Introduction to Modular Arithmetic

Similar documents
L29&30 - RSA Cryptography

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

CHAPTER 2. Modular Arithmetic

Carmen s Core Concepts (Math 135)

NUMBER THEORY AMIN WITNO

Data security (Cryptography) exercise book

Math 127: Equivalence Relations

Algorithmic Number Theory and Cryptography (CS 303)

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

Algorithmic Number Theory and Cryptography (CS 303)

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

MAT Modular arithmetic and number theory. Modular arithmetic

Solutions for the Practice Questions

Number Theory. Konkreetne Matemaatika

Math 255 Spring 2017 Solving x 2 a (mod n)

ALGEBRA: Chapter I: QUESTION BANK

1.6 Congruence Modulo m

Applications of Fermat s Little Theorem and Congruences

Number Theory/Cryptography (part 1 of CSC 282)

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Fermat s little theorem. RSA.

DUBLIN CITY UNIVERSITY

Modular Arithmetic. Kieran Cooney - February 18, 2016

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Primitive Roots. Chapter Orders and Primitive Roots

Modular Arithmetic. claserken. July 2016

Solutions for the Practice Final

Assignment 2. Due: Monday Oct. 15, :59pm

Wilson s Theorem and Fermat s Theorem

Discrete Math Class 4 ( )

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Foundations of Cryptography

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Practice Midterm 2 Solutions

Public Key Encryption

Final exam. Question Points Score. Total: 150

1 = 3 2 = 3 ( ) = = = 33( ) 98 = = =

Application: Public Key Cryptography. Public Key Cryptography

Cryptography, Number Theory, and RSA

Numbers (8A) Young Won Lim 5/24/17

Number-Theoretic Algorithms

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Numbers (8A) Young Won Lim 6/21/17

Numbers (8A) Young Won Lim 5/22/17

Diffie-Hellman key-exchange protocol

University of British Columbia. Math 312, Midterm, 6th of June 2017

Modular arithmetic Math 2320

1 Introduction to Cryptology

Modular Arithmetic: refresher.

Classical Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Solutions for the 2nd Practice Midterm

Number Theory and Security in the Digital Age

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

An elementary study of Goldbach Conjecture

Groups, Modular Arithmetic and Geometry

Public Key Cryptography

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

MODULAR ARITHMETIC II: CONGRUENCES AND DIVISION

MAT199: Math Alive Cryptography Part 2

Math 412: Number Theory Lecture 6: congruence system and

SOLUTIONS FOR PROBLEM SET 4

MA/CSSE 473 Day 9. The algorithm (modified) N 1

6.2 Modular Arithmetic

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Math 319 Problem Set #7 Solution 18 April 2002

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

ON THE EQUATION a x x (mod b) Jam Germain

EE 418 Network Security and Cryptography Lecture #3

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

Distribution of Primes

The number theory behind cryptography

Sheet 1: Introduction to prime numbers.

Two congruences involving 4-cores

SESAME Modular Arithmetic. MurphyKate Montee. March 2018 IN,Z, We think numbers should satisfy certain rules, which we call axioms:

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Modular Arithmetic and Doomsday

EE 418: Network Security and Cryptography

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

Implementation / Programming: Random Number Generation

Congruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

Goldbach Conjecture (7 th june 1742)

17. Symmetries. Thus, the example above corresponds to the matrix: We shall now look at how permutations relate to trees.

The Chinese Remainder Theorem

THE NUMBER OF PERMUTATIONS WHICH FORM ARITHMETIC PROGRESSIONS MODULO m

Transcription:

1 Integers modulo n 1.1 Preliminaries Introduction to Modular Arithmetic Definition 1.1.1 (Equivalence relation). Let R be a relation on the set A. Recall that a relation R is a subset of the cartesian product A A (R A A). The relation R is called an equivalence relation if it is reflexive, transitive, and symmetric as following: Reflexive For all a A, (a, a) R ( Every element is related to itself ). Symmetric For all a, b A, if (a, b) R, then (b, a) R ( If a is related to b, then b is related to a ). Transitive For all a, b, c A, if (a, b) R and (b, c) R, then (a, c) R ( If a is related to b and b is related to c, then a must also be related to c ). Sometimes (a, b) R is denoted by arb. Remark 1.1.1. Remember that an equivalence relation on a set A partitions the set A into so-called equivalence classes. In an equivalence class, every element is related only to the other elements in its equivalence class. Definition 1.1.2 (Sets of integers). Let Z ( Zahlen, German for numbers ) denote the set of all integers including positive and negative integers as well as 0. Let Z + denote the set of positive integers, not including 0; i.e. Z + = {x Z x > 0}. Let N denote the set of non-negative integers; i.e. N = Z + {0}. 1.2 Division Algorithm Definition 1.2.1 (Division). Let a and b be integers. a divides b if b = an for some integer n. In other words, b is a multiple of a. This is denoted by a b. Definition 1.2.2 (Greatest common divisor). Let a and b be integers. An integer d is the greatest common divisor of a and b or d = gcd(a, b) if (a) d a and d b (d is a divisor of a and b). (b) For every integer e such that e a and e b, d e (d is greater or equal to every common divisor of a and b). As the name says, the gcd(a, b) is the greatest integer that divides both a and b. For example, gcd(40, 12) = 4. Proposition 1.2.1. Let a and b both be integers, not both zero. Then d = gcd(a, b). An integer is a linear combination of a and b if and only if it is a multiple of d. Thus, for some integers m, n, the gcd d divides am + bn: d (am + bn)., ckoch@cs.nmt.edu 1

We shall need these three things in later sections. While not an algorithm in the traditional sense, the following theorem is usually referred to as the division algorithm. To some, it may seem that it is stating the obvious. Theorem 1.2.2 (Division algorithm). Let a Z be called the dividend. Let d Z +, where d is called the divisor. Then, there exist unique quotient q Z and remainder r N such that a = qd + r where 0 r < d. Basically what this is saying is that when divided by some divisor d, every integer a has a quotient and a remainder, where the remainder is less than the divisor. For example, 26 = 5 5 + 1 Then, when 26 is divided by 5, we have a quotient of 5 and a remainder of 1. Notice that the quotient and remainder are unique! This becomes important in the next section. 1.3 Congruence Congruence is the mathematical way of saying that two integers have the same remainder when divided by another certain integer n. We express this using the symbol. This is why uniqueness was important in the division algorithm: if the remainder was not unique, then saying that two integers have the same remainder would be confusing. Definition 1.3.1 (Congruence modulo n). Let a, b and n be integers. It is said that a and b are congruent modulo n if they have the same remainder when divided by n. This is denoted by a b (mod n). Mathematically, saying that a and b have the same remainder means that n (a b). For example, 7 2 (mod 5). We can add and multiply integers with the congruence as following. Proposition 1.3.1 (Addition and multiplication modulo n). Let n Z +. Let a, b, c, d Z. If a c (mod n) and b d (mod n), then a ± b c ± d (mod n) and ab cd (mod n). Proof. If a c (mod n), then n (a c), so a c = nm for some integer m. Also, n (b d), so b d = nk for some integer k. Adding these, we find that (b d)+(a c) = n(k +m), so n ((a c)+(b d)), so n ((a+b) (c+d)). Thus, a + b c + d (mod n). The proof for subtraction and multiplication is similar. NMT / Spring 2014 / CSE/IT 489 & 589 Algorithms in CS & IT 2

1.4 Integers modulo n Notice that congurence modulo n defines an equivalence relation on Z Z; that is, two integers a, b are related if a b (mod n). The equivalence classes of this relation consist of one class for each remainder of n; as elements with the same remainder are related to each other. Definition 1.4.1 (Residue classes). Let n be a positive integer. The equivalence classes under the relation of congruence modulo n are called the residue classes modulo n. A residue class modulo n is denoted by [a] n = {x Z x a (mod n)} a is said to be the unique representative of the residue class if a < n. Then, for example, 6 [1] 5 since 6 has a remainder of 1 when divided by 5. Now, the integers modulo n can be defined: Definition 1.4.2 (Integers modulo n). Let n be a positive integer. The set of integers modulo n, denoted Z/nZ is the set of residue classes modulo n; i.e. Z/nZ = {[a] n a Z}. Sometimes, the integers modulo n are denoted by Z n. Then, since division by n can only yield remainders between 0 and n 1 inclusive, we have Z/nZ = {[0] n, [1] n,, [n 1] n }. For example, since division by 2 can only yield remainders 0 and 1 1.5 Arithmetic with Z/nZ Z/2Z = {[0] 2, [1] 2 }. When talking about the integers modulo n, sometimes the brackets and subscript ([] n ) are dropped and only the integer itself is written. The set Z/nZ can be treated almost like the regular integers, except that every operation will be considered modulo n. This will be illustrated with a few examples. In this example, take all elements to be in Z/4Z. If in Z/4Z, 2 and 3 are added, 5 is obtained, but 5 is congruent to 1 modulo 4. Thus, 2 + 3 5 1 (mod 4) Or, in proper notation, [2] 4 + [3] 4 = [2 + 3] 4 = [5] 4 = [1] 4 In a sense, the numbers wrap around, where 4 is equivalent to 0. This is akin to a 12-hour clock, where hours are integers mod 12 and minutes are integers mod 60. Similarly to addition, [2] 4 [3] 4 = [2 3] 4 = [6] 4 = [2] 4 Thus, addition and multiplication are defined by the following rules: This notation stems from the fact that this is the factor ring or quotient ring of Z and its ideal nz. However, sometimes this notation can be confused with the n-adic numbers Z n. NMT / Spring 2014 / CSE/IT 489 & 589 Algorithms in CS & IT 3

Definition 1.5.1 (Addition and multiplication on Z/nZ). Let n be a positive integer and a, b integers. Then, [a] n + [b] n = [a + b] n [a] n [b] n = [a b] n [a] n [b] n = [a b] n Notice that division is not defined at this point. Going back to the example of a 12-hour clock, it is easily seen that [4] 12 + [10] 12 = [2] 12 ; so 10 hours after 4 o clock is 2 o clock. In fact, the integers in most general-purpose architectures work like Z/2 b Z, where b is the number of bits. If we add two 32-bit integers of value 2 31 and 2 31 + 5, the answer will be 5, just as if it were done in Z/2 32 Z. 1.6 Inverses in Z/nZ Definition 1.6.1 (Multiplicative Inverse). Let n be a positive integer and [a] n Z/nZ. If there exists some [b] n Z/nZ such that [a] n [b] n = [1] n, then [b] n is called a mulitplicative inverse of [a] n and denoted [a] 1 n. If such an inverse exists, it is said that [a] n is an invertible element of Z/nZ or a unit of Z/nZ. In congruence notation, ab 1 (mod n). The existence of an inverse is usually obvious to us, for example the inverse of 2 is 1 2. If we are in the set of integers, no element has an inverse, such as for example 2 since 1 2 is not an integer, and thus 2 as an element of the integers has no inverse. Thus, the question is: do inverses in Z/nZ exist and if so, how and when? The answer is: it depends. Consider for example 4 Z/7Z. By trial and error we can find that [4] 7 [2] 7 = [8] 7 = [1] 7. Then, in the set Z/7Z, we have 4 1 = 2. On the other side of things, consider the set Z/4Z and its element 2: 2 0 0 (mod 4) 2 1 2 (mod 4) 2 2 0 (mod 4) 2 3 2 (mod 4) Thus, 2 has no inverse in Z/4Z. There is indeed a pattern for the existence of an inverse in Z/nZ. It will be discussed after a pre-requisite concept is introduced. Definition 1.6.2 (Coprimality). Let a and b be integers. a and b are said to be coprime (also called relatively prime) if they have no common factors other than 1. In other words, gcd(a, b) = 1. Now, we can establish a theorem that tells us whether an inverse in the field Z/nZ exists. NMT / Spring 2014 / CSE/IT 489 & 589 Algorithms in CS & IT 4

Theorem 1.6.1. Let n be a positive integer and [a] n Z/nZ. Then, there exists an inverse [a] 1 n Z/nZ if and only if a and n are coprime (gcd(a, n) = 1). Proof. We need to prove necessity and sufficiency. Part A. Let a and n be coprime, i.e. let gcd(a, n) = 1. Then, by Proposition 1.2.1 there are integers b, m such that ab + nm = 1. This is the same as saying ab 1 (mod n). Thus, [ab] n = [1] n. Then, [b] n is the inverse of [a] n. Part B. Conversely, let [a] n have an inverse in n, denoted [b] n. Then, ab 1 (mod n). Then, by definition of congruence modulo n, we have n (ab 1). Then, by definition of divisor, for some integer m, ab 1 = mn. Then, ab mn = 1. Since this is a linear combination of a and n, by Proposition 1.2.1, gcd(a, n) = 1. Therefore, a Z/nZ only has an inverse if and only if gcd(a, n) = 1 (a and n are coprime). Corollary 1.6.2. Let p be a prime. Then, every element except 0 in Z/pZ has an inverse. Proof. Immediate from the fact that p is relatively prime to every positive integer less than p. In terms of abstract algebra, Z/nZ is a finite commutative ring. If n is prime, it happens to also be a finite field, because every non-zero element has an inverse. Lenstra s elliptic curve factorization and Pollard s p 1 factorization method take advantage of this fact. NMT / Spring 2014 / CSE/IT 489 & 589 Algorithms in CS & IT 5

2 Euler s Theorem The integers modulo n are the foundation of RSA encryption and some methods of integer factorization. Euler s Theorem is at the heart of this. Definition 2.0.3 (Euler s totient function). Let n be a positive integer. Then, the function ϕ(n) (phi) counts the totatives of n; that is it counts the number of integers c such that 1 c n where c and n are coprime. Thus, ϕ(n) = {c 1 c n and gcd(c, n) = 1}, where denotes cardinality (size of the set for finite sets). Obviously, if p is a prime, ϕ(p) = p 1, since every integer c such that 1 c p 1 is coprime to p. Proposition 2.0.3. Euler s totient function is a multiplicative function. That is, for some positive integers m, n, ϕ(mn) = ϕ(m)ϕ(n). This will be very useful for RSA encryption, since for primes p, q, ϕ(pq) = (p 1)(q 1). This leads us to the foundation of RSA encryption and some other important concepts: Theorem 2.0.4 (Euler s theorem). Let a, n be coprime positive integers. Then, a ϕ(n) 1 (mod n). Then, we also have for some non-negative integer m, a mϕ(n) 1 (mod n). For RSA encryption, think of a as a message and multiply both sides in Euler s theorem by a. Then, a mϕ(n)+1 a (mod n). Now, we need to find some integers e, d such that ed 1 (mod ϕ(n)). (1) That is, if we find some divisors e and d of a multiple of ϕ(n) with remainder 1, we have an encrypted message a e (mod n) and we can decrypt that message by raising it to the dth power modulo n, since (a e ) d a ed a mϕ(n)+1 a ϕ(n)+1 a (mod n), where ed = 1 + mϕ(n) due to (1). The challenge now lies in the optimal choice of n, e, d and the ability to deal with exponentiation modulo n. For n, we want to choose n = pq for some primes p and q so that ϕ(n) = (p 1)(q 1) is easy to compute. Finally, Fermat s little theorem will become important in integer factorization, namely in Pollard s p 1 method. Corollary 2.0.5 (Fermat s little theorem). Let a Z + and p be a prime; a < p. Then, a p 1 1 (mod p). Proof. By Euler s theorem, a ϕ(p) a p 1 1 (mod p). NMT / Spring 2014 / CSE/IT 489 & 589 Algorithms in CS & IT 6

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback