CPSC 490 Number Theory Primes, Factoring and Euler Phifunction

1
CPSC 490 Number TheoryPrimes, Factoring and
Euler Phi-function

• Mar.31st, 2006
• Sam Chan

2
Clarifications

• The Euclidean Algorithm runs in logarithmic time.
• Finding modular inverses can be done using the
  extended Euclidean algorithm.
• Ex. 5x 1 (mod 7) is equivalent to writing 5x
  7y 1 or 5x 7(-y) 1. Use extended Euclidean
  Algorithm to find x.

3
Primes

• Def a positive integer p gt 1 is prime if and
  only if it has exactly two divisors, 1 and p.
• Ex. 2, 3, 5, 7, 11, 13, 17, 19, 23, 29 are the
  fist 10 primes.
• How many primes are there exactly?

4
Euclids Proof

• Euclid first proved that there exists an infinite
  number of primes. (300 BC)
• Assume there are finitely many primes.
• Let S be the set of all n primes, p1p2p3pn
• Let q p1p2p3pn 1.
• There must exist a prime factorization for q. We
  claim that this factorization does not contain an
  element of S. This would imply that q uses a
  prime outside the set S, thus there are in fact
  more than n primes.
• Assume that pi, 1 lt i lt n, is in the prime
  factorization of q. Then it must divide p1p2p3pn
  1. Specificially pi 1.
• But since primes are greater than 1, this is our
  contradiction.

5
First approach

• Consider the following code
• bool isPrime( int n )
• for( int i 2 ii lt n i )
• if( n i 0 ) return true
• return false
• We attempt to find divisors of n. If we find one
  then return false.
• Has a running time of O(n1/2)
• In practice, primality testing comes in to
  varieties.

6
Primality testing

• Deterministic tests will determine with absolute
  certainty whether a given integer n is prime.
• Probabilistic tests will determine with a small
  probability of error, whether a given integer n
  is prime.

7
Example of a probabilistic test

• Fermats Little Theorem
• Let n be a prime and a be any positive integer
  such that a lt n. Then a raised to the nth power
  is congruent to a modulo n.
• an a (mod n) or an-1-1 0 (mod n)
• Given an integer n, all we have to do is find the
  remainder of an (mod n) and see if it equals a.
• We know how to compute modulo powers from our
  previous discussion.

8
Fermats Little Theorem

• If an integer n satisfies this theorem, does this
  imply that n is prime?
• NO!
• If an (mod n) is not congruent to a then we are
  certain that n is not prime.
• If it is congruent to a then there is a good
  chance that n is prime.
• As it turns out, there are composite numbers that
  also satisfy Fermats Little Theorem.

9
Fermats Little Theorem

• A composite number n is a Carmichael number if n
  satisfies Fermats Little Theorem for every a
  that is relatively prime to n.
• Smallest Carmichael number is 561.
• Other examples include 89 8 (mod 9)
• These are called pseudoprimes in general
• What can we do to avoid having our test fail?

10
Fermats Little Theorem

• We are free to choose any a we like, as long as a
  lt n.
• Pick many integers a to test for primality.
• If n passes this test for a lot of different
  values of a, then it is highly probable that n is
  prime.
• Run this test many times to reduce our
  probability of error.

11
Running times

• Probabilistic tests have running times around
  O(logn).
• In 2002, Agrawal et al discovered the first
  algorithm for a deterministic test that is
  polynomial in the number of digits of n.
• Running time is O(log7.5n). However, they seem to
  run in O(log3n) in practice.
• Largest known prime currently is
• 230402457-1. It contains 9152052 digits.

12
Sieve of Eratosthenes

• What if we want a list of primes?
• Given n, we can find all the primes up to n by
  using the Sieve of Eratosthenes.
• Start with a list of integers from 2 to n.
• At iteration i, mark the smallest integer a in
  the set as a prime, then cross off all multiples
  of a in the set.
• Repeat until i2 lt n.

13
Sieve of Eratosthenes

• Ex. Let n 10, and x denote a crossed off
  integer.
• 2, 3, 4, 5, 6, 7, 8, 9, 10
• 2, 3, x, 5, x, 7, x, 9, x
• 2, 3, x, 5, x, 7, x, x, x
• Done!
• So primes up to n 10 are 2, 3, 5, and 7.

14
Sieve of Eratosthenes

• Here is an implementation
• bool prime1000000
• void sieve( int n )
• memset( prime, 1, sizeof(prime) )
• prime0 prime1 0
• for( int i 2 i lt n i )
• if( primei )
• for( int j ii j lt n j i )
• primej 0

15
Sieve of Eratosthenes

• At the end of this algorithm, primei 1 if and
  only if i is prime, 0 otherwise.
• Outer loop starts at the smallest position that
  hasnt been crossed off.
• Inner loop repeatedly crosses of multiples of i.
• With some analysis, we can show that this has a
  running time of O(nlogn).
• Can we improve this algorithm?

16
Sieve of Eratosthenes

• Consider after having done the first iteration in
  the outer loop. So i 3.
• We start at i i 6.
• However, we already crossed off all multiples of
  2 (all the even numbers) in the first iteration.
  So why are we looking here?
• Similarly, when we have crossed off all multiples
  of 3, we should not look at any multiples of 3 in
  any future iteration.

17
Sieve of Eratosthenes

• Improved implementation
• bool prime1000000
• void sieve( int n )
• memset( prime, 1, sizeof(prime) )
• prime0 prime1 0
• for( int i 2 ii lt n i )
• if( primei )
• for( int j ii j lt n j i )
• primej 0
• Changes are in bold.

18
Sieve of Eratosthenes

• Outer loop only goes up to the square root of n.
• Ex. n 10, there is no need to check any
  multiples of a where a gt 3. Surely they will all
  have been crossed off by some previous
  combination. (ie. 2x5 5x2)
• Inner loop starts at ii. This prevents looking
  at positions that obviously is crossed off.
• Improved running time is still O(nlogn), but in
  practice the speed usually speeds it up by 50.

19
Sieve of Eratosthenes

• For anyone interested
• There are other implementations that exploit the
  fact that our prime array is just an array of
  1s and 0s.
• Use bits to lower memory usage, perhaps speed
  things up.
• Other optimizations that can improve running time
  in practice.
• Sieve of Atkin, optimized version of the Sieve of
  Eratosthenes.

20
Factoring

• Given n, we are not interested in finding
  positive integers a and b such that ab n.
• Factoring is hard, when n contains 100 or more
  digits.
• Many cryptographic systems depend heavily on this
  assumption.

21
Is factoring really that hard?

• Consider n 2193 (n is given as such because my
  calculator doesnt like numbers that have more
  than 10 digits, so pretend we do not know the
  prime factorization of n ahead of time). How long
  would it take to factor this number?
• It turns out that we can factor this number in
  193 division operations. We just divide our
  number by 2 193 times.
• It was trivial to factor this number, so why is
  factoring considered a hard problem?

22
First attempt at factoring

• Recall our first approach in primality testing.
• bool isPrime( int n )
• for( int i 2 ii lt n i )
• if( n i 0 ) return true
• return false
• We can do exactly the same thing, except instead
  of returning true when we have found a factor, we
  simply return that number that divided n.

23
Further optimizations of our first attempt

• To speed things up even further, we can only
  divide by primes between 2 and square root of n.
• How well does this work in practice?
• What is the worst case input?

24
Worst case for factoring

• What if we are given two 100 digit prime numbers
  a and b. Let n ab.
• To factor this number with our approach, we will
  have to check all primes between 2 and the
  minimum of a and b.
• As an exmaple, consider n 2193 1.
• The first prime divisor is 13,821,503.
• Assuming that our computer can perform a billion
  division instructions per second, it will take
  more than 35,000 years to find the second largest
  factor of n!

25
Worst case for factoring

• As it turns out, the full factorization of n is
• n 13,821,503 61,654,440,233,248,340,616,559
  
• 14,732, 265,321,145,317,331,353,282,383.
• Conclusion Factoring is hard for most cases.

26
RSA Factoring Challenge

• http//www.rsasecurity.com/rsalabs/node.asp?id209
  3
• Monetary reward for successful factoring of very
  large integers.
• Latest factored number RSA-640. An integer that
  is 640 bits long.
• To quote the website The effort took
  approximately 30 2.2 GHz- Opteron-CPU years
  according to the submitters, over five months of
  calendar time. (This is about half the effort for
  RSA-20)

27
Factoring and the Sieve

• We know we cant factor general numbers very
  efficiently.
• Here is an implementation of an augmented Sieve
  of Eratosthenes that will factor for us
• int factors1000000
• void fsieve( int n )
• for( int i 1 i lt n i ) factorsi
  i
• for( int i 2 i lt n i )
• if( factorsi I )
• for( int j ii j lt n j i )
• if( factorsj j ) fj i

28
Factoring Sieve

• Again we loop over the numbers from 2 to n.
• The inner loop will set factorj i if i is a
  multiple of j. Since we loop in ascending order,
  it is the smallest multiple of j.
• We can retrieve the list o factors for any
  arbitrary position.
• Ex. n 6
• Before the first iteration, factors 1, 2, 3,
  4, 5, 6
• After the last iteration, factors 1, 2, 3, 2,
  5, 2
• To retrieve the factors of 6, go to factors6.
  Divide that 6 by that value and get 3, go to
  factors3, divide 6 by that value and get 2, go
  to factors2, divide 6 by 2 to get 1. Stop.
• Factors are 1, 2, 3 and 6.

29
Eulers Phi Function

• Def Phi of n, denoted as F(n), counts the
  number of integers in the range of
• 1,n-1 that are relatively prime to n.
• Def Two positive integers a and b are said to be
  relatively prime if gcd(a,b) 1.
• Note that the definition does not require either
  a or b to be prime themselves.
• Ex. a 6, b 25. (6,25) 1

30
Euler Phi Function

• Ex. F(6) 2 since 1 and 5 are relatively prime
  to 6.
• Ex. F(2000) 800. How do we know this?
• Lets first establish some ways we can calculate
  F(n).

31
Case when n is prime

• If n is prime, then by definition, it contains no
  factors other than itself and 1. Since (n,1) 1,
  the number integers less than n that are
  relatively prime to n is just n 1.
• Ex. F(7) 6 since 1, 2, 3, 4, 5, 6 are all
  relatively prime to 7.

32
Case when n pr, r gt 1

• If n is a power of a prime number p, can we
  derive a formula for F(n)?
• Lets consider what pr is not relatively prime
  to.
• Obviously, (p,pr) p. In fact, all integers
• ap lt pr where a is some positive integer are
  not relatively prime to p.
• Also, all powers of p, up to pr-1 are not
  relatively prime to p.

33
Case when n pr, r gt 1

• Thus the numbers p, 2p, 3p, (pr-1-1)p are all
  not relatively prime to p.
• There are pr-1 numbers less than pr. There are
  pr-1-1 numbers that are not relatively prime to
  pr.
• So F(n) (pr-1)-(pr-1-1) pr - pr-1.

34
General Case

• Given n and its prime factorization, can we
  derive a general formula for n?

In general
35
Looking ahead

• Next class, Andrew will be talking about
  cryptography.
• One of the more famous algorithms for public-key
  encryption is RSA.
• Each step of the algorithm involves something
  that we talked about in each of the 3 (including
  today) discussions.
• We will need to find two large prime numbers.
  (primality)
• We will need to solve linear equations such as ax
  by 1. (extended Euclidean algorithm)
• We will need to compute F(n)
• Try to be at least a little familiar with all 3
  or otherwise, the next discussion may be hard to
  follow.

36
References

• http//mathworld.wolfram.com/PrimalityTest.html
• http//www.fortunecity.com/emachines/e11/86/touris
  t2d.html
• http//www.rsasecurity.com/rsalabs/node.asp?id209
  3
• http//en.wikipedia.org/wiki/RSA
• Last Years notes.