Chap' 8 Introduction to Number Theory

1
Chap. 8Introduction to Number Theory
2
Introduction to Number Theory

• Prime Numbers
• Fermats and Eulers Theorems
• Chinese Remainder Theorem
• Discrete Logarithms
• Testing for Primality

3
Prime Numbers
Prime Numbers

• An integer p gt 1 is a prime number if its only
  divisors are ?1 and ?p
• There are infinite number of primes
• Distribution of Primes
• The Prime Number Theorem
• Let ?(N) denote the number of primes not
  exceeding N. Then ?(N) is approximately N / lnN
• Twin Primes
• (Infinitely many) pairs of primes differ by two
• e.g., (5, 7), (11, 13), (101, 103), (4967, 4969),
  
• For any positive integer n, there are at least n
  consecutive composite positive integers s.t.
• (n1)! 2, (n1)! 3, , (n1)! (n1)

4
Prime Numbers
Primes Under 2000
5
Prime Factorization
Prime Factorization

• Unique Factorization
• The Fundamental Theorem of Arithmetic
• Every positive integer agt1 can be factored
  uniquely as
• a p1a1 p2a2 ptat , where p1 lt p2 lt lt pt
  are primes and
  each ai gt 0
• If P is the set of all prime numbers, then any
  positive integer can be written uniquely in the
  following form
• The value of any positive integer can be
  specified by listing all nonzero exponents (ap)
• 12 ( 22x3) is represented by a2 2, a3 1
• (Multiplication) k ab ? kp ap bp for all
  p ? P
• (Divisibility) ab ? ap ? bp for all p ? P

6
Fermats Little Theorem
Fermats and Eulers Theorems

• Theorem If p is prime and a is a positive
  integer not divisible by p, then ap-1 ? 1 mod p
• Proof
• Start by listing the first p 1 positive
  multiples of a
• a, 2a, 3a, , (p-1)a
• Suppose that ja and ka are the same modulo p,
  then we have
• j ? k mod p, so the p-1 multiples of a above are
  distinct and nonzero that is, they must be
  congruent to 1, 2, 3, , p-1 in some order.
  Multiply all these congruences together and we
  find
• a ? 2a ? 3a ? ? ? ? ? (p-1)a ? 1 ? 2 ? 3 ? ? ? ?
  ? (p-1) mod p
• or better, ap-1(p-1)! ? (p-1)! mod p. Divide
  both side by (p-1)! to complete the proof.
• Corollary If p is prime and a is a positive
  integer, then ap ? a mod p
• Corollary If p is prime and a is a positive
  integer not divisible by p, then ap-2 is an
  inverse of a modulo p

7
Eulers Phi-Function
Fermats and Eulers Theorems

• Definition Eulers phi-function ?(n) is defined
  to be the number of positive integers less than n
  (including 1) that are relatively prime to n
• Properties
• (1) ?(1) 1 (by convention)
• (2) p is prime , ?(p) p-1
• (3) Let p be a prime and a is a positive
  integer. Then ?(pa) pa
  pa-1 pa(1 - 1/p)
• (4) Let m and n be relatively prime positive
  integers. Then ?(mn) ?(m) ?
  ?(n)
• (5) Let n p1a1 p2a2 ptat be the prime-power
  factorization of the positive integer n. Then
• ?(n) n(1-1/p1)(1-1/p2) ? ? ? (1-1/pt)
  

8
Eulers Theorem
Fermats and Eulers Theorems

• Generalization of Fermats little theorem
• Theorem For every a and n that are relatively
  prime,
• a?(n) ? 1 mod n
• Proof
• The proof is completely analogous to that of the
  Fermat's Theorem except that instead of the set
  of residues 1,2,...,n-1 we now consider the set
  of residues x1,x2,...,x?(n) which are
  relatively prime to n. In exactly the same manner
  as before, multiplication by a modulo n results
  in a permutation of the set x1, x2, ..., x?(n).
  Therefore, two products are congruent
• x1x2 ... x?(n) ? (ax1)(ax2) ... (ax?(n)) mod n
  
• dividing by the left-hand side proves the
  theorem.
• Corollary
• (1) a?(n)1 ? a mod n
• (2) If gcd(a,n) 1, then a?(n)-1 is an inverse
  of a modulo n

9
Chinese Remainder Theorem
Chinese Remainder Theorem

• Chinese Remainder Theorem (CRT)
• Suppose m1 , , mk are pairwise relatively
  prime positive integers, and suppose a1 , , ak
  are integers. Then the system of k congruences x
  ? ai (mod mi) (1 i k) has a unique solution
  modulo M m1 ? ? ? ? ? mk, which is given by
• where ci Mi (Mi-1 mod mi) and Mi M / mi ,
  for 1 i k.

10
Chinese Remainder Theorem
Chinese Remainder Theorem

• Proof
• Let M m1 ? m2 ? ? mk, where mis are pairwise
  relatively prime, i.e., gcd(mi , mj) 1, 1 i ?
  j k
• A ? (a1, a2, ,ak), where A ? ZM, ai ? Zmi, and
  ai A mod mi for 1 i k
• One to one correspondence (bijection) between ZM
  and the Cartesian product Zm1 ? Zm2 ? ? Zmk
• For every integer A such that 0 A lt M, there is
  a unique k-tuple (a1, a2, ,ak) with 0 ai lt
  mi
• For every such k-tuple (a1, a2, ,ak), there is
  a unique A in ZM
• Computing A from (a1, a2, ,ak) is done as
  follows
• Let Mi M/mi for 1 i k, i.e., Mi m1 ? m2 ?
  ? mi-1 ? mi1 ? ? mk
• Note that Mi 0 (mod mj) for all j ? i and gcd
  (Mi, mi) 1
• Let ci Mi x (Mi-1 mod mi) for 1 i k
• Then A (a1c1 a2c2 ? ? ? akck) mod M
• ? ai A mod mi, since cj Mj 0 (mod mi)
  if j? i and ci 1 (mod mi)

11
Chinese Remainder Theorem
Chinese Remainder Theorem

• Operations performed on the elements of ZM can be
  equivalently performed on the corresponding
  k-tuples by performing the operation
  independently in each coordinate position
• ex) A ? (a1, a2, ... ,ak), B ? (b1, b2, ,bk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ? bk)
  mod mk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ? bk)
  mod mk)
• (A ? B) mod M ? ((a1 ? b1) mod m1, ,(ak ? bk)
  mod mk)
• CRT provides a way to manipulate (potentially
  large) numbers mod M in term of tuples of smaller
  numbers

12
Chinese Remainder Theorem
Chinese Remainder Theorem

• Example
• Let m1 37, m2 49, M m1 ? m2 1813, A
  973, B 678
• M1 49, M2 37
• Using the extended Euclids algorithm
• M1-1 mod m1 34, and M2-1 mod m2 4
• Taking residues modulo 37 and 49
• 973 ? (11, 42), 678 ? (12, 41)
• Add the tuples element-wise
• (11 12 mod 37, 42 41 mod 49) (23, 34)
• To verify, we compute
• (23, 34) ? (a1c1 a2c2) mod M (a1M1M1-1
  a2M2M2-1 ) mod M
• (23)(49)(34) (34)(37)(4) mod 1813 1651
• which is equal to (678 973) mod 1813 1651

13
Discrete Logarithms
Discrete Logarithms

• Consider the powers of an integer a modulo n
• a mod n, a2 mod n, a3 mod n, , am mod n,
• Definition Let a and n be relatively prime
  positive integers. Then the least positive
  exponent m such that am 1 mod n is called the
  order of a modulo n (denoted by ordn a)
• If a and n are relatively prime, there is at
  least one integer m that satisfies am 1 mod n,
  namely m ?(n)
• Theorem If a and n are relatively prime positive
  integers. Then
• (1) ordna ?(n)
• (2) av 1 mod n ? ordna v
• (3) ordn(au) ordna / gcd(u, ordna)
• (4) ai aj mod n ? i j mod ordna

14
Powers of Integers, modulo 19
Discrete Logarithms
15
Primitive Roots
Discrete Logarithms

• Definition If g and n are relatively prime
  positive integers and if ordng ?(n), then g
  is call a primitive root (or generator)
• Theorem If g is a primitive root modulo n, then
  the integers g1, g2, , g?(n) form a reduced
  residue system modulo n
• In particular, for a prime number p, if g is a
  primitive root of p, then g, g2, , gp-1 are
  distinct
• Theorem Let g be a primitive root modulo n. Then
• (1) ordn(gu) ?(n) / gcd(u, ?(n))
• (2) gu is a primitive root modulo n ? gcd(u,
  ?(n)) 1
• (3) There are ?(?(n)) primitive roots modulo n
• (4) gi gj mod n ? i j mod ?(n)
• Theorem The positive integer n gt 1 possesses a
  primitive root if and only if n 2, 4, p?, or
  2p?, where p is an odd prime and ? is a positive
  integer

16
Discrete Logarithms - Indices
Discrete Logarithms

• For any integer b and primitive root g of prime
  number p, there is a unique exponent i s.t.
• b gi mod p where 0 i (p-1)
• This exponent i is referred to as the index
  (discrete logarithm) of b to the base g modulo p
  (denoted by indg,p(b))
• gindg,p(b) b mod p
• indg,p(1) 0, (g0 mod p 1)
• indg,p(g) 1, (g1 mod p g)
• Example
• Ind2,19(a)

17
Derivation of Indices (Discrete Logarithms)
Discrete Logarithms

• Theorem Let n be a positive integer with
  primitive root g, and let a and b be integers
  relatively prime to n. Then
• (1) indg,n(1) 0 (mod ?(n))
• (2) indg,n(g) 1 (mod ?(n))
• (3) indg,n(ab) indg,n(a) indg,n(b) (mod
  ?(n))
• (4) indg,n(ak) k ? indg,n(a) (mod ?(n)) if k
  is a positive integer
• Demonstrates the analogy between true logarithms
  and indices. Indices often referred to as
  discrete logarithms

18
Tables of Discrete Logarithms, modulo 19
Discrete Logarithms
19
Discrete Logarithms
Discrete Logarithms

• Calculation of Discrete Logarithms
• y gx mod p
• Given g, x, p, it is a straightforward matter to
  calculate y
• Given g, y, p, it is very difficult to calculate
  to x (discrete logarithm)
• The difficulty seems to be on the same order as
  that of factoring primes required for RSA
• Time complexity O(e((ln p)1/3 ln(ln p))2/3)

20
Testing for Primality
Testing for Primality

• Fermats Little Theorem
• If p is prime and x is a positive integer not
  divisible by p, then
• xp-1 ? 1 (mod p)
• (Carmichael Number) A composite integer, n, that
  satisfies xn-1 ? 1 mod n for all positive
  integers x with gcd(x, n) 1
• Ex) 561 3?11?17 is a Carmichael number
• Primitive Roots
• If n is a positive integer and if an integer x
  exists such that
• xn-1 1 (mod n) and x(n-1)/q 1 (mod n)
• for all prime divisors q of n-1, then n is prime
• i.e., if there is an integer with order modulo n
  equal to n-1, then n must be prime
• Prime factorization of n-1 is required
  (impractical)

21
Testing for Primality (Miller-Rabins)
Testing for Primality

• Miller-Rabin primality test
• Can be used to determine if a large number is
  prime
• Miller-Rabin algorithm for composites is a
  yes-biased Monte Carlo algorithm
• i.e., this algorithm cannot answer n is
  composite if n is prime
• Based on the following theorem
• If p is an odd prime, then the equation
• x2 1 (mod p)
• has only two solutions, namely, x 1 (mod p) and
  x ?1 (mod p)
• If there exist solutions to x2 1 (mod n) other
  than ? 1, then n is not prime

22
Testing for Primality (Miller-Rabins)
Testing for Primality

• Definition (Millers test for the base b) Let n
  be a positive integer with n-1 2km, where k is
  a nonnegative integer and m is an odd positive
  integer. We say that n passes Millers test for
  the base b if either bm 1 mod n or b2j?m -1
  mod n for some j with 0 ? j ? k-1
• Theorem If n is prime and b is positive integer
  not divisible n, then n passes Millers test for
  the base b
• Proof
• Let n-1 2km and let xs b(n-1)/2s b2k-sm ,
  for s 0, 1, , k
• Since n is prime, x0 bn-1 ? 1 mod n (by
  Fermats little theorem)
• Since x12 (b(n-1)/2)2 x0 ? 1 mod n, either x1
  ? 1 mod n or x1 ? -1 mod n
• If x1 ? 1 mod n, since x22 x1 ? 1 mod n, either
  x2 ? 1 mod n or x2 ? -1 mod n
• In general if we have found that x0 ? x1 ? x2 ? ?
  ? ? ? xs ? 1 (mod n), with s lt k, then, since
  xs12 xs ? 1 mod n, xs1 ? 1 mod n or xs1 ? -1
  mod n
• Continuing this procedure for s 1, 2, , k, we
  find either xs ? 1 (mod n), for s 0, 1, , k,
  or xs ? -1 (mod n) for some integer s
• Hence, n passes Millers test for the base b

23
Testing for Primality (Miller-Rabins)
Testing for Primality

• Definition If n is composite and passes Millers
  test for the base b, then we say n is a strong
  pseudoprime to the base b
• Ex) n 2047 23 ? 89, n-1 2046 2 ? 1023
• 22046 (211)186 (2048)186 ? 1 mod 2047
• 22046/2 21023 (211)93 (2048)93 ? 1 mod 2047
  
• Theorem If n is an odd composite positive
  integer, then n passes Millers test for at most
  (n-1)/4 bases b with 1 bn-1
• Theorem (Rabins Probabilistic Primality Test)
  Let n be a positive
  integer. Pick s different positive integers less
  than n and perform Millers test on n for each of
  these bases. If n is composite the
  probability that n passes all s tests is less
  than (1/4)s

24
Testing for Primality (Miller-Rabins)
Testing for Primality

• Polynomial-time algorithm O((logn)3)

• Miller-Rabin(n)
• Write n-1 2k m, where m is odd
• Choose a random integer b, 1 ? b ? n-1
• a ? bm mod n
• If a ? 1 (mod n)
• then return (n is prime)
• for i ? 0 to k-1
• if a ? -1 (mod n)
• then return (n is prime)
• else a ? a2 mod n
• return (n is composite)

25
Chapter 8 Homework

• Prob. 8.4, 8.7, 8.11, 8.14, 8.18, 8.19, 8.21
• Due by June 2, 2006