The RSA Algorithm - PowerPoint PPT Presentation

About This Presentation
Title:

The RSA Algorithm

Description:

The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong – PowerPoint PPT presentation

Number of Views:205
Avg rating:3.0/5.0
Slides: 58
Provided by: Raymond172
Category:
Tags: rsa | algorithm | number | prime

less

Transcript and Presenter's Notes

Title: The RSA Algorithm


1
The RSA Algorithm
  • Supplementary Notes

Prepared by Raymond Wong
Presented by Raymond Wong
2
e.g.1 (Page 3)
  • Consider f3(x) x.73

A permutation of 1, 2, 3, 4, 5, 6
Consider each non-zero x in Z7
0, 1, 2, 3, 4, 5, 6
f3(1) 1.73 3
x1
f3(2) 2.73 6
x2
Why?
f3(3) 3.73 2
x3
This is because 7 is a prime number.
f3(4) 4.73 5
x4
f3(5) 5.73 1
x5
f3(6) 6.73 4
x6
3
e.g.1
  • Illustration of Lemma 2.20

Lemma 2.20 7 is a prime number. Consider a value
3 which is in Z7. the function f3(x) x.73 is
1-to-1. In particular,
f3(1), f3(2), f3(3), f3(4),
f3(5), f3(6) (or 1.73, 2.73,
3.73, 4.73, 5.73, 6.73) are a permutation of the
set 1, 2, 3, ., 6.
Why is it correct?
4
Lemma 2.20 7 is a prime number. Consider a value
3 which is in Z7. the function f3(x) x.73 is
1-to-1. In particular,
f3(1), f3(2), f3(3), f3(4),
f3(5), f3(6) (or 1.73, 2.73,
3.73, 4.73, 5.73, 6.73) are a permutation of the
set 1, 2, 3, ., 6.
We prove by contradiction.
Suppose that f3(x) is not 1-to-1.
That is, there exist two integers x, y such
that x ? yand f3(x)
f3(y)
Since 7 is a prime number, by Corollary 2.17, we
know that 3 has a multiplicative inverse in Z7
(denoted by 3-1) (i.e., 3.73-1 1)
Consider x
f3(x).73-1
y.7(3.73-1)
Thus, we have x y
x.71
y.71
f3(y).73-1
x.7(3.73-1)
This leads to acontradiction!
(y.73).73-1
y
(x.73).73-1
5
e.g.2 (Page 5)
f3(x) x.73
  • Private-key cryptosystems

a3
f-1a(x)
a3
fa(x)
key
Decryption function
key
Encryption function
Decryption
Encryption
y
x
x
y
e.g. 4
e.g. 5
e.g. 4
e.g. 5
Suppose that the encryption and decryption
functions are known to the public.
But the key is kept privately. Then, we can
ensure that the encryption/decryption is secure.
6
e.g.2
f3(x) x.73
Given x, we can compute y f3(x) efficiently.
Suppose that I am the attacker.
However, knowing y does not provideenough
information to recover x efficiently.Thus, we
say that f3(x) is a one-way function.
  • Private-key cryptosystems

I know that f3(x) is one-to-one.
a3
f-1a(x)
a3
fa(x)
Since function f3(x) is a one-to-one function,
f3(x) must have an inverse f-13(x).
key
Decryption function
key
Encryption function
However, knowing that the inverse f-13(x) exists
does nothelp in finding x (given y).
Decryption
Encryption
Thus, given y, it might be hard to calculate (at
the attacker side).
y
x
x
y
e.g. 4
e.g. 5
e.g. 4
e.g. 5
7
e.g.2
If we can ensure the following, we are confident
to say that the encryption/decryption is secure.
Given (1) the encryption function, (2) the
decryption function and (3) the public key, it
is difficult to derive the secret-key (at the
attacker side) (i.e., it is not efficient to
derive the secret-key).
In this lecture, we will illustrate this concept
for The public-key cryptosystem.
This secret key has some relationships with the
public key.
  • Public-key cryptosystems

Public key
Secretkey
Decryption function
Encryption function
Decryption
Encryption
y
x
x
y
Suppose that the encryption and decryption
functions are known to the public.
Suppose that the public key is known to the
public.
How can we ensure this statement?
But the secret-key is kept privately. Then, we
should ensure that the encryption/decryption is
secure.
8
e.g.3 (Page 8)
Lemma 2.3(a.b) mod 11 ((a mod 11) . (b mod
11)) mod 11 ((a mod 11) . b)
mod 11
Note that 73 mod 11
(7.7.7) mod 11
((7.7).7) mod 11
  • E.g., If 7 ? Z11, then 75 mod 11
    7.117.117.117.117

((7.7) mod 11.7) mod 11
((7.117) .7) mod 11
(7.117) .117
7.117 .117
9
e.g.4 (Page 10)
32.34 324 (34)2 34x2
  • Illustration of Lemma 2.19

Lemma 2.19 (32 mod 7) .7 (34 mod 7) 324
mod 7 (34 mod 7)2 34x2
mod 7
10
e.g.5 (Page 12)
  • If a 3,
  • please find the following
  • a0 mod 7
  • a1 mod 7
  • a2 mod 7
  • a3 mod 7
  • a4 mod 7
  • a5 mod 7
  • a6 mod 7
  • a7 mod 7
  • a8 mod 7
  • a9 mod 7
  • a10 mod 7
  • a11 mod 7
  • a12 mod 7

1
3
2
The pattern re-appear for every group of 6
elements
6
4
5
1
3
2
6
4
5
1
11
e.g.6 (Page 12)
  • If a 5,
  • please find the following
  • a0 mod 7
  • a1 mod 7
  • a2 mod 7
  • a3 mod 7
  • a4 mod 7
  • a5 mod 7
  • a6 mod 7
  • a7 mod 7
  • a8 mod 7
  • a9 mod 7
  • a10 mod 7
  • a11 mod 7
  • a12 mod 7

1
5
4
The pattern re-appear for every group of 6
elements
6
2
3
1
5
We observe that a6 mod 7 1
4
6
2
or a7-1 mod 7 1
3
1
12
e.g.7 (Page 13)
  • Illustration of Theorem 2.21

Theorem 2.21 (Fermats Little Theorem)7 is a
prime number. Then, for any non-zero a ? Z7,
a7-1 mod 7 1

Why is it correct?
13
e.g.7
Theorem 2.21 (Fermats Little Theorem)7 is a
prime number. Then, for any non-zero a ? Z7,
a7-1 mod 7 1

Illustrate with a 3.

Consider Lemma 2.20
We know that 1.73, 2.73, 3.73, 4.73, 5.73,
6.73(we call Group A) are a permutation of 1, 2,
3, 4, 5, 6(we call Group B).
Thus, we have the product of all
numbers in Group A the product of all numbers in
Group B
the product of all numbers in Group A (mod 7)
the product of all numbers in Group B (mod 7)
(1.73) .7 (2.73) .7 (3.73) .7 (4.73) .7 (5.73) .7
(6.73) 1 .7 2 .7 3 .7 4 .7 5 .7 6
Lemma 2.20 7 is a prime number. Consider a value
3 which is in Z7. the function f3(x) x.73 is
1-to-1. In particular,
f3(1), f3(2), f3(3), f3(4),
f3(5), f3(6) (or 1.73, 2.73,
3.73, 4.73, 5.73, 6.73) are a permutation of the
set 1, 2, 3, ., 6.
14
e.g.7
Theorem 2.21 (Fermats Little Theorem)7 is a
prime number. Then, for any non-zero a ? Z7,
a7-1 mod 7 1

Illustrate with a 3.

Consider Lemma 2.20
We know that 1.73, 2.73, 3.73, 4.73, 5.73,
6.73(we call Group A) are a permutation of 1, 2,
3, 4, 5, 6(we call Group B).
Thus, we have the product of all
numbers in Group A the product of all numbers in
Group B
the product of all numbers in Group A (mod 7)
the product of all numbers in Group B (mod 7)
(1.73) .7 (2.73) .7 (3.73) .7 (4.73) .7 (5.73) .7
(6.73) 1 .7 2 .7 3 .7 4 .7 5 .7 6
1 .73 .7 2 .73 .7 3 .73 .7 4 .73 .7 5 .73 .7 6
.73 1 .7 2 .7 3 .7 4 .7 5 .7 6
1 .72 .7 3 .74 .7 5 .76 .7 3 .73 .7 3 .73 .7 3
.73 1 .7 2 .7 3 .7 4 .7 5 .7 6
(1 .72 .7 3 .74 .7 5 .76) .7 (3 .73 .7 3 .73 .7 3
.73) 1 .7 2 .7 3 .7 4 .7 5 .7 6
(1 .72 .7 3 .74 .7 5 .76) .7 (37-1 mod 7) 1 .7
2 .7 3 .7 4 .7 5 .7 6
Consider x .7 (37-1 mod 7) x
Let x 1 .72 .7 3 .74 .7 5 .76
x-1 .7 x .7 (37-1 mod 7) x-1 .7 x
We have x .7 (37-1 mod 7) x
(x-1 .7 x) .7 (37-1 mod 7) x-1 .7 x
Since 7 is a prime number,
37-1 mod 7 1
x has a multiplicative inverse x-1 in Z7.
15
e.g.8 (Page 14)
Theorem 2.21 (Fermats Little Theorem)7 is a
prime number. Then, for any non-zero a ? Z7,
a7-1 mod 7 1
  • Illustration of Corollary 2.22

Corollary 2.22 (Fermats Little Theorem, Version
2)7 is a prime number. Then, for any positive
integer a that is not a multiple of 7,
a7-1 mod 7 1
Why is it correct?

Consider a7-1 mod 7
(a . a . a . a . a . a) mod 7
(a mod 7) . (a mod 7) . (a mod 7) . (a mod 7)
. (a mod 7) . (a mod 7) mod 7
Note that (a mod 7) ? Z7
(a mod 7)7-1 mod 7
a is not a multiple of 7.
If (a mod 7) is non-zero in Z7,
we have (a mod 7)7-1 mod 7 1
i.e., a7-1 mod 7 1
16
e.g.9 (Page 15)
  • Illustration of Corollary 2.X1

Corollary 2.X1 (Fermats Little Theorem, Version
2)7 is a prime number. Consider a non-negative
integer 15.Then, for any positive integer a that
is not a multiple of 7,
a15 mod 7 a15 mod (7-1) mod 7
Why is it correct?
e.g., a15 mod 7
a15 mod (7-1) mod 7
a15 mod 6 mod 7
This proof is skipped. You can prove it
by yourself.
a3 mod 7
If a 5, we have
515 mod 7 53 mod 7
6
17
e.g.10 (Page 19)
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
Choose p 5 q 11
  1. Choose 2 large prime numbers p and q
  2. Set n pq and T (p-1)(q-1)
  3. Choose e?1 so that gcd(e, T) 1
  4. Calculate d e-1 mod T (i.e., the
    multiplicative inverse of e in ZT)
  5. Publish e, n as public key
  6. Keep d as secret key

We can calculaten 5.11 55T (5-1)(11-1)
4.10 40
Choose e 7(Note gcd(7, 40) 1)
We can find d 7-1 mod 40We can use
Extended GCD algorithm to find d 23.

Public key (e, n) (7, 55)
Secret key d 23
18
e.g.11 (Page 20)
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
y 127 mod 55
35831808 mod 55 23
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
23
12
19
e.g.11
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
x 2323 mod 55
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
12
23
23
12
x 20880467999847912034355032910567 mod 55 12
20
e.g.11
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
Can the encrypted value y be decrypted correctly?
Is the following correct? (xe mod n)d mod n
x
Is the following correct? xed mod n x
21
e.g.12 (Page 21)
Is the following correct? xed mod n x
22
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Consider d e-1 mod T
Corollary 2.22 (Fermats Little Theorem, Version
2)p is a prime number. Then, for any positive
integer a that is not a multiple of p,
ap-1 mod p 1
We can re-write it as follows.
ed mod T 1
We can further re-write it as follows.
We consider two cases.
ed Tk 1 where k is an integer
(a) x(q-1)k is not a multiple of p
Consider xed mod p
xTk1 mod p
(b) x(q-1)k is a multiple of p
xTkx mod p
x(p-1)(q-1)kx mod p
(x(q-1)k)p-1x mod p
((x(q-1)k)p-1 mod p) . (x mod p) mod p
23
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Corollary 2.22 (Fermats Little Theorem, Version
2)p is a prime number. Then, for any positive
integer a that is not a multiple of p,
ap-1 mod p 1
We consider two cases.
(a) x(q-1)k is not a multiple of p
Consider xed mod p
(b) x(q-1)k is a multiple of p
((x(q-1)k)p-1 mod p) . (x mod p) mod p
24
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Corollary 2.22 (Fermats Little Theorem, Version
2)p is a prime number. Then, for any positive
integer a that is not a multiple of p,
ap-1 mod p 1
Consider xed mod p
((x(q-1)k)p-1 mod p) . (x mod p) mod p
We consider two cases.
1 . (x mod p) mod p
(a) x(q-1)k is not a multiple of p
(x mod p) mod p
(b) x(q-1)k is a multiple of p
x mod p
25
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

e.g. x1000 is a multiple of 7Since 7 is prime, x
is also a multiple of 7.
2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
It can be shown by proof by contradiction.
We know that x(q-1)k is a multiple of p.Since
p is prime, x is also a multiple of p.
Consider xed mod p
((x(q-1)k)p-1 mod p) . (x mod p) mod p
We consider two cases.
((x(q-1)k mod p)p-1 mod p) . (x mod p) mod p
(a) x(q-1)k is not a multiple of p
((0)p-1 mod p) . (x mod p) mod p
(b) x(q-1)k is a multiple of p
0 . (x mod p) mod p
We deduce that x(q-1)k mod p 0
0
Since x is also a multiple of p, we have x mod
p 0
Thus, x mod p xed mod p
26
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

The second proof is similar to the first proof.
2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
27
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Before we prove this statement, we want to give
some properties of prime numbers.
If p and q are both prime numbers and both
divides z,then pq divides z.
e.g., p 3, q 11, z 993, 11 both divides
99. We know that 33 (pq) also divides 99.
If p and q are not prime numbers and both divides
z,then pq may not divide z.
e.g., p 6, q 15, z 606, 15 both divides
60. We know that 90 (pq) does not divide 60.
28
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

If p and q are both prime numbers and both
divides z,then pq divides z.
2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
From (1), we know that x mod p
xed mod p
From (2), we know that x mod q
xed mod q
It can be re-written as follows.
It can be re-written as follows.
xed ipx where i is an integer.
xed jqx where j is an integer.
It can further be re-written as follows.
It can further be re-written as follows.
xed x ip
xed x jq
Note that xed x (which is equal to z)
Let z xed - x
We have
z ip ..()
We have
z jq ..()
Thus, p divides z.
Thus, q divides z.
Since p and q are both prime numbers andboth
divides z, pq divides z.
29
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Let z xed - x
Since p and q are both prime numbers andboth
divides z, pq divides z.
30
e.g.12
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Is the following correct? xed mod n x

We want to prove the following
1. Prove that, for all x, x mod p
xed mod p

2. Prove that, for all x, x mod q
xed mod q
3. Prove that, if 0 ? x lt n, x
xed mod n (by (1) and (2))
Let z xed - x
Since p and q are both prime numbers andboth
divides z, pq divides z.
We can write as follows.
z pqk where k is an integer
z nk
xed-x nk
xed nk x
Since 0 ? x lt n, we can re-write the above as
follows.
xed mod n x
31
e.g.13 (Page 31)
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
Can the encrypted value y be decrypted correctly?
Yes
Is the following correct? (xe mod n)d mod n
x
Is the following correct? xed mod n x
32
e.g.13 (Page 31)
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
Why is this RSA algorithm secure?
Note that the public key, the encryption function
and the decryption function is known to the
public.
If I am the attacker, after reading value y, I
want to know the original value x.How can I
derive the original value x?
33
e.g.13
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
First Way for Attack Since I know that the
formula y xe mod n,
if I have value y, I will try to calculate the
e-th root (mod n)
i.e., (xe mod n)1/e mod n
Slow Operation!
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
Why is this RSA algorithm secure?
Note that the public key, the encryption function
and the decryption function is known to the
public.
If I am the attacker, after reading value y, I
want to know the original value x.How can I
derive the original value x?
34
e.g.13
p, q prime n pq T (p-1)(q-1) e s.t. gcd(e, T)
1 d e-1 mod T
Public key (e, n) (7, 55) Secret key d 23
Second Way for Attack Since I know value n (in
thepublic key) and n pq,
With p and q, I can derive d easily. With d, I
can decrypt y by the decryption function.
I will try to factorize value nto find p and q
such that n pq.
Factorization is a Slow Operation!
d 23
(e, n) (7, 55)
y xe mod n
x yd mod n
Nobody know how to factor a number quickly!
Why is this RSA algorithm secure?
Note that the public key, the encryption function
and the decryption function is known to the
public.
If I am the attacker, after reading value y, I
want to know the original value x.How can I
derive the original value x?
35
e.g.14 (Page 38)
  • 5010 (in base 10) 1100102 (in base 2)
    (e5e4e3e2e1e0)
  • 50 is equal to 1.251.240.230.221.210.20
  • If we only consider 1 only (not 0 in the base
    2/binary representation),
  • 50 is equal to 1.251.241.21

36
e.g.15 (Page 39)
  • Second approach
  • e-1 multiplications
  • Third approach
  • 2 log2 e multiplications

If e 10120, then e-1 10120
If e 10120, then 2 log2 e 796
37
e.g.16 (Page 43)
x
(x mod 3, x mod 5)
15 elements
15 elements
38
e.g.17 (Page 44)
  • Illustration of Theorem 2.24

Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
Why is it correct?
These equations have the solution x 14.
39
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
Since 3 and 5 are relatively prime, we have
gcd(3, 5) 1.
3 has a multiplicative inverse 3-1 in Z5 (i.e.,
3.3-1 mod 5 1)
5 has a multiplicative inverse 5-1 in Z3. (i.e.,
5.5-1 mod 3 1)
40
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
We set y 2.5.5-1 4.3.3-1
Ok!
This value satisfies the equations. Why?
Consider y mod 3
(2.5.5-1 4.3.3-1) mod 3
(2.5.5-1 mod 3) (4.3.3-1 mod 3) mod 3
(2.1 mod 3) 0 mod 3
2
41
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
We set y 2.5.5-1 4.3.3-1
Ok!
Ok!
This value satisfies the equations. Why?
Consider y mod 5
(2.5.5-1 4.3.3-1) mod 5
(2.5.5-1 mod 5) (4.3.3-1 mod 5) mod 5
0 (4.1 mod 5) mod 5
4
42
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
We set y 2.5.5-1 4.3.3-1
We want to show that
x must be between 0 and 14.
If we set x (y mod 15) (NOTE 15
3.5), then x is between 0 and 14and x satisfies
the equations x mod 3 2 and x mod 5 4.
43
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
y 3q1 2
y 5q2 4
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
If we set x (y mod 15) (NOTE 15
3.5), then x is between 0 and 14and x satisfies
the equations x mod 3 2 and x mod 5 4.
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
Now, we know that there is a value of y such that
(a) this value can be either in 0, 14 or
not,(b) this value satisfies the equations y
mod 3 2 and y mod 5 4.
we can rewrite it as y 3q1 2 where q1
is an integer.
Since y mod 3 2,
we can rewrite it as y 5q2 4 where q2
is an integer.
Since y mod 5 4,
44
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
y 3q1 2
y 5q2 4
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
If we set x (y mod 15) (NOTE 15
3.5), then x is between 0 and 14and x satisfies
the equations x mod 3 2 and x mod 5 4.
Ok!
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
Now, we know that there is a value of y such that
(a) this value can be either in 0, 14 or
not,(b) this value satisfies the equations y
mod 3 2 and y mod 5 4.
we can rewrite it as y 15q3 x where q3 is
an integer.
Since x (y mod 15),
x y - 15q3
We can re-write as follows. x mod 3 2
(3q1 2) - 15q3
3q1 2 - 15q3
3(q1 - 5q3) 2
45
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
y 3q1 2
y 5q2 4
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
In the following, we want to construct a value of
x such that (a) this value is between 0 and
14.(b) this value satisfies the equations x mod
3 2 and x mod 5 4.
If we set x (y mod 15) (NOTE 15
3.5), then x is between 0 and 14and x satisfies
the equations x mod 3 2 and x mod 5 4.
Ok!
Ok!
Now, we want to see how to construct a value of y
such that (a) this value can be either in 0,
14 or not,(b) this value satisfies the
equations y mod 3 2 and y mod 5 4.
Now, we know that there is a value of y such that
(a) this value can be either in 0, 14 or
not,(b) this value satisfies the equations y
mod 3 2 and y mod 5 4.
we can rewrite it as y 15q3 x where q3 is
an integer.
Since x (y mod 15),
x y - 15q3
We can re-write as follows. x mod 5 4
(5q2 4) - 15q3
5q2 4 - 15q3
5(q2 - 3q3) 4
46
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
Before we go to the proof, we illustrate a
concept.
Consider a function f(x) from S to T where S and
T has the same sizes.
Suppose that, given a single value y, I know how
to find the corresponding value x.
x
y
Suppose that, given any value y, I know how to
find the corresponding value x.
This function must be a bijection function.
47
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
Consider a function f(x) (x mod 3, x mod 5)
In the first part of the proof, we have already
shown thatwe can find the value x fromthe two
equations (or this pair (2, 4))
x mod 3 2 and x mod 5 4
48
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
Consider a function f(x) (x mod 3, x mod 5)
Similarly,we can find the value x fromother two
equations (or another pair (2, 3))
x mod 3 2 and x mod 5 4
49
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
Consider a function f(x) (x mod 3, x mod 5)
Similarly,we can find the value x fromeach
possible two equations (or each pair (2, 3))
x mod 3 2 and x mod 5 4
50
e.g.17
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
We want to do the following.
1. Given the equations x mod 3 2 and x mod 5
4, there is at least one
solution for these two equations.
2. This solution is one and only one.
Consider a function f(x) (x mod 3, x mod 5)
Note that S and T have thesame sizes.
According to the concept we just described,we
know that this functionis a bijection function.
We conclude that there is one and only one
solution.
51
e.g.18 (Page 47)
  • E.g., We want to find a solution x in Z66 of the
    following equations. x mod 6 3
    x mod 11 7

We can use the extended GCD algorithm and find
the answer 6-1 is 2
Step 1 (a) Find the multiplicative inverse 6-1
of 6 in Z11 (b) Find the
multiplicative inverse 11-1 of 11 in Z6
We can use the extended GCD algorithm and find
the answer 11-1 is 5
Step 2 Construct y
3.11.11-1
7.6.6-1
y 3.11.5 7.6.2 249
Step 3 Find x (y mod 66) where 66 is 6.11
x 249 mod 66 51
52
e.g.19 (Page 48)
  • E.g. We are given the following functions.

Find a single equation to express f(k) in terms
of g(k) and h(k).
We can express f(k) 2.g(k) 4.h(k)
Let us verify whether this equation is correct.
When k 5,
When k 3,
f(5) 2.g(5) 4.h(5)
f(3) 2.g(3) 4.h(3)
2.0 4.1
2.1 4.0
4
2
53
e.g.20 (Page 48)
3.3-1 mod 5 1
5.5-1 mod 3 1
  • In the proof of Theorem 2.24

Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
In the proof of Theorem 2.24, we create a value
y 2.5.5-1 4.3.3-1
Why are we so smart to create this magic
formula?
54
e.g.20
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
Why are we so smart to create this magic
formula?
y 2.5.5-1 4.3.3-1
Consider the main set of equations.
Step 1 We want to find a single equation to
express y.
Similarly, if we have two sets of equations, then
we can express y in a singleequation.
where ? and ? are integers.
We can write y 2? 4?
Let us verify whether this equation is correct.
Consider y mod 5
Consider y mod 3
2? 4? mod 5
2? 4? mod 3
(2? mod 5) (4? mod 5) mod 5
(2? mod 3) (4? mod 3) mod 3
(2.0 4.1) mod 5
(2.1 4.0) mod 3
4
2
55
e.g.20
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
Why are we so smart to create this magic
formula?
y 2.5.5-1 4.3.3-1
Consider the main set of equations.
? 5.5-1
Step 1 We want to find a single equation to
express y.
Similarly, if we have two sets of equations, then
we can express y in a singleequation.
where ? and ? are integers.
We can write y 2? 4?
We know that ? 5q.
Step 2 We want to find ? and ?
Thus, 5q mod 3 1
q is a multiplicative inverse of 5 in Z3
Consider ?
i.e., q 5-1
We have ? 5q 5.5-1
? is a multiple of 5 (i.e., ? 5q where q is an
integer.)
56
e.g.20
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
Why are we so smart to create this magic
formula?
y 2.5.5-1 4.3.3-1
Consider the main set of equations.
? 5.5-1
? 3.3-1
Step 1 We want to find a single equation to
express y.
Similarly, if we have two sets of equations, then
we can express y in a singleequation.
where ? and ? are integers.
We can write y 2? 4?
? is a multiple of 3 (i.e., ? 3q where q is an
integer.)
Step 2 We want to find ? and ?
We know that ? 3q.
Consider ?
Thus, 3q mod 5 1
q is a multiplicative inverse of 3 in Z5
i.e., q 3-1
We have ? 3q 3.3-1
57
e.g.20
Theorem 2.24 Since 3 and 5 are relatively prime
integers, then the equations x mod
3 2and x mod 5 4have one and
only one solution for an integer x between 0 and
3.5-1 ( 14)
3.3-1 mod 5 1
5.5-1 mod 3 1
Why are we so smart to create this magic
formula?
y 2.5.5-1 4.3.3-1
Consider the main set of equations.
? 5.5-1
? 3.3-1
Step 1 We want to find a single equation to
express y.
Similarly, if we have two sets of equations, then
we can express y in a singleequation.
where ? and ? are integers.
We can write y 2? 4?
Step 2 We want to find ? and ?
Note that y 2? 4?
2.5.5-1 4.3.3-1
Write a Comment
User Comments (0)
About PowerShow.com