CS800- Foundation of Cryptography

(Elective-I)- Module-I

Dr. Modi Chirag N

cnmodi@nitgoa.ac.in
 Module-I
Mathematical preliminaries:
Number theory and algebra
Finite fields

03/14/2025 Chirag N. Modi 2

 Number theory
The set of integers {. . . , −3, −2, −1,0,1,2,3, . . .} is denoted by
the symbol Z.
(division algorithm for integers) If a and b are integers with b ≥
1, then ordinary long division of a by b yields integers q (the
quotient) and r (the remainder) such that a = qb + r, where 0 ≤ r
< b.
Moreover, q and r are unique. The remainder of the division is
denoted a mod b, and the quotient is denoted a div b.
An integer c is a common divisor of a and b if c|a and c|b
A non-negative integer d is the greatest common divisor of
integers a and b, denoted d = gcd(a, b), if
(i) d is a common divisor of a and b; and
(ii) whenever c|a and c|b, then c|d.

03/14/2025 Chirag N. Modi 3

 Number theory
The common divisors of 12 and 18 are {±1, ±2, ±3, ±6},and
gcd(12, 18) = 6
A non-negative integer d is the least common multiple of
integers a and b, denoted d = lcm(a, b), if
(i) a|d and b|d; and
(ii) whenever a|c and b|c, then d|c.
Equivalently, lcm(a, b) is the smallest non-negative integer
divisible by both a and b
If a and b are positive integers, then lcm(a, b) = a · b/ gcd(a, b)
Since gcd(12, 18) = 6, it follows that lcm(12, 18) = 12 · 18/6 = 36
Two integers a and b are said to be relatively prime or coprime
if gcd(a, b) = 1

03/14/2025 Chirag N. Modi 4

 Number theory
An integer p ≥ 2 is said to be prime if its only positive divisors
are 1 and p. Otherwise, p is called composite.
Every integer n ≥ 2 has a factorization as a product of prime
powers:

where the pi are distinct primes, and the ei are positive

integers.
If where each ei ≥ 0 and fi ≥ 0,
then

03/14/2025 Chirag N. Modi 5

 Number theory
If a and b are integers, then a is said to be congruent to b modulo n, written
a ≡ b (mod n), if n divides (a−b). The integer n is called the modulus of the
congruence.
Example
(i) 24 ≡ 9 (mod 5) since 24 − 9 = 3 · 5.
(ii) −11 ≡ 17 (mod 7) since −11 − 17 = −4 · 7.
(properties of congruences) For all a, a1, b, b1, c ∈ Z, the following are true.
(i) a ≡ b (mod n) if and only if a and b leave the same remainder when
divided by n.
(ii) (reflexivity) a ≡ a (mod n).
(iii) (symmetry) If a ≡ b (mod n) then b ≡ a (mod n).
(iv) (transitivity) If a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n).
(v) If a ≡ a1 (mod n) and b ≡ b1 (mod n), then a + b ≡ a1 + b1 (mod n) and
ab ≡ a1b1 (mod n).

03/14/2025 Chirag N. Modi 6

 Number theory
The integers modulo n, denoted Zn, is the set of (equivalence
classes of) integers {0,1,2, . . . , n − 1}. Addition, subtraction,
and multiplication in Zn are performed modulo n.
Z25 = {0,1,2, . . . ,24}. In Z25, 13 + 16 = 4, since 13 + 16 = 29 ≡ 4
(mod 25). Similarly, 13 · 16 = 8 in Z25 .
Let a ∈ Zn. The multiplicative inverse of a modulo n is an
integer x ∈ Zn such that ax ≡ 1 (mod n). If such an x exists, then
it is unique, and a is said to be invertible, or a unit; the inverse
of a is denoted by a−1.
Let a, b ∈ Zn. Division of a by b modulo n is the product of a
and b−1 modulo n, and is only defined if b is invertible modulo n
Let a ∈ Zn. Then a is invertible if and only if gcd(a, n) = 1

03/14/2025 Chirag N. Modi 7

 Number theory
The invertible elements in Z9 are 1, 2, 4, 5, 7, and 8
For example, 4−1 = 7 because 4 · 7 ≡ 1 (mod 9)
Let d = gcd(a, n). The congruence equation ax ≡ b (mod n) has a
solution x if and only if d divides b, in which case there are
exactly d solutions between 0 and n − 1; these solutions are all
congruent modulo n/d
(Chinese remainder theorem, CRT) If the integers n1, n2, . . , nk
are pairwise relatively prime, then the system of simultaneous
congruences
x ≡ a1 (mod n1)
x ≡ a2 (mod n2)
...
x ≡ ak (mod nk)
has a unique solution modulo n = n1n2 · · · nk.
03/14/2025 Chirag N. Modi 8
 Number theory
(Gauss’s algorithm) The solution x to the simultaneous
congruences in the
k
Chinese remainder theorem may be
computed as x =  ai Ni Mi mod n,
i 1

where Ni = n/ni and Mi = Ni−1 mod ni. These computations can

be performed in O((lg n)2) bit operations.

The pair of congruences x ≡ 3 (mod 7), x ≡ 7 (mod 13) has a

unique solution x ≡ 59 (mod 91)

If gcd(n1, n2) = 1, then the pair of congruences x ≡ a (mod n1),

x ≡ a (mod n2) has a unique solution x ≡ a (mod n1n2)

03/14/2025 Chirag N. Modi 9

 Number theory
The multiplicative group of Zn is Z∗n = {a ∈ Zn | gcd(a, n) = 1}.
In particular, if n is a prime, then Z∗n = {a | 1 ≤ a ≤ n − 1}
The order of Z∗n is defined to be the number of elements in
Z∗n, namely |Z∗ n|
It follows from the definition of the Euler phi function that
| Z∗n | = φ(n). Note also that if a ∈ Z∗n and b ∈ Z∗n, then a · b
∈ Z∗n, and so Z∗n is closed under multiplication.

Euler Phi Function: For n ≥ 1, let φ(n) denote the number of

integers in the interval [1, n] which are relatively prime to n.
The function φ is called the Euler phi function (or the Euler
totient function)

03/14/2025 Chirag N. Modi 10

 Number theory
Fact Let n ≥ 2 be an integer.
(i) (Euler’s theorem) If a ∈ Z∗n , then aφ(n) ≡ 1 (mod n).
(ii) If n is a product of distinct primes, and if r ≡ s (mod φ(n)),
then ar ≡ as (mod n) for all integers a.
In other words, when working modulo such an n, exponents
can be reduced modulo φ(n).
A special case of Euler’s theorem is Fermat’s (little) theorem
Fact Let p be a prime.
(i) (Fermat’s theorem) If gcd(a, p) = 1, then ap−1 ≡ 1 (mod p).
(ii) If r ≡ s (mod p − 1), then ar ≡ as (mod p) for all integers a.
In other words, when working modulo a prime p, exponents
can be reduced modulo p − 1.
(iii) In particular, ap ≡ a (mod p) for all integers a.

03/14/2025 Chirag N. Modi 11

 Number theory
Let a ∈ Z∗n. The order of a, denoted ord(a), is the least positive
integer t such that at ≡ 1 (mod n).
If the order of a ∈ Z∗n is t, and as ≡ 1 (mod n), then t divides s.
In particular, t|φ(n).
Let n = 21. Then Z∗21 = {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20}.
Note that φ(21) = φ(7)φ(3) = 12 = | Z∗21|
Find the orders of elements in Z∗21

03/14/2025 Chirag N. Modi 12

 Number theory
Let α ∈ Z∗n. If the order of α is φ(n), then α is said to be a
generator or a primitive element of Z∗n.
If Z∗n has a generator, then Z∗n is said to be cyclic
Fact (properties of generators of Z∗n)
(i) Z∗n has a generator if and only if n = 2, 4, pk or 2pk, where p
is an odd prime and k ≥ 1. In particular, if p is a prime, then Z∗p
has a generator.
(ii) If α is a generator of Z∗ n, then Z∗ n = {αi mod n | 0 ≤ i ≤ φ(n)
− 1}.
(iii) Suppose that α is a generator of Z∗ n. Then b = αi mod n is
also a generator of Z∗ n if and only if gcd(i, φ(n)) = 1. It follows
that if Z∗n is cyclic, then the number of generators is φ(φ(n)).
(iv) α ∈ Z∗n is a generator of Z∗n if and only if αφ(n)/p is not
congruent to 1 (mod n) for each prime divisor p of φ(n).
03/14/2025 Chirag N. Modi 13
 Number theory
Z∗ 21 is not cyclic since it does not contain an element of order φ(21)
= 12; note that 21 does not satisfy the condition of Fact
On the other hand, Z∗ 25 is cyclic, and has a generator α = 2
Let a ∈ Z∗ n. a is said to be a quadratic residue modulo n, or a square
modulo n, if there exists an x ∈ Z∗ n such that x2 ≡ a (mod n). If no
such x exists, then a is called a quadratic non-residue modulo n.
The set of all quadratic residues modulo n is denoted
_
by Qn and the set of all quadratic non-residues is denoted by Qn
Let p be an odd prime and let α be a generator of Z∗p. Then a ∈ Z∗p
is a quadratic residue modulo p if and only if a = αi mod p, where i is
an even integer.
_
It follows that|Qp| = (p − 1)/2 and |Qn| = (p − 1)/2; that is, half of the
elements in Z∗p are quadratic residues and the other half are
quadratic non-residues

03/14/2025 Chirag N. Modi 14

 Number theory
_
α = 6 is a generator of Z 13. Q13 and Q13 ?
∗

_
Hence Q13 = {1, 3, 4, 9, 10, 12} and Q13 = {2, 5, 6, 7, 8, 11}
Let n be a product of two distinct odd primes p and q, n = pq.
Then a ∈ Z∗ n is a quadratic residue modulo n if and only if a ∈
Qp and a ∈ Qq. It follows that |Qn| = |Qp|·|Qq| = (p − 1)(q −
1)/4 and |Qn | = 3(p − 1)(q − 1)/4.
_

Let n = 21. Then Q21 = {1, 4, 16} and Q_21= {2, 5, 8, 10, 11, 13, 17,
19, 20}
Let a ∈ Qn. If x ∈ Z∗ n satisfies x2 ≡ a (mod n), then x is called a
square root of a modulo n
03/14/2025 Chirag N. Modi 15
 Number theory
Fact (number of square roots)
(i) If p is an odd prime and a ∈ Qp, then a has exactly two
square roots modulo p.
(ii) More generally, let n = p1e1p2e2 · · · pkek where the pi are
distinct odd primes and ei ≥ 1. If a ∈ Qn, then a has precisely 2k
distinct square roots modulo n.

The square roots of 12 modulo 37 are 7 and 30. The square

roots of 121 modulo 315 are 11, 74, 101, 151, 164, 214, 241,
and 304.

03/14/2025 Chirag N. Modi 16

 Group
A set of objects, along with a binary operation on the elements
of the set, must satisfy the following four properties if the set
wants to be called a group:

Closure: if a and b are in the set, then the element a ◦ b = c is

also in the set. The symbol ◦ denotes the operator for the
desired operation

Associativity: (a ◦ b) ◦ c = a ◦ (b ◦ c).

Existence of a unique identity element: An element i would be

called an identity element if for every a in the set, we have a ◦ i
=a
03/14/2025 Chirag N. Modi 17
 Group
An inverse element for each element: For every a in the set,
the set must also contain an element b such that a ◦ b = i
assuming that i is the identity element

In general, a group is denoted by {G, ◦} where G is the set of

objects and ◦ the operator

Instead of denoting the group operator as ‘◦’, we may denote it

by ‘+’ even when the operator has nothing whatsoever to do
with arithmetic addition

03/14/2025 Chirag N. Modi 18

 Infinite Groups vs. Finite Groups
Infinite groups, meaning groups based on sets of infinite size,
are rather easy to imagine. For example:

The set of all integers — positive, negative, and zero — along

with the operation of arithmetic addition
For a given value of N, the set of all N ×N matrices over real
numbers under the operation of matrix addition
The set of all even integers — positive, negative, and zero —
under the operation of arithmetic addition
The set of all 3×3 nonsingular matrices, along with the matrix
multiplication as the operator, forms a group

But what about finite groups?

03/14/2025 Chirag N. Modi 19
 Infinite Groups vs. Finite Groups
Let Sn = <1,2,….n>.

Let’s now consider the set of all permutations of the sequence

Sn. Denote this set by Pn. Each element of the set Pn stands for a
permutation <p1,p2,p3,…pn> of the sequence Sn

What is the size of the set Pn?

03/14/2025 Chirag N. Modi 20

 Infinite Groups vs. Finite Groups
Let Sn = <1,2,….n>.

Let’s now consider the set of all permutations of the sequence

Sn. Denote this set by Pn. Each element of the set Pn stands for a
permutation <p1,p2,p3,…pn> of the sequence Sn

What is the size of the set Pn?

03/14/2025 Chirag N. Modi 21