Foundations of Cryptography

Similar documents
SOLUTIONS TO PROBLEM SET 5. Section 9.1

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

NUMBER THEORY AMIN WITNO

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

L29&30 - RSA Cryptography

x 8 (mod 15) x 8 3 (mod 5) eli 2 2y 6 (mod 10) y 3 (mod 5) 6x 9 (mod 11) y 3 (mod 11) So y = 3z + 3u + 3w (mod 990) z = (990/9) (990/9) 1

Discrete Square Root. Çetin Kaya Koç Winter / 11

Assignment 2. Due: Monday Oct. 15, :59pm

Primitive Roots. Chapter Orders and Primitive Roots

Solutions for the Practice Questions

Data security (Cryptography) exercise book

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

PT. Primarity Tests Given an natural number n, we want to determine if n is a prime number.

MTH 3527 Number Theory Quiz 10 (Some problems that might be on the quiz and some solutions.) 1. Euler φ-function. Desribe all integers n such that:

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

Introduction to Modular Arithmetic

Math 255 Spring 2017 Solving x 2 a (mod n)

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

1.6 Congruence Modulo m

CHAPTER 2. Modular Arithmetic

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

Discrete Math Class 4 ( )

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

The Chinese Remainder Theorem

Number Theory/Cryptography (part 1 of CSC 282)

Modular Arithmetic. claserken. July 2016

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Applications of Fermat s Little Theorem and Congruences

Diffie-Hellman key-exchange protocol

Two congruences involving 4-cores

The Chinese Remainder Theorem

ON THE EQUATION a x x (mod b) Jam Germain

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Solutions for the Practice Final

LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI

Math 412: Number Theory Lecture 6: congruence system and

A REMARK ON A PAPER OF LUCA AND WALSH 1. Zhao-Jun Li Department of Mathematics, Anhui Normal University, Wuhu, China. Min Tang 2.

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Implementation / Programming: Random Number Generation

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

MATH 135 Algebra, Solutions to Assignment 7

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Math 319 Problem Set #7 Solution 18 April 2002

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Math 127: Equivalence Relations

by Michael Filaseta University of South Carolina

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Carmen s Core Concepts (Math 135)

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

University of British Columbia. Math 312, Midterm, 6th of June 2017

Distribution of Primes

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Introduction to Number Theory 2. c Eli Biham - November 5, Introduction to Number Theory 2 (12)

Zhanjiang , People s Republic of China

Goldbach Conjecture (7 th june 1742)

Modular Arithmetic: refresher.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Is 1 a Square Modulo p? Is 2?

DUBLIN CITY UNIVERSITY

An elementary study of Goldbach Conjecture

MAT Modular arithmetic and number theory. Modular arithmetic

MT 430 Intro to Number Theory MIDTERM 2 PRACTICE

EE 418: Network Security and Cryptography

Numbers (8A) Young Won Lim 5/22/17

Number Theory. Konkreetne Matemaatika

Numbers (8A) Young Won Lim 6/21/17

Numbers (8A) Young Won Lim 5/24/17

Modular Arithmetic. Kieran Cooney - February 18, 2016

SOLUTIONS FOR PROBLEM SET 4

Number Theory and Public Key Cryptography Kathryn Sommers

Fermat s little theorem. RSA.

Solutions for the 2nd Practice Midterm

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Number-Theoretic Algorithms

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Problem Set 6 Solutions Math 158, Fall 2016

LUCAS-SIERPIŃSKI AND LUCAS-RIESEL NUMBERS

PRIMES IN SHIFTED SUMS OF LUCAS SEQUENCES. Lenny Jones Department of Mathematics, Shippensburg University, Shippensburg, Pennsylvania

Goldbach conjecture (1742, june, the 7 th )

Chapter 4 Cyclotomic Cosets, the Mattson Solomon Polynomial, Idempotents and Cyclic Codes

ORDER AND CHAOS. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

Introduction to Cryptography CS 355

Cryptography, Number Theory, and RSA

THE NUMBER OF PERMUTATIONS WHICH FORM ARITHMETIC PROGRESSIONS MODULO m

Power = 36² mod 99 Power = 9 5 a 5 = 0 x = 81 Power = 9² mod 99 Power = 81 6 a 6 = 1 x = 81 x 81 mod 99 x = 27 7 a 7 = 1 x = 27 x 27 mod 99 x = 36

Wilson s Theorem and Fermat s Theorem

Classical Cryptography

A STUDY OF EULERIAN NUMBERS FOR PERMUTATIONS IN THE ALTERNATING GROUP

Practice Midterm 2 Solutions

Modular Arithmetic and Doomsday

Number Theory for Cryptography

Number Theory. Applications of Congruences. Francis Joseph Campena Mathematics Department De La Salle University-Manila

Algorithmic Number Theory and Cryptography (CS 303)

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Transcription:

Foundations of Cryptography Ville Junnila viljun@utu.fi Department of Mathematics and Statistics University of Turku 2015 Ville Junnila viljun@utu.fi Lecture 10 1 of 17

The order of a number (mod n) Definition 3.1 Let a, n Z be such that gcd(a, n) = 1 and n 1. The order of a number a (mod n) is the smallest positive integer k such that a k 1 (mod n), i.e., the order of a Z n. We denote k = ord n (a). We also say that a belongs to the exponent k (mod n). Ville Junnila viljun@utu.fi Lecture 10 2 of 17

The order of a number (mod n) Theorem 3.5 Let a, m, n, r, s Z be such that gcd(a, n) = 1, n 1 and m, r, s 0, and denote k = ord n (a). Then the following hold: 1 k ϕ(n), 2 a r a s (mod n) r s (mod k), 3 a r 1 (mod n) r 0 (mod k), 4 1, a, a 2,..., a k 1 are non-congruent modulo n and 5 ord n (a m ) = k/ gcd(k, m). Ville Junnila viljun@utu.fi Lecture 10 3 of 17

The order of a number (mod n) Definition 3.2 If ord n (a) = ϕ(n), i.e., Z n is a cyclic group generated by a, then a is called the primitive root modulo n. Theorem 3.6 If a is a primitive root modulo n, then all the primitive roots modulo n are a m, where 1 m ϕ(n) and gcd(m, ϕ(n)) = 1. Therefore, there are ϕ(ϕ(n)) non-congruent primitive roots modulo n. Ville Junnila viljun@utu.fi Lecture 10 4 of 17

Primitive roots modulo p P Let p be a prime. In what follows, we consider the following question: How many non-congruent numbers a belong to a given exponent k, i.e., ord p (a) = k. Recall that k (p 1) since ϕ(p) = p 1. If a belongs to the exponent k modulo p, then a is a root of the congruence x k 1 (mod p). (1) Theorem 3.7 If ord p (a) = k, then the number of non-congruent roots of congruence (1) is k. The numbers are the non-congruent roots. 1, a, a 2,..., a k 1 (2) Ville Junnila viljun@utu.fi Lecture 10 5 of 17

Primitive roots modulo p P Theorem 3.8 Let p be a prime. 1 If k (p 1), then there exist ϕ(k) non-congruent numbers that belong to exponent k modulo p. If a is one of those, then a m, where 1 m k 1 and gcd(m, k 1) = 1, are the other numbers belonging to the exponent k. 2 Thus, there exist ϕ(p 1) non-congruent primitive roots modulo p. If a is one of those, then a m, where 1 m p 1 and gcd(m, p 1) = 1, are the other numbers belonging to the exponent p 1, i.e., the primitive roots modulo p. Example By the previous example, the primitive roots modulo 19 are 3 1, 3 5, 3 7, 3 11, 3 13, 3 17 3, 15, 2, 10, 14, 13 (mod 19). Ville Junnila viljun@utu.fi Lecture 10 6 of 17

Primitive roots modulo p P Remark For calculations, we are often interested in the smallest possible primitive roots. Usually quite small ones indeed exist. Example The smallest primitive root modulo 19 is 2. Remark It can be shown that a primitive root modulo n exists if and only if n = 1, 2, 4, p t or 2p t, where p is an odd prime and t is a positive integer. Ville Junnila viljun@utu.fi Lecture 10 7 of 17

Primitive roots modulo p P Theorem 3.9 An integer n > 1 is a prime if and only if there exists an integer x such that x n 1 1 (mod n) and for all prime factors q of n 1 we have x (n 1)/q 1 (mod n). Remark Previous theorem can be used for primality testing. Although it is difficult to find the prime factors of n 1 in general, we may choose n in such a way that the factors are known. As the primitive root modulo a prime is usually small, a number satisfying the conditions of the theorem can be quickly found. Example Let us show that n = 2 8 + 1 = 257 is a prime number. Ville Junnila viljun@utu.fi Lecture 10 8 of 17

Primitive roots modulo p P Remark By Theorem 3.9, there exists primitive root modulo p P as ϕ(p 1) 1. Definition 3.3 Let p be a prime, r a primitive root modulo p and a an integer such that p a. An integer i such that 0 i p 2 and r i a (mod p) is called the index of a to the base r modulo p. We denote i = ind r a. Ville Junnila viljun@utu.fi Lecture 10 9 of 17

Primitive roots modulo p P Example Consider the indices to the base 3 modulo 19. We have k 3 k (mod 19) k 3 k (mod 19) 0 1 10 16 1 3 11 10 2 9 12 11 3 8 13 14 4 5 14 4 5 15 15 12 6 7 16 17 7 2 17 13 8 6 18 1 9 18 Ville Junnila viljun@utu.fi Lecture 10 10 of 17

Primitive roots modulo p P Example Consider the indices to the base 3 modulo 19. We have k ind 3 (k) k ind 3 (k) 1 0 10 11 2 7 11 12 3 1 12 15 4 14 13 17 5 4 14 13 6 8 15 5 7 6 16 10 8 3 17 16 9 2 18 9 Ville Junnila viljun@utu.fi Lecture 10 11 of 17

Primitive roots modulo p P Theorem 3.10 Let r be a primitive root modulo p, p a and p b. Now ind r (ab) ind r a + ind r b (mod p 1) and, for any n N, ind r (a n ) n ind r a (mod p 1) Example Apply the previous theorem to ind 3 (15). Ville Junnila viljun@utu.fi Lecture 10 12 of 17

Quadratic Residues Remark Let a, n Z. Then, by Exercise 1.5, we have gcd(a, n) = gcd(a, n a) = gcd(a + (n a), n a) = gcd(n, n a). Therefore, if a Z n, i.e., gcd(a, n) = 1, then n a = a Z n. Thus, we have Z n = {±a 1 a n 2 and gcd(a, n) = 1}. Ville Junnila viljun@utu.fi Lecture 10 13 of 17

Quadratic Residues Definition (mth root) Let a R. If there exists x R such that x m = a, then we say that x is mth root of a and denote m a = x. Definition (square root) Let a R. If there exists x R such that x 2 = a, then we say that x is square root of a and denote a = x. Ville Junnila viljun@utu.fi Lecture 10 14 of 17

Quadratic Residues Definition (mth root modulo n) Let n N + and a Z n. If there exists x Z n such that x m = a, then we say that a is mth power residue modulo n. Definition (square root modulo n) Let n N + and a Z n. If there exists x Z n such that x 2 = a, then we say that a is quadratic residue modulo n. Ville Junnila viljun@utu.fi Lecture 10 15 of 17

Quadratic Residues Definition 4.1 Let a, n Z be such that n 1 and gcd(a, n) = 1. If there exists x Z such that x 2 a (mod n), then we say that a is a quadratic residue (QR) modulo n. Otherwise, a is a quadratic non-residue (QNR) modulo n. Example 4.1 Determine the QRs and QNRs modulo 9. Ville Junnila viljun@utu.fi Lecture 10 16 of 17

Quadratic Residues Theorem 4.1 Let p > 2 be a prime and r a primitive root modulo p. If p a, then 1 a is a QR modulo p if and only if ind r a is even and 2 a is a QNR modulo p if and only if ind r a is odd. The number of QRs and QNRs both are (p 1)/2. Example Consider QRs and QNRs modulo 19 P. Example Consider QRs and QNRs modulo 15 / P. Ville Junnila viljun@utu.fi Lecture 10 17 of 17

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback