Basic Number Theory The integers are the natural numbers, 0 and the - - PowerPoint PPT Presentation

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide01.html 1 of 1 09/30/2003 08:36 PM prev | slides | next

Basic Number Theory

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide02.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Numbers The natural numbers are 1, 2, 3, ... The whole numbers are 0, 1, 2, 3, ... The integers are the natural numbers, 0 and the additive inverses of the natural numbers: ..., -3, -2, -1, 0, 1, 2, 3, ... The natural and whole numbers are closed under addition (the sum

• f any two natural numbers is a natural number) and multiplication.

The integers are closed under addition, subtraction and multiplication, but not division.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide03.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Integers and Division If a and b are integers with a 0, then "a divides b" if there is an integer c such that b = ac. In this case a is a factor of b and b is a multiple of a. We use the notation a | b to say "a divides b". Theorem: Let a, b and c be integers. Then if a | b and a | c then a | (b+c). 1. if a | b then a | bc for all integers c. 2. if a | b and b | c then a | c. 3.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide04.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Prime and Composite Numbers A natural number p 1 is a prime number if the only numbers that divide it are 1 and p. A natural number is a composite number if it is not prime. The first ten prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29. Notice that 2 is the only even prime number; all other even numbers are composite.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide05.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Fundamental Theorem of Arithmetic Every natural number can be writen uniquely as the product of primes, where the prime factors are written in order of increasing size. For example: 28 = 2 * 2 * 7 451 = 11 * 41 42 = 2 * 3 * 7 Question: How does one find the prime factorization of a number like 1820?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide06.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Prime Factorization Question: How does one find the prime factorization of a number like 1820? Answer: Attempt division by prime numbers, starting with the

• smallest. If division is possible continue with the quotient and the

same prime number. If division is not possible then move the next largest prime number. On the next slide we see that 1820 can be factored 1820 = 2 * 2 * 5 * 7 * 13.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide07.html 1 of 1 09/30/2003 08:36 PM

Basic Number Theory

prev | slides | next

Prime Factorization

Division Possible? Operation Output 2 | 1820 yes 910 = 1820/2 2 2 | 910 yes 455 = 910/2 2 2 | 455 no next prime: 3 3 | 455 no next prime: 5 5 | 455 yes 91 = 455/5 5 5 | 91 no next prime: 7 7 | 91 yes 13 = 91/7 7 7 | 13 no next prime: 11 11 | 13 no next prime: 13 13 | 13 yes 1 = 13/13 13

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide08.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Prime Factorization Theorem: If n is a composite natural number then n has a prime divisor less than or equal to the square root of n. Proof: Suppose that n = ab for nonzero numbers a and b. If a is composite then its prime factors are clearly less than a; similarly for

• b. Let’s suppose that both a > sqrt(n) and b > sqrt(n) and see if this

leads to a contradiction: ab > sqrt(n)2 = n which contradicts the fact that n = ab. This means that either a or b is less than the square root of n, which in turn means that n has a prime factor less than its square root. This finishes the proof.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide09.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Prime Factorization One consequence of this theorem is that when forming the prime factorization of a number n, we need only consider prime numbers less than or equal to the square root of n. For example, if you search for the prime factors of 101, you need

• nly try dividing 101 by primes up to sqrt(101); the largest of these

is 7. Since 2, 3, 5, and 7 are not factors of 101, we can safely conclude that 101 is prime.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide10.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Division The Division Theorem: Let a be an integer and d be a positive

• integer. Then there are unique integers q and r with 0 <= r <= d

such that a = dq + r. d is the divisor, a is the dividend, q is the quotient, r is the remainder.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide11.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Greatest Common Divisor (GCD) Let a and b be integers not both zero. The largest integer d such that d | a and d | b is called the greatest common divisor of a and b and is denoted gcd(a,b). The integers a and b are said to be relatively prime if gcd(a,b) = 1. Finding the GCD of two integers is easy if their prime factorizations are known. When they are not known the Euclidean Algorithm for finding the GCD can be used.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide12.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Euclidean Algorithm for the GCD The Euclidean algorithm hinges on the following lemma (recall that a lemma is a "little theorem"): Lemma: Let a = bq + r where a, b, q and r are integers. Then gcd(a,b) = gcd(b,r). Proof: Suppose d divides both a and b. Then d also divides a-bq = r and so d divides both b and r. Now suppose that d divdes b and r. Then d also divides bq + r = a and so d divides both a and b. Since all divisors of a and b are also divisors of b and r (and vice versa), we conclude that gcd(a,b) = gcd(b,r).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide13.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Euclidean Algorithm for the GCD Find gcd(36,22).

a = b* q+ r 36 = 22* 1+ 14 22 = 14* 1+ 8 14 = 8* 1+ 6 8 = 6* 1+ 2 6 = 2* 3+ 0

The last nonzero remainder (2 in this case) is the GCD. Actually it is the GCD of 6 and 8, but by the lemma it is also the GCD of 36 and 22.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide14.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Euclidean Algorithm Pseudocode function gcd( integer a, integer b ) { x = a; y = b; while ( y != 0 ) { r = x mod y; x = y; y = r; } return x; }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide15.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Shortly we will find it useful to be able to express gcd(a,b) as a linear combination of a and b; the following theorem lets us know this can be done: Theorem: If a and b are positive integers then there exist integers n and m such that gcd(a,b) = na + mb. We can easily (at least in principle) find the numbers n and m by "running the Euclidean algorithm backwards." Start with the equation giving the GCD as the remainder and solve for the remainder; do not simplify any products that appear. Solve for the remainder in the previous line and substitute that into the current equation. Simplify, keeping a linear combination of next two remainders. Repeat until the equation is a linear combination of a and b.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide16.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

For example, the Euclidean algorithm for gcd(36,22) is given below

• n the left, while the reversal of the steps is shown on the right.

Numbers marked in this color are replaced in the following line by expressions marked in this color.

Euclidean Algorithm for gcd(36,22) Reversal 36= 22 *1 + 14 22= 14 *1 + 8 14= 8 *1 + 6 8= 6 *1 + 2 6= 2 *3 + 0 2 = 8 - 1*6 2 = 8 - 1*(14 - 1*8) = (-1)*14 + 2*8 2 = (-1)*14 + 2*(22 - 1*14) = 2*22 + (-3)*14 2 = 2*22 + (-3)*(36 - 1*22) = (-3)*36 + 5*22

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide17.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Linear Congruences Recall that a b (mod m) is read "a is congruent to b modulo m" and means that both a and b have the same remainder when divided by m. Another way to say this is that a is congruent to b modulo m if m divides a-b. Question: What value(s) of x will satisfy 2x 3 (mod 7)? (answer)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide18.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Linear Congruences Congruences in the form ax b (mod m) are called linear congruences. An important special case is that of multiplicative inverses: what value should a be to satisfy aa 1 (mod m)? Any value for a that satisfies this equation is called a multiplicative inverse of a modulo m. If we know a is the inverse of 2 modulo 7 then solving 2x 3 (mod 7) can be solved by multiplying both sides of the equation by a. This is possible because of the following theorem: Theorem: For all integers a, b and c and natural numbers m, If a b (mod m) then ac bc (mod m).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide19.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Linear Congruences In general, then, to solve ax b (mod m) we need to find the inverse of a modulo m, multiply and simplify:

ax b (mod m) aax ab (mod m) x ab (mod m)

The difficult part is finding the inverse a. If aa 1 (mod m) then 1

• aa = km for some integer k. This means, however, that

1 = aa + km If gcd(a,m) = 1 then we can "run the Euclidean algorithm backwards" to express 1 as a linear combination of a and m; this is exactly what we need to do to find a.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide20.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Linear Congruences Example: Find the inverse of 14 modulo 19. 19 = 1 * 14 + 5 14 = 2 * 5 + 4 5 = 1 * 4 + 1 4 = 4 * 1 + 0 Now reverse things to express 1 as a linear combination of 14 and 19: 1 = 1 * 5 - 1 * 4 = 1 * 5 - 1 * (14 - 2 * 5) = -1 * 14 + 3 * 5 = -1 * 14 + 3 * (19 - 1 * 14) = 3 * 19 - 4 * 14 = 3 * 19 + (-4) * 14

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide21.html 1 of 1 09/30/2003 08:37 PM

Basic Number Theory

prev | slides | next

Linear Congruences From the last line, 1 = 3*19 + (-4)*14, we see that -4 is the inverse

• f 14 modulo 19.

It is important to state under what conditions an inverse can be found. Theorem: If a and m are relatively prime integers and m > 1, then an inverse of a modulo m exisits and is unique modulo m.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide22.html 1 of 1 09/30/2003 08:38 PM

Basic Number Theory

prev | slides | next

Linear Congruences Example: Solve 13x 25 (mod 32). First we check to see that 13 and 32 are relatively prime; gcd(13,32) = 1. (Actually, this is obvious since 13 is a prime number). Next use the Euclidean algorithm to find an inverse of 13 modulo 32: FORWARD BACKWARD

• -------------- --------------

32 = 2 * 13 + 6 1 = 13 - 2*6 13 = 2 * 6 + 1 = 13 - 2*(32-2*13) 6 = 6 * 1 + 0 = -2*32 + 5*13 So 5 is an inverse of 13 modulo 32.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide23.html 1 of 1 09/30/2003 08:38 PM

Basic Number Theory

prev | slides | next

Linear Congruences Example: Solve 13x 25 (mod 32). Now we can multiply both sides of the congruence by 5 to obtain 5*13x 5*25 (mod 32) x 125 (mod 32) x 29 (mod 32) Note that the last line is obtained since 125 mod 32 yields 29.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide24.html 1 of 1 09/30/2003 08:38 PM

Basic Number Theory

prev | slides | next

Diffie-Hillman Key Exchange The first effective public key exchange method is known as Diffie-Hillman Key Exchange after the researchers that discovered it. Because they were used in the original description of the algorithm, Diffie-Hillman key exchange is usually described assuming that Alice and Bob want to use a symmetric cipher and so need to exchange a private key.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide25.html 1 of 1 09/30/2003 08:38 PM

Basic Number Theory

prev | slides | next

Diffie-Hillman Key Exchange Alice and Bob agree on two numbers y and p with 0 < y < p. These numbers are not private and can be known by anyone. 1. Alice picks a private number 0 < a and computes = ya mod p. Alice sends to Bob. 2. Meanwhile, Bob picks a private number 0 < b and computes = yb mod p. He then sends to Alice. 3. Alice computes k =

a mod p and Bob computes k = b mod

• p. Both of them obtain the same number k which can then be

used as the private key. 4.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide26.html 1 of 1 09/30/2003 08:39 PM

Basic Number Theory

prev | slides | next

Diffie-Hillman Key Exchange Example: Alice and Bob agree on y = 327 and p = 919. Alice chooses a = 400 and computes = 327400 mod 919 = 231 and sends this number to Bob. Bob chooses b = 729 and computes = 327729 mod 919 = 162 and sends this number to Alice.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide27.html 1 of 1 09/30/2003 08:39 PM

Basic Number Theory

prev | slides | next

Diffie-Hillman Key Exchange Alice computes now computes k = 162400 mod 919 = 206 and Bob computes k = 231729 mod 919 = 206. k = 206 is the private key that both Alice and Bob will use to encrypt their messages to each other.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Basic Number Theory http://localhost/~senning/courses/ma229/slides/number-theory/slide28.html 1 of 1 09/30/2003 08:39 PM

Basic Number Theory

prev | slides | next

Fast Modular Exponentiation In Diffie-Hillman key exchange, as in many modern encryption schemes, a very important operation is modular exponentiation: xn mod m. Note that while xn can be quite a large number, far too large to be computed by most computers, xn mod m is a value between 0 and m-1 inclusive.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28