CS2800 Number Theory v.9
CS2800 Number Theory v.9
CS 2800
Module
Number Theory
1
The Integers and Division
Of course, you already know what the integers are, and what division is…
2
The divides operator
New notation: 3 | 12
– To specify when an integer evenly divides another integer
– Read as “3 divides 12”
3
Divides, Factor, Multiple
4
Results on the divides operator
If a | b and b | c, then a | c
– Example: if 5 | 25 and 25 | 100, then 5 | 100
5
Divides Relation
Theorem: a,b,c Z:
1. a|0
2. (a|b a|c) a | (b + c)
3. a|b a|bc
4. (a|b b|c) a|c
Proof of (2): a|b means there is an s such that b=as, and a|c means that there is
a t such that c=at, so b+c = as+at = a(s+t), so a|(b+c) also.■
6
More Detailed Version of Proof
Let a, b, c be any integers such that a|b and a|c, and show that a | (b + c).
By defn. of | , we know s: b=as, and
t: c=at. Let s, t, be such integers.
Then b+c = as + at = a(s+t), so
u: b+c=au, namely u=s+t. Thus a|(b+c).
7
Divides Relation
Theorem:
Division Algorithm --- Let a be an integer and d a positive integer. Then
there are unique integers q and r, with 0 ≤r < d, such that a = dq+r.
What are the quotient and remainder when 101 is divided by 11?
a d q r
101 = 11 9 + 2
We write:
q = 9 = 101 div 11
r = 2 = 101 mod 11 10
If a = 7 and d = 3, then q = 2 and r = 1, since 7 = (2)(3) + 1.
If a = −7 and d = 3, then q = −3 and r = 2, since −7 = (−3)(3) + 2.
Proof: (we’ll use the well-ordering property directly that states that every set of
nonnegative integers has a least element.)
a)Existence
We want to show the existence of q and r, with the property that a = dq+r, 0 ≤r <d
Consider the set of non-negative numbers of the form a - dq, where q is an integer.
QED
b) Uniqueness (note standard proof structure)
Suppose
q, Q, R 0 r , R d such that a dq r and a dQ R.
So, R = r.
Note: this is a different use of “” than the meaning “is defined as” used before.
Spiral Visualization of mod
The spiral/circular view is useful
to keep in mind when doing
Example shown: ≡0 modular arithmetic!
modulo-5 (mod 5) 20
arithmetic 15 ≡1
10 (mod 5)
≡ 4 19 5 21
14 16
(mod 5) 9
4 0 11
6
3
1 Congruence classes
2
8 7 modulo 5.
13 12
18 17
22 ≡ 2
≡3
(mod 5) (mod 5)
Theorem:
Let m be a positive integer. The integers a and b are congruent modulo m if and
only if there is an integer k such that a = b + km
18
Even even more on congruence
Example
– We know that 7 ≡ 2 (mod 5) and 11 ≡ 1 (mod 5)
– Thus, 7+11 ≡ (2+1) (mod 5), or 18 ≡ 3 (mod 5)
– Thus, 7*11 ≡ 2*1 (mod 5), or 77 ≡ 2 (mod 5)
19
Applications of Congruences
20
Hashing Functions
21
Hash Functions
Records are identified using a key (k), which uniquely identifies each record.
If you compute the hash of the same data at different times, you should get
the same answer – if not then the data has been modified.
22
Hash Function Requirements
24
Hash Function Requirements
– Given an element bB, the problem of finding an aA such that h(a)=b
should have average-case time complexity of Ω(|B|c) for some c>0.
• This ensures that it would take exponential time in the length of an ID for an
opponent to “fake” a different document having the same ID.
25
A Simple Hash Using mod
Let the domain and codomain be the sets of all natural numbers
below certain bounds:
A = {aN | a < alim}, B = {bN | b < blim}
Because a hash function is not one-to-one (there are more possible keys
than memory locations) more than one record may be assigned to the
same location we call this situation a collision.
One possible way of solving a collision is to assign the first free location
following the occupied memory location assigned by the hashing
function.
30
Pseudorandom numbers
Computers cannot generate truly random numbers – that’s why we call them
pseudo-random numbers!
Choose 4 integers
– Seed x0: starting value
– Modulus m: maximum possible value
– Multiplier a: such that 2 ≤ a < m
– Increment c: between 0 and m
32
Pseudorandom numbers
34
The Caesar cipher
36
Rot13 encoding
Example:
>echo Hello World | rot13
Uryyb Jbeyq
> echo Uryyb Jbeyq | rot13
Hello World
37
Primes and Greatest Common Divisor
Prime numbers
39
Fundamental theorem of arithmetic
Fundamental Theorem of Arithmetic:
Every positive integer greater than 1 can be uniquely written as a prime or as the
product of two or more primes where the prime factors are written in order of
non-decreasing size
Examples
– 100 = 2 * 2 * 5 * 5
– 182 = 2 * 7 * 13
– 29820 = 2 * 2 * 3 * 5 * 7 * 71
In a fundamental sense, primes are the building blocks of the natural numbers.
Fundamental theorem of arithmetic:
Strong Induction
[from before]
Show that if n is an integer greater than 1, then n can be written as the
product of primes.
1 - Hypothesis P(n) - n can be written as the product of primes.
Uniqueness proof,
soon…
QED
Composite factors
QED
Showing a number is prime
Solution
– The only prime factors less than 113 = 10.63 are 2, 3, 5, and 7
– None of these divide 113 evenly
– Thus, by the fundamental theorem of arithmetic, 113 must be prime
43
Showing a number is composite
Solution
– Divide 899 by successively larger primes, starting with 2
– We find that 29 and 31 divide 899
44
On a linux system or in cygwin, enter “factor 899”
>factor 89999999999999999
89999999999999999: 7 7 13 6122449 23076923
Some “random” numbers factored (using “factor”)
12304: 2 2 2 2 769
12304038495: 3 5 7 3109 37691
29485404038495: 5 5897080807699
294854040334945723: 67 2472061 1780217629
29485404033420344: 2 2 2 1109 3323422456427
294854043485472: 2 2 2 2 2 3 151 173 117574409
29485404203484: 2 2 3 101 103 229 1031411
9348492404203484: 2 2 7 23 14516292553111
928439237492742742: 2 13 89 10453 12821 2993831
9284392329378472: 2 2 2 31321 37053384029
9284392329378472323: 3 3 3 307 1120085936708707
Hmm. Apparent pattern of a several small prime factors ending with one or two
very large primes. Real? Still many mysteries in prime number patterns …
Open questions about exact distribution of primes closely related to the main
open problem in math: the Riemann hypothesis concerning distr. of zeros of
the Riemann zeta-function.
Theorem: There are infinitely many primes.
47
Mersenne numbers
Since, 2p-1 grows fast, and there is an extremely efficient test – Lucas-Lehmer
test – for determining if a Mersenne prime is prime
Lucas-Lehmer test
50
Here’s something to work on…
51
9,808,358 digits… that’s close! 52
Also, what special patterns are there (if any) in the digits of prime numbers?
53
The prime number theorem
The ratio of the number of primes not exceeding x and x/ln(x) approaches 1 as x grows
without bound
– Rephrased: the number of prime numbers less than x is approximately x/ln(x)
– Rephrased: the chance of an number x being a prime number is (roughly) 1 / ln(x)
(density: there are n numbers up to n with roughly n/ln(n)
being prime. So, frequency of primes among n numbers is around 1/ln(n).)
– so, less frequent for higher x
Consider 200 digit prime numbers
– ln (10200) 460
– The chance of a 200 digit number being prime is 1/460
– If we only choose odd numbers, the chance is 2/460 = 1/230
So, actually x /(ln x – 1) is better estimate of number of primes .
Greatest common divisor
The greatest common divisor of two integers a and b is the largest integer
d such that d | a and d | b
– Denoted by gcd(a,b)
Examples
– gcd (24, 36) = 12
– gcd (17, 22) = 1
– gcd (100, 17) = 1
Relative primes
Two numbers are relatively prime if they don’t have any common factors
(other than 1)
– Rephrased: a and b are relatively prime if
gcd (a,b) = 1
59
Pairwise relative prime
A set of integers a1, a2, … an are pairwise relatively prime if, for
all pairs of numbers, they are relatively prime
– Formally: The integers a1, a2, … an are pairwise relatively
prime if gcd(ai, aj) = 1 whenever 1 ≤ i < j ≤ n.
60
More on gcd’s
Suppose a and b are the natural numbers whose gcd has to be determined.
And suppose the remainder of the division of a by b is r. Therefore
a = qb + r where q is the quotient of the division.
Any common divisor of a and b is also a divisor of r. To see why this is
true, consider that r can be written as r = a − qb. Now, if there is a
common divisor d of a and b such that a = sd and b = td, then
r = (s−qt)d. Since all these numbers, including s−qt, are whole
numbers, it can be seen that r is divisible by d.
The above analysis is true for any divisor d; thus, the greatest common
divisor of a and b is also the greatest common divisor of b and r.
Euclidean Algorithm
68
Base-b number systems
n = ak bk + ak-1 bk-1 + … + a1 b + a0
(Proof by induction)
70
Bases of Particular Interest
74
N=25 in binary?
N 25
a0 25 mod 2 1 So, we have 25 in binary
N 25 / 2 12 is 11001.
a1 12 mod 2 0
N 12 / 2 6
a2 6 mod 2 0
N 6 / 2 3
a 3 3 mod 2 1
N 3 / 2 1
a4 1 mod 2 1
N= 23670 in hexadecimal?
23670 mod 16 = 6;
6
76
Addition of Integers
in Binary Notation
As you have known since grade 1 or before … Correctness
proof?
procedure add (a,b:positive integers)
c := 0
for j := 0 to n - 1 Complexity? (#additions)
begin
d := (aj + bj + c) / 2 O(n),
sj := aj + bj + c - 2d where n is number of bits!
c := d (log of the size of the
end number)
sj := c
{the binary expansion of the sum is (sn sn-1 . . . s0 )2 }
Problem solved?
Crucially, we can do the mod m operations as we go along,
because of the various identity laws of modular arithmetic.
– All the numbers stay small.
11
Example: 3 Note: 11 = (1011)2
2 4 2k 1
b mod m, b mod m, b mod m, , b mod m,
2j
multiplyin g together the terms b mod m, where a j 1
Modular Exponentiation
82
Example: 3644 mod 645
Lemma 1:
a,b,c>0: gcd(a,b)=1 and a | bc, then a|c
Lemma 2:
– If p is prime and p|a1a2…an (integers ai),
then i: p|ai.
Theorem 2:
– If ac ≡ bc (mod m) and gcd(c,m)=1,
then a ≡ b (mod m).
Proof of Theorem 1
Note: From Euclid theorem, we know that gcd(a,b) = gcd(b,c) if c = a mod b, in which
case a = kb +c for some integer k, so c = a − kb.
With b<a and c<b (see base case below for boundary cases), by the inductive
hypothesis (strong induction), we can assume that uv: gcd(b,c) = ub +vc.
Substituting for c, this is ub+v(a−kb), which we can
regroup to get va + (u−vk)b. So, now let s = v, and let t = u−vk, and we’re done with
induction step.
Base case?
The base case is solved by considering: s = 1, t = 0, which works for gcd(a,0),
or if a=b originally. QED
Example:
gcd(252,198) = 18.
252 = 1 198 + 54
198 = 3 54
198+ 36
+ 54
54 = 1 36 +18
36 = 2 18
Theorem 3: If gcd(a,m)=1 and m>1, then a has a unique (modulo m) inverse a′.
9=2 4+1
-2 4 + 1 9 = 1
Since we know that -2 is an inverse for 4 mod 9, we can multiply both sides of the linear
congruence:
-2 4x ≡ -2 5 (mod 9)
m = 357 = 105
M1 = m/3 = 105/3 = 35; 2 is an inverse of M1 = 35 (mod 3) (since 35x2≡1 (mod 3)
M2 = m/5 = 105/5 = 21; 1 is an inverse of M2 = 21 (mod 5) (since 21x1≡1 (mod 5)
M3 = m/7 = 15; 1 is an inverse of M3 = 15 (mod 7) (since 15x1≡1 (mod 7)
So answer: 23
So, we’re solving equations in modular arithmetic.
Computer Arithmetic w. Large Ints
To find the sum we just have to solve the system of linear congruences:
x ≡ 65 (mod99)
x ≡ 2 (mod98)
x ≡ 51 (mod97)
x ≡ 10 (mod95)
Solution: 537,140
“Bigger” Example
For example, the following numbers are relatively prime:
m1 = 225−1 = 33,554,431 = 31 · 601 · 1,801
m2 = 227−1 = 134,217,727 = 7 · 73 · 262,657
m3 = 228−1 = 268,435,455 = 3 · 5 · 29 · 43 · 113 · 127
m4 = 229−1 = 536,870,911 = 233 · 1,103 · 2,089
m5 = 231−1 = 2,147,483,647 (prime)
Recall:
107
108
Carmichael numbers
These numbers are important since they fool the Fermat primality test:
They are “Fermat liars”.
Alice and Bob have never met but they would like to
exchange a message. Eve would like to eavesdrop.
In private key cryptosystems, the same secret “key” string is used to both encode and
decode messages.
– This raises the problem of how to securely communicate the key strings.
In public key cryptosystems, instead there are two complementary keys.
– One key decrypts the messages that the other one encrypts.
This means that one key (the public key) can be made public, while the other (the
private key) can be kept secret from everyone.
– Messages to the owner can be encrypted by anyone using the public key, but can only
be decrypted by the owner using the private key.
• Like having a private lock-box with a slot for messages.
– Or, the owner can encrypt a message with the private key, and then anyone can decrypt
it, and know that only the owner could have encrypted it.
• This is the basis of digital signature systems.
Encode:
C = Me (mod n)
M is the plaintext; C is ciphertext
n = pq with p and q large primes (e.g. 200 digits long!)
e is relative prime to (p-1)(q-1)
Decode:
Cd = M (mod pq)
d is inverse of e modulo (p-1)(q-1)
Encode:
C = Me (mod n)
M is the plaintext; C is ciphertext
n = pq with p and q large primes (e.g. 200 digits long!)
e is relative prime to (p-1)(q-1)
Ex: Encode “STOP” using RSA, with p=43;q=59 therefore n=4359=2537, e =13;
(note that gcd(e,(p-1),(q-1)) = gcd(13,4258)=1)
0981 937 mod 2537= 0704 and 0461 937 mod 2537 = 1115
So the decoded message is 0704 1115
07 H
04 E
11 L
15 P
118
Why RSA Works