Download CPSC 490 Number Theory Primes, Factoring and Euler's Phi

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Factorization of polynomials over finite fields wikipedia , lookup

Factorization wikipedia , lookup

Quadratic reciprocity wikipedia , lookup

List of prime numbers wikipedia , lookup

Proofs of Fermat's little theorem wikipedia , lookup

Transcript 
CPSC 490 Number Theory
Primes, Factoring and Euler
Phi-function
Mar.31st, 2006
Sam Chan
Clarifications
• The Euclidean Algorithm runs in
logarithmic time.
• Finding modular inverses can be done
using the extended Euclidean algorithm.
• Ex. 5x = 1 (mod 7) is equivalent to writing
5x – 7y = 1 or 5x + 7(-y) = 1. Use
extended Euclidean Algorithm to find x.
Primes
• Def: a positive integer p > 1 is prime if and
only if it has exactly two divisors, 1 and p.
• Ex. 2, 3, 5, 7, 11, 13, 17, 19, 23, 29 are the
fist 10 primes.
• How many primes are there exactly?
Euclid’s Proof
• Euclid first proved that there exists an infinite number of primes.
(300 BC)
• Assume there are finitely many primes.
• Let S be the set of all n primes, p1p2p3…pn
• Let q = p1p2p3…pn + 1.
• There must exist a prime factorization for q. We claim that this
factorization does not contain an element of S. This would imply that
q uses a prime outside the set S, thus there are in fact more than n
primes.
• Assume that pi, 1 <= i <= n, is in the prime factorization of q. Then it
must divide p1p2p3…pn + 1. Specificially pi | 1.
• But since primes are greater than 1, this is our contradiction.
First approach
• Consider the following code:
bool isPrime( int n ) {
for( int i = 2; i*i <= n; i++ )
if( n % i == 0 ) return true;
return false;
}
• We attempt to find divisors of n. If we find one then
return false.
• Has a running time of O(n1/2)
• In practice, primality testing comes in to varieties.
Primality testing
• Deterministic tests will determine with
absolute certainty whether a given integer
n is prime.
• Probabilistic tests will determine with a
small probability of error, whether a given
integer n is prime.
Example of a probabilistic test
• Fermat’s Little Theorem
• Let n be a prime and a be any positive integer
such that a < n. Then a raised to the nth power
is congruent to a modulo n.
• an = a (mod n) or an-1-1 = 0 (mod n)
• Given an integer n, all we have to do is find the
remainder of an (mod n) and see if it equals a.
• We know how to compute modulo powers from
our previous discussion.
Fermat’s Little Theorem
• If an integer n satisfies this theorem, does this
imply that n is prime?
• NO!
• If an (mod n) is not congruent to a then we are
certain that n is not prime.
• If it is congruent to a then there is a good chance
that n is prime.
• As it turns out, there are composite numbers that
also satisfy Fermat’s Little Theorem.
Fermat’s Little Theorem
• A composite number n is a Carmichael
number if n satisfies Fermat’s Little
Theorem for every a that is relatively prime
to n.
• Smallest Carmichael number is 561.
• Other examples include: 89 = 8 (mod 9)
• These are called pseudoprimes in general
• What can we do to avoid having our test
fail?
Fermat’s Little Theorem
• We are free to choose any a we like, as
long as a < n.
• Pick many integers a to test for primality.
• If n passes this test for a lot of different
values of a, then it is highly probable that n
is prime.
• Run this test many times to reduce our
probability of error.
Running times
• Probabilistic tests have running times
around O(logn).
• In 2002, Agrawal et al discovered the first
algorithm for a deterministic test that is
polynomial in the number of digits of n.
• Running time is O(log7.5n). However, they
seem to run in O(log3n) in practice.
• Largest known prime currently is
230402457-1. It contains 9152052 digits.
Sieve of Eratosthenes
• What if we want a list of primes?
• Given n, we can find all the primes up to n
by using the Sieve of Eratosthenes.
• Start with a list of integers from 2 to n.
• At iteration i, mark the smallest integer a in
the set as a prime, then cross off all
multiples of a in the set.
• Repeat until i2 <= n.
Sieve of Eratosthenes
• Ex. Let n = 10, and x denote a crossed off
integer.
• 2, 3, 4, 5, 6, 7, 8, 9, 10
• 2, 3, x, 5, x, 7, x, 9, x
• 2, 3, x, 5, x, 7, x, x, x
• Done!
• So primes up to n = 10 are 2, 3, 5, and 7.
Sieve of Eratosthenes
• Here is an implementation:
bool prime[1000000];
void sieve( int n ) {
memset( prime, 1, sizeof(prime) );
prime[0] = prime[1] = 0;
for( int i = 2; i <= n; i++ )
if( prime[i] ) {
for( int j = i+i; j <= n; j += i )
prime[j] = 0;
}
}
Sieve of Eratosthenes
• At the end of this algorithm, prime[i] = 1 if
and only if i is prime, 0 otherwise.
• Outer loop starts at the smallest position
that hasn’t been crossed off.
• Inner loop repeatedly crosses of multiples
of i.
• With some analysis, we can show that this
has a running time of O(nlogn).
• Can we improve this algorithm?
Sieve of Eratosthenes
• Consider after having done the first
iteration in the outer loop. So i = 3.
• We start at i + i = 6.
• However, we already crossed off all
multiples of 2 (all the even numbers) in the
first iteration. So why are we looking here?
• Similarly, when we have crossed off all
multiples of 3, we should not look at any
multiples of 3 in any future iteration.
Sieve of Eratosthenes
• Improved implementation
bool prime[1000000];
void sieve( int n ) {
memset( prime, 1, sizeof(prime) );
prime[0] = prime[1] = 0;
for( int i = 2; i*i <= n; i++ )
if( prime[i] ) {
for( int j = i*i; j <= n; j += i )
prime[j] = 0;
}
}
• Changes are in bold.
Sieve of Eratosthenes
• Outer loop only goes up to the square root of n.
• Ex. n = 10, there is no need to check any
multiples of a where a > 3. Surely they will all
have been crossed off by some previous
combination. (ie. 2x5 = 5x2)
• Inner loop starts at i*i. This prevents looking at
positions that obviously is crossed off.
• Improved running time is still O(nlogn), but in
practice the speed usually speeds it up by 50%.
Sieve of Eratosthenes
• For anyone interested:
• There are other implementations that exploit the
fact that our prime[] array is just an array of 1’s
and 0’s.
• Use bits to lower memory usage, perhaps speed
things up.
• Other optimizations that can improve running
time in practice.
• Sieve of Atkin, optimized version of the Sieve of
Eratosthenes.
Factoring
• Given n, we are not interested in finding
positive integers a and b such that a*b = n.
• Factoring is hard, when n contains 100 or
more digits.
• Many cryptographic systems depend
heavily on this assumption.
Is factoring really that hard?
• Consider n = 2193 (n is given as such because
my calculator doesn’t like numbers that have
more than 10 digits, so pretend we do not know
the prime factorization of n ahead of time). How
long would it take to factor this number?
• It turns out that we can factor this number in 193
division operations. We just divide our number
by 2 193 times.
• It was trivial to factor this number, so why is
factoring considered a hard problem?
First attempt at factoring
• Recall our first approach in primality testing.
bool isPrime( int n ) {
for( int i = 2; i*i <= n; i++ )
if( n % i == 0 ) return true;
return false;
}
• We can do exactly the same thing, except
instead of returning true when we have found a
factor, we simply return that number that divided
n.
Further optimizations of our first
attempt
• To speed things up even further, we can
only divide by primes between 2 and
square root of n.
• How well does this work in practice?
• What is the worst case input?
Worst case for factoring
• What if we are given two 100 digit prime
numbers a and b. Let n = a*b.
• To factor this number with our approach, we will
have to check all primes between 2 and the
minimum of a and b.
• As an exmaple, consider n = 2193 – 1.
• The first prime divisor is 13,821,503.
• Assuming that our computer can perform a
billion division instructions per second, it will take
more than 35,000 years to find the second
largest factor of n!
Worst case for factoring
• As it turns out, the full factorization of n is:
• n = 13,821,503 *
61,654,440,233,248,340,616,559 *
14,732, 265,321,145,317,331,353,282,383.
• Conclusion: Factoring is hard for most cases.
RSA Factoring Challenge
• http://www.rsasecurity.com/rsalabs/node.asp?id
=2093
• Monetary reward for successful factoring of very
large integers.
• Latest factored number: RSA-640. An integer
that is 640 bits long.
• To quote the website: “The effort took
approximately 30 2.2 GHz- Opteron-CPU years
according to the submitters, over five months of
calendar time. (This is about half the effort for
RSA-20)
Factoring and the Sieve
• We know we can’t factor general numbers very efficiently.
• Here is an implementation of an augmented Sieve of Eratosthenes
that will factor for us:
int factors[1000000];
void fsieve( int n ) {
for( int i = 1; i <= n; i++ ) factors[i] = i;
for( int i = 2; i <= n; i++ )
if( factors[i] == I ) {
for( int j = i*i; j <= n; j += i )
if( factors[j] == j ) f[j] = i;
}
}
Factoring Sieve
• Again we loop over the numbers from 2 to n.
• The inner loop will set factor[j] = i if i is a multiple of j.
Since we loop in ascending order, it is the smallest
multiple of j.
• We can retrieve the list o factors for any arbitrary
position.
• Ex. n = 6
• Before the first iteration, factors[]: 1, 2, 3, 4, 5, 6
• After the last iteration, factors[]: 1, 2, 3, 2, 5, 2
• To retrieve the factors of 6, go to factors[6]. Divide that 6
by that value and get 3, go to factors[3], divide 6 by that
value and get 2, go to factors[2], divide 6 by 2 to get 1.
Stop.
• Factors are 1, 2, 3 and 6.
Euler’s Phi Function
• Def: “Phi of n”, denoted as Φ(n), counts
the number of integers in the range of
[1,n-1] that are relatively prime to n.
• Def: Two positive integers a and b are said
to be relatively prime if gcd(a,b) = 1.
• Note that the definition does not require
either a or b to be prime themselves.
• Ex. a = 6, b = 25. (6,25) = 1
Euler Phi Function
• Ex. Φ(6) = 2 since 1 and 5 are relatively
prime to 6.
• Ex. Φ(2000) = 800. How do we know this?
• Let’s first establish some ways we can
calculate Φ(n).
Case when n is prime
• If n is prime, then by definition, it contains
no factors other than itself and 1. Since
(n,1) = 1, the number integers less than n
that are relatively prime to n is just n – 1.
• Ex. Φ(7) = 6 since 1, 2, 3, 4, 5, 6 are all
relatively prime to 7.
Case when n = pr, r > 1
• If n is a power of a prime number p, can we
derive a formula for Φ(n)?
• Let’s consider what pr is not relatively prime to.
• Obviously, (p,pr) = p. In fact, all integers
ap <= pr where a is some positive integer are not
relatively prime to p.
• Also, all powers of p, up to pr-1 are not relatively
prime to p.
Case when n = pr, r > 1
• Thus the numbers p, 2p, 3p, … (pr-1-1)p are all
not relatively prime to p.
• There are pr-1 numbers less than pr. There
are pr-1-1 numbers that are not relatively
prime to pr.
• So Φ(n) = (pr-1)-(pr-1-1) = pr - pr-1.
General Case
• Given n and it’s prime factorization, can we
derive a general formula for n?
n  p p ... p
r1
1
r2
2
rm
m
 (n)   ( p ) ( p )... ( p )
r1
1
In general:
r2
2
rm
m


1 
1 
1 
 (n)  n1  1  ..........1  
 p1  p2 
 pk 
Looking ahead
• Next class, Andrew will be talking about cryptography.
• One of the more famous algorithms for public-key
encryption is RSA.
• Each step of the algorithm involves something that we
talked about in each of the 3 (including today)
discussions.
• We will need to find two large prime numbers. (primality)
• We will need to solve linear equations such as ax + by =
1. (extended Euclidean algorithm)
• We will need to compute Φ(n)
• Try to be at least a little familiar with all 3 or otherwise,
the next discussion may be hard to follow.
References
• http://mathworld.wolfram.com/PrimalityTes
t.html
• http://www.fortunecity.com/emachines/e11/
86/tourist2d.html
• http://www.rsasecurity.com/rsalabs/node.a
sp?id=2093
• http://en.wikipedia.org/wiki/RSA
• Last Year’s notes.
Related documents
Finding the Greatest Common Factor
Finding the Greatest Common Factor
HELP SHEET 3.3 PRIME FACTORIZATION 24 3 4 2 2 X 2 X
HELP SHEET 3.3 PRIME FACTORIZATION 24 3 4 2 2 X 2 X
Factors, Multiples, Primes, Prime Factors, LCM and HCF
Factors, Multiples, Primes, Prime Factors, LCM and HCF
Investigation
Investigation
Lemma 2.8. Let p and q 1,q2, ..., qn all be primes and let k be a
Lemma 2.8. Let p and q 1,q2, ..., qn all be primes and let k be a
Chapter 7 Factor - numbers that are multiplied together to get a
Chapter 7 Factor - numbers that are multiplied together to get a
Eratosthenes - who was he, why a sieve and what`s a prime number?
Eratosthenes - who was he, why a sieve and what`s a prime number?
Math Test Review – Multiples, factors, prime and composites
Math Test Review – Multiples, factors, prime and composites
Perfect Numbers - University of Arizona Math
Perfect Numbers - University of Arizona Math
Lesson 10-1: Factors & Greatest Common Factor (GCF)
Lesson 10-1: Factors & Greatest Common Factor (GCF)
5 Famous Math Conjectures
5 Famous Math Conjectures
Prime & Composite Numbers
Prime & Composite Numbers