Basic Number Theory - CS dept by RushenChahal

VIEWS: 9 PAGES: 17

More Info
									Module 5: Basic Number Theory

Theme 1: Division
Given two integers, say          and , the quotient        may or may not be an integer (e.g., ½       but
½¾        ¾ ). Number theory concerns the former case, and discovers criteria upon which one can
decide about divisibility of two integers.
     More formally, for           ¼ we say that    divides if there is another integer   such that




and we write       . In short:
                                            if and only if         ¾
     This simple definition leads to many properties of divisibility. For example, let us establish the
following lemma.

Lemma 1 If         and      , then    ´ · µ.

Proof. We give a direct proof. From the definition of divisibility and the hypotheses we know that
there are integers Ø and × such that
                                                       Ø           ×
Hence
                                                   ·           ´× · ص

Since × · Ø is an integer, we prove that          ´ · µ.

Exercise 5A: Prove the following two facts:
1. If     , then      for all integers .
2. If     and      , then    .

     We already noted that an integer may be or not divisible by another integer. However, when
dividing one number by another there is always a quotient and a remainder. More precisely, if         and
  are positive integers then there is a unique Õ and Ö such that

                                                           Õ·Ö

where ¼      Ö       is a remainder. Observe that the remainder can take only        values ¼ ½        ½.




                                                           1
Theme 2: Primes
Primes numbers occupy very prominent role in number theory. A prime number Ô is an integer
greater than ½ that is divisible only by ½ and itself. A number that is not prime is called composite.

Example 1: The primes less than ½¼¼ are:

          ¾ ¿        ½½ ½¿ ½ ½ ¾¿ ¾ ¿½ ¿                   ½ ¿              ¿            ½   ½ ¿       ¿

      How many primes are there? We first prove that there are infinite number of primes.

Theorem 1. There are infinite number of primes.

Proof. We provide a proof by contradiction. Actually, it is due to Euclid and it is more than 2000
years old. Let us assume that there is a finite number of primes, say, ¾ ¿                            Ô where Ô is the
largest prime (there is the largest prime since we assumed there are only finitely many of them).
Construct another number
                                               Å        ¾¡¿¡      ¡¡¡Ô      ·½

which is a product of all primes plus one. First, observe that none of the primes ¾ ¿                                Ô
can divide Å , since the remainder of dividing Å by any of the primes is equal to ½. Since every
number, including Å , is divisible by at least two numbers, ½ and itself, there must be another prime,
possible Å itself, that is not among the primes ¾ ¿                             Ô . This contradicts the assumption that
¾ ¿             Ô are the only primes.
      But how many primes are there smaller than Ò, where Ò is a fixed number. This is a very difficult
problem that was solved only in the last century. Basically, there are approximately about Ò ÐÓ ´Òµ
primes smaller than Ò. For example, there are ¾ primes smaller than ½¼¼, and ½¼¼ ÐÓ ´½¼¼µ                           ¾¾.
      Primes are important since every integer can be represented as a product of primes. This is known
as the Fundamental Theorem of Arithmetics and we will prove it below.

Example 2: Observe that

                                         ½¼¼             ¾¡¾¡      ¡            ¾¾   ¾


                                         ¿ ½             ¿ ¡ ½¾
                                                         ¾¿ ¡ ¿ ¡ ¿



Theorem 2. [Fundamental Theorem of Arithmetics ] Every positive integer can be written uniquely
as the product of primes where the prime factors are written in order of increasing size, that is, if Ò is
a natural numbers and Ô½        Ô¾       ¡¡¡       Ô are distinct primes, then
                                                    Ñ




                                               Ò        Ô½½ ¡ Ô¾¾ ¡ ¡ ¡ ÔÑ
                                                                            Ñ



                                                              2
where      are exponents of Ô (i.e., the number of times Ô occurs in the factorization of Ò).

Proof. We give an indirect proof. Let us assume that there are two different prime factorizations of
Ò, say

                                           Ò              Ô½½ ¡ Ô¾¾ ¡ ¡ ¡ Ô     Ñ
                                                                                 Ñ

                                           Ò              Õ½ ½ ¡ Õ¾ ¾ ¡ ¡ ¡ ÕÖ
                                                                                 Ö


where Õ½      ¡¡¡   Õ are primes. Since we factorize the same number Ò we must have
                     Ö




                                   Ô½½ ¡ Ô¾¾ ¡ ¡ ¡ Ô   Ñ
                                                          Ñ       Õ½ ½ ¡ Õ¾ ¾ ¡ ¡ ¡ Õ        Ö
                                                                                                 Ö


We first prove that Ô½      Õ½ . If Ô½  Õ½ , then Ô½ can not divide any of the primes Õ½      Õ (we say                  Ö


that Ô½ is relatively prime to all Õ½     Õ ). Indeed, since Ô½ and Õ½
                                               Ö                             Õ are primes, none of them
                                                                                                     Ö


equal, then they must be relatively prime. But, then Ô½ cannot divide Ò Õ½ ½ ¡ Õ¾ ¾ ¡ ¡ ¡ Õ Ö which is              Ö

nonsense since Ò Ô½½ ¡ Ô¾¾ ¡ ¡ ¡ Ô Ñ . Thus, we must conclude that Ô½ Õ½ .
                                    Ñ

   Now we prove that ½          ½ provided Ô½        Õ½ that we just established above. Again, assume
contrary that ½    ½ , say ½      ½ · ,         ¼. Then after dividing everything by Ô½½ we obtain

                                        Ô¾¾ ¡ ¡ ¡ ÔÑ
                                                      Ñ       Õ½ ¡ Õ¾ ¾ ¡ ¡ ¡ Õ      Ö
                                                                                         Ö


But then the right-hand side of the above is divisible by Õ½ while the left-hand side is not, which is
impossible since there is an equality sign between the left-hand side and the right-hand side of the
above. This completes the proof.

    How to find out whether an integer is a prime or not? Unfortunately, there is no fast way of doing
it (i.e., there is no efficient algorithm), but one can use some properties of primes and composite
numbers to speed up the process. Here is one useful result.

Lemma 2.If Ò is a composite integer, then Ò has a prime divisor less than or equal to
                                                                                                                ÔÒ.
Proof. Since Ò is a composite integer, it must have a factor                         such that ½           Ò, that is, Ò    ¡Ö
where Ö      ½ is an integer. Let us now assume contrary that
                                                                                             ÔÒ and Ö ÔÒ. But then

                                                   ¡ Ö ÔÒÔÒ                Ò

which is the desired contradiction since we assumed that Ò                                   Ö. We must conclude that Ò has at
                               Ô
least one divisor not exceeding Ò.         This divisor is prime or not. If it is not prime, it must have a
prime divisor, which certainly must be smaller than
                                                                  ÔÒ.
    We can use this lemma, in its contrapositive form, to decide whether Ò is a prime or not. Indeed.
the above lemma is equivalent to: if Ò has no prime divisor less than or equal to
                                                                                                              ÔÒ, then Ò is a
prime number.


                                                              3
Example 3: Let us show that ½¼ is a prime number. If ½¼ would be composite, then it has had prime
                       Ô
divisor smaller than       ½¼      ½¼ ¿ . Primes smaller than ½¼ are ¾ ¿ , and . None of it divides ½¼ ,
thus it ½¼ must be a prime number.

    There were several attempts to find a systematic way of computing prime numbers. Euclid sug-
gested that ´ · ½µ-st prime can be computed recursively as follows:

                                                  ½        ¾

                                                 ·½         ½ ¾    ¡¡¡      ·½

For example, the first few numbers are

                                             ¾            ¾·½       ¿

                                             ¿            ¾¡¿·½
                                                          ¾¡¿¡ ·½               ¿

This is an example of a recurrence that we already encountered in the previous module. All numbers
computed so far are primes. But, unfortunately,

                                        ¾¡¿¡          ¡   ¿·½       ½ ¼         ½¿ ¡ ½¿

is not a prime.
    In the seventeenth century, a French mathematician Marin Marsenne suggested that ¾Ô            ½ is
prime provided Ô is prime. Unfortunately,

                                          ¾½½   ½          ¾¼            ¾¿ ¡

    From now on we shall work under the assumption that there is no easy, simple and fast algorithm
to compute prime numbers.


Theme 3: Greatest Common Divisor
The largest divisor that divides both Ñ and Ò is called the greatest common divisor of Ò and Ñ. It
is denoted as     ´Ñ   Òµ. Formally:

                                        ´Ñ   Òµ           Ñ Ü             Ñ and Ò

Example 4: What is the greatest common divisor of ¾ and ¿ . One way of finding it is to list all
divisors of ¾ and ¿ and pick up the largest common to both lists. For example,

                                divisors of ¾               ½ ¾ ¿               ½¾ ¾
                                divisors of ¿               ½ ¾ ¿               ½¾ ½ ¿

                                                               4
Thus     ´¾ ¿ µ      ½¾. Another, more systematic way is to do prime factorization of both numbers
and pick up the largest common factors. In our case,

                                               ¾               ¾¿ ¡ ¿
                                               ¿               ¾¾ ¡ ¿¾

Thus
                                           ´¾ ¿ µ              ¾¾ ¡ ¿       ½¾

   Generalizing the last example, let

                                         Ñ              Ô½½ Ô¾¾ ¡ ¡ ¡ Ô
                                          Ò             Ô½½ Ô¾¾ ¡ ¡ ¡ Ô

be prime factorizations with possible zero exponents. Then

                             ´Ñ     Òµ    ÔÑ Ò
                                           ½
                                                    ½ ½
                                                           ÔÑ Ò
                                                            ¾
                                                                      ¾ ¾
                                                                            ¡¡¡Ô    ÑÒ




where Ñ Ò Ü Ý is the minimum of Ü and Ý . Indeed, take the last example to see that

                                         ´¾ ¿ µ          ¾Ñ Ò     ¾¿
                                                                        ¿Ñ Ò   ½¾




Exercise 5B: Let us define the least common multiple of Ñ and Ò as the smallest positive integer
that is divisible by both Ñ and Ò. It is denoted as Ð Ñ´Ñ Òµ (e.g., Ð Ñ´                 µ   ¼). Prove that for
any positive integers Ñ and Ò

                                     Ñ¡Ò             ´Ñ     Òµ ¡ Ð Ñ´Ñ Òµ

   We need some more definitions. Two integers, say Ñ and Ò, may be composite but the only
common divisor of both is ½. In such a case we say that Ñ and Ò are relatively prime. More generally:


Definition 1. The integers   ½   ¾             are pairwise relatively prime if

                                     ´        µ     ½             ½

   Unlike finding primes, there is an efficient algorithm (a procedure) that finds the greatest common
divisor. We start with an example.

Example 5: Find      ´ ½ ¾ ¼µ. We first divide ¾ ¼ by ½ to find

                                              ¾ ¼        ¾¡ ½·

                                                           5
Observe that any divisor of ½ and ¾ ¼ must also be a divisor of ¾ ¼   ¾ ¡ ½                         , and vice versa any
divisor of ½ and       must be a divisor of ¾ ¼            ¾¡ ½·            . (Indeed, if    is a divisor of ¾ ¼ and ½,
then there are integers     and Ð such that ¾ ¼            ¡      and ½            ¡ Ð, hence ¾ ¼   ¾ ¡   ½        ´      ¾Ðµ,
so ¾ ¼   ¾ ¡ ½         is divisible by .) Thus we concluded that

                                           ´ ½ ¾ ¼µ                    ´      ½µ

We now repeat this procedure: we divide ½ by                   to get

                                                 ½        ½¡      · ½¿

Again any divisor of       and ½ must be a divisor of ½                          ½¿, and vice versa. This means that

                                     ´ ½ ¾ ¼µ             ´           ½µ         ´½¿     µ

But
                                                               ½¿ ¡

hence finally
                          ´ ½ ¾ ¼µ        ´          ½µ               ´½¿    µ         ´¼ ½¿µ      ½¿

and we conclude that        ´ ½ ¾ ¼µ      ½¿.

      From the last example, we should conclude that the greatest common divisor of Ñ and Ò                                Ñ
is the same as the greatest common divisor of Ñ and the remainder of the division of Ò by Ñ (i.e.,
Ò    Õ ¡ Ñ · Ö, where Õ is an integer and ¼ Ö Ñ). Indeed, if is a divisor of Ñ and Ò, then it
must also divides Ö Ò   Õ ¡ Ñ, and vice versa if divides Ñ and Ö , then it divides Ò Ñ ¡ Õ · Ö .
Therefore,
                                                ´Ñ    Òµ               ´Ö   ѵ
      In previous modules we have used an abbreviation for a remainder. Indeed, we write

                                                Ö         Ò ÑÓ Ñ

where Ò      Õ ¡ Ñ · Ö. This is called modular arithmetic and we will be devoted the next section
it. For now, we just use the fact that the remainder Ö can be also written as Ò ÑÓ Ñ. Then the last
equation, can be expressed as

                                         ´Ñ     Òµ             ´Ò ÑÓ        Ñ Ñµ                                           (1)

From the example above, we conclude that we can use (1) successively until we reach                           ´¼   ѵ      Ñ.
      In summary, we design the following algorithm that computes                       ´Ñ   Òµ:
A LGORITHM: The Euclidean Algorithm

                                                              6
Ü    Ñ
Ý    Ò
while Ý       ¼ do Ö    Ü ÑÓ Ý
Ü Ý
Ý Ö
end
    ´Ñ   Òµ     Ü.
Example 6: Find        ´ ½       ¾µ. According to the Euclidean algorithm we proceed as follows:

      ´ ½      ¾µ      ´¾        ½ µ        ´½        ¾ µ             ´ ¾ ½ µ          ´ ¾ ¾µ   ´¾ ¼µ   ¾


Theme 4: Modular Arithmetic
We have already seen in previous modules modular arithmetic. It is about the remainder of an integer
when it is divided by another specific natural integer. It occurs in many applications (e.g., when
counting time over a 24-hour clock since after 24:00 we have ½ am, ¾ am, etc.).
    We start with a definition.

Definition 2. (i) Let Ò be an integer and Å be a positive integer. We denote by

                                             Ö         Ò ÑÓ Å

the remainder Ö when Ò is divided by Å , that is,

                                                 Ò     Õ¡Å ·Ö

where Õ is an integer and ¼      Ö     Å.
(ii) Let Ò and Ñ be integers and Å a positive integer. We say that Ò is congruent to Ñ modulo Å
if Å divides Ò   Ñ. We shall write

                             Ò   Ñ ÑÓ Å              if and only if        Å ´Ò   ѵ

If Ò are Ñ are not congruent modulo Å , then we write Ò                   Ñ ÑÓ Å .
Example 7: We have
                                 ½     ÑÓ        ¿            ½ ÑÓ
We also have
                                  ½         ÑÓ               ¾        ½   ÑÓ
Exercise 5C: Find ½¿    ÑÓ             . Is  ¾¿ ÑÓ               ?

    The following result is useful when computing congruences.

                                                         7
Theorem 3. Let                 ÑÓ Ñ and                 ÑÓ Ñ. Then
                                                  ·                ·    ÑÓ Ñ                             (2)
                                                                       ÑÓ Ñ                              (3)



Proof. Since           ÑÓ Ñ and                      ÑÓ Ñ, hence there are integers × and Ø such that
                                                                   ×Ñ ·
                                                                       · ØÑ

Therefore

                           ·             ´ · µ · Ñ´× · ص
                                         ´ · ×ѵ´ · Øѵ                        · Ñ´   Ø · × · ×Øѵ

which prove (2) and (3).

Example 8: Let            ¾ ÑÓ       and ½½           ½ ÑÓ            . Then

                                             ½          · ½½           ¾ · ½ ÑÓ

and
                                                            ¡ ½½       ¾ ¡ ½ ÑÓ

      From Theorem 3 we conclude that

                       ´ · µ ÑÓ          Ñ              ´     ÑÓ Ñµ · ´ ÑÓ Ñµ ÑÓ Ñ                       (4)
                       ´       ¡ µ ÑÓ    Ñ              ´     ÑÓ Ñµ ¡ ´ ÑÓ Ñµ ÑÓ Ñ                       (5)

Identities (4)–(5) are useful when one needs to compute modulo Ñ over large numbers or products of
large numbers. For example, let                  ½¾¿ and           ¾¿ . Then

            ½¾¼ ¡ ¾¿   ÑÓ               ´½¾¿ ÑÓ             µ ¡ ´¾¿     ÑÓ         µ ÑÓ    ¿¡   ÑÓ   ¾

In fact, (5) is often used in the following form

                                         ×
                                             ÑÓ Ñ             ´    ÑÓ Ñµ ÑÓ Ñ  ×




Let us compute       ¾¾        ÑÓ   ½¿. If one tries to estimate this directly on a computer, overflow will
likely occur since     ¾   ¾
                               is a huge number. But let us use (5). We first represent the exponent ¾ as

                                                 ¾       ¾ · ¾¿ · ¾¾ · ¾¼

                                                                   8
We now compute        ¾ to each of the powers ½                        and ½ modulo ½¿. Here is the calculation
(observe how easy it is!):

   ¾¾   ÑÓ    ½¿         ¿¾ ½        ÑÓ      ½¿        ¿¼
   ¾    ÑÓ    ½¿         ´       ¾¾ ÑÓ      ½¿µ¾ ÑÓ         ½¿         ¿¼¾ ÑÓ      ½¿           ¾
   ¾    ÑÓ    ½¿         ´       ¾ ÑÓ       ½¿µ¾ ÑÓ         ½¿          ¾¾ ÑÓ      ½¿         ¿¾
  ¾½    ÑÓ    ½¿         ´       ¾ ÑÓ       ½¿µ¾ ÑÓ         ½¿        ¿¾ ¾ ÑÓ      ½¿          ¿
  ¾¾    ÑÓ    ½¿         ´       ¾½ ÑÓ      ½¿µ ¡ ´ ¾        ÑÓ        ½¿µ ¡ ´ ¾   ÑÓ          ½¿µ ¡ ´ ¾ ÑÓ   ½¿µ ÑÓ    ½¿
                             ¿   ¡ ¿¾ ¡     ¾¡       ¾ ÑÓ        ½¿     ½½¿


Theme 5: Applications
We shall discuss here some applications of numbers theory, namely, hashing, pseudo random gener-
ators, and cryptosystems based on modular arithmetic.


Hashing

Often one needs a fast methods of locating a given record in a huge set of records. Hashing is a
possible solution. It works as follows. Every record has a key, , which uniquely identifies it. A
hashing function ´ µ maps the set of keys into the available memory locations.
    In practice, the most common hashing function is

                                                     ´ µ         ÑÓ Ñ
where Ñ is the size of the memory.

Example 9: Let Ñ       ½½½ and let keys be social security numbers of students. In particular,

                                 ´¼   ¾½¾        µ         ¼ ¾½¾          ÑÓ    ½½½       ½
                                 ´¼¿ ½    ¾½¾µ             ¼¿ ½       ¾½¾ ÑÓ    ½½½

Observe that hashing is not one-to-one function, hence some records may be hashed into the same
location. For example,

                                  ´½¼     ¼ ¾¿µ        ½¼ ¼ ¾¿ ÑÓ ½½½                 ½

Thus two records are mapped into the location ½ . Since this location was already occupied by the
previous record, the new collided record is moved to the next empty location modulo Ñ                         ½½½. In
our case, it is at memory location ½ .



                                                             9
Pseudo Random Number Generators

In many applications, including hashing, one needs to generate numbers that look randomly. For
example, in hashing we want to spread out uniformly all records over the memory so to minimize the
number of collisions. We should point out that most random generators compute deterministically
numbers, therefore, we call them pseudo random generators. We require, however, that a statistical
test applied to them will not distinguish these numbers from randomly generated numbers.
      The most common procedure to generate pseudo random numbers is the linear congruential
method. In this method we choose (very carefully) the modulus Ñ, multiplier , increment , and
seed ܼ with ¾          Ñ, ¼            Ñ, and ¼            ܼ    Ñ. Then we generate recursively a sequence Ü
                                                                                                             Ò


as
                                           ÜÒ·½         ´   Ü · µ ÑÓ Ñ
                                                             Ò



with ܼ given. Observe that ¼       Ü  Ò        Ñ, hence at most after Ñ generations a repetition occurs. Of
course, this is not good for random generations, and one must select very carefully the parameters ,
 and Ñ (which should be large) to obtain a long sequence without a repetition.
      The following result is known.

Theorem 4. [T. Hull and A. Dobel, 1962]The linear congruential generator has a full period (i.e.,
there is no repetition in the first Ñ generations) if and only if the following three conditions hold:

     (i) Both Ñ and are relatively prime, that is,                ´Ñ µ     ½.

  (ii) If Õ is a prime number that divides Ñ, then Õ divides                ½.
 (iii) If divides Ñ, then      divides       ½.
Cryptology

One of the most important application of congruences is in cryptology, which is a study of secret
messages. The first encryption algorithms were very simple. For example, Julius Caesar designed an
encryption system by shifting each letter three letters in the alphabet. Mathematically speaking, in
this case the encryption function ´Ôµ is defined as

                                                ´Ôµ     ´Ô · ¿µ ÑÓ ¾

Then decryption is merely finding the inverse function                 ½ , which in this case is
                                                ½ ´Ôµ       ´Ô   ¿µ ÑÓ ¾

      The above encryption system is too easy to break. Therefore, in mid-1970 the concept of public
key cryptosystem was introduced. In such a system, every person can have a publicly known encryp-
tion key to send encrypted message, but only those who have secret key can decrypt the message. We

                                                             10
describe below a system known as the RSA encryption system (RSA name is built from the initials
of the inventors Rivest, Shamir and Adleman).
      In the RSA system, the message Å to be sent is first transformed into an integer representing
it (with some abuse of notation we denote such an integer by Å ). The RSA is based on modular
exponentiation modulo of the product of two large primes, say Ô and Õ . Define Ò                            ÔÕ and
´Ô     ½µ´Õ   ½µ.    In practice, Ô and Õ have ½¼¼ digits each, thus Ò has ¾¼¼ digits. Define now an
exponent as
                                                        ´     µ     ½

that is,     is relatively prime to     ´Ô   ½µ´Õ        ½µ. The cipher text           of the original message Å is
computed as follows
                                                        Å ÑÓ Ò                                                      (6)

      The RSA decryption works as follows: We first find a number                    defined as

                                             ½ ÑÓ                ´Ô   ½µ´Õ   ½µ

The number is called inverse of modulo . It should be underlined that can be found fast (based
on the Euclidean algorithm) only if one knows both primes Ô and Õ , not the product ÔÕ . Then, it can
be proved (see below) that
                                                      Å ÑÓ Ò            ÔÕ                                          (7)

Example 10: Let us encrypt the message ËÌ ÇÈ using the RSA with Ô                              ¿ and   Õ       . Thus
Ò       ¿¡        ¾ ¿ , and one finds          ½¿ since            ´½¿ ¾ ¡     µ   ½.
      We now transform the message ËÌ ÇÈ into its numerical equivalent (where                                ¼¼,
¼¾              ¾ ) and group them in pairs. We obtain

                                                      ½ ½     ½ ½

We will encrypt each of the two blocks separately. We have

                                       ½ ½   ½¿
                                                ÑÓ          ¾ ¿         ¾¼ ½
                                       ½ ½   ½¿
                                                ÑÓ          ¾ ¿         ¾½ ¾

Hence, the encrypted message is              ¾¼ ½ ¾½ ¾.
      Now, to decrypt it, we first find the inverse . Using the Euclidean algorithm (and knowing
Ô      ¿   Õ       ) we compute that          ¿ . Then (with Ò           ¾ ¿ )

                                        ¾¼ ½      ¿
                                                      ÑÓ     ¾ ¿        ½ ½

and
                                        ¾½ ¾      ¿
                                                      ÑÓ     ¾ ¿        ½ ½

hence, we recover the original message.

                                                            11
Mathematics behind RSA

In this subsection, we present in some details mathematical ideas used in the construction of the RSA
algorithm. Our main goal is to justify mathematically the decoding procedure (7).
    Let us start with introducing an inverse modulo Ñ. We say that                   is an inverse of   modulo Ñ if

                                                          ½ ÑÓ       Ñ

    In order to compute the inverse, we must plunge into another aspect of number theory. We claim
that for any positive    and there exist integers × and Ø such that

                                                     ´    µ        × ·Ø                                          (8)

We explain how to construct these two numbers on an example.

Example 11: Let us use Euclidean algorithm to compute                          ´¿   ¼ µ. We proceed according to
the algorithm as follows:

                                             ¼                ¿     · ½¼
                                            ¿                 ¿ ¡ ½¼ · ¾
                                            ½¼                 ¾·¿
                                                 ¾            ¾¡¿

Thus     ´¿      ¼ µ         ¿ . To find the representation (8) we work backward the Euclidean algorithm
starting from the next-to-last devision above, that is,

                        ´¿       ¼ µ   ¿             ½¼    ¾
                                                     ½¼   ´¿   ¿ ¡ ½¼           µ     ¡ ½¼   ¿
                                                      ´ ¼  ¿ µ ¿                    ¡ ¼   ¡¿
                                                     ´  µ · ´ µ

where       ¿   and            ¼ . Thus ×            and Ø          in the representation (8). It is not much harder
to prove (8) in general terms.
    Now we can go back to the inverse modulo Ñ construction. Let us assume that                         ´   ѵ    ½.
Then from the fact just proved we conclude that there must exist integers × and Ø such that

                                                     × · ØÑ          ½

This certainly implies that
                                            × · ØÑ                ½ ÑÓ     Ñ


                                                             12
But since Ñ divides ØÑ we conclude that

                                                  ×       ½ ÑÓ      Ñ

Consequently ×        is the inverse of    modulo Ñ.
    In summary, we’ve just established the following result.

Theorem 5. If Ñ       ½ and        ѵ ½ (i.e., and Ñ are relatively prime), then an inverse of
                                    ´
modulo Ñ exists and it is equal to × in the following representation of ´ ѵ ½

                                                      × · ØÑ        ½

which can be found efficiently by the Euclidean algorithm.

Example 12: Let’s find the inverse of ¿ modulo . Since                        ´¿ µ            ½, the inverse exists, and the
Euclidean algorithm gives:
                                                          ¾¡¿·½

hence
                                             ¾ ¡ ¿ · ½ ¡                ½

and the inverse of ¿ modulo     is equal to  ¾.

    We need two more results before we can explain the decryption algorithm of RSA. The first one
goes back to ancient Chinese and Hindu mathematicians and it is known as the Chinese Remainder
Theorem. Here is the problem: let ѽ Ѿ                       Ñ be pairwise relatively prime positive integers.
                                                                Ò


Find a solution Ü modulo Ñ          ѽ Ѿ ¡ ¡ ¡ Ñ of the following system;
                                                      Ò




                                           Ü              ½ ÑÓ Ñ½
                                           Ü              ¾ ÑÓ Ñ¾
                                              .
                                              .
                                              .
                                           Ü              Ò   ÑÓ Ñ      Ò




    We now construct a solution to the above system of congruences. Let us define for                             ½      Ò
                                          Ñ
                               Å                      ѽ ¡ ¡ ¡ Ñ  ½ Ñ            ¡¡¡Ñ
                                          Ñ                                 ·½           Ò




Observe that     ´Å     ѵ      ½. Therefore, by Theorem 5 there exists inverse Ý of Å modulo Ñ ,
that is,
                                           ÅÝ             ½ ÑÓ          Ñ
Let us now define
                         Ü      ½   Ž ݽ · ¾ ž ݾ · ¡ ¡ ¡ ·           Ò   Å Ý ÑÓ Ñ
                                                                                 Ò   Ò                                 (9)

                                                          13
We claim it is a simultaneous solution of the above system modulo Ñ. Indeed, we first observe that
Å       ¼ ÑÓ   Ñ for                . But

                                            Ü          ÅÝ             ÑÓ Ñ
since Å Ý         ½ ÑÓ     Ñ . Thus we have shown that (9) is a simultaneous solution of the above Ò
congruences. This is called the Chinese Remainder Theorem.

Example 13: Solve

                                                   Ü           ¾ ÑÓ ¿
                                                   Ü           ¿ ÑÓ
                                                   Ü           ¾ ÑÓ

We have Ñ      ¿¡     ¡         ½¼ , and Ž        ¿ , ž           ¾½ and Å¿   ½ . We find that ݽ     ¾ is inverse
of Ž     ¿ modulo 3, ݾ             ½ is inverse of ž modulo , and Ý¿          ½ is an inverse of Å¿ modulo .
Thus the solution of the above system of congruences

                                Ü       ¾¡¿      ¡ ¾ · ¿ ¡ ¾½ ¡ ½ · ¾ ¡ ½ ¡ ½ ÑÓ    ½¼
                                        ¾¿¿       ¾¿ ÑÓ ½¼

thus the solution Ü       ¾¿.
    Finally, we quote (without a proof) the Fermat Little Theorem.

Theorem 6. [Fermat’s Little Theorem] If Ô is a prime number and                     is an integers not divisible by
Ô, then
                                                       Ô ½      ½ ÑÓ    Ô
or equivalently
                                                       Ô
                                                                ÑÓ Ô

    Now, we are ready to explain the decryption procedure (7) of the RSA algorithm. We recall that
  is inverse of modulo               ´Ô   ½µ´Õ   ½µ, that is,

                                                               ½ ÑÓ

This implies that there is an integer           such that

                                                               ½·

Therefore by the Fermat theorem

                                    Å       Å ¡ ´Å  ½ µ ´  ½µ
                                                           Ô    Õ
                                                                        Å ¡½    Å ÑÓ Ô

                                                               14
and
                          Å ¡ ´Å  ½ µ ´  ½µ Å ¡ ½ Å ÑÓ Õ
                                     Õ     Ô




since Å Ô ½   ½ ÑÓ Ô and Å  ½ Õ
                                ½ ÑÓ Õ by Fermat’s theorem. But   ´Ô Õ µ   ½, hence it
follows from the Chinese Remainder Theorem that

                                           Å ÑÓ ÔÕ

as desired.




                                               15
Assignment 5.1: Basic Number Theory Problems
Each assignment is worth 10 points.

1. Show that if     and      ¼ are integers such that ´ µ ´ µ, then   .

2. Find the prime factorization of ½¼ .

3. Use the Euclidean algorithm to find

  (a)     ´½ ¾ ½ ¼¿ µ,

  (b)     ´½½½½ ½½½½½µ.

4. Find an inverse of ¾ modulo ½ .

5. Encrypt the message ATTACK using the RSA system with Ò             ¿¡    and      ½¿, translating
each letter into integers (where      ¼¼,      ¼½          ¾ ) and grouping pairs of integers, as we
did in our Example 10.




                                                 16
Solutions to Exercises
Solution to Exercise 5A
   We first prove that if        , then       for all integers . Indeed, since     there must be an integer
such that         ¡   . This implies     ¡      ¡ ¡    , hence      for any integer .
   Now we prove if          and     , then     . From the hypotheses we conclude that there are integers
and Ð such that           and          Ð. Therefore,      Ð      Ð , hence   .




                                                        17

								
To top