Overview of Number Theory Basics
Murat Kantarcioglu
Based on Prof. Ninghui Lis Slides
Divisibility
Definition Given integers a and b, b 0, b divides a (denoted b|a) if integer c, s.t. a = cb. b is called a divisor of a. Theorem (Transitivity) Given integers a, b, c, all > 1, with a|b and b|c, then a|c. Proof: a | b => m s.t. ma = b b | c => n s.t. nb = c, nma = c, We obtain that q = mn, s.t c = aq, so a | c
�Divisibility (cont.)
Theorem Given integers a, b, c, x, y all > 1, with a|b and a|c, then a | bx + cy. Proof: a | b => m s.t. ma = b a | c => n s.t. na = c bx + cy = a(mx + ny), therefore a| bx +cy
Divisibility (cont.)
Theorem (Division algorithm) Given integers a,b such that a>0, a<b then there exist two unique integers q and r, 0 r < a s.t. b = aq + r. Proof: Uniqueness of q and r: assume q and r s.t b = aq + r, 0 r< a, q integer then aq + r=aq + r a(q-q)=r-r q-q = (r-r)/a as 0 r,r <a -a < (r-r) < a -1 < (r-r)/a < 1 So -1 < q-q < 1, but q-q is integer, therefore q = q and r = r
�Prime and Composite Numbers
Definition An integer n > 1 is called a prime number if its positive divisors are 1 and n. Definition Any integer number n > 1 that is not prime, is called a composite number. Example Prime numbers: 2, 3, 5, 7, 11, 13,17 Composite numbers: 4, 6, 25, 900, 17778,
Decomposition in Product of Primes
Theorem (Fundamental Theorem of Arithmetic) Any integer number n > 1 can be written as a product of prime numbers (>1), and the product is unique if the numbers are written in increasing order.
n = p1 1 p 2 ... p k
e
e2
ek
Example: 84 = 2237
�Greatest Common Divisor (GCD)
Definition Given integers a > 0 and b > 0, we define gcd(a, b) = c, the greatest common divisor (GCD), as the greatest number that divides both a and b. Example gcd(256, 100)=4 Definition Two integers a > 0 and b > 0 are relatively prime if gcd(a, b) = 1. Example 25 and 128 are relatively prime.
GCD using Prime Decomposition
Theorem Given
n = p1 1 p 2 ... p k f f f m = p1 1 p 2 2 ... p k k
e
e2
ek
and then
where pi are prime numbers then
gcd(n,m) = p1
Example: 84=2237
min(e1 , f1 )
p2
min(e 2 , f 2 )
...pk
min(e k , f k )
90=2325
gcd(84,90)=2131 50 70
�GCD as a Linear Combination
Theorem
Given integers a, b > 0 and a > b, then d = gcd(a,b) is the least positive integer that can be represented as ax + by, x, y integer numbers. Proof: Let t be the smallest integer, t = ax + by d | a and d | b d | ax + by, so d t. We now show t d. First t | a; otherwise, a = tu + r, 0 < r < t; r = a - ut = a - u(ax+by) = a(1-ux) + b(-uy), so we found another linear combination and r < t. Contradiction. Similarly t | b, so t is a common divisor of a and b, thus t gcd (a, b) = d. So t = d. Example gcd(100, 36) = 4 = 4 100 11 36 = 400 - 396
GCD and Multiplication
Theorem Given integers a, b, m >1. If gcd(a, m) = gcd(b, m) = 1, then gcd(ab, m) = 1 Proof idea: ax + ym = 1 = bz + tm Find u and v such that (ab)u + mv = 1
�GCD and Division
Theorem If g = gcd(a, b), where a > b, then gcd (a/g, b/g) = 1 (a/g and b/g are relatively prime). Proof: Assume gcd(a/g, b/g) = d, then a/g = md and b/g = nd. a = gmd and b = gnd, therefore gd | a and gd | b Therefore gd g, d 1, so d =1. Example gcd(100, 36) = 4 gcd (100/4, 36/4) = gcd(25, 9) = 1
GCD and Division
Theorem Given integers a>0, b, q, r, such that b = aq + r, then gcd(b, a) = gcd(a, r). Proof: Let gcd(b, a) = d and gcd(a, r) = e, this means d | b and d | a, so d | b - aq , so d | r Since gcd(a, r) = e, we obtain d e. e | a and e | r, so e | aq + r , so e | b, Since gcd(b, a) = d, we obtain e d. Therefore d = e
�Finding GCD
Using the Theorem: Given integers a>0, b, q, r, such that b = aq + r, then gcd(b, a) = gcd(a, r). Euclidian Algorithm Find gcd (b, a) while a 0 do r b mod a ba ar return a
Euclidian Algorithm Example
Find gcd(143, 110) 143 = 1 110 + 33 110 = 3 33 + 11 33 = 3 11 + 0 gcd (143, 110) = 11
�Towards Extended Euclidian Algorithm
Theorem: Given integers a, b > 0 and a
> b, then d = gcd(a,b) is the least positive integer that can be represented as ax + by, x, y integer numbers. How to find such x and y? If a and b are relative prime, then there exist x and y such that ax + by = 1.
In other words, ax mod b = 1.
Euclidian Algorithm Example
Find gcd(143, 111) 143 = 1 111 + 32 111 = 3 32 + 15 32 = 2 15 + 2 15 = 7 2 + 1 gcd (143, 111) = 1 32 = 143 1 111 15 = 111 3 32 = 4111 3 143 2 = 32 2 15 = 7 143 9 111 1 = 15 - 7 2 = 67 111 52 143
�Extended Euclidian Algorithm
x=1; y=0; d=a; r=0; s=1; t=b; while (t>0) { q = d/t u=x-qr; v=y-qs; w=d-qt x=r; y=s; d=t r=u; s=v; t=w } return (d, x, y)
Invariants: ax + by = d ar + bs = t
Equivalence Relation
Definition A relation is defined as any subset of a cartesian product. We denote a relation (a,b) R as aRb, a A and b B. Definition A relation is an equivalence relation on a set S, if R is Reflexive: aRa for all a R Symmetric: for all a, b R, aRb bRa . Transitive: for all a,b,c R, aRb and bRc Example = is an equivalence relation on N
aRc
�Modulo Operation
Definition:
a modn = r q, s.t. a = q n + r
where 0 r n 1
Example: 7 mod 3 = 1 -7 mod 3 = 2 Definition (Congruence):
a b mod n a mod n = b mod n
Congruence Relation
Theorem Congruence mod n is an equivalence relation: Reflexive: a a (mod n) Symmetric: a b(mod n) iff b a mod n . Transitive: a b(mod n) and b c(mod n) a c(mod n)
10
�Congruence Relation Properties
Theorem 1) If a b (mod n) and c d (mod n), then: a c b d (mod n) and ac bd (mod n) 2) If a b (mod n) and d | n then: a b (mod d)
Reduced Set of Residues
Definition: A reduced set of residues (RSR) modulo m is a set of integers R each relatively prime to m, so that every integer relatively prime to m is congruent to exactly one integer in R.
11
�The group (Zn*, )
Zn* consists of all integers in [1..n-1] that are relative prime to n
Zn* = { a | 1an and gcd(a,n)=1 } is a reduced set of residues modulo n (Zn*, ) is a group
gcd(a,n)=1 and gcd(b,n)=1 gcd(ab, n)=1
given a Zn*, how to compute a-1?
Linear Equation Modulo
Theorem If gcd(a, n) = 1, the equation ax 1 mod n has a unique solution, 0< x < n Proof Idea: if ax1 1 (mod n) and ax2 1 (mod n), then a(x1-x2) 0 (mod n), then n | a(x1-x2), then n|(x1-x2), then x1-x2=0
12
�Linear Equation Modulo (cont.)
Theorem If gcd(a, n) = 1, the equation
ax b mod n
has a solution. Proof Idea: x = a-1 b mod n
Chinese Reminder Theorem (CRT)
Theorem Let n1, n2, ,,, nk be integers s.t. gcd(ni, nj) = 1, i j.
x a1 mod n1
x a 2 mod n 2 ... x a k mod n k
There exists a unique solution modulo n = n1 n2 nk
13
�Proof of CMT
Consider the function : Zn Zn1 Zn2 Znk = (x mod n1, , x mod nk) We need to prove that is a bijection. For 1ik, define mi = n / ni, then gcd(mi,ni)=1 For 1ik, define yi = mi-1 mod ni Define function (a1,a2,,ak) = aimiyi mod n aimiyi ai (mod ni) aimiyi 0 (mod nj) where i j (x)
Proof of CMT
Example of the mappings: n1=3, n2=5, n=15 : : m1=5, y1=2, m1y1=10, m2y2=6,
1 2 4 7 8 11 13 14 (1,1) (2,2) (1,4) (1,2) (2,3) (2,1) (1,3) (2,4) (1,1) (1,2) (1,3) (1,4) (2,1) (2,2) (2,3) (2,4) 10+6 10+12 10+18 10+24 20+6 20+12 20+18 20+24 1 7 13 4 11 2 8 14
14
�Example of CMT:
n1=7, n2=11, n3=13, n=1001 m1=143, m2=91, m3=77 y1=143-1 mod 7 = 3-1 mod 7 = 5 y2=91-1 mod 11 = 3-1 mod 11 = 4 y3=77-1 mod 13 = 12-1 mod 13 = 12 x=(51435 + 3914 + 107712) mod 1001 = 13907 mod 1001 = 894
x 5 (mod 7) x 3 (mod 11) x 10 (mod 13)
The Euler Phi Function
Definition Given an integer n, (n) = | Zn*| is the number of all numbers a such that 0 < a < n and a is relatively prime to n (i.e., gcd(a, n)=1). Theorem: If gcd(m,n) = 1, (mn) = (m) (n)
15
�The Euler Phi Function
Theorem: Formula for (n) Let p be prime, e, m, n be positive integers 1) (p) = p-1 2) (pe) = pe pe-1 3) If n = p1e1 p 2 e 2 ... p k ek then
(n) = n(1
1 1 1 )(1 )...(1 ) p1 p2 pk
Fermats Little Theorem
Fermats Little Theorem If p is a prime number and a is a natural number that is not a multiple of p, then ap-1 1 (mod p) Proof idea: gcd(a, p) = 1, then the set { i*a mod p} 0< i < p is a permutation of the set {1, , p-1}.(otherwise we have 0<n<m<p s.t. ma mod p = na mod p p| (ma - na) p | (m-n), where 0<m-n < p ) a * 2a * *(p-1)a = (p-1)! ap-1 (p-1)! (mod p) Since gcd((p-1)!, p) = 1, we obtain ap-1 1 (mod p)
16
�Consequence of Fermats Theorem
Theorem - p is a prime number and - a, e and f are positive numbers - e f mod p-1 and - p does not divide a, then ae af (mod p) Proof idea: ae = aq(p-1) + f = af (a(p-1))q by applying Fermats theorem we obtain ae af (mod p)
Eulers Theorem
Eulers Theorem Given integer n > 1, such that gcd(a, n) = 1 then a(n) 1 (mod n) Corollary Given integer n > 1, such that gcd(a, n) = 1 then a(n)-1 mod n is a multiplicative inverse of a mod n. Corollary Given integer n > 1, x, y, and a positive integers with gcd(a, n) = 1. If x y (mod (n)), then ax ay (mod n).
17
�Next
Prime number distribution and testing RSA Efficiency of modular arithmetic
18
