* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download lesson-4modular-arithmetric1
List of first-order theories wikipedia , lookup
Foundations of mathematics wikipedia , lookup
Large numbers wikipedia , lookup
Mathematics of radio engineering wikipedia , lookup
List of important publications in mathematics wikipedia , lookup
Wiles's proof of Fermat's Last Theorem wikipedia , lookup
List of prime numbers wikipedia , lookup
Collatz conjecture wikipedia , lookup
Elementary mathematics wikipedia , lookup
Index of cryptography articles wikipedia , lookup
Cryptography wikipedia , lookup
Quadratic reciprocity wikipedia , lookup
Temasek Academy Math of Passwords 00001010010011010010101010100101010100101010010101010101001010101010010101010 10111010101010011001010100101010100100001010101011101001010100101010010111110 11010010100101001010101001101001010010001011111010010110010101000111001010101 00100101001010001010101101010110010100010110100101010010101010100101010010101 01001010010101010101001010100101010100101010110010101010100101001010101001010 10010100101010010101001000101001010110010101001010100101010100101010101001010 10010101010110100101010011001010001110100101010010101010010101010010101010100 10101010100101010100101010100100101010010010101010010101001010010101010100010 10101001010100101010101001010101010101001010100101011010010101010101010100100 Chapter 4: Some Basic Number Theory Number theory is a branch of pure mathematics that deals with the properties of numbers, with integers in particular. In this elective, we will introduce some topics in number theory involving integers that we require to better appreciate modern day cryptography. Some Background Information: Before the discovery of public key cryptography, encryption and decryption of ciphers involved the two communicating parties to have a secure prior agreement on the keys to be used in the cipher. This means that the two parties must trust each other in the handling of the keys, and keep the keys private, i.e., private key cryptography, as the decryption keys can be easily obtained from the encryption keys, and vice versa. However, with the invention of the internet, there is a need to create a public key, such that people are able to use the key to encrypt their information, e.g., credit card pin for payment, and yet no one should be able to decrypt the information from the encryption key itself. Only through the field of mathematics, are we able to create this “Trapdoor function” where the above is possible. “Mathematics is the queen of the sciences and number theory is the queen of mathematics.” – Gauss 1 Temasek Academy Math of Passwords Section 4.1 Clock Mathematics! Okie! In this section 4.1, we will learn about clock mathematics! Hmm, so it isn’t really called clock mathematics in real life. It is one branch of mathematics called modular arithmetic under congruence, but it really just works the same way as a clock. If you can read a clock, you can do basic congruence. 4.1.1 Introduction to Congruence Definition 1: Suppose that a and b are two integers and n a positive integer. We say that a is congruent to b if n divides a b, written as a b (mod n). Layman Definition 1: In layman terms, it means a and b are congruent to each other if they have the same remainder after been divided by n. For example, 1. 2. 3. Seconds and minutes: 90 75 5 30 15 55 (mod 60), (mod 60), (mod 60). 15 48 3 3 0 9 (mod 12), (mod 12), (mod 12). 8 8 14 1 6 0 (mod 7), (mod 7), (mod 7). Hours: Days of the week: Example 1: Decide which of the following congruences are true and which are false. (a) 18 3 (mod 5) (b) 18 -3 (mod 6) (c) 35 9 (mod 4) (d) -17 3 (mod 4) So, was that easy? Now, we move on to slightly more advanced stuff.To understand and prove congruence, we just need to use one definition. If a b (mod n), then we can always write a = kn + b, for some integer k. AND, it is always possible to find b such that 0 b < n. Theorem 1: Properties of Congruence 2 (Why? Remainder lo!) Temasek Academy Math of Passwords Below are some properties of congruence. Some of the properties are given. Fill the empty spaces with other properties that you may discover. Let n and k be positive integers and a, b, c, d be integers. Then (a) a a (mod n). [reflexive] (b) If a b (mod n), then b a (mod n). [symmetric] (c) If a b (mod n) and b c (mod n), then a c (mod n). [transitive] (d) If a b (mod n) and c d (mod n), then a + c b + d (mod n). (e) If a b (mod n) and c d (mod n), then ac bd (mod n). (f) If a b (mod n), then ak bk (mod n) (g) If a b (mod n), then ka kb (mod n). [Warning: the reverse for the above conditions may not be true.] So, if you want to simplify congruence, you will need to use the above! Example 2: By using the properties of congruence, find the remainder (without using a calculator) when (a) 238 is divided by 7 (b) 4100 is divided by 10 (c) 456 is divided by 13 Solution: (a) 23 = 8 1 (mod 7). So using Property (f) above, 812 112 (mod 7), i.e., 236 1 (mod 7) Since 22 22 (mod 7), we have 236 . 22 1 . 22 (mod 7) Hence, 238 4 (mod 7). Thus the remainder is 4. (b) (c) Section 4.2 Modular Arithmetric and Euclidean Algorithm 3 Temasek Academy Math of Passwords Ok. Now that you realized that congruence are sometimes, not so easy to find, I will impart you some secrets of the trade, i.e., some formulas and tricks to simplify congruence. But first, you need to understand some terms. 4.2.1 Introduction to Prime and Composite Numbers All integers are built up from the most basic elements – “indivisible units” called prime numbers or what we simply call primes. Definition 1: Prime Numbers A prime number is a positive integer p which is greater than 1 and is divisible by 1 and p only. The first few primes are 2, 3, 5, 7, 11, etc, and the only even prime number is 2. (Why?) Definition 2: Composite Numbers A composite number is a positive integer n, greater than 1, and has a factor other than 1 and n. (Hence, if P is the set of prime numbers, then the set of composite numbers C = + P.) Definition 3: Greatest Common Divisor (gcd) The greatest common divisor of any two positive integers, a and b, i.e., gcd(a, b), is the highest common factor of the two numbers. E.g., gcd(42, 54) = 6. Definition 4: Coprime Two positive integers a and b are coprime to each other if gcd(a, b) = 1. (In other words, the two numbers have no common factors other than 1). E.g., 10 and 21 are coprime to each other as gcd(10, 21) = 1, although 10 and 21 are composite numbers. Activity 1: Internet Search (Questions Questions Questions) What is the greatest prime number discovered today? How did we find this number? Does the largest prime number exist? Can you prove it? 4 Temasek Academy Math of Passwords 4.2.2 Euler’s Phi Function and Euler’s Theorem Theorem 1: Fermat’s Little Theorem Let p be a prime and suppose that p does not divide a. Then ap – 1 1 (mod p). Hence, if p is a prime, then ap a (mod p) for any integer a. Example 1: Use Fermat’s Little Theorem to find the remainders when (a) 318 is divided by 19; (b) 355 is divided by 19; (note that : 55 = 3 18 + 1) (c) 16103 is divided by 11. Ok, so the above only works for modulo primes. To learn more tricks, we have to learn a bit more now. By the way, the above theorem can be used as a check for primes! If the above condition is not true for any number x, we know for sure it is not a prime! Definition 1: Euler’s Phi Function / The indicator or Totient function For n 1, let (n) denote the number of positive integers not exceeding n that are coprime to n. A few first values: (1) =1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6, (8) = 4, (9) = 6, (10) = 4, (11) =10, (12) = 4, (13) = 12, etc. Example 2: Find (15) and (19). Below are some useful results involving the Euler’s Phi Function. Theorem 2: For n > 1, (n) = n – 1 if and only if n is a prime number. Theorem 3: 1 If p is a prime and k > 0, then (pk) = pk – pk – 1 = p k 1 . p E.g., (27) = 33 (1 – 1 2 ) = 33 = 18. 3 3 5 Temasek Academy Math of Passwords Theorem 4: The function is a multiplicative function, i.e., (pq) = (p) (q), when p and q are coprime to each other. E.g., (21) = (3) (7) = 2 6 = 12. Example 3: Find (1800) and (1323). Theorem 6: Euler’s Theorem If n 1 and gcd (a, n) = 1, then a (n) 1 (mod n). Note: Euler's Theorem is a generalization of Fermat's Little Theorem. Why? Also, a must be coprime to n. Example 4: Use Euler’s Theorem to find the remainders when (a) 5228 is divided by 21. (b) 7174 is divided by 10; (c) 5228 is divided by 36; (d) 1818240 is divided by 18527. In fact, examples like d is the basis of the modern cryptosystems. Just that, the prime numbers used are very very large. Before we can go to these system, we need just a bit more. 6 Temasek Academy Math of Passwords 4.2.3 Modular Addition and Multiplication Definition 5: Modular Addition and Multiplication We define the set n = {0, 1, 2, …, n – 1} and the operation +n and n as follows : a +n b : the remainder when (a + b) is divided by n and a n b : the remainder when (a b) is divided by n, where a, b n. Note: We usually use the set n to denote the set {1, 2, …, n – 1}, i.e., no zero element. For example, if a 25 b = 1, then when ab is divided by 25 the remainder is 1. We can write: ab = 25k + 1 where k is the quotient, an integer. Or ab 1 (mod 25) Example 1: For 5 = {0, 1, 2, 3, 4 }, we have the following tables for modular addition and multiplication. +5 0 1 2 3 4 0 0 1 2 3 4 1 1 2 3 4 0 2 2 3 4 0 1 3 3 4 0 1 2 5 0 1 2 3 4 4 4 0 1 2 3 0 0 0 0 0 0 1 0 1 2 3 4 2 0 2 4 1 3 3 0 3 1 4 2 4 0 4 3 2 1 Definition 6a: Additive Identity Element and Additive Inverse In the table above for +5, we see that any element in 5 , say a, a +5 0 = a and 0 +5 a = a. We say that 0 is the additive identity element in 5. We also notice that 1 +5 4 = 0 , 4 +5 1 = 0, 2 +5 3 = 0 and 3 +5 2 = 0. We say that 1 is the additive inverse of 4 in 5 and 2 is the additive inverse of 3 in 5. It is clear from the table that any number multiplied with zero will give zero, which is not very useful in our following discussions. Hence, we now discuss all the elements in 5, except the element 0, i.e., 5 {0} or 5 . Definition 6b: Multiplicative Identity Element and Multiplicative Inverse In the table above for 5, we see that any element in 5 We say that 1 is the multiplicative identity element in , say a, a 5 1 = a and 1 5 a = a. 5. We also notice that 2 5 3 = 1 , 3 5 2 = 1, and 4 5 4 = 1. We say that 2 is the multiplicative inverse of 3 in 5 and 4 is the multiplicative inverse of itself in 5. Example 2: (a) For 7 = {0, 1, 2, 3, 4, 5, 6} and 7 = {1, 2, 3, 4, 5, 6}, complete the following tables. 7 Temasek Academy Math of Passwords What is the additive inverse and multiplicative inverse of 5 in 7 and (b) 7 respectively? +7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 0 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 1 2 3 4 5 6 0 1 0 1 2 3 4 5 6 2 2 3 4 5 6 0 1 2 0 2 4 6 1 3 5 3 3 4 5 6 0 1 2 3 0 3 6 2 4 4 5 4 0 4 1 5 5 5 0 5 7 6 0 6 5 6 Note: From the Table above we see that each element in 7 has a multiplicative inverse. Example 3: Complete the following tables. +6 0 1 2 3 4 6 5 0 0 1 1 2 2 3 3 4 4 5 5 Question: 0 1 2 3 4 5 What can you say about the inverse elements in both tables? Observation 1: For modular multiplication, n, in n where n is a prime number, all elements in n have multiplicative inverse. However, for n, in n where n is a composite number, numbers that share common factors as n, other than 1, will have no multiplicative inverse in coprime to n have multiplicative inverse in n. (in other words, only numbers that are n .) Why are we learning additive and multiplicative inverse? 8 Temasek Academy Math of Passwords We need the use of ideas of additive and multiplicative inverse of numbers when we try to use modular arithmetic in our cryptosystems. Additive inverse is easy enough, but multiplicative inverses are really a bug. Hence, we need to discuss the follow method to obtain a multiplicative inverse of a number. 4.2.4 Euclidean Algorithm Given any two positive integers a and b, we can find the greatest common divisor of a and b by listing down all the factors of a and b, and finding the common factors. For example, gcd(276, 126) = 6, since 276 = 22 . 3 . 23 and 126 = 2 . 32 . 7. However, this is a long and tedious process if a and b are large numbers. There must be a more efficient way, since Maple (a Mathematical software, see http://www.maplesoft.com) can calculate the gcd of two 60-digit numbers in well under a second, while taking a long time (about 10 minutes on a 600 Mhz pentium computer) to factorize either one of them. We now introduce the Euclidean Algorithm, which has been around thousands of years, and it will enable us to find the greatest common divisor easily for such numbers. Algorithm 1: Euclidean Algorithm Example 4: Find the greatest common divisor of 274 and 126. 276 = 2 126 + 24 (Divide 274 by 126, getting remainder 24.) 126 = 5 24 + 6 (Divide 126 by the remainder 24) 24 = 4 6 + 0 (Divide 24 by the remainder 6) The algorithm terminates when the remainder (calculated at each step) becomes zero. The previous remainder calculated is the greatest common divisor. Hence, gcd(274, 126) = 6. Example 5: Find the greatest common divisor of (a) 344 and 560, 9 (b) 414 and 322. Temasek Academy Math of Passwords Observation 2: From Observation 1 on page 8, only numbers, a, that are coprime to n, (i.e., gcd(a, n) = 1) have multiplicative inverse in n. For small n, we can check the modular multiplication table for to find the multiplicative inverse (if it exists) of an element in n n. However, if n is large, the Euclidean Algorithm will again be more efficient in finding the multiplicative inverse of an element. Hence, if we obtain gcd(a, n) = 1 from the Euclidean Algorithm, we can use the steps involved to find the multiplicative inverse of a in n. Algorithm 2: “Extended” Euclidean Algorithm Example 6: Suppose we want to find the multiplicative inverse of 9 in 25 25 = 2 9 + 7 (Divide 26 by 9, getting remainder 7.) 9=17+2 (Divide 9 by the remainder 7) 7=32+1 (Divide 7 by the remainder 2) 2=21+0 (Repeat the steps until we reach 0) (Hence, gcd(9, 25) = 1.) Now, we start to write the steps“backwards” as follows: 1=7–32 2=9–17 7 = 25 – 2 9 We will now eliminate 2 and 7 as follows: 1 = 7 – 3 (9 – 1 7) = (3) 9 + 4 7 10 Temasek Academy Math of Passwords = (3) 9 + 4 (25 – 2 9) = 4 25 – 11 9 So we have 9 (–11) = (4) 25 + 1, which means 9 (11) 1 (mod 25). But (–11) is not in 25. However, since –11 14 (mod 25), so 9 (14) 1 (mod 25). Hence, we have 14 as the multiplicative inverse of 9 in 25. (Check that 9 14 = 5 25 + 1). Example 6: Find the multiplicative inverse of (a) 5 in 26 (b) Section 4.3 Applications in Cryptography (A) General Shift Cipher (The General Form of Shift Cipher) (B) Multiplicative Cipher (C) Affine Cipher (C) Exponential Cipher (Combination of Multiplicative and Shift Cipher) 11 8 in 27 Temasek Academy Math of Passwords (A) General Shift Cipher We also call the shift cipher the Additive cipher. This is especially clear when we use the set 26 and +26 to define the cipher. We associate each letters by a number as follows : A B C ……. W X Y Z 1 2 3 ..….. 23 24 25 0 So written in 26, the plaintext < ATTACKTONIGHT> appears as a sequence <1, 20, 20, 1, 3, 11, 20, 15, 14, 9, 7, 8, 20>. In Caesar cipher, we can define it using the following encryption key: Given that m and c are corresponding letters in the plaintext and the ciphertext, Encryption Key: f(m) = m +26 3 = c So f(1) = 1 +26 3 = 4, f(20) = 20 +26 3 = 23 etc Hence, the ciphertext is <4, 23, 23, 4, 6, 14, 23, 18, 17, 13, 10, 11, 23> To decipher the text, the receiver must know the additive inverse of 3 in 26, which is 23 as 3 +26 23 = 0. For example, 4 +26 23 = 1 -- represents A indeed. Hence, the decryption key is as follows: Decryption Key: f1(c) = c +26 23 = m. It should be clear that the decryption key can be easily obtained if one knows the encryption key. 12 Temasek Academy Math of Passwords Hence, the general shift cipher is defined as follows mathematically: Let n be a positive integer and k be in n with k 0. The additive cipher based on k is c = f(m) = m +n k where m is a string of numbers representing the text message. k here is called the key. Equivalently, c = f(m) m + k (mod n) To decipher the text, we have m = f1(c) = c +n k where c is the ciphered text and k is the additive inverse of k in n (that is k + k = 0). Equivalently, m = f1(c) c – k (mod n). Exercise 1: Encipher the message BE BACK AT 1150 using the following encoding of symbols : 0 = 00, 1 = 01, 2 = 02, … , 9 = 09, A = 10, B =11, C = 12, …., Y = 34, Z = 35. And an additive cipher with key k = 14. (i.e., shift forward by 14) Solution From the plaintext (a sequence of numbers representing the message) : m : <11, 14, 11, 10, 12, 20, 10, 29, 01, 01, 05, 00 > We compute the relevant values of c = f (m) = m + 14 (mod 36). Why mod 36? m 11 14 11 10 12 20 c 25 28 25 24 26 10 29 01 01 05 00 The ciphertext is: 13 Temasek Academy Math of Passwords (B) Multiplicative Cipher Let n be a positive integer and k in n be coprime with n. Then for any plaintext to be encrypted, m, and the its corresponding ciphertext¸ c, the multiplicative cipher is defined as follows: Encryption Key: Ek (m) = k n m = c (mod n) Decryption Key: Ek1 (c) = k n c = m. (mod n) (where k is the multiplicative inverse of k in n) Example 2: A multiplicative cipher on 26 is defined by the function G7(m) = 7 26 m. (i) Determine the multiplicative inverse of 7 in 26. (ii) A message is enciphered using G7 to give the ciphertext <10, 1, 14, 9, 1, 22, 20, 1, 10, 10, 1, 14, 9 > where 1 represents A and 0 represents Z. What is the original message? Solution: 14 Temasek Academy Math of Passwords (C) Affine Cipher It is clear that the shift cipher is not a very strong cipher, with only a small number of possible keys. Hence, using the set of modular arithmetic that we used to define the shift cipher earlier, we now use the same tools, with the additional tool of n, to define another cipher, the Affine cipher. We also make use of the multiplicative cipher to define the Affine Cipher. Encryption key: f(m) = (a m) + b c (mod n). Decryption key: f1(c) = (c b) a1 m (mod n). Question: 1) Are there any restrictions to note, when choosing a? 2) How many keys are there in affine ciphers using English alphabets? Exercise 3: Encipher the message <ATTACKTONIGHT> using the affine cipher, where a = 7, b = 5. Answer: Decipher the message <MZLMJSVFIAFDS> Answer: 15 Temasek Academy Math of Passwords (D) Exponential Cipher Before the discussion on public key cryptography, we now discuss an exponential cipher that will incorporate some of the essentials concepts required in public key cryptography. Exponential Cipher Let p be a prime number and k in The exponential cipher Ek on p p1 such that k is coprime to p – 1. uses the following encryption and decryption keys below. For any number m and c, Encryption key: Ek(m) mk Decryption key: Ek1 (c) ck ' (mod p) where k is the multiplicative inverse of k in (mod p) Note: The decryption key can be obtained just from the encryption key. Example 4: An exponential cipher is defined on 29 by E(m) m3 (mod 29). (i) Determine the multiplicative inverse of 3 in 28. (ii) A message is enciphered using E above to give the ciphertext : < 8, 9 >. What was the plaintext? Solution: (i) (ii) 16 p1 .