Section 20 Fermats and Eulers theorems Instructor: Yifan Yang - - PowerPoint PPT Presentation

Fermat’s theorem Euler’s generalization Application to cryptography

Section 20 – Fermat’s and Euler’s theorems

Instructor: Yifan Yang Spring 2007

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

The multiplicative group of nonzero elements in a field

Theorem The nonzero elements of a field form a group under the field multiplication. Proof.

• Straightforward. See Exercise 37 of Section 18.

Notation The mutliplicative group of nonzero elements in a field F will be denoted by F ×.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

The multiplicative group of nonzero elements in a field

Theorem The nonzero elements of a field form a group under the field multiplication. Proof.

• Straightforward. See Exercise 37 of Section 18.

Notation The mutliplicative group of nonzero elements in a field F will be denoted by F ×.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

The multiplicative group of nonzero elements in a field

Theorem The nonzero elements of a field form a group under the field multiplication. Proof.

• Straightforward. See Exercise 37 of Section 18.

Notation The mutliplicative group of nonzero elements in a field F will be denoted by F ×.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Fermat’s theorem

Theorem (20.1, Little theorem of Fermat) Let p be a prime. Then for all integers a not divisible by p, we have ap−1 ≡ 1 mod p. Proof. The group Z×

p has p − 1 elements. Then by the Lagrange

theorem (Theorem 10.10), for all a ∈ Z×

p , ap−1 ≡ 1 mod p.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Fermat’s theorem

Theorem (20.1, Little theorem of Fermat) Let p be a prime. Then for all integers a not divisible by p, we have ap−1 ≡ 1 mod p. Proof. The group Z×

p has p − 1 elements. Then by the Lagrange

theorem (Theorem 10.10), for all a ∈ Z×

p , ap−1 ≡ 1 mod p.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Corollary and examples

Corollary (20.2) Let p be a prime. Then ap ≡ a mod p for all a ∈ Z.

Example 1. Let us compute the remainder of 7103 when

divided by 17.

• Solution. By Fermat’s theorem, we have 716 ≡ 1 mod 17.

Thus, 7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2 = 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Corollary and examples

Corollary (20.2) Let p be a prime. Then ap ≡ a mod p for all a ∈ Z.

Example 1. Let us compute the remainder of 7103 when

divided by 17.

• Solution. By Fermat’s theorem, we have 716 ≡ 1 mod 17.

Thus, 7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2 = 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Corollary and examples

Corollary (20.2) Let p be a prime. Then ap ≡ a mod p for all a ∈ Z.

Example 1. Let us compute the remainder of 7103 when

divided by 17.

• Solution. By Fermat’s theorem, we have 716 ≡ 1 mod 17.

Thus, 7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2 = 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Prove that n33 − n is divisible by 15 for all n.

• Solution. We need to show that n33 − n is divisible by both 3

and 5. Here we demonstrate n33 − n ≡ 0 mod 5, and leave n33 − n ≡ 0 mod 3 as an exercise. If 5|n, then n33 is clearly congruent to n modulo 5. If 5 ∤ n, then n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1 − 1) = 0 mod 5.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Prove that n33 − n is divisible by 15 for all n.

• Solution. We need to show that n33 − n is divisible by both 3

and 5. Here we demonstrate n33 − n ≡ 0 mod 5, and leave n33 − n ≡ 0 mod 3 as an exercise. If 5|n, then n33 is clearly congruent to n modulo 5. If 5 ∤ n, then n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1 − 1) = 0 mod 5.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Prove that n33 − n is divisible by 15 for all n.

• Solution. We need to show that n33 − n is divisible by both 3

and 5. Here we demonstrate n33 − n ≡ 0 mod 5, and leave n33 − n ≡ 0 mod 3 as an exercise. If 5|n, then n33 is clearly congruent to n modulo 5. If 5 ∤ n, then n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1 − 1) = 0 mod 5.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Prove that n33 − n is divisible by 15 for all n.

• Solution. We need to show that n33 − n is divisible by both 3

and 5. Here we demonstrate n33 − n ≡ 0 mod 5, and leave n33 − n ≡ 0 mod 3 as an exercise. If 5|n, then n33 is clearly congruent to n modulo 5. If 5 ∤ n, then n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1 − 1) = 0 mod 5.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s generalization

Theorem (20.6) The set Z×

n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.

• closed:
• Suppose that a and b are not 0 nor zero divisors. We need

to show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab = 0.
• Now suppose that (ab)c = 0.
• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.

• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.6, continued

• associativity: obvious.
• identity: 1 is the multiplicative identity.
• inverse:
• We will argue along the same line as the proof of Theorem

19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×

n . For a ∈ Z× n , we

consider aa1, . . . , aak.

• Suppose that aai = aaj. Then a(ai − aj) = 0.
• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj.

• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.

• This shows that a has an inverse in Z×

n .

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s φ-function

Definition The Euler’s φ-function φ(n) is defined as the number of elements in Z×

n . (By Theorem 19.3,

φ(n) = {1 ≤ k ≤ n : gcd(k, n) = 1}.) Example

1

Z×

12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2

Z×

15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark In general, φ(n) = n

p|n,p primes(1 − 1/p).

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s φ-function

Definition The Euler’s φ-function φ(n) is defined as the number of elements in Z×

n . (By Theorem 19.3,

φ(n) = {1 ≤ k ≤ n : gcd(k, n) = 1}.) Example

1

Z×

12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2

Z×

15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark In general, φ(n) = n

p|n,p primes(1 − 1/p).

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s φ-function

Definition The Euler’s φ-function φ(n) is defined as the number of elements in Z×

n . (By Theorem 19.3,

φ(n) = {1 ≤ k ≤ n : gcd(k, n) = 1}.) Example

1

Z×

12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2

Z×

15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark In general, φ(n) = n

p|n,p primes(1 − 1/p).

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s φ-function

Definition The Euler’s φ-function φ(n) is defined as the number of elements in Z×

n . (By Theorem 19.3,

φ(n) = {1 ≤ k ≤ n : gcd(k, n) = 1}.) Example

1

Z×

12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2

Z×

15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark In general, φ(n) = n

p|n,p primes(1 − 1/p).

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s theorem

Theorem (20.8, Euler’s theorem) Let n be a positive integer. Then for all integers a relatively prime to n, we have aφ(n) ≡ 1 mod n. Proof. Similar to the proof of Fermat’s theorem. (Apply the Lagrange theorem to the group Z×

n .)

Example Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e., 424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s theorem

Theorem (20.8, Euler’s theorem) Let n be a positive integer. Then for all integers a relatively prime to n, we have aφ(n) ≡ 1 mod n. Proof. Similar to the proof of Fermat’s theorem. (Apply the Lagrange theorem to the group Z×

n .)

Example Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e., 424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s theorem

Theorem (20.8, Euler’s theorem) Let n be a positive integer. Then for all integers a relatively prime to n, we have aφ(n) ≡ 1 mod n. Proof. Similar to the proof of Fermat’s theorem. (Apply the Lagrange theorem to the group Z×

n .)

Example Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e., 424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s theorem

Theorem (20.8, Euler’s theorem) Let n be a positive integer. Then for all integers a relatively prime to n, we have aφ(n) ≡ 1 mod n. Proof. Similar to the proof of Fermat’s theorem. (Apply the Lagrange theorem to the group Z×

n .)

Example Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e., 424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Euler’s theorem

Theorem (20.8, Euler’s theorem) Let n be a positive integer. Then for all integers a relatively prime to n, we have aφ(n) ≡ 1 mod n. Proof. Similar to the proof of Fermat’s theorem. (Apply the Lagrange theorem to the group Z×

n .)

Example Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e., 424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

In-class exercises

1

Find the remainder of 31105, when divided by 23.

2

Find the remainder of 29980, when divided by 37.

3

Find the remainder of 23000, when divided by 35.

4

Find the remainder of 21000, when divided by 27.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Finding a−1 modulo n using the Euclidean algorithm

• Example. Find the multiplicative inverse of 11 modulo 29.
• Solution. We have

29 = 2 × 11 + 7 11 = 1 × 7 + 4 7 = 1 × 4 + 3 4 = 1 × 3 + 1. Thus 1 = 4 − 1 × 3 = 4 − 1 × (7 − 1 × 4) = 2 × 4 − 1 × 7 = 2 × (11 − 1 × 7) − 1 × 7 = 2 × 11 − 3 × 7 = 2 × 11 − 3 × (29 − 2 × 11) = 8 × 11 − 3 × 29. We see that the multiplicative inverse of 11 modulo 29 is 8.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Solving ax ≡ b mod n

Theorem (20.10) Let n be a positive integer and let a ∈ Zn be relatively prime to

• n. Then for each b ∈ Zn, the equation ax = b has a unique

solution in Zn. Proof. Let a−1 be the multiplicative inverse of a in Zn. Then a−1b is the unique solution of ax = b in Zn.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Solving ax ≡ b mod n

Theorem (20.10) Let n be a positive integer and let a ∈ Zn be relatively prime to

• n. Then for each b ∈ Zn, the equation ax = b has a unique

solution in Zn. Proof. Let a−1 be the multiplicative inverse of a in Zn. Then a−1b is the unique solution of ax = b in Zn.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Theorem (20.12) Let n be a positive integer and let a, b ∈ Zn. Let d = gcd(a, n). The equation ax = b has a solution in Zn if and only if d divides

• b. When d divides b, the equation has exactly d solutions in Zn.

Proof.

• d ∤ b. For all integers c, all elements in the residue class

ac + nZ = {ac + kn : k ∈ Z} are all multiples of d = gcd(a, n). They cannot be congruent to b modulo n if b is not a multiple of d.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Theorem (20.12) Let n be a positive integer and let a, b ∈ Zn. Let d = gcd(a, n). The equation ax = b has a solution in Zn if and only if d divides

• b. When d divides b, the equation has exactly d solutions in Zn.

Proof.

• d ∤ b. For all integers c, all elements in the residue class

ac + nZ = {ac + kn : k ∈ Z} are all multiples of d = gcd(a, n). They cannot be congruent to b modulo n if b is not a multiple of d.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Theorem (20.12) Let n be a positive integer and let a, b ∈ Zn. Let d = gcd(a, n). The equation ax = b has a solution in Zn if and only if d divides

• b. When d divides b, the equation has exactly d solutions in Zn.

Proof.

• d ∤ b. For all integers c, all elements in the residue class

ac + nZ = {ac + kn : k ∈ Z} are all multiples of d = gcd(a, n). They cannot be congruent to b modulo n if b is not a multiple of d.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Theorem (20.12) Let n be a positive integer and let a, b ∈ Zn. Let d = gcd(a, n). The equation ax = b has a solution in Zn if and only if d divides

• b. When d divides b, the equation has exactly d solutions in Zn.

Proof.

• d ∤ b. For all integers c, all elements in the residue class

ac + nZ = {ac + kn : k ∈ Z} are all multiples of d = gcd(a, n). They cannot be congruent to b modulo n if b is not a multiple of d.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.12, continued

• d|b.
• Observe that n|(ax − b) ⇐

⇒ n d

• a

d

• x − b

d

• , that is, x

is a solution of ax ≡ b mod n if and only if x is a solution of (a/d)x ≡ (b/d) mod (n/d).

• Now a/d and n/d are relatively prime. Thus, by Theorem

20.10, there is a unique residue class s modulo n/d that satisfies (a/d)s ≡ b/d mod n/d.

• Among all the residue classes modulo n, the residue

classes represented by s, s + n/d, · · · , s + (d − 1)n/d are precisely the solutions of ax = b mod n.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.12, continued

• d|b.
• Observe that n|(ax − b) ⇐

⇒ n d

• a

d

• x − b

d

• , that is, x

is a solution of ax ≡ b mod n if and only if x is a solution of (a/d)x ≡ (b/d) mod (n/d).

• Now a/d and n/d are relatively prime. Thus, by Theorem

20.10, there is a unique residue class s modulo n/d that satisfies (a/d)s ≡ b/d mod n/d.

• Among all the residue classes modulo n, the residue

classes represented by s, s + n/d, · · · , s + (d − 1)n/d are precisely the solutions of ax = b mod n.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.12, continued

• d|b.
• Observe that n|(ax − b) ⇐

⇒ n d

• a

d

• x − b

d

• , that is, x

is a solution of ax ≡ b mod n if and only if x is a solution of (a/d)x ≡ (b/d) mod (n/d).

• Now a/d and n/d are relatively prime. Thus, by Theorem

20.10, there is a unique residue class s modulo n/d that satisfies (a/d)s ≡ b/d mod n/d.

• Among all the residue classes modulo n, the residue

classes represented by s, s + n/d, · · · , s + (d − 1)n/d are precisely the solutions of ax = b mod n.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Proof of Theorem 20.12, continued

• d|b.
• Observe that n|(ax − b) ⇐

⇒ n d

• a

d

• x − b

d

• , that is, x

is a solution of ax ≡ b mod n if and only if x is a solution of (a/d)x ≡ (b/d) mod (n/d).

• Now a/d and n/d are relatively prime. Thus, by Theorem

20.10, there is a unique residue class s modulo n/d that satisfies (a/d)s ≡ b/d mod n/d.

• Among all the residue classes modulo n, the residue

classes represented by s, s + n/d, · · · , s + (d − 1)n/d are precisely the solutions of ax = b mod n.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 1. Solve 12x ≡ 27 mod 18 in integers.

• Solution. The gcd of 12 and 18 is 6, which does not divide 27.

Thus the equation has no solutions in integer.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 1. Solve 12x ≡ 27 mod 18 in integers.

• Solution. The gcd of 12 and 18 is 6, which does not divide 27.

Thus the equation has no solutions in integer.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers. Solution.

• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if

5a ≡ 9 mod 6, then a ≡ 5 × 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.
• Note that the integers 3 + 6k fall in three residue classes

3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers. Solution.

• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if

5a ≡ 9 mod 6, then a ≡ 5 × 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.
• Note that the integers 3 + 6k fall in three residue classes

3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers. Solution.

• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if

5a ≡ 9 mod 6, then a ≡ 5 × 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.
• Note that the integers 3 + 6k fall in three residue classes

3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers. Solution.

• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if

5a ≡ 9 mod 6, then a ≡ 5 × 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.
• Note that the integers 3 + 6k fall in three residue classes

3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers. Solution.

• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if

5a ≡ 9 mod 6, then a ≡ 5 × 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.
• Note that the integers 3 + 6k fall in three residue classes

3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 3. Find all solutions of 123x ≡ 78 mod 1671. Solution.

• The gcd of 123 and 1671 is 3, and an integer a is a

solution of 123x ≡ 78 mod 1671 if and only if it is a solution of 41x ≡ 26 mod 557.

• Using the Euclidean algorithm, we find the inverse of 41

modulo 557 is 394.

• Thus, The solution set of 41x ≡ 26 mod 557 is

{26 × 394 + 557k : k ∈ Z} = {218 + 557k : k ∈ Z}.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 3. Find all solutions of 123x ≡ 78 mod 1671. Solution.

• The gcd of 123 and 1671 is 3, and an integer a is a

solution of 123x ≡ 78 mod 1671 if and only if it is a solution of 41x ≡ 26 mod 557.

• Using the Euclidean algorithm, we find the inverse of 41

modulo 557 is 394.

• Thus, The solution set of 41x ≡ 26 mod 557 is

{26 × 394 + 557k : k ∈ Z} = {218 + 557k : k ∈ Z}.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 3. Find all solutions of 123x ≡ 78 mod 1671. Solution.

• The gcd of 123 and 1671 is 3, and an integer a is a

solution of 123x ≡ 78 mod 1671 if and only if it is a solution of 41x ≡ 26 mod 557.

• Using the Euclidean algorithm, we find the inverse of 41

modulo 557 is 394.

• Thus, The solution set of 41x ≡ 26 mod 557 is

{26 × 394 + 557k : k ∈ Z} = {218 + 557k : k ∈ Z}.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Examples

Example 3. Find all solutions of 123x ≡ 78 mod 1671. Solution.

• The gcd of 123 and 1671 is 3, and an integer a is a

solution of 123x ≡ 78 mod 1671 if and only if it is a solution of 41x ≡ 26 mod 557.

• Using the Euclidean algorithm, we find the inverse of 41

modulo 557 is 394.

• Thus, The solution set of 41x ≡ 26 mod 557 is

{26 × 394 + 557k : k ∈ Z} = {218 + 557k : k ∈ Z}.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

In-class exercises

1

Find the multiplicative inverse of 37 modulo 53.

2

Find the multiplicative inverse of 35 modulo 59.

3

Solve 24x ≡ 63 mod 67 in integers.

4

Solve 27x ≡ 69 mod 165 in integers.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Application to cryptography

RSA algorithm.

• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryption

key is open to public).

• Still widely used in electronic commerce.
• Uses the properties that it is easy to determine whether a

large integer is a prime, but it is very difficult to factorize a large composite number.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Application to cryptography

RSA algorithm.

• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryption

key is open to public).

• Still widely used in electronic commerce.
• Uses the properties that it is easy to determine whether a

large integer is a prime, but it is very difficult to factorize a large composite number.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Application to cryptography

RSA algorithm.

• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryption

key is open to public).

• Still widely used in electronic commerce.
• Uses the properties that it is easy to determine whether a

large integer is a prime, but it is very difficult to factorize a large composite number.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Application to cryptography

RSA algorithm.

• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryption

key is open to public).

• Still widely used in electronic commerce.
• Uses the properties that it is easy to determine whether a

large integer is a prime, but it is very difficult to factorize a large composite number.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Application to cryptography

RSA algorithm.

• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryption

key is open to public).

• Still widely used in electronic commerce.
• Uses the properties that it is easy to determine whether a

large integer is a prime, but it is very difficult to factorize a large composite number.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Key selection.

• Choose two large primes p and q, and let n = pq. This n

will be made public.

• Pick a positive integer e < φ(n) such that gcd(e, φ(n)) = 1.

This e will be released as the public key.

• Compute d that satisfies de ≡ 1 mod φ(n) (i.e.,

de = 1 + kφ(n) for some k). This d is the private key.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Key selection.

• Choose two large primes p and q, and let n = pq. This n

will be made public.

• Pick a positive integer e < φ(n) such that gcd(e, φ(n)) = 1.

This e will be released as the public key.

• Compute d that satisfies de ≡ 1 mod φ(n) (i.e.,

de = 1 + kφ(n) for some k). This d is the private key.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Key selection.

• Choose two large primes p and q, and let n = pq. This n

will be made public.

• Pick a positive integer e < φ(n) such that gcd(e, φ(n)) = 1.

This e will be released as the public key.

• Compute d that satisfies de ≡ 1 mod φ(n) (i.e.,

de = 1 + kφ(n) for some k). This d is the private key.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Encryption phase.

• Alice sends (n, e) to Bob and keeps the private key d in a

safe place.

• Suppose that m is the message that Bob wishes to encrypt

and send to Alice. He computes c ≡ me mod n and send c.

Decryption phase.

• To decipher the code c, Alice computes cd modulo n.
• Now by Euler’s Theorem, we have

cd ≡ mde = m1+kφ(n) ≡ m mod n. Thus, Alice does recover the message m.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Encryption phase.

• Alice sends (n, e) to Bob and keeps the private key d in a

safe place.

• Suppose that m is the message that Bob wishes to encrypt

and send to Alice. He computes c ≡ me mod n and send c.

Decryption phase.

• To decipher the code c, Alice computes cd modulo n.
• Now by Euler’s Theorem, we have

cd ≡ mde = m1+kφ(n) ≡ m mod n. Thus, Alice does recover the message m.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Encryption phase.

• Alice sends (n, e) to Bob and keeps the private key d in a

safe place.

• Suppose that m is the message that Bob wishes to encrypt

and send to Alice. He computes c ≡ me mod n and send c.

Decryption phase.

• To decipher the code c, Alice computes cd modulo n.
• Now by Euler’s Theorem, we have

cd ≡ mde = m1+kφ(n) ≡ m mod n. Thus, Alice does recover the message m.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

RSA algorithm

Encryption phase.

• Alice sends (n, e) to Bob and keeps the private key d in a

safe place.

• Suppose that m is the message that Bob wishes to encrypt

and send to Alice. He computes c ≡ me mod n and send c.

Decryption phase.

• To decipher the code c, Alice computes cd modulo n.
• Now by Euler’s Theorem, we have

cd ≡ mde = m1+kφ(n) ≡ m mod n. Thus, Alice does recover the message m.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Example

• Choose p = 13, q = 19, and n = 247. We have

φ(n) = 12 × 18 = 216.

• Choose e = 23. We find d = 47 satisfies

23 × 47 = 1081 ≡ 1 mod φ(n).

• Let m = 90 be the message. We find c ≡ 9023 ≡ 181

mod 247.

• Now

cd = 18147 ≡ 90 mod 247, which is indeed the original message.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Example

• Choose p = 13, q = 19, and n = 247. We have

φ(n) = 12 × 18 = 216.

• Choose e = 23. We find d = 47 satisfies

23 × 47 = 1081 ≡ 1 mod φ(n).

• Let m = 90 be the message. We find c ≡ 9023 ≡ 181

mod 247.

• Now

cd = 18147 ≡ 90 mod 247, which is indeed the original message.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Example

• Choose p = 13, q = 19, and n = 247. We have

φ(n) = 12 × 18 = 216.

• Choose e = 23. We find d = 47 satisfies

23 × 47 = 1081 ≡ 1 mod φ(n).

• Let m = 90 be the message. We find c ≡ 9023 ≡ 181

mod 247.

• Now

cd = 18147 ≡ 90 mod 247, which is indeed the original message.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Example

• Choose p = 13, q = 19, and n = 247. We have

φ(n) = 12 × 18 = 216.

• Choose e = 23. We find d = 47 satisfies

23 × 47 = 1081 ≡ 1 mod φ(n).

• Let m = 90 be the message. We find c ≡ 9023 ≡ 181

mod 247.

• Now

cd = 18147 ≡ 90 mod 247, which is indeed the original message.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To find a large prime number, we can use Fermat’s

theorem to test whether an integer n is a prime number. Namely, if there exists an integer a such that an−1 ≡ 1 mod n, then by Fermat’s theorem, n cannot be a prime. On the other hand, if we randomly choose hundreds of integers a and an−1 are all congruent to 1 modulo n, then there is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1

mod n for all a with gcd(a, n) = 1. The Fermat primality test fails for these integers. These integers are called the Carmichael numbers. Examples of such integers are 561, 1729, and so on.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To find a large prime number, we can use Fermat’s

theorem to test whether an integer n is a prime number. Namely, if there exists an integer a such that an−1 ≡ 1 mod n, then by Fermat’s theorem, n cannot be a prime. On the other hand, if we randomly choose hundreds of integers a and an−1 are all congruent to 1 modulo n, then there is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1

mod n for all a with gcd(a, n) = 1. The Fermat primality test fails for these integers. These integers are called the Carmichael numbers. Examples of such integers are 561, 1729, and so on.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To find a large prime number, we can use Fermat’s

theorem to test whether an integer n is a prime number. Namely, if there exists an integer a such that an−1 ≡ 1 mod n, then by Fermat’s theorem, n cannot be a prime. On the other hand, if we randomly choose hundreds of integers a and an−1 are all congruent to 1 modulo n, then there is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1

mod n for all a with gcd(a, n) = 1. The Fermat primality test fails for these integers. These integers are called the Carmichael numbers. Examples of such integers are 561, 1729, and so on.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To find a large prime number, we can use Fermat’s

theorem to test whether an integer n is a prime number. Namely, if there exists an integer a such that an−1 ≡ 1 mod n, then by Fermat’s theorem, n cannot be a prime. On the other hand, if we randomly choose hundreds of integers a and an−1 are all congruent to 1 modulo n, then there is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1

mod n for all a with gcd(a, n) = 1. The Fermat primality test fails for these integers. These integers are called the Carmichael numbers. Examples of such integers are 561, 1729, and so on.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To find a large prime number, we can use Fermat’s

theorem to test whether an integer n is a prime number. Namely, if there exists an integer a such that an−1 ≡ 1 mod n, then by Fermat’s theorem, n cannot be a prime. On the other hand, if we randomly choose hundreds of integers a and an−1 are all congruent to 1 modulo n, then there is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1

mod n for all a with gcd(a, n) = 1. The Fermat primality test fails for these integers. These integers are called the Carmichael numbers. Examples of such integers are 561, 1729, and so on.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To determine the integer d such that de ≡ 1 mod φ(n), we

use the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd) modulo n. We use the successive

squaring method. That is, we compute m20, m22, m22, m23, . . . modulo n first. Write e = a020 + a121 + · · · + ak2k, where ai = 0 or 1. Then me = ma020+···+ak2k = (m20)a0(m21)a1 . . . (m2k)ak.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To determine the integer d such that de ≡ 1 mod φ(n), we

use the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd) modulo n. We use the successive

squaring method. That is, we compute m20, m22, m22, m23, . . . modulo n first. Write e = a020 + a121 + · · · + ak2k, where ai = 0 or 1. Then me = ma020+···+ak2k = (m20)a0(m21)a1 . . . (m2k)ak.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To determine the integer d such that de ≡ 1 mod φ(n), we

use the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd) modulo n. We use the successive

squaring method. That is, we compute m20, m22, m22, m23, . . . modulo n first. Write e = a020 + a121 + · · · + ak2k, where ai = 0 or 1. Then me = ma020+···+ak2k = (m20)a0(m21)a1 . . . (m2k)ak.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To determine the integer d such that de ≡ 1 mod φ(n), we

use the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd) modulo n. We use the successive

squaring method. That is, we compute m20, m22, m22, m23, . . . modulo n first. Write e = a020 + a121 + · · · + ak2k, where ai = 0 or 1. Then me = ma020+···+ak2k = (m20)a0(m21)a1 . . . (m2k)ak.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Computational aspects of RSA

• To determine the integer d such that de ≡ 1 mod φ(n), we

use the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd) modulo n. We use the successive

squaring method. That is, we compute m20, m22, m22, m23, . . . modulo n first. Write e = a020 + a121 + · · · + ak2k, where ai = 0 or 1. Then me = ma020+···+ak2k = (m20)a0(m21)a1 . . . (m2k)ak.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Fermat’s theorem Euler’s generalization Application to cryptography

Homowork

Problems 4, 6, 12, 14, 27, 28, 29 of Section 20.

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems