Survey

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Lecture 2
Basic Number Theory and Algebra
In modern cryptographic systems,the messages
are represented by numerical values prior to
being encrypted and transmitted. The
encryption processes are mathematical
operations that turn the input numerical value
into output numerical values. Building,
analyzing, and attacking these cryptosystem
requires mathematical tools. The most
important of these is number theory, especially
the theory of congruences.
Outline
 Basic Notions
 Solving ax+by=d=gcd(a,b)
 Congruence
 The Chinese Remainder Theorem
 Fermat’s Little Theorem and Euler’s Theorem
 Primitive Root
 Inverting Matrices Mod n
 Square Roots Mod n
 Groups Rings Fields
1 Basic Notions
1.1 Divisibility
Definition 1 Let a  0，and b be intergers .
We say that a divides b, if there is an
interger k such that b=ka. This is denoted
by a|b. Another wa y to express this is that
b is a multiple of a. If a does not divide b,
we write a | b.
1.1 Divisibility (Continued)
Propositio n 1 (1) For every a  0, a|0 and a|a.
Also, 1|b for every b.
(2) If a|b and b | c, then a | c.
(3) If a|b and a|c , then a | ( sb  tc) for all
intergers s and t.
Proof. (1) It is immediate from the Definition 1.
(2) There exist k and l such that b  ka and c  lb.
Therefore, c  kla. (3) Write b  k1a and c  k 2 a.
Then sb  tc  a ( sk1  tk2 ), so a|sb  tc.
1.1 Divisibility (Continued)
Theorem 1 (Division with remainder property). For two integers a, b
with b>0, there exist unique integers q, r such that a=bq+r and 0  r<b.
Proof. Consider t he integer sequence
 ,3b,2b,b,0, b,2b,3b, .
The integer a must stay among two terms, i.e. there exists an integer q
such that qb  a  (q  1)b. Set r  a  qb. It proves the existence of r
and q. For uniqueness , suppose that a=bq+r and a=bq'+r ' , where
0  r<b and 0  r ' <b. Then subtractin g these two equations and
rearrangin g terms, we obtain
r'  r=b(q  q ' ).
Now observe that by assumption , the left - hand side is less than b in
absolute value. However, if q  q' , then the right - hand side would
be at least b in absolute value; therefore , we must have q  q' . Furthermor e,
we must have r=r'.
1.2 Prime
Definition 2 A prime is a positive integer greater
than 1 that is divisble by no positive integers other
than 1 and itself. A positive integer greater th an 1
that is not prime is called composite.
The primes less than 200:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53
59 61 67 71 73 79 83 89 97 101 103 107 109
113 127 131 137 139 149 151 157 163 167
173 179 181 191 193 197 199
1.2 Prime (Continued)
Propositio n 2 There are infinitely many primes.
Proof. By way of contradict ion, suppose that ther e were only
finitely many primes; call them p1  2, p2  3, , pk . Then set
n  p1 p2  pk  1, and consider a prime p that divides n. There
must be at least one such prime p, since n  2.Clearly, p cannot
equal any of the p1 , p2 ,  , pk , since if it did, then p would divide
n  p1 p2  pk  1, which is impossible . Therefore, the prime p is
not among p1 , p2 , , pk , which contradict s our assumption that
these are the only primes.
1.2 Prime (Continued)
Theorem 2 (Prime Number Theorem ) Let  ( x) be the number
of primes less than x. Then
x
 ( x) 
,
ln x
in the sense that the ratio  ( x) / ( x/ ln x)  1 as x  .
Proof . We omit the proof .
In various applicatio ns, we' ll need large primes, say of around 100
digits. We can estimate the number of 100 - digit primes as follows :
100
99
10
10
97
 (10100)   (1099 ) 


3
.
9

10
.
100
99
ln 10
ln 10
So there are certainly enough such primes.
1.2 Prime (Continued)
Theorem 3 (Fundament al theorem of arithmetic ) Every positive
integer is a product of primes. This factorizat ion into primes is
unique, up to reordering .
Proof. (Existence ) This amounts to showing that every positive
integer n can be expressed as a product (possibly empty) of
primes. We may prove this by induction on n. Let n > 1, and
assume that every positive integer smaller th an n can be expressed
as a product of primes. If n is a prime, then the statement is true,
as n is the product of one prime; otherwise, n is composite, and
so there exist 1<a<n,1<b<n, and n = ab; by the induction
hypothesis , both a and b can be expressed as a product of primes,
and so the same holds for n.
1.3 Greatest Common Divisor
Definition 3 The great common divisor of a and b is the
largest positive integer dividing both a and b and is
denoted by either gcd( a, b)or by (a, b). We say that a and b
are relatively prime if gcd( a, b)  1.
There are two standard ways for finding the gcd :
(1) If you can factor a and b into primes, i.e. a  p11 p2 2 
pn n and b  p11 p2 2  pn n . Take the smaller of the two and
get gcd( a, b)  p1min(1 , 1 ) p2min( 2 , 2 )  pnmin( n ,  n ) . If a prime
does not appear in a factorizat ion, then it cannot appear in
the gcd.
(2) The Euclidean algorithm.
1.3 Greatest Common Divisor (Continued)
Example 1 Compute gcd(482, 1180).
1180  2  482  216 482  2  216  50 216  4  50  16
50  3 16  2 16  8  2  0.
So, gcd(482, 1180)  2.
Notice how the numbers are shift :
remainder  divisor  dividend  ignore.
Using the example as a guideline, we can now give a more
formal descriptio n of the Euclidean algorithm. Without loss
of generality , suppose a  b. We have
a  q1b  r1 b  q2 r1  r2 r1  q3r2  r3 
rk 2  qk rk 1  rk rk 1  qk 1rk .
Hence gcd( a, b)  rk . (Without factorizat ion and fast speed)
1.3 Greatest Common Divisor (Continued)
Theorem 4 Let a and b be two integers, with at least one of a, b
nonzero, and let d  gcd( a, b). Then there exist integers x, y such
that ax  by  d . In particular , if a and b relatively prime, then ther e
exist integers x, y with ax  by  1.
Proof. We can show that if r j is a remainder obtianed during the
Euclidean algorithm, then ther e are integer x j , y j such that
r j  ax j  by j .Taking x1  1 and y1  q1 , we have r1  ax1  by1.
Similar, r2  a (q2 )  b(1  q1q2 ). Suppose we have ri  axi  byi for
all i  j. Then
r j  r j 2  q j r j 1  ax j 2  by j  2  q j (ax j 1  by j 1 )  a ( x j 2  q j x j 1 ) 
b( y j 2  q j y j 1 ).
Continuing , we obtain the result for all j , in particular for r j k  gcd( a, b).
1.3 Greatest Common Divisor (Continued)
Corollary 1 If p is a prime and p | ab, then either p | a or p | b.
More generally, if a prime p | ab  z , then p must divide one
of the factors a, b,  , z.
Proof. Consider t he case p|ab. If p divides a, we are done. Now
assume p | a. Since p is prime, gcd( a, p )  1 or p. Since p | a,
gcd( a, p )  1.Following Theorem 4, there exist integers x,y with
ax  py  1. Multiply by b to obtian abx  pby  b. Therefore,
p | b.
For the case p | ab  z , if p | a, we' re done. Otherwise, p | b  z.
Either p | b or p divides the remianing factors. Continuing in this
way, we can get the conclusion .
1.3 Greatest Common Divisor (Continued)
Theorem 3 (Continued )
Proof. (Uniquenes s) Suppose that n  p1 p2  ps 
q1q2  ql , where p1 , p2 , , ps and q1 , q2 , , ql are
primes, and p1  p2    ps and q1  q2    ql .
Since p1 | n, q1 | n, we know p1 | q j , q1 | pk . Since q j ,
pk are prime , we get p1  q j , q1  pk . Since p1  q1 ,
q1  p1. So p1  q1. Remove the same factor p1 to
get p2  ps  q2  ql . Continuing in this way, we
can obtain s  l , ps  ql .
2 Solving ax+by=d=gcd(a,b)
Based on the proof procedure of the Theorem 4, we get the following
sequences :
x1  1, x2   q2 , x j   q j x j 1  x j  2
y1  q1 , y2  1  q1q2 , y j  q j y j  y j  2
Then axk  byk  gcd( a, b).
In the Example 1, x1  1, x2  2, x3  2 x2  x1  5, x4  4 x3  x2
 22, x5  3 x4  x3  71. Similarly, y5  29. An easy calculatio n
shows that
482  71  1180  (29)  2  gcd( 482, 1180).
The preceding mehtod is oftem called the extended Euclidean algorithm.
3 Congruences
Definition 4 Let a, b, n be integers with n  0. We say that
a  b(mod n)
(read : a is congruent to b mod n)if a  b is a multiple
(positive or negative ) of n.
This can be rewritten as a  b  nk for some integer k (positive
or negative).
Example 2 32  （
7 mod 5),  12  37(mod 7), 17  17(mod 13).
Propostion 3 Let a, b, c, n be integers with n  0,
(1) a  0(mod n) if and only if n | a.
(2) a  a (mod n).
(3) b  a (mod n) if and only if a  b(mod n).
(4) If a  b(mod n), b  c(mod n), then a  c(mod n).
Proof. We omit the proof.
# Congruence behaves very much like equality.
Propositio n 4 Let a, b, c, d , n be integers with n  0, and suppose
a  b(mod n), c  d (mod n). Then
a  c  b  d (mod n), a  c  b  d (mod n), ac  bd (mod n).
Proof. Write a  b  nk , c  d  nl , for integers k , l ,. Then, a  c 
b  d  n(k  l ), so a  c  b  d (mod n). The proof that a  c 
b  d (mod n) is similar. For multiplica tion, we have ac  bd 
n(dk  bl  nkl), so ac  bd (mod n).
# The propositio n says you can perform the usual arithmetic
operations of addition, subtractio n, and multiplica tion with
congruence s.
(Continued)
Example 3 Here is an example of how we can do algebra
mod n. Consider t he following problem x  7  3(mod 17).
Solution : x  3  7  4  13(mod 17).
# There is nothing wrong with negative answers, but usually
we write the final answer as an integer from 0 to n  1.
3.2 Division
Propositio n 5 Let a, b, c, d , n be integers with n  0
and with gcd( a, n)  1. If ab  ac(mod n), then b 
c(mod n), in other word s, if a, n are relatively prime ,
we can divide both sides of the congruence by a.
Proof. Since gcd( a, n)  1, there exist x, y such that
ax  ny  1. Multiply by b  c :
(ab  ac) x  n(b  c) y  b  c.
Since n | ab  ac, we can get n | b  c. This means that
b  c(mod n).
3.2 Division (Continued)
Example 4 Solve : 2 x  7  3(mod17) .
Solution : 2 x  3  7  4. Since gcd(2,17)  1, x  2
 15(mod 17).
Example 5 Solve : 5 x  6  13(mod11) .
5 x  7, what does 7/5 mean (mod11)? Note that
5 x  7  18  29  40(mod11) . So x  8(mod 11). That
is ,8 acts like 7/5.
3.2 Division (Continued)
Propositio n 6 Suppose gcd( a, n)  1. Let s, t be integers
such that as  nt  1. Then as  1(mod n), so s is the
multiplica tive inverse for a (mod n), witten as a 1 (mod n).
s, t can be found using the extended Euclidean algorithm .
Proof. Since as  1  nt , we see that as  1 is a multiple
of n.
Example 6 Solve 11111x  4(mod 12345).
Solution : Using the extended Euclidean algorithm,
we can gcd(11111,12345)  1, 11111  2471  12345  y  1.
It means that 11111  2471  1(mod 12345). Hence,
x  2471  4  9884(mod 12345).
3.3 Division (Continued)
Solve congruence s of the form ax  b(mod n) when gcd( a, n) 
d  1. The procdure is as follows :
(1) Ifd | b, there is no solution.
(2) Assume d | b. Consider t he new congruence
(a / d ) x  b / d (mod n / d ).
Note that a / d , b / d , n / d are integers and gcd( a / d , n / d )  1.
Solve this congruence by the above procedure to obtian a
solution x0 .
(3) The solutions of the original congruence ax  b(mod n) are
x0 (mod n), x0  (n / d )(mod n), x0  2(n / d )(mod n),  ,
x0  (d  1)( n / d )(mod n).
3.2 Division (Continued)
Example 7 Solve 12 x  21(mod 39).
Solution : gcd(12, 39)  3, which diviedes 21. Divide by 3 to obtian
the new congruence 4 x  7(mod 39). A solution is x0  5. The
solutions to the original congruence are x  5, 18, 31(mod 39).
Working with fractions
(1)In many situations , it will be convenient to work with fractions
mod n. For example, 1 / 2(mod 12345) is easier to write than
6173(mod 12345). The general rule is that a fraction b/a can be used
mod n if gcd( a, n)  1. b / a (mod n) really means a 1b(mod n).
(2)The symbol 1 / 2 is simply a symbol with exactly one propery : if
multiply 1 / 2 by 2, you get 1. So, 1 / 2(mod 12345) and 6713(mod 12345)
can be interchang eable.
(3) We can' t use fractions with arbitrary denominato rs. For example,
1 / 6(mod 6),1 / 2(mod 6).In general, if gcd( a, n)  1, it is not allowed.
4 The Chinese Remainder Theorem
 x  4(mod 7)
x  25(mod 42)  
 x  1(mod 6).
The Chinese remainder theorem shows that this process can be
reversed.
Theorem 5 (Chinese Remainder Theorem) Suppose gcd( m, n)  1.
Given a and b, there exists exactly one solution x(mod mn) to the
simultaneo us congruence s
x  a (mod m), x  b(mod n).
Proof. There exist integers s, t such that ms  nt  1. Let x  bms  ant.
Then x  ant  a (mod m), x  bms  b(mod n). Suppose x1 is another
solution. Then m | x  x1 , n | x  x1 , so x  x1  mk  nl , x  x1 
( x  x1 )( ms  nt )  mn(ls  kt), i.e. x  x1 (mod mn).
4 The Chinese Remainder Theorem (Continued)
Example 8 Solve x  3(mod 7), x  5(mod 15).
Solution : Since 80(mod 7)  3(mod 7), 80(mod 15)  5(mod 15),
x  80(mod 105). The theorem guarantees that such a solution
exists and is uniquely determined by mod mn.
Two methods to find the solution :
(1)To list the numbers congruent to b(mod n) until you find
one that is congruent to a (mod m). For example, the numbers
congruent to 5(mod 15) are 5, 20, 35, 50, 65, 80. By mod 7, there
are 5, 6, 0, 1, 2, 3.
(2)The numbers congruent to b(mod n) are of the form b  nk ,
so we need to solve b  nk  a (mod m). Obtain k  (a  b)n 1 (mod m),
Substituti ng k back into b  nk , then reducing mod nm, gives the
4 The Chinese Remainder Theorem (Continued)
Example 9 Solve x  7(mod 12345), x  3(mod 11111).
Solution : 111111 (mod 12345)  2471.Therefore, k
 (7  3)  2471  9884(mod 12345).This yields x 
3  11111 9884  109821127(mod 1111112345).
n, you can break it into simultaneo us congruence s modulo
each prime power factor of n, then recombine the resulting
informatio n to obtian an answer mod n. The advatantag e is
that often it is easier to analyze congruence modulo primes or
modulo prime powers than to work modulo composite
numbers.
4 The Chinese Remainder Theorem (Continued)
Example 10 Solve x 2  1(mod 35)
Solution : x 2  1(mod 35) 
 x 2  1(mod 5)  x  1(mod 5)
 2
 x  1(mod 7)  x  1(mod 7).
We can put togeth er in 4 ways :
x  1(mod 5), x  1(mod 7)  x  1(mod 35),
x  1(mod 5), x  1(mod 7)  x  6(mod 35),
x  1(mod 5), x  1(mod 7)  x  29(mod 35),
x  1(mod 5), x  1(mod 7)  x  34(mod 35).
4 The Chinese Remainder Theorem (Continued)
Theorem 6 (CRT - General Form) Let m1 , m2 ,  , mk be
integers with gcd( mi , m j )  1 whenever 1  i  j  k . Given
integers a1 , a2 ,  , ak , there exists exactly one solution
x(mod m1m2  mk ) to the simultaneo us congruence s
x  a1 (mod m1 ), x  a2 (mod m2 ),  , xk  ak (mod mk ).
Proof. We can omit the proof.
Therefore, in general, if n  p1 p2  pr is the product of r
distinct odd primes, then x 2  1(mod n) has 2 r solutions.
5 Fermat’s Little Theorem and Euler’s
Theorem
Theorem 7 (Fermat' s Little Theorem ) If p is a prime and
p | a, then
a p 1  1(mod p ).
Proof. Let S  {1,2,3,  , p  1}. Consider t he map S  S :
 ( x)  ax(mod p ).Clearly,  ( x)  0(mod p). Now, suppose
x  y  S . We have ax  ay (mod p ). Therefore ,  (1),  (2),  ,
 ( p  1) are distinct elements of S . It follows that
1  2  3 ( p  1)   (1) (2)  ( p  1)  (a 1)  (a  2)  (a  3)
 (a  ( p  1))  a p 1 (1  2  3 ( p  1))(mod p ).
Since gcd( j , p )  1 for j  S , we can divide this congruence
by 1,2,3,  , p  1. What remains is 1  a p 1 (mod p ).
5 Fermat’s Little Theorem and Euler’s Theorem
(Continued)
Example 11 210 (mod 11), 253 (mod 11).
210  1024  1(mod 11）
. From this, we can evaluate 253  (210 )5 23
 23  8(mod 11). In other word s, from 53  3(mod 10), we deduce
253  23 (mod 11).
Search for prime numbers using the Fermat' s little Theorem
Choose a starting point n0 and successive ly test each odd number n
 n0 to see whether 2 n 1 ?  1(mod n). If n fails the test, discard it and
proceed to the next n. When passes the test, use more sophistica ted
techniques .
# The advantage is that this procedure is much faster and eliminate many
numbers quickly. However, there exist the exceptions such as 561 
3 11 17, 2560  1(mod 561).
5 Fermat’s Little Theorem and Euler’s Theorem
(Continued)
Definition 5 Let  (n) be the number of integers 1  a  n such
that gcd( a, n)  1. Often  is called Euler' s  - function .
Propositio n 7 If n  p1a1 p2a2  pkak is the prime power factorizat ion ,

 1 a
1
a


then  (n)  n 1  , in particular ,  ( p )  1   p .
pi 
p
i 1 

Proof. We omit the proof.
k
Example 12  (10)   (2  5)  10(1  1 / 2)(1  1 / 5)  4,
 (120)   (23  3  5)  120(1  1 / 2)(1  1 / 3)(1  1 / 5)  32.
5 Fermat’s Little Theorem and Euler’s Theorem
(Continued)
Theorem 7 (Euler ' s Theorem) If gcd( a, n)  1, then
a ( n )  1(mod n).
Proof. The proof of this theorem is almost the same
as the one given for Fermat ' s theorem . Let S be the
set of integers 1  x  n with gcd( x, n)  1. Let S  S
be defined by  ( x)  ax(mod n). Clearly, the numbers
 ( x) are the numbers in written in S some order.
Therefore,
 x    ( x)  a ( n )  x(mod n),
xS
xS
xS
Dividing out the factors, we obtain a ( n )  1(mod n).
5 Fermat’s Little Theorem and Euler’s Theorem
(Continued)
Example 13 What are the last three digits of 7803 ?
Solution : Knowing the last three digits is the same as
working modulo 1000. Since  (1000)  1000(1  1 / 2)
(1  1 / 5)  400, we have 7803  (7 400) 2 7 3  73 
343(mod 1000).
Example 14 Compute 2
43210
(mod 101).
Solution : From Fermat' s theorem, we know that 2100
 1(mod 101). Therefore,
2 43210  (2100) 432 210  1024  14(mod 101).
5 Fermat’s Little Theorem and Euler’s Theorem
(Continued)
Basic Principle 1 Let a, n, x, y be integers with n  1,
gcd( a, n)  1. If x  y (mod  (n)), then a x  a y (mod n).
In other word s, if you want t o work modulo n, you
should work modulo  (n) in the exponent.
Proof. Write x  y   (n)k . Then
a x  a y  ( n ) k  a y (a ( n ) ) k  a y (1) k  a y (mod n).
# Work with the exponent using modulo  (n) not n.
6 Primitive Root
Consider t he powers of 3(mod 7) :
31  3, 32  2, 33  6, 34  4, 35  5, 36  1.
Note that we obtain all the nonzero congruence classes
modulo 7 as powers of 3. This means that 3 is a primitive root
modulo 7. But, 33  1(mod 13), so only 1, 3, 9 are powers of 3.
Therefore, 3 is not a primitive root mod 13.
In gereral, when p is a prime, a primitive root modulo p is a
number who se powers yield every nonzero class modulo p.
# There are  ( p  1) primitive root modulo p.
6 Primitive Root (Continued)
Propositio n 8 Let g be a primitive root for the prime p.
(1) If n is an integer , then g n  1(mod p) if and only if n  0(mod p  1).
(2) If j and k are integers , then g j  g k (mod p) if and only if j  k (mod p  1).
Proof. (1) If n  0(mod p  1), then n  ( p  1)m for some m. Therefore,
g n  ( g m ) p 1  1(mod p)
by Fermat ' s theorem . Suppose g n  1(mod p). Write
n  ( p  1)q  r , with 0  r  p  1.
We have
1  g n  ( g q ) p 1 g r  g r  g r (mod p).
Suppose r  0. The powers of g (mod p) yield g (mod p), g 2 (mod p), , g r 1 (mod p).
Since r  p  1, this contradict s the assumption that g is a primitive root. So r  0.
(2) Assume that j  k . Suppose that g j  g k (mod p). Dividing both sides by g k
yields g j k  1(mod p). By (1), j  k  0(mod p  1), so j  k (mod p  1). If j 
k (mod p  1), then j  k  0(mod p  1), so g j k  1(mod p) by (1), i.e. g j  g k (mod p).
7 Inverting Matrices Mod n
Finding the inverse of a matrix modulo n can be
accomplish ed by the usual methods for inverting
a matrix. The basic fact we need is that a square
matrix is invertible modulo n if and only if its
determinan t and n are relatively prime. For example,
a b 
c d 


1
 b
1  d  b
1  d

(mod n)



ad  bc  c a 
 c a 
7 Inverting Matrices Mod n (Continued)
1 2
Example 15 Invert 
 (mod 11).
4
3


1 2
 2,  2  5  1(mod 11), we obtain
Solution : Since
3 4
1
1 2
1  4  2   4  2  9 1
(mod 11).

 5





3 4
5
7
1
3

1
3

2

 
 


A quick calculatio n shows that
1 2 9 1 23 11 1 0
3 4 7 5  55 23  0 1 (mod 11).

 
 


1
1 1 1
Example 16 Invert 1 2 3 (mod 11).
1 4 9
1
1 1 1
 6  5 1  3 3 6 
1 1 1
Solution : 1 2 3  2,2  6  1(mod 11), 1 2 3  6 6 8  2  8 4 10 (mod 11).
 2  3 1  1 4 6 
1 4 9
1 4 9
7 Inverting Matrices Mod n (Continued)
Why do we need the determinan t and n to be relatively ？
Suppose MN  I (mod n), where I is the identity matrix.
Then ,
| M || N || MN || I | 1(mod n).
Therefore, | M | has an inverse modulo n, which means
that | M | and n must be relatively prime .
8 Square Roots Mod n
Consider x 2  71(mod 77). How do we find one solution
and all solutions ?
Let' s start with the case of sqare roots modulo a prime p.
The easiest case is when p  3(mod 4).
Propositio n 9 Let p  3(mod 4) be prime and let y be an integer .
Let x  y ( p 1) / 4 (mod p ).
(1) If y has a square root modulo p, then the square roots of y mod p
are  x.
(2) If y has no square root mod p, then  y has the square roots
modulo p, and the square roots of  y are  x.
8 Square Roots Mod n (Continued)
Proof. If y  0(mod p), all the statements are trivial. So assume
y  0(mod p). By the Fermat ' s theorem, we have
x 4  y p 1  y 2 y p 1  y 2 (mod p),
This implies that ( x 2  y )( x 2  y )  0(mod p), so x 2   y (mod p).
Therefore, at least one of y and  y is a square modulo p. Suppose both
y and  y are squares modulo p, say a 2  y (mod p) and b 2   y (mod p).
Then  1 （a / b）2 (mod p), which means  1 is a square mod p. This
is impossible , because  1  (1) ( p 1) / 2  (a / b) p 1 (mod p). It
contradict s Fermat' s little theorem .
8 Square Roots Mod n (Continued)
Example 17 Find the square root of 5(mod11) .
Solution : Since ( p  1)/4  12/4  3, x  53  4(mod 11). We can
compute 4 2  5(mod 11). So the square roots of 5(mod11) are  4.
Example 18 Find the square root of 2(mod11) .
Solution : Since ( p  1)/4  12/4  3, x  23  8(mod 11). But
82  9  2(mod 11), so 2 has no square root mod11, the square
roots of  2(mod11) are  8.
Example 19 Solve x 2  71(mod 77).
Solution : It means that x 2  71  1(mod 7), x 2  71  5(mod 11).
Therefore , x  1(mod 7), x  4(mod 11). We can combine in four
ways, i.e.
 x  1(mod 7)  x  1(mod 7)  x  1(mod 7)  x  1(mod 7)
,
,
,
,

 x  4(mod 11)  x  4(mod 11)  x  4(mod 11)  x  4(mod 11)
Using the Chinese remainder theorem, we can compute
x  15,29,29,15 (mod 77).
8 Square Roots Mod n (Continued)
Square Root Oracle Suppose n  pq is the product of two primes
and we know the four solutions x   a,b(mod n) of x 2  y (mod n).
From Example 19, we know that a  b(mod p )( a  b(mod q )) a 
 b(mod q )( a  b(mod p )).Therefore, p | a  b(q | a  b) but q | a  b
( p | a  b), i.e. gcd( a  b, n)  p (q ). In Example 19, gcd(15  29,77)  7
gives a nontrivial factor of 77.
Basic Principle 2 Suppose n  pq is the product of two primes
congruent to 3(mod 4) and y is a number relatively prime to n which
has a squere root mod n. Then finding the four solutions x   a,b to
x 2  y (mod n) is computatio nally equivalent to factoring n.
9 Groups, Rings, Fields
9.1 Groups
Definition 6 A group (G, * ) consists of a set G with a binary
operation * on G satisfying the following three axioms.
(1) The group operation is associativ e. That is, a* (b* c) 
(a*b) * c for all a, b, c  G.
(2) There is an element 1  G, called the identity element, such
that a *1  1*a  a for all a  G.
(3) For each a  G there exists an element a 1  G, called the
inverse of a, such that a * a 1  a 1 *a  1.
A group G is abelian (or commutativ e) if, furthermor e,
(4) a*b  b*a for all a, b  G.
9.1 Groups (Continued)
Example 20
(1) The set of integers Z with the operation of addition forms
a group. The identity element is 0 and the inverse of an integer
a is the integer  a.
(2) The set Z n , with the operation of addition modulo n, forms a
group. The set Z n with the operation of multiplica tion modulo n
is not a group, since not all elements have multiplica tive inverses.
However, the set Z n* is a group under the operation of multiplica tion
modulo n, with identity element 1.
(3) The set {T , F }, with the operation of XOR, form a group, with
identity element F , T 1  T .
9.2 Rings
Definition 7 A ring ( R,,) consists of a set R with two binary
operations arbitraril y denoted  (addition) and  (multiplic ation)
on R, satisfying the following axioms.
(1) (R, ) is an abelian group with identity denoted 0.
(2) The operation  is associativ e. That is, a  (b  c)  (a  b)  c
for all a, b, c  R.
(3) There is a multiplica tive identity denoted 1, with 1  0, such
that 1 a  a 1  a for all a  R.
(4) The operation  is distributi ve over  . That is, a  (b  c) 
(a  b)  (a  c) and (b  c)  a  (b  a )  (c  a ) for all a, b, c
 R.
The ring is a commutativ e ring if a  b  b  a for all a, b  R.
9.2 Rings (Continued)
Example 21
(1) The set of integers Z with the usual operations
of addition and multiplica tion is a commutativ e
ring.
(2) The set Z n with addition and multiplica tion
performed modulo n is a commutativ e ring.
9.3 Fields
Definition 8 A field is a commutativ e ring in which all non - zero
elements have multiplica tive inverses.
Example 22
(1) The set of integers under the usual operations of addition
and multiplica tion is not a field, since the only non - zero integers
with multiplica tive inverses are 1 and  1. However, the rational
numbers Q, the real numbers R, and the complex numbers C form
fields under the usual operations .
(2) Z n is a field (under the usual operations of addition and
multiplica tion modulo n) if and only if n is a prime number. If n
is prime.
# A algebra structure is finite if the number of elements is finite.
The number of elements is called its order.
Thank you!
Related documents