CCCCCCCCCCCCCCCCCC

Secure Schemes for Secret Sharing and KeyDistribution using Number Theory

byDr. N. Chandramowliswaran

ProfessorSchool of Advanced Sciences, VIT

FEB. 12, 2013

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 1 / 38

The principle of induction

If Q is set of integers such that

1 ∈ Q

n ∈ Q ⇒ n+ 1 ∈ Q then

all integers ≥ 1 belongs to Q

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 2 / 38

The well-ordering principle

If A is a nonempty set of positive integers, then A contains asmallest member

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 3 / 38

Divisibility

We say d divides n and d ∣ n whenever n = cd for some c(n is multiple of d, that d is a divisor of n, or that d is a factor of n)

If d does not divide n we write d ∤ n

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 4 / 38

Properties

n ∣ n (reflexive)

d ∣ n and n ∣ m then d ∣ m (transitive)

d ∣ n and d ∣ m then d ∣ an+ bm (linearity)

d ∣ n then ad ∣ an (multiplication)

ad ∣ an and a ∕= 0 then d ∣ n (cancellation)

1 ∣ n

n ∣ 0

0 ∣ n ⇒ n = 0

d ∣ n and n ∕= 0 ⇒∣ d ∣≤∣ d ∣ (comparison)

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 5 / 38

Greatest common divisor

If d divides two integers a and b, then d is called a common divisorof a and b.

Theorem Given any two integers a and b, there is a commondivisor d of a and b of the form

d = ax+ by,where x and y are integers. Moreover every common divisor of aand b divides this d.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 6 / 38

Theorem Given any two integers a and b, there is one and onlyone number d with the following properties:

(a) d ≥ 0(b) d ∣ a and d ∣ b(c) e ∣ a and e ∣ b implies e ∣ d

Note. d = 0 if, and only if a = b = 0. Otherwise d ≥ 1

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 7 / 38

The number d of the above theorem is called the greatestcommon divisor (gcd) of a and b.

It is denoted by (a, b)

If (a, b) = 1 then a and b are said to be relatively prime

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 8 / 38

The gcd has the following properties

(a, b) = (b, a) (commutative)

(a, (b, c)) = ((a, b), c) (associative)

(ac, bc) =∣ c ∣ (a, b) (distributive)

(a, 1) = (1, a) = 1 and (a, 0) = (0, a) = 0

If a ∣ bc and if (a, b) = 1, then a ∣ c

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 9 / 38

Defnition . An integer n is called prime if n > 1 and if the only positivedivisors of n are 1 and n. When an integer n is not prime, we say that nis composite

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 10 / 38

If a prime p does not divide a, then (p, a) = 1,

If a prime p divides ab, then p ∣ a or p ∣ b

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 11 / 38

Fundamental theorem of arithmetic

in only one way, apart from the order of the factors.

Every integer n > 1 can be represented as a product of prime factors

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 12 / 38

The division algorithm

Given integers a and b with b > 0, there exist a unique pair of integers qand r such that

a = bq + r, with 0 ≤ r < b.

Moreover, r = 0 if, and only if, b ∣ a

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 13 / 38

Mobius function �(n)

Definition : The mobius function � is defined as follows:

�(1) = 1

If n > 1, write n = pa11 pa22 . . . pakk . Then�(n) = (−1)k if a1 = a2 = ⋅ ⋅ ⋅ = ak = 1�(n) = 0 otherwise

Note: �(n) = 0 if and only if n has a square factor

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 14 / 38

Euler’s totient function �(n)

Let n ≥ 1 the Euler’s totient �(n) is defined to be the number ofpositive integers not exceeding n which are relatively prime to n.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 15 / 38

Divisor sum

Euler classical formula∑

d∣n �(d) = n,

where the sum is over all positive divisors d of n.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 16 / 38

�(d) is also equal to the number of possible generators of thecyclic group Cd, specifically, if Cd =< g >, then gk is a generatorfor every k coprime to d. Since every element of Cn generates acyclic subgroup, and all �(d) subgroups of Cd ≤ Cn are generatedby some element of Cn.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 17 / 38

�(n) =∣ {k : 1 ≤ k ≤ n, gcd(n, k) = 1} ∣

�(n) = n∏

p∣n

(

1− 1p

)

, where the product is over the distinct

prime numbers dividing n

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 18 / 38

Properties

�(pk) = pk − pk−1 = pk−1(p− 1) = pk(

1− 1p

)

.

�(mn) = �(m)�(n) if (m,n) = 1

�(mn) = �(m)�(n)( d�(d)) if (m,n) = d

a ∣ b implies �(a) ∣ �(b)

�(n) is even for n ≥ 3. Moreover, if n has r distinct odd primefactors, then 2r ∣ �(n)

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 19 / 38

Congruences

Definition: Given integers a, b,m with m > 0. We say a iscongruent to b modulo m, and we write

a ≡ b(mod m) ⇐⇒ m ∣ (a− b)

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 20 / 38

Properties

Congruence is an equivalence relation

If a ≡ b(mod m) and � ≡ �(mod m), then we have(a) ax+ �y ≡ bx+ �y(mod m) for all integers x and y

(b) a� ≡ b�(mod m)

(c) an ≡ bn(mod m) for every positive integer

(d) f(a) ≡ f(b)(mod m) for every polynomial f with integercoefficients

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 21 / 38

Theorem: If c > 0 then a ≡ b(mod m) if, and only if,ac ≡ bc(mod m)

Theorem: If ac ≡ bc(mod m) and if d = (m, c), then a ≡ b(mod md)

Theorem: If a ≡ b(mod m). If d ∣ m and d ∣ a d ∣ b

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 22 / 38

Theorem: If a ≡ b(mod m) (a,m) = (b,m)

Theorem: If a ≡ b(mod m) and if 0 ≤∣ b− a ∣< m, then a = b

Theorem: If a ≡ b(mod m) and a ≡ b(mod n) where (m,n) = 1,then a ≡ b(mod mn)

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 23 / 38

Theorem: Assume (a,m) = 1. Then the linear congruenceax ≡ b(mod m)has exactly one solution

Theorem: Assume (a,m) = d. Then the linear congruenceax ≡ b(mod m)has solutions if, and only if, d ∣ b

Theorem: Assume (a, b) = d there exists integers x and y suchthat ax+ by = d

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 24 / 38

Euler-Fermat Theorem: Assume (a,m) = 1. Then we havea�(m) ≡ 1 (mod m)

Theorem: If a prime p does not divide a thenap−1 ≡ 1 (mod m)

Little Fermat Theorem: For any integer a and any prime p wehave

ap ≡ a (mod m)

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 25 / 38

CRT

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 26 / 38

Problem : Let n be a composite positive integer and let p be the

smallest prime divisor of n with np= n1. Prove that if q > n

1

3

1 thenn1

qis prime where q be the smallest prime divisor of n1.

Solution: Suppose n1

q= ab where 1 < a, b < n1

q

Let r and s be the prime divisors of a and b respectively, then rand s are also prime divisors of n1, so that

r ≥ q and s ≥ q.This implies thatq3 = q.q.q ≤ q.r.s ≤ q.a.b,that is, q3 ≤ n1 which is a contradiction. Therefore, n1

qis prime.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 27 / 38

Problem : Let n be a composite positive integer and let p be thesmallest prime divisor of n such that p2 ∣ n. Prove that if p2 > n

p2

then np2

is prime.

Solution: Suppose np2

= ab where 1 < a, b < np2

Let r and s be the prime divisors of a and b respectively, then rand s are also prime divisors of n, so that

r ≥ p and s ≥ p.This implies thatp4 = p2.p.p ≤ p2.r.s ≤ p2.a.b,that is, p4 ≤ n which is a contradiction. Therefore, n

p2is prime.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 28 / 38

Group theory

Definition: Given sets X and Y, the cartesian product of X and Yis

X × Y = {(x, y) ∣x ∈ X and y ∈ Y }.

Definition: Given a set A, a binary relation ∼ on A is a subset R ofA × A. If (u, v) ∈ R, we say that u is related to v and we writeu ∼ v. If (u, v) /∈ R, we say that u is not related to v.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 29 / 38

Definition: A binary relation ∼ on A is said to be an equivalencerelation on A if for all a, b, c ∈ A1. a ∼ a (reflexivity),2. a ∼ b ⇒ b ∼ a (symmetry),3. a ∼ b and b ∼ c ⇒ a ∼ c (transitivity).

For a ∈ A, the equivalence class of a is the setcl(a) = {x ∈ A ∣ a ∼ x}.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 30 / 38

Theorem : The distinct equivalence classes of an equivalencerelation on A provide us with a decomposition of A as a union ofmutually disjoint subsets.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 31 / 38

Definition : Given any set A we call a mapping of A × A into A abinary operation on A. If ∗ : A × A → A is a binary operation onA, then ∗((a′, a′′)), the image of the ordered pair (a′, a′′) under ∗, isdenoted by a′ ∗ a′′.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 32 / 38

Definition of a group

Definition : A nonempty set of elements G is said to form a groupif in G there is defined a binary operation, called the product anddenoted by ⋅, such that1. a, b ∈ G ⇒ a ⋅ b ∈ G (closure).2. a, b, c ∈ G ⇒ a ⋅ ( b ⋅ c) = ( a ⋅ b ) ⋅ c (associative law).3. There exists an element e ∈ G such that a ⋅ e = a = e ⋅ a forall a ∈ G(the existence of an identity element in G).4. For every a ∈ G there exists an element a−1 ∈ G such thata ⋅ a−1 = e = a−1 ⋅ a (the existence of inverses in G).

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 33 / 38

Properties

If G is a group, then1. The identity element of G is unique.2. Every a ∈ G has a unique inverse in G.3. For any a ∈ G, (a−1)−1 = a.4. For all a, b ∈ G, (a ⋅ b)−1 = b−1 ⋅ a−1.5. If elements a, b, c ∈ G satisfy ab = ac or ba = ca, then b = c

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 34 / 38

definition : A group G is said to be abelian (or commutative) if forevery a, b ∈ G, a ⋅ b = b ⋅ a.

A group which is not abelian is called non-abelian.

The number of elements in G is called the order of G and it isdenoted by o(G).

If o(G) is finite, then we say that G is a finite group.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 35 / 38

Definition : A nonempty subset H of a group G is said to be asubgroup of G if, under the product in G, H itself forms a group.

Let K ⊆ H ⊆ G. If H is a subgroup of G and K is a subgroup ofH, then K is a subgroup of G.

Theorem A nonempty subset H of a group G is a subgroup of G ifand only if1. a, b ∈ H ⇒ ab ∈ H.2. a ∈ H ⇒ a−1 ∈ H.

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 36 / 38

Powers of an element

If a ∈ G we define an for any positive integer na0 = e, an = aan−1, a−n = (a−1)

n

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 37 / 38

If a ∈ G, any two powers of a commute, and for all integers m andn we haveaman = am+n, (am)n = amn = (an)m

Moreover, if a and b commute we have anbn = (ab)n

Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 38 / 38