foundations of computer science lecture 10 number theory
play

Foundations of Computer Science Lecture 10 Number Theory Division - PowerPoint PPT Presentation

Jul 05, 2023 •152 likes •1.24k views

Foundations of Computer Science Lecture 10 Number Theory Division and the Greatest Common Divisor Fundamental Theorem of Arithmetic Cryptography and Modular Arithmetic RSA: Public Key Cryptography Last Time 1 Why sums and reccurrences?

  1. Greatest Common Divisor Divisors of 30: { 1 , 2 , 3 , 5 , 6 , 10 , 15 , 30 } . Divisors of 42: { 1 , 2 , 3 , 6 , 7 , 14 , 21 , 42 } . Common divisors: { 1 , 2 , 3 , 6 } . greatest common divisor (GCD) = 6 . Definition. Greatest Common Divisor, GCD Let m, n be two integers not both zero. gcd( m, n ) is the largest integer that divides both m and n : gcd( m, n ) | m , gcd( m, n ) | n and any other common divisor d ≤ gcd( m, n ) . Notice that every common divisor divides the GCD. Also, gcd( m, n ) = gcd( n, m ) . Relatively Prime If gcd( m, n ) = 1 , then m, n are relatively prime. Example: 6 and 35 are not prime but they are relatively prime. Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . Proof. n = qm + r → r = n − qm . Let D = gcd( m, n ) and d = gcd( m, r ). D | m and D | n → D divides r = n − qm . Hence, D ≤ gcd( m, r ) = d . ( D is a common divisor of m, r ) d | m and d | r → d divides n = qm + r . Creator: Malik Magdon-Ismail Number Theory: 6 / 15 Euclid’s Algorithm →

  2. Greatest Common Divisor Divisors of 30: { 1 , 2 , 3 , 5 , 6 , 10 , 15 , 30 } . Divisors of 42: { 1 , 2 , 3 , 6 , 7 , 14 , 21 , 42 } . Common divisors: { 1 , 2 , 3 , 6 } . greatest common divisor (GCD) = 6 . Definition. Greatest Common Divisor, GCD Let m, n be two integers not both zero. gcd( m, n ) is the largest integer that divides both m and n : gcd( m, n ) | m , gcd( m, n ) | n and any other common divisor d ≤ gcd( m, n ) . Notice that every common divisor divides the GCD. Also, gcd( m, n ) = gcd( n, m ) . Relatively Prime If gcd( m, n ) = 1 , then m, n are relatively prime. Example: 6 and 35 are not prime but they are relatively prime. Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . Proof. n = qm + r → r = n − qm . Let D = gcd( m, n ) and d = gcd( m, r ). D | m and D | n → D divides r = n − qm . Hence, D ≤ gcd( m, r ) = d . ( D is a common divisor of m, r ) d | m and d | r → d divides n = qm + r . Hence, d ≤ gcd( m, n ) = D . ( d is a common divisor of m, n ) Creator: Malik Magdon-Ismail Number Theory: 6 / 15 Euclid’s Algorithm →

  3. Greatest Common Divisor Divisors of 30: { 1 , 2 , 3 , 5 , 6 , 10 , 15 , 30 } . Divisors of 42: { 1 , 2 , 3 , 6 , 7 , 14 , 21 , 42 } . Common divisors: { 1 , 2 , 3 , 6 } . greatest common divisor (GCD) = 6 . Definition. Greatest Common Divisor, GCD Let m, n be two integers not both zero. gcd( m, n ) is the largest integer that divides both m and n : gcd( m, n ) | m , gcd( m, n ) | n and any other common divisor d ≤ gcd( m, n ) . Notice that every common divisor divides the GCD. Also, gcd( m, n ) = gcd( n, m ) . Relatively Prime If gcd( m, n ) = 1 , then m, n are relatively prime. Example: 6 and 35 are not prime but they are relatively prime. Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . Proof. n = qm + r → r = n − qm . Let D = gcd( m, n ) and d = gcd( m, r ). D | m and D | n → D divides r = n − qm . Hence, D ≤ gcd( m, r ) = d . ( D is a common divisor of m, r ) d | m and d | r → d divides n = qm + r . Hence, d ≤ gcd( m, n ) = D . ( d is a common divisor of m, n ) D ≤ d and D ≥ d → D = d , which proves gcd( m, n ) = gcd( n, r ). Creator: Malik Magdon-Ismail Number Theory: 6 / 15 Euclid’s Algorithm →

  4. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  5. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  6. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  7. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  8. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 = gcd(0 , 6) 0 = 18 − 3 · 6 Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  9. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 = gcd(0 , 6) 0 = 18 − 3 · 6 = 6 gcd(0 , n ) = n Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  10. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 = gcd(0 , 6) 0 = 18 − 3 · 6 = 6 gcd(0 , n ) = n Remainders in Euclid’s algorithm are integer linear combinations of 42 and 108 . Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  11. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 = gcd(0 , 6) 0 = 18 − 3 · 6 = 6 gcd(0 , n ) = n Remainders in Euclid’s algorithm are integer linear combinations of 42 and 108 . In particular, gcd(42 , 108) = 6 = 2 × 108 − 5 × 42 . Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  12. Euclid’s Algorithm Theorem. gcd( m, n ) = gcd( rem ( n, m ) , m ) . gcd(42 , 108) = gcd(24 , 42) 24 = 108 − 2 · 42 = gcd(18 , 24) 18 = 42 − 24 = 42 − (108 − 2 · 42) = 3 · 42 − 108 � �� � 24 = gcd(6 , 18) 6 = 24 − 18 = (108 − 2 · 42) − (3 · 42 − 108) = 2 · 108 − 5 · 42 � �� � � �� � 24 18 = gcd(0 , 6) 0 = 18 − 3 · 6 = 6 gcd(0 , n ) = n Remainders in Euclid’s algorithm are integer linear combinations of 42 and 108 . In particular, gcd(42 , 108) = 6 = 2 × 108 − 5 × 42 . This will be true for gcd( m, n ) in general: gcd( m, n ) = mx + ny for some x, y ∈ Z . Creator: Malik Magdon-Ismail Number Theory: 7 / 15 Bezout’s Identity →

  13. Bezout’s Identity: A “Formula” for GCD From Euclid’s Algorithm, for some x, y ∈ Z . gcd( m, n ) = mx + ny Creator: Malik Magdon-Ismail Number Theory: 8 / 15 GCD Facts →

  14. Bezout’s Identity: A “Formula” for GCD From Euclid’s Algorithm, for some x, y ∈ Z . gcd( m, n ) = mx + ny Can any smaller positive number z be a linear combination of m and n ? suppose: z = mx + ny > 0 . Creator: Malik Magdon-Ismail Number Theory: 8 / 15 GCD Facts →

  15. Bezout’s Identity: A “Formula” for GCD From Euclid’s Algorithm, for some x, y ∈ Z . gcd( m, n ) = mx + ny Can any smaller positive number z be a linear combination of m and n ? suppose: z = mx + ny > 0 . gcd( m, n ) divides RHS → gcd( m, n ) | z , i.e z ≥ gcd( m, n ) (because gcd( m, n ) | m and gcd( m, n ) | n ) . Creator: Malik Magdon-Ismail Number Theory: 8 / 15 GCD Facts →

  16. Bezout’s Identity: A “Formula” for GCD From Euclid’s Algorithm, for some x, y ∈ Z . gcd( m, n ) = mx + ny Can any smaller positive number z be a linear combination of m and n ? suppose: z = mx + ny > 0 . gcd( m, n ) divides RHS → gcd( m, n ) | z , i.e z ≥ gcd( m, n ) (because gcd( m, n ) | m and gcd( m, n ) | n ) . Theorem. Bezout’s Identity gcd( m, n ) is the smallest positive integer linear combination of m and n : gcd( m, n ) = mx + ny for x, y ∈ Z . Formal Proof. Let ℓ be the smallest positive linear combination of m, n : ℓ = mx + ny . Prove ℓ ≥ gcd( m, n ) as above. Prove ℓ ≤ gcd( m, n ) by showing ℓ is a common divisor (rem( m, ℓ ) = rem( n, ℓ ) = 0). Creator: Malik Magdon-Ismail Number Theory: 8 / 15 GCD Facts →

  17. Bezout’s Identity: A “Formula” for GCD From Euclid’s Algorithm, for some x, y ∈ Z . gcd( m, n ) = mx + ny Can any smaller positive number z be a linear combination of m and n ? suppose: z = mx + ny > 0 . gcd( m, n ) divides RHS → gcd( m, n ) | z , i.e z ≥ gcd( m, n ) (because gcd( m, n ) | m and gcd( m, n ) | n ) . Theorem. Bezout’s Identity gcd( m, n ) is the smallest positive integer linear combination of m and n : gcd( m, n ) = mx + ny for x, y ∈ Z . Formal Proof. Let ℓ be the smallest positive linear combination of m, n : ℓ = mx + ny . Prove ℓ ≥ gcd( m, n ) as above. Prove ℓ ≤ gcd( m, n ) by showing ℓ is a common divisor (rem( m, ℓ ) = rem( n, ℓ ) = 0). There is no “formula” for GCD. But this is close to a “formula”. Creator: Malik Magdon-Ismail Number Theory: 8 / 15 GCD Facts →

  18. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Proof . Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  19. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . (ii) Proof . (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  20. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . (ii) Proof . gcd( m, n ) = mx + ny . (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  21. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  22. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . (iii) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  23. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . (iii) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . (iii) (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  24. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . (iii) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  25. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  26. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . (iv) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  27. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . (iv) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . (iv) (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  28. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . ✓ (iv) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . Multiplying, (iv) 1 = ( ℓx + my )( ℓx ′ + ny ′ ) = ℓ · ( ℓxx ′ + nxy ′ + myx ′ ) + mn · ( yy ′ ) . (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  29. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . ✓ (iv) if d | mn and gcd( d, m ) = 1 , then d | n . (v) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . Multiplying, (iv) 1 = ( ℓx + my )( ℓx ′ + ny ′ ) = ℓ · ( ℓxx ′ + nxy ′ + myx ′ ) + mn · ( yy ′ ) . (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) (e.g. gcd(4 , 15) = 1 and 4 | 15 × 16 → 4 | 16) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  30. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . ✓ (iv) if d | mn and gcd( d, m ) = 1 , then d | n . (v) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . Multiplying, (iv) 1 = ( ℓx + my )( ℓx ′ + ny ′ ) = ℓ · ( ℓxx ′ + nxy ′ + myx ′ ) + mn · ( yy ′ ) . (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) dx + my = 1 → ndx + nmy = n . (v) (e.g. gcd(4 , 15) = 1 and 4 | 15 × 16 → 4 | 16) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  31. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . ✓ (iv) if d | mn and gcd( d, m ) = 1 , then d | n . ✓ (v) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . Multiplying, (iv) 1 = ( ℓx + my )( ℓx ′ + ny ′ ) = ℓ · ( ℓxx ′ + nxy ′ + myx ′ ) + mn · ( yy ′ ) . (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) dx + my = 1 → ndx + nmy = n . Since d | mn , d divides the LHS, hence d | n , the RHS. (v) (e.g. gcd(4 , 15) = 1 and 4 | 15 × 16 → 4 | 16) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  32. GCD Facts gcd( m, n ) = gcd( m, rem ( n, m )) . ✓ (i) Every common divisor of m, n divides gcd( m, n ) . ✓ (ii) For k ∈ N , gcd( km, kn ) = k · gcd( m, n ) . ✓ (iii) if gcd( l, m ) = 1 and gcd( l, n ) = 1 , then gcd( l, mn ) = 1 . ✓ (iv) if d | mn and gcd( d, m ) = 1 , then d | n . ✓ (v) Proof . gcd( m, n ) = mx + ny . Any common divisor divides the RHS and so also the LHS. (ii) (e.g. 1,2,3,6 are common divisors of 30,42 and all divide the GCD 6) gcd( km, kn ) = kmx + kny = k ( mx + ny ) . The RHS is the smallest possible, so there (iii) is no smaller positive linear combination of m, n . That is gcd( m, n ) = ( mx + ny ) . (e.g. gcd(6 , 15) = 3 → gcd(12 , 30) = 2 × 3 = 6) 1 = ℓx + my and 1 = ℓx ′ + ny ′ . Multiplying, (iv) 1 = ( ℓx + my )( ℓx ′ + ny ′ ) = ℓ · ( ℓxx ′ + nxy ′ + myx ′ ) + mn · ( yy ′ ) . (e.g. gcd(15 , 4) = 1 and gcd(15 , 7) = 1 → gcd(15 , 28) = 1) dx + my = 1 → ndx + nmy = n . Since d | mn , d divides the LHS, hence d | n , the RHS. (v) (e.g. gcd(4 , 15) = 1 and 4 | 15 × 16 → 4 | 16) Creator: Malik Magdon-Ismail Number Theory: 9 / 15 Die Hard: With A Vengence →

  33. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  34. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  35. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  36. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  37. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  38. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: − → (3 , 0) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  39. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: − − → (0 , 3) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  40. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: − − − → (3 , 3) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  41. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: − − − − → (1 , 5) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  42. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: − − − − − → (1 , 0) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  43. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: − − − − − − → (0 , 1) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  44. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: − − − − − − − → (3 , 1) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  45. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: → (3 , 1) 2: − − − − − − − − → (0 , 4) ✓ Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  46. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: → (3 , 1) 2: − − − − − − − − → (0 , 4) ✓ After the 3-gallon jug is emptied into the 5-gallon jug, the state is (0 , ℓ ) , where (the 3-gallon jug has been emptied x ℓ = 3 x − 5 y. times and the 5-gallon jug y times) (integer linear combination of 3 , 5 ). Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  47. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: → (3 , 1) 2: − − − − − − − − → (0 , 4) ✓ After the 3-gallon jug is emptied into the 5-gallon jug, the state is (0 , ℓ ) , where (the 3-gallon jug has been emptied x ℓ = 3 x − 5 y. times and the 5-gallon jug y times) (integer linear combination of 3 , 5 ). Since gcd(3 , 5) = 1 we can get ℓ = 1 , (after emptying the 3-gallon jug 2 times and 1 = 3 · 2 − 5 · 1 the 5 gallon jug once, there is 1 gallon) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  48. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: → (3 , 1) 2: − − − − − − − − → (0 , 4) ✓ After the 3-gallon jug is emptied into the 5-gallon jug, the state is (0 , ℓ ) , where (the 3-gallon jug has been emptied x ℓ = 3 x − 5 y. times and the 5-gallon jug y times) (integer linear combination of 3 , 5 ). Since gcd(3 , 5) = 1 we can get ℓ = 1 , (after emptying the 3-gallon jug 2 times and 1 = 3 · 2 − 5 · 1 the 5 gallon jug once, there is 1 gallon) Do this 4 times and you have 4 gallons (guaranteed). (Actually fewer pours works.) (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: − − − − − − → (0 , 1) (repeat 4 times) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  49. Die Hard: With A Vengence , John McClane & Zeus Carver Thwart Simon Gruber Given 3 and 5-gallon jugs, measure exactly 4 gallons. 1: Repeatedly fill the 3-gallon jug. 2: Empty the 3-gallon jug into the 5-gallon jug. 3: If ever the 5-gallon jug is full, empty it by discarding the water. (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: → (0 , 1) 1: → (3 , 1) 2: − − − − − − − − → (0 , 4) ✓ After the 3-gallon jug is emptied into the 5-gallon jug, the state is (0 , ℓ ) , where (the 3-gallon jug has been emptied x ℓ = 3 x − 5 y. times and the 5-gallon jug y times) (integer linear combination of 3 , 5 ). Since gcd(3 , 5) = 1 we can get ℓ = 1 , (after emptying the 3-gallon jug 2 times and 1 = 3 · 2 − 5 · 1 the 5 gallon jug once, there is 1 gallon) Do this 4 times and you have 4 gallons (guaranteed). (Actually fewer pours works.) (0 , 0) 1: → (3 , 0) 2: → (0 , 3) 1: → (3 , 3) 2: → (1 , 5) 3: → (1 , 0) 2: − − − − − − → (0 , 1) (repeat 4 times) If the producers of Die Hard had chosen 3 and 6 gallon jugs, there can be no sequel (phew ). (Why?) Creator: Malik Magdon-Ismail Number Theory: 10 / 15 Fundamental Theorem of Arithmetic →

  50. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  51. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  52. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  53. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  54. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Induction on ℓ . Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  55. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Induction on ℓ . Proof. (FTA) Contradiction. Let n ∗ be the smallest counter-example, n ∗ > 2 and n ∗ = p 1 p 2 · · · p n = q 1 q 2 · · · q k Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  56. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Induction on ℓ . Proof. (FTA) Contradiction. Let n ∗ be the smallest counter-example, n ∗ > 2 and n ∗ = p 1 p 2 · · · p n = q 1 q 2 · · · q k Since p 1 | n ∗ , it means p 1 | q 1 q 2 · · · q k and by Euclid’s Lemma, p 1 = q i (w.l.o.g. q 1 ). Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  57. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Induction on ℓ . Proof. (FTA) Contradiction. Let n ∗ be the smallest counter-example, n ∗ > 2 and n ∗ = p 1 p 2 · · · p n = q 1 q 2 · · · q k Since p 1 | n ∗ , it means p 1 | q 1 q 2 · · · q k and by Euclid’s Lemma, p 1 = q i (w.l.o.g. q 1 ). n ∗ /p 1 = p 2 · · · p n = q 2 · · · q k . Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  58. Fundamental Theorem of Arithmetic Part (ii) Theorem. Uniqueness of Prime Factorization Every n ≥ 2 is uniquely (up to reordering) a product of primes. Euclid’s Lemma: For primes p, q 1 , . . . , q ℓ , if p | q 1 q 2 · · · q ℓ then p is one of the q i . Proof of lemma: If p | q ℓ then p = q ℓ . If not, gcd( p, q ℓ ) = 1 and p | q 1 · · · q ℓ − 1 by GCD fact (v). Induction on ℓ . Proof. (FTA) Contradiction. Let n ∗ be the smallest counter-example, n ∗ > 2 and n ∗ = p 1 p 2 · · · p n = q 1 q 2 · · · q k Since p 1 | n ∗ , it means p 1 | q 1 q 2 · · · q k and by Euclid’s Lemma, p 1 = q i (w.l.o.g. q 1 ). n ∗ /p 1 = p 2 · · · p n = q 2 · · · q k . That is, n ∗ /p 1 is a smaller counter-example. FISHY! Creator: Malik Magdon-Ismail Number Theory: 11 / 15 Cryptography 101 →

  59. Cryptography 101: Alice and Bob wish to securely exchange the prime M Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  60. Cryptography 101: Alice and Bob wish to securely exchange the prime M Alice encrypts M M ∗

  61. Cryptography 101: Alice and Bob wish to securely exchange the prime M Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts

  62. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  63. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  64. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Alice and Bob know k , Charlie does not. Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  65. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Alice and Bob know k , Charlie does not. Bob Decrypts: M ′ = M ∗ /k = M × k/k = M . (Hooray, M ′ = M and Charlie is in the dark.) Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  66. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Alice and Bob know k , Charlie does not. Bob Decrypts: M ′ = M ∗ /k = M × k/k = M . (Hooray, M ′ = M and Charlie is in the dark.) Secure as long as Charlie cannot factor M ′ into k and M . (Factoring is hard ) Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  67. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Alice and Bob know k , Charlie does not. Bob Decrypts: M ′ = M ∗ /k = M × k/k = M . (Hooray, M ′ = M and Charlie is in the dark.) Secure as long as Charlie cannot factor M ′ into k and M . (Factoring is hard ) One time use. For two cypher-texts , k = gcd( M 1 ∗ , M 2 ∗ ) . Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  68. Cryptography 101: Alice and Bob wish to securely exchange the prime M M ∗ ??? Charlie eavesdrops Alice encrypts Alice sends to Bob M ′ M M ∗ Bob decrypts Example. Alice Encrypts: M ∗ = M × k ( k is a shared secret – private key ) Alice and Bob know k , Charlie does not. Bob Decrypts: M ′ = M ∗ /k = M × k/k = M . (Hooray, M ′ = M and Charlie is in the dark.) Secure as long as Charlie cannot factor M ′ into k and M . (Factoring is hard ) One time use. For two cypher-texts , k = gcd( M 1 ∗ , M 2 ∗ ) . To improve, we need modular arithmetic. Creator: Malik Magdon-Ismail Number Theory: 12 / 15 Modular Arithmetic →

  69. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  70. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  71. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  72. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  73. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017 ? Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  74. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017 ? 3 2 ≡ − 1 (mod 10) Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  75. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017 ? 3 2 ≡ − 1 (mod 10) (3 2 ) 1008 ≡ ( − 1) 1008 → (mod 10) Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  76. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017 ? 3 2 ≡ − 1 (mod 10) (3 2 ) 1008 ≡ ( − 1) 1008 → (mod 10) → 3 · (3 2 ) 1008 ≡ 3 · ( − 1) 1008 (mod 10) Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  77. Modular Arithmetic a ≡ b (mod d ) if and only if d | ( a − b ) , i.e. a − b = kd for k ∈ Z 41 ≡ 79 (mod 19) because 41 − 79 = − 38 = − 2 · 19 . Modular Equivalence Properties. Suppose a ≡ b (mod d ) , i.e. a = b + kd , and r ≡ s (mod d ) , i.e. r = s + ℓd . Then, (c) a n ≡ b n (mod d ) . (a) ar ≡ bs (mod d ) . (b) a + r ≡ b + s (mod d ) . ar − bs ( a + r ) − ( b + s ) Repeated application of (a) = ( b + kd )( s + ℓd ) − bs = ( b + kd + s + ℓd ) − b − s Induction. = d ( ks + bℓl + kℓd ) . = d ( k + ℓ ) . That is d | ar − bs . That is d | ( a + r ) − ( b + s ). Addition and multiplication are just like regular arithmetic. Example. What is the last digit of 3 2017 ? 3 2 ≡ − 1 (mod 10) (3 2 ) 1008 ≡ ( − 1) 1008 → (mod 10) → 3 · (3 2 ) 1008 ≡ 3 · ( − 1) 1008 (mod 10) ≡ 3 Creator: Malik Magdon-Ismail Number Theory: 13 / 15 Modular Division →

  78. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

  79. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) 15 �≡ 13 (mod 12) ✘ Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

  80. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) 15 · 6 ≡ 2 · 6 (mod 13) 15 �≡ 13 (mod 12) ✘ Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

  81. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) 15 · 6 ≡ 2 · 6 (mod 13) 15 �≡ 13 (mod 12) ✘ 15 ≡ 2 (mod 13) ✓ Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

  82. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) 15 · 6 ≡ 2 · 6 (mod 13) 7 · 8 ≡ 22 · 8 (mod 15) 15 �≡ 13 (mod 12) ✘ 15 ≡ 2 (mod 13) ✓ Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

  83. Modular Division is Not Like Regular Arithmetic 15 · 6 ≡ 13 · 6 (mod 12) 15 · 6 ≡ 2 · 6 (mod 13) 7 · 8 ≡ 22 · 8 (mod 15) 15 �≡ 13 (mod 12) ✘ 15 ≡ 2 (mod 13) ✓ 7 ≡ 22 (mod 15) ✓ Creator: Malik Magdon-Ismail Number Theory: 14 / 15 RSA →

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundations of Computer Science Last Time Lecture 10 Number Theory Division and the Greatest

Foundations of Computer Science Last Time Lecture 10 Number Theory Division and the Greatest

Foundations of Computer Science Last Time Lecture 10 Number Theory Division and the Greatest Common Divisor Fundamental Theorem of Arithmetic 1 Why sums and reccurrences? Running times of programs. Cryptography and Modular Arithmetic RSA:

147 views • 4 slides
Foundations of Computer Science Lecture 10 Number Theory Division and the Greatest Common

Foundations of Computer Science Lecture 10 Number Theory Division and the Greatest Common

Foundations of Computer Science Lecture 10 Number Theory Division and the Greatest Common Divisor Fundamental Theorem of Arithmetic Cryptography and Modular Arithmetic RSA: Public Key Cryptography Last Time 1 Why sums and reccurrences?

197 views • 15 slides
Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an

Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an

Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an Experiment Mathematical Expectation: A Number that Summarizes a PDF Conditional Expectation Law of Total Expectation Last Time 1 Random variables.

657 views • 55 slides
Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an

Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an

Foundations of Computer Science Lecture 19 Expected Value The Average Over Many Runs of an Experiment Mathematical Expectation: A Number that Summarizes a PDF Conditional Expectation Law of Total Expectation Last Time 1 Random variables.

347 views • 15 slides
CSE 311: Foundations of Computing I Lecture 1: Propositional Logic Some Perspective Computer

CSE 311: Foundations of Computing I Lecture 1: Propositional Logic Some Perspective Computer

CSE 311: Foundations of Computing I Lecture 1: Propositional Logic Some Perspective Computer Science and Engineering Theory Programming CSE 14x CSE 311 Hardware About the Course We will study the theory needed for CSE: Logic : How can we

454 views • 44 slides
CSE 312: Foundations of Computer Science, II CSE 312: Foundations of Computer Science, II

CSE 312: Foundations of Computer Science, II CSE 312: Foundations of Computer Science, II

CSE 312: Foundations of Computer Science, II CSE 312: Foundations of Computer Science, II Instructor: Anna R Karlin (karlin@cs.washington.edu) Tas: Dimitrios Gklezakos Tom Guo Stephen Jonany Kane Swanson CSE

522 views • 11 slides
Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and

Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and

Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and Theoretical Computer Science Technical University of Munich Summer 2019 Partially based on slides by J org Kreiker Lecture 1 Introduction

676 views • 40 slides
Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and

Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and

Complexity Theory Jan K ret nsk y Chair for Foundations of Software Reliability and Theoretical Computer Science Technical University of Munich Summer 2016 Based on slides by J org Kreiker Lecture 2 Turing Machines Agenda

406 views • 25 slides
91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture Notes (Section 3.3: Definition of Algorithm) David Martin dm@cs.uml.edu With modifications by Prof. Karen Daniels, Fall 2012 This work is licensed

264 views • 12 slides
91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 3 Lecture Notes (Section 3.2: Variants of Turing Machines) David Martin dm@cs.uml.edu With some modifications by Prof. Karen Daniels, Fall 2012 This work is

286 views • 17 slides
91.304 Foundations of (Theoretical) Computer Science (Th ti l) C t S i Chapter 1 Lecture

91.304 Foundations of (Theoretical) Computer Science (Th ti l) C t S i Chapter 1 Lecture

91.304 Foundations of (Theoretical) Computer Science (Th ti l) C t S i Chapter 1 Lecture Notes (Section 1.3: Regular Expressions) David Martin dm@cs.uml.edu d @ l d with some modifications by Prof. Karen Daniels, Spring 2012 This

374 views • 36 slides
91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 1 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 1 Lecture

91.304 Foundations of (Th (Theoretical) Computer Science ti l) C t S i Chapter 1 Lecture Notes (Section 1.2: NFAs) David Martin dm@cs uml edu dm@cs.uml.edu With some modifications by Prof. Karen Daniels Slides also added from http: /

326 views • 29 slides
Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . . (Implication): Direct proof; Contraposition Contradiction Proofs About Sets Last Time 1 How to make precise statements. 2 Quantifiers which allow us to make

352 views • 18 slides
Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . . (Implication): Direct proof; Contraposition Contradiction Proofs About Sets Last Time 1 How to make precise statements. 2 Quantifiers which allow us to make

1.47k views • 98 slides
91.304 Foundations of (Theoretical) Computer Science Chapter 3 Lecture Notes (Section 3.1:

91.304 Foundations of (Theoretical) Computer Science Chapter 3 Lecture Notes (Section 3.1:

91.304 Foundations of (Theoretical) Computer Science Chapter 3 Lecture Notes (Section 3.1: Turing Machines) David Martin dm@cs.uml.edu With some modifications by Prof. Karen Daniels, Fall 2013 This work is licensed under the Creative Commons

575 views • 31 slides
Foundations of Computer Science Lecture 17 Independent Events Independence is a Powerful

Foundations of Computer Science Lecture 17 Independent Events Independence is a Powerful

Foundations of Computer Science Lecture 17 Independent Events Independence is a Powerful Assumption The Fermi Method Coincidence and the Birthday Paradox Application to Hashing Random Walks and Gamblers Ruin Last Time 1 New information

259 views • 13 slides
Restricted several bodies-problem asteroid + Sun + 8 planets Different models: asteroid +

Restricted several bodies-problem asteroid + Sun + 8 planets Different models: asteroid +

A numerical study of the Trojan dynamics Philippe Robutel ASD/IMCCE, Observatoire de Paris Collaborations with: J. Bodossian (Paris) F. Gabern (Barcelona) A. Jorba (Barcelona) J. Laskar (Paris) 1 Restricted several bodies-problem

1.23k views • 87 slides
GRAVITATIONAL LENSING LECTURE 13 Docente: Massimo Meneghetti AA 2015-2016 TODAYS LECTURE

GRAVITATIONAL LENSING LECTURE 13 Docente: Massimo Meneghetti AA 2015-2016 TODAYS LECTURE

GRAVITATIONAL LENSING LECTURE 13 Docente: Massimo Meneghetti AA 2015-2016 TODAYS LECTURE Second order e ff ects in the microlensing light curves Relevant results of microlensing The future of microlensing SECOND ORDER EFFECTS IN

783 views • 30 slides
Introduction Introduction to to Geant4 Geant4 Makoto Asai (SLAC Computing Services) Makoto

Introduction Introduction to to Geant4 Geant4 Makoto Asai (SLAC Computing Services) Makoto

Introduction Introduction to to Geant4 Geant4 Makoto Asai (SLAC Computing Services) Makoto Asai (SLAC Computing Services) Geant4 Tutorial Course @ Fermi Lab Geant4 Tutorial Course @ Fermi Lab th , 2003 October 27 th October 27 , 2003

861 views • 58 slides
Secondary 3 Form Teachers Briefing 15 February 2019 Agenda Introduction Subject

Secondary 3 Form Teachers Briefing 15 February 2019 Agenda Introduction Subject

Secondary 3 Form Teachers Briefing 15 February 2019 Agenda Introduction Subject Teachers GRACE protocol Family Values Holiday Activities and Structured Lessons Conduct of CCE lessons Post-Secondary Options

341 views • 20 slides
COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant

COMP2111 Week 10 Term 1, 2020 State machines 1 Summary Motivation Definitions The invariant principle Partial correctness and termination Input and output Finite automata 2 Summary Motivation Definitions The invariant principle

1.19k views • 75 slides
Artefacts and Social Identity Penelope Allison School of Archaeology and Ancient History

Artefacts and Social Identity Penelope Allison School of Archaeology and Ancient History

Artefacts and Social Identity Penelope Allison School of Archaeology and Ancient History Projects based on Pompeian Data Current PhD candidates, Univ. of Leicester David Griffiths The social and economic impact of artificial light in

298 views • 13 slides
Java EE 6 New features in practice Part 2 Java and all Java-based marks are trademarks or

Java EE 6 New features in practice Part 2 Java and all Java-based marks are trademarks or

Java EE 6 New features in practice Part 2 Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. License for use and distribution This material is available for

610 views • 37 slides
INFORMED SEARCH Joseph C. Osborn Material borrowed from : David Kauchak, Sara Owsley Sood and

INFORMED SEARCH Joseph C. Osborn Material borrowed from : David Kauchak, Sara Owsley Sood and

INFORMED SEARCH Joseph C. Osborn Material borrowed from : David Kauchak, Sara Owsley Sood and others CS51A Foxes and Chickens Three foxes and three chickens wish to cross the river. They have a small boat that will carry up to two animals.

1.58k views • 89 slides

More recommend