Network Security &

Cryptography
Introduction to Number Theory
 Prime Numbers
⮚ prime numbers only have divisors of 1 and self
● they cannot be written as a product of other numbers
● note: 1 is prime, but is generally not of interest
⮚ eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
⮚ prime numbers are central to number theory
⮚ list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
61 67 71 73 79 83 89 97 101 103 107 109 113 127
131 137 139 149 151 157 163 167 173 179 181 191
193 197 199
 Prime Factorization
⮚ to factor a number n is to write it as a product of
other numbers: n=a x b x c
⮚ note that factoring a number is relatively hard
compared to multiplying the factors together to
generate the number
⮚ Fundamental theorem of arithmetic
⮚ Any integer a > 1 can be factored in
where p1 <p2 …< pt are prime numbers and where
each ai is a positive integer.
⮚ the prime factorization of a number n is when it is
written as a product of primes
● eg. 91=7x13 ; 3600=24x32x52
Relatively Prime Numbers & GCD
⮚ two numbers a,b are relatively prime if have
no common divisors apart from 1
● eg. 8 & 15 are relatively prime since factors of 8 are
1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only
common factor
⮚ conversely can determine the greatest common
divisor by comparing their prime factorizations
and using least powers
● eg. 300=21x31x52 18=21x32 hence
GCD(18,300)=21x31x50=6
• Two theorems that play important roles in
public-key cryptography are
• Fermat’s theorem
• Euler’s theorem.
 Fermat's Theorem
Fermat’s theorem states the following:
If p is prime and a is a positive integer not
divisible by p, then
⮚ ap-1 = 1 (mod p)
●where p is prime and gcd(a,p)=1
⮚ also known as Fermat’s Little Theorem
⮚ also have: ap = a (mod p)
⮚ useful in public key and primality testing
 Proof
Consider the set of positive integers less than p: {1, 2,…, p
- 1} and multiply each element by a, modulo p, to get the
set X = {a mod p, 2a mod p, …, (p - 1)a mod p}.
we know that the (p - 1) elements of X are all positive
integers with no two elements equal. We can conclude the
X consists of the set of integers {1, 2, .., p - 1} in some
order.
Multiplying the numbers in both sets (p and X) and taking
the result mod p yields
a * 2a * … * (p - 1)a [(1 * 2 * … * (p - 1)](mod p)
ap-1(p - 1)! (p - 1)! (mod p)
We can cancel the (p - 1)! term because it is relatively
prime to p
 Example:

Example:
 Euler Totient Function ø(n)
⮚ is defined as the number of positive integers less
than n and relatively prime to n.
⮚ when doing arithmetic modulo n
⮚ complete set of residues is: 0..n-1
⮚ reduced set of residues is those numbers
(residues) which are relatively prime to n
● eg for n=10,
● complete set of residues is {0,1,2,3,4,5,6,7,8,9}
● reduced set of residues is {1,3,7,9}
⮚ number of elements in reduced set of residues is
called the Euler Totient Function ø(n)
Example:
 Euler Totient Function ø(n)
⮚ to compute ø(n) need to count number of
residues to be excluded
⮚ in general need prime factorization, but
●for p (p prime) ø(p)=p-1
●for p.q (p,q prime) ø(p.q)=(p-1)x(q-1)
⮚ example
ø(37) = 36
ø(21) = (3–1)x(7–1) = 2x6 = 12
{1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20}.
 Euler's Theorem
⮚ a generalisation of Fermat's Theorem
⮚ aø(n) = 1 (mod n)
●for any a,n where gcd(a,n)=1
⮚ eg.
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11
⮚ also have: aø(n)+1 = a (mod n)
Proof
 Primality Testing
⮚ often need to find large prime numbers
⮚ traditionally sieve using trial division
● ie. divide by all numbers (primes) in turn less than the
square root of the number
● only works for small numbers
⮚ alternatively can use statistical primality tests
based on properties of primes
● for which all primes numbers satisfy property
● but some composite numbers, called pseudo-primes,
also satisfy the property
⮚ can use a slower deterministic primality test
 TWO PROPERTIES OF PRIME NUMBERS
First property:
• If p – prime, a -positive integer <p, then a2 mod
p = 1 only if either a mod p=1 or a mod p= -1 mod p =
p–1
second property:
• p –prime and >2. We can then write p - 1 = 2kq
with k > 0, q-odd.
• Let a, 1 < a < p - 1. Then one of the following
conditions is true.
• 1. aq congruent to 1 mod p. That is, aq mod p = 1,
• 2. any aq, a2q, a4q,…, a2^k – 1 q congruent to -1 mod p. That is,
there is some number j in the range (1<= j <=k) such that
a2^j–1 q mod p = -1mod p=p - 1 or equivalently, a 2^j-1 q=-1(mod p).
 Miller Rabin Algorithm
⮚ a test based on prime properties that result from
Fermat’s Theorem
⮚ algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq
2. Select a random integer a, 1<a<n–1
3. if aq mod n = 1 then return (“inconclusive");
4. for j = 0 to k – 1 do
5. if (a2jq mod n = n-1)
then return(“inconclusive")
6. return (“composite")
Example:
 Probabilistic Considerations
⮚ if Miller-Rabin returns “composite” the number
is definitely not prime
⮚ otherwise is a prime or a pseudo-prime
⮚ chance it detects a pseudo-prime is < 1/4
⮚ hence if repeat test with different random a
then chance n is prime after t tests is:
● Pr(n prime after t tests) = 1-4-t
● eg. for t=10 this probability is > 0.99999
⮚ could then use the deterministic AKS test
• Agrawal, Kayal, and Saxena developed a relatively simple
deterministic algorithm that efficiently determines whether a
given large number is a prime
 Prime Distribution
⮚ prime number theorem states that primes occur
roughly every ln(n) integers
⮚ but can immediately ignore evens
⮚ so in practice need only test 0.5 ln(n) numbers
of size n to locate a prime
● note this is only the “average”
● sometimes primes are close together
● other times are quite far apart

For example, if a prime on the order of magnitude of 2200 were

sought, then about 0.5 ln(2200) = 69 trials would be needed
to find a prime. However, this figure is just an average
 Euclidean algorithm
• For any integers a, b, with a >=b>= 0,
gcd(a, b) = gcd(b, a mod b)
EX: gcd(55, 22) = gcd(22, 55 mod 22) =
gcd(22, 11) = 11
 Extended Euclidean algorithm
• Useful for area of finite fields and in encryption
algorithms such as RSA
• For given integers a and b, the extended Euclidean
algorithm not only calculates GCD d but also two
additional integers x and y that satisfy the following
equation.

Where,x and y will have opposite signs

• Examples:
• Input: a = 30, b = 20
Output: gcd = 10, x = 1, y = -1
(Note that 30*1 + 20*(-1) = 10)
• Input: a = 35, b = 15
Output: gcd = 5, x = 1, y = -2
(Note that 35*1 + 15*(-2) = 5)
Extended Euclidean Algorithm
⮚ calculates not only GCD but x & y:
ax + by = d = gcd(a, b)
⮚ useful for later crypto computations
⮚ follow sequence of divisions for GCD but
assume at each step i, can find x &y:
r = ax + by
⮚ at end find GCD value and also x & y
⮚ if GCD(a,b)=1 these values are inverses
Example, let us use a = 1759 and b = 550 and solve for
1759x + 550y = gcd(1759, 550). Thus, we have
1759 * (-111) + 550 * 355 = -195249 + 195250 = 1

Smallest positive value of ax + by = gcd(a, b).

Chinese Remainder Theorem
⮚ used to speed up modulo computations
⮚ if working modulo a product of numbers
●e.g., mod M, where M = m1m2..mk
⮚ Chinese Remainder theorem lets us work
in each modulus mi separately
⮚ since computational cost is proportional to
size, this is faster than working in the full
modulus M
Chinese Remainder Theorem
⮚ can implement CRT in several ways
⮚ to compute A(mod M)
● first compute all ai = A mod mi separately
● determine constants ci below, where Mi = M/mi
● then combine results to get answer using:
(11,42)=a1M1 M1-1 + a2M2 M2-1 mod M
= 11(49)34 + 42(37)4 mod 1813 =973