Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena

Lecture 6.1: Misc. Topics: Number Theory

CS 250, Discrete Structures, Fall 2011

Nitesh Saxena

Course Admin -- Homework 5 Due at 11am this Wednesday Covers the chapter on Graphs (lecture

5.*) Has a 10-pointer bonus problem too Please submit on time

Lecture 6.1 -- Number Theory

Course Admin -- Homework 4

Grades posted on BB Distributing today Solution posted


Course Admin -- Final Exam Thursday, December 8, 10:45am-

1:15pm, lecture room Heads up! Please mark the date/time/place Emphasis on post mid-term 2 material Coverage:

65% post mid-term 2 (lectures 4.*, 5.*, 6.*), and 35% pre mid-term 2 (lecture 1.*. 2.* and 3.*)

Our last lecture will be on December 6 We plan to do a final exam review then



Outline

Number Theory Modular Arithmetic Application -- cryptography

Divisors x divides y (written x | y) if the

remainder is 0 when y is divided by x 1|8, 2|8, 4|8, 8|8

The divisors of y are the numbers that divide y divisors of 8: {1,2,4,8}

For every number y 1|y y|y


Prime numbers A number is prime if its only divisors are

1 and itself: 2,3,5,7,11,13,17,19, …

Fundamental theorem of arithmetic: For every number x, there is a unique set of

primes {p1, … ,pn} and a unique set of positive exponents {e1, … ,en} such that

How to prove? We studied it earlier!

enenppx *...*1

1


Common divisors The common divisors of two numbers x,y

are the numbers z such that z|x and z|y common divisors of 8 and 12:

intersection of {1,2,4,8} and {1,2,3,4,6,12} = {1,2,4}

greatest common divisor: gcd(x,y) is the number z such that z is a common divisor of x and y no common divisor of x and y is larger than z

gcd(8,12) = 4


10/04/2011 Lecture 3.3 -- Recursion 9

Recall: Recursive Functions: gcdEuclid’s algorithm makes use of the fact

that gcd(x,y ) = gcd(y, x mod y)

(here we assume that x > 0)

otherwise

if

),mod,gcd(

0 ,),gcd(

yxy

yxyx

Euclidean Algorithm: gcd(r0,r1)

0 1 1 2

1 2 2 3

2 1 1

1

0 1 1 2 1

...

0

gcd( , ) gcd( , ) ... gcd( , )

m m m m

m m m

m m m

r q r r

r q r r

r q r r

r q r

r r r r r r r

Main idea: If y = ax + b then gcd(x,y) = gcd(x,b)


Example – gcd(15,37) 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 gcd(15,37) = 1


Relative primes x and y are relatively prime if they have

no common divisors, other than 1 Equivalently, x and y are relatively

prime if gcd(x,y) = 1 9 and 14 are relatively prime 9 and 15 are not relatively prime


Modular Arithmetic Definition: x is congruent to y mod m, if

m divides (x-y). Equivalently, x and y have the same remainder when divided by m.

Notation: Example: We work in Zm = {0, 1, 2, …, m-1}, the

group of integers modulo m Example: Z9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write =

instead of

)(modmyx 14 5(mod9)


Addition in Zm :

Addition is well-defined:

3 + 4 = 7 mod 9. 3 + 8 = 2 mod 9.

)(mod''

)(mod'

)(mod'

myxyx

then

myy

mxx

if


Additive inverses in Zm

0 is the additive identity in Zm

Additive inverse of a is -a mod m = (m-a) Every element has unique additive inverse. 4 + 5= 0 mod 9. 4 is additive inverse of 5.

)(mod0)(mod0 mxmxx


Multiplication in Zm : Multiplication is well-defined:

3 * 4 = 3 mod 9. 3 * 8 = 6 mod 9. 3 * 3 = 0 mod 9.

)(mod''

)(mod'

)(mod'

myxyx

then

myy

mxx

if


Multiplicative inverses in Zm

1 is the multiplicative identity in Zm

Multiplicative inverse (x*x-1=1 mod m) SOME, but not ALL elements have unique

multiplicative inverse. In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0,

3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9)

On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4-1=7 (mod 9)

)(mod1)(mod1 mxmxx


Which numbers have inverses? In Zm, x has a multiplicative inverse if

and only if x and m are relatively prime or gcd(x,m)=1 E.g., 4 in Z9


Extended Euclidian: a-1 mod n Main Idea: Looking for inverse of a mod n

means looking for x such that x*a – y*n = 1. To compute inverse of a mod n, do the

following: Compute gcd(a, n) using Euclidean algorithm. Since a is relatively prime to m (else there will be no

inverse) gcd(a, n) = 1. So you can obtain linear combination of rm and rm-1

that yields 1. Work backwards getting linear combination of ri and ri-

1 that yields 1. When you get to linear combination of r0 and r1 you

are done as r0=n and r1= a.


Example – 15-1 mod 37 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1So, 15-1 mod 37 is 5.


Modular Exponentiation:Square and Multiply method Usual approach to computing xc mod n

is inefficient when c is large. Instead, represent c as bit string bk-1 …

b0 and use the following algorithm:z = 1For i = k-1 downto 0 doz = z2 mod n

if bi = 1 then z = z* x mod n


Example: 3037 mod 77z = z2 mod n

if bi = 1 then z = z* x mod n

i b z

5 1 30 =1*1*30 mod 77

4 0 53 =30*30 mod 77

3 0 37 =53*53 mod 77

2 1 29 =37*37*30 mod 77

1 0 71 =29*29 mod 77

0 1 2 =71*71*30 mod 77


Euler’s totient function Given positive integer n, Euler’s totient

function is the number of positive numbers less than n that are relatively prime to n

Fact: If p is prime then {1,2,3,…,p-1} are relatively prime to p.

( ) 1p p

)(n


Euler’s totient function

Fact: If p and q are prime and n=pq then

Each number that is not divisible by p or by q is relatively prime to pq. E.g. p=5, q=7:

{1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-}

pq-p-(q-1) = (p-1)(q-1)

)1)(1()( qpn


Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then

If a is relatively prime to p then ap-1 = 1 mod p

Proof : follows from a well-known theorem -- Lagrange’s Theorem (we won’t study in this course)

na n mod1)(


Euler’s Theorem and Fermat’s Theorem

EG: Compute 9100 mod 17:

p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100 (916)6(9)4 (mod 17) (1)6(9)4 (mod 17) (81)2 (mod 17) 16


An Application of Number Theory

Cryptography: foundation of secure communication. EX: Public-Key Cryptography


RSA Crypto: Key Generation Alice wants people to be able to send her

encrypted messages. She chooses two (large) prime numbers, p and q

and computes n=pq and . [“large” =512 bits +]

She chooses a number e such that e is relatively prime to and computes d, the inverse of

e in (i.e., ed =1 mod ) She publicizes the pair (e,n) as her public key.(e

is called RSA exponent, n is called RSA modulus). She keeps d secret and destroys p, q, and Plaintext and ciphertext messages are elements

of Zn and e is the encryption key.

)(n

)(n)(nZ

)(n


)(n

RSA: Encryption Bob wants to send a message x (a

number relatively prime to n) to Alice. He looks up her encryption key, (e,n), in

a directory. The encrypted message is

Bob sends y to Alice.

nxxEy e mod)(


RSA: Decryption To decrypt the message

she’s received from Bob, Alice

computes

Claim: D(y) = x

nyyD d mod)(

nxxEy e mod)(


Why does it all work?

nxnx

nxx

nx

nx

nx

nx

nyyD

t

tn

nt

ed

de

de

d

modmod1

mod)(

mod

mod

mod)(

)mod(

mod)(

)(

1)(

Because

From Euler’s Theorem

)(mod1 ned


Tiny RSA example. Let p = 7, q = 11. Then n = 77 and

Choose e = 13. Then d = 13-1 mod 60 = 37.

Let message = 2. E(2) = 213 mod 77 = 30. D(30) = 3037 mod 77=2

60)( n


Today’s Reading Rosen 4


Documents

Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena