product of
prime numbers. Up to permutation, the factors in this product are
uniquely determined.
Proof. The proof uses induction on a.
1. If a = 2, the theorem is true.
2. If a > 2, then by Theorem 1.11.2, there is a prime divisor p of a.
If a / p = 1, then a = p and the assertion holds.
Let a / p > 1. By the induction hypothesis, a / p is a product of
primes. (a > a / p,  a / p satisfies Theorem 1.11.5)
3. Therefore a is also a product of primes.
This proves the existence of the prime factor decomposition of a.
Next page show the uniqueness.
Fuw-Yi Yang
47
1.11 Factoring into primes
4. Let a = p1…pk and a = q1…ql be factorization of a into prime
numbers.
5. By Corollary 1.11.4, the prime p1 is equal to one of the primes
q1,…,ql.
6. By permuting the qi, we can make sure that p1 = q1.
7. But by the induction hypothesis, the factorization of
a / p1 = a / q1 into prime numbers is unique.
8. Hence, k = l and pi = qi for 1  i  k after an appropriate
permutation of the qi.
end of proof
Fuw-Yi Yang
48
1.11 Factoring into primes
Theorem 1.11.6 The French mathematician Pierre de Fermat thought
that all of the so-called Fermat numbers Fi = 22i + 1 are primes.
F0 = 3,
F1 = 5,
F2 = 17,
F3 = 257,…
However, F5 = 641* 6700417.
Fuw-Yi Yang
49
Related documents
Pollard's p - 1 Method
Pollard's p - 1 Method
mn is a lattice point if ,mn∈ (2,3)
mn is a lattice point if ,mn∈ (2,3)
Euclidean division and the greatest common divisor
Euclidean division and the greatest common divisor
ECS20 Homework 7: Number theory Exercise 1: What are the
ECS20 Homework 7: Number theory Exercise 1: What are the
Homework 5 (=Exam Practice)
Homework 5 (=Exam Practice)
Fall 2016 Midterm
Fall 2016 Midterm
DiscreteTom2014
DiscreteTom2014
Adding, Subtracting, Multiplying, and Dividing Integers
Adding, Subtracting, Multiplying, and Dividing Integers
35th IMO 1994 A1. Let m and n be positive integers. Let a 1,a2,...,am
35th IMO 1994 A1. Let m and n be positive integers. Let a 1,a2,...,am
Integers and the Number Line
Integers and the Number Line
Introduction to Scientific and Engineering Computation
Introduction to Scientific and Engineering Computation
Questions#2
Questions#2
Pre-Test Numbers, Operations and Quantitative Reasoning
Pre-Test Numbers, Operations and Quantitative Reasoning
b - Stony Brook Mathematics
b - Stony Brook Mathematics
a+b - NUS Physics
a+b - NUS Physics