View
217
Download
2
Category
Preview:
Citation preview
Lecture 6.1: Misc. Topics: Number Theory
CS 250, Discrete Structures, Fall 2011
Nitesh Saxena
Course Admin -- Homework 5 Due at 11am this Wednesday Covers the chapter on Graphs (lecture
5.*) Has a 10-pointer bonus problem too Please submit on time
Lecture 6.1 -- Number Theory
Course Admin -- Homework 4
Grades posted on BB Distributing today Solution posted
Lecture 6.1 -- Number Theory
Course Admin -- Final Exam Thursday, December 8, 10:45am-
1:15pm, lecture room Heads up! Please mark the date/time/place Emphasis on post mid-term 2 material Coverage:
65% post mid-term 2 (lectures 4.*, 5.*, 6.*), and 35% pre mid-term 2 (lecture 1.*. 2.* and 3.*)
Our last lecture will be on December 6 We plan to do a final exam review then
Lecture 6.1 -- Number Theory
Lecture 6.1 -- Number Theory
Outline
Number Theory Modular Arithmetic Application -- cryptography
Divisors x divides y (written x | y) if the
remainder is 0 when y is divided by x 1|8, 2|8, 4|8, 8|8
The divisors of y are the numbers that divide y divisors of 8: {1,2,4,8}
For every number y 1|y y|y
Lecture 6.1 -- Number Theory
Prime numbers A number is prime if its only divisors are
1 and itself: 2,3,5,7,11,13,17,19, …
Fundamental theorem of arithmetic: For every number x, there is a unique set of
primes {p1, … ,pn} and a unique set of positive exponents {e1, … ,en} such that
How to prove? We studied it earlier!
enenppx *...*1
1
Lecture 6.1 -- Number Theory
Common divisors The common divisors of two numbers x,y
are the numbers z such that z|x and z|y common divisors of 8 and 12:
intersection of {1,2,4,8} and {1,2,3,4,6,12} = {1,2,4}
greatest common divisor: gcd(x,y) is the number z such that z is a common divisor of x and y no common divisor of x and y is larger than z
gcd(8,12) = 4
Lecture 6.1 -- Number Theory
10/04/2011 Lecture 3.3 -- Recursion 9
Recall: Recursive Functions: gcdEuclid’s algorithm makes use of the fact
that gcd(x,y ) = gcd(y, x mod y)
(here we assume that x > 0)
otherwise
if
),mod,gcd(
0 ,),gcd(
yxy
yxyx
Euclidean Algorithm: gcd(r0,r1)
0 1 1 2
1 2 2 3
2 1 1
1
0 1 1 2 1
...
0
gcd( , ) gcd( , ) ... gcd( , )
m m m m
m m m
m m m
r q r r
r q r r
r q r r
r q r
r r r r r r r
Main idea: If y = ax + b then gcd(x,y) = gcd(x,b)
Lecture 6.1 -- Number Theory
Example – gcd(15,37) 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0 gcd(15,37) = 1
Lecture 6.1 -- Number Theory
Relative primes x and y are relatively prime if they have
no common divisors, other than 1 Equivalently, x and y are relatively
prime if gcd(x,y) = 1 9 and 14 are relatively prime 9 and 15 are not relatively prime
Lecture 6.1 -- Number Theory
Modular Arithmetic Definition: x is congruent to y mod m, if
m divides (x-y). Equivalently, x and y have the same remainder when divided by m.
Notation: Example: We work in Zm = {0, 1, 2, …, m-1}, the
group of integers modulo m Example: Z9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write =
instead of
)(modmyx 14 5(mod9)
Lecture 6.1 -- Number Theory
Addition in Zm :
Addition is well-defined:
3 + 4 = 7 mod 9. 3 + 8 = 2 mod 9.
)(mod''
)(mod'
)(mod'
myxyx
then
myy
mxx
if
Lecture 6.1 -- Number Theory
Additive inverses in Zm
0 is the additive identity in Zm
Additive inverse of a is -a mod m = (m-a) Every element has unique additive inverse. 4 + 5= 0 mod 9. 4 is additive inverse of 5.
)(mod0)(mod0 mxmxx
Lecture 6.1 -- Number Theory
Multiplication in Zm : Multiplication is well-defined:
3 * 4 = 3 mod 9. 3 * 8 = 6 mod 9. 3 * 3 = 0 mod 9.
)(mod''
)(mod'
)(mod'
myxyx
then
myy
mxx
if
Lecture 6.1 -- Number Theory
Multiplicative inverses in Zm
1 is the multiplicative identity in Zm
Multiplicative inverse (x*x-1=1 mod m) SOME, but not ALL elements have unique
multiplicative inverse. In Z9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0,
3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9)
On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4-1=7 (mod 9)
)(mod1)(mod1 mxmxx
Lecture 6.1 -- Number Theory
Which numbers have inverses? In Zm, x has a multiplicative inverse if
and only if x and m are relatively prime or gcd(x,m)=1 E.g., 4 in Z9
Lecture 6.1 -- Number Theory
Extended Euclidian: a-1 mod n Main Idea: Looking for inverse of a mod n
means looking for x such that x*a – y*n = 1. To compute inverse of a mod n, do the
following: Compute gcd(a, n) using Euclidean algorithm. Since a is relatively prime to m (else there will be no
inverse) gcd(a, n) = 1. So you can obtain linear combination of rm and rm-1
that yields 1. Work backwards getting linear combination of ri and ri-
1 that yields 1. When you get to linear combination of r0 and r1 you
are done as r0=n and r1= a.
Lecture 6.1 -- Number Theory
Example – 15-1 mod 37 37 = 2 * 15 + 7 15 = 2 * 7 + 1 7 = 7 * 1 + 0Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1So, 15-1 mod 37 is 5.
Lecture 6.1 -- Number Theory
Modular Exponentiation:Square and Multiply method Usual approach to computing xc mod n
is inefficient when c is large. Instead, represent c as bit string bk-1 …
b0 and use the following algorithm:z = 1For i = k-1 downto 0 doz = z2 mod n
if bi = 1 then z = z* x mod n
Lecture 6.1 -- Number Theory
Example: 3037 mod 77z = z2 mod n
if bi = 1 then z = z* x mod n
i b z
5 1 30 =1*1*30 mod 77
4 0 53 =30*30 mod 77
3 0 37 =53*53 mod 77
2 1 29 =37*37*30 mod 77
1 0 71 =29*29 mod 77
0 1 2 =71*71*30 mod 77
Lecture 6.1 -- Number Theory
Euler’s totient function Given positive integer n, Euler’s totient
function is the number of positive numbers less than n that are relatively prime to n
Fact: If p is prime then {1,2,3,…,p-1} are relatively prime to p.
( ) 1p p
)(n
Lecture 6.1 -- Number Theory
Euler’s totient function
Fact: If p and q are prime and n=pq then
Each number that is not divisible by p or by q is relatively prime to pq. E.g. p=5, q=7:
{1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-}
pq-p-(q-1) = (p-1)(q-1)
)1)(1()( qpn
Lecture 6.1 -- Number Theory
Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then
If a is relatively prime to p then ap-1 = 1 mod p
Proof : follows from a well-known theorem -- Lagrange’s Theorem (we won’t study in this course)
na n mod1)(
Lecture 6.1 -- Number Theory
Euler’s Theorem and Fermat’s Theorem
EG: Compute 9100 mod 17:
p =17, so p-1 = 16. 100 = 6·16+4. Therefore, 9100=96·16+4=(916)6(9)4 . So mod 17 we have 9100 (916)6(9)4 (mod 17) (1)6(9)4 (mod 17) (81)2 (mod 17) 16
Lecture 6.1 -- Number Theory
An Application of Number Theory
Cryptography: foundation of secure communication. EX: Public-Key Cryptography
Lecture 6.1 -- Number Theory
RSA Crypto: Key Generation Alice wants people to be able to send her
encrypted messages. She chooses two (large) prime numbers, p and q
and computes n=pq and . [“large” =512 bits +]
She chooses a number e such that e is relatively prime to and computes d, the inverse of
e in (i.e., ed =1 mod ) She publicizes the pair (e,n) as her public key.(e
is called RSA exponent, n is called RSA modulus). She keeps d secret and destroys p, q, and Plaintext and ciphertext messages are elements
of Zn and e is the encryption key.
)(n
)(n)(nZ
)(n
Lecture 6.1 -- Number Theory
)(n
RSA: Encryption Bob wants to send a message x (a
number relatively prime to n) to Alice. He looks up her encryption key, (e,n), in
a directory. The encrypted message is
Bob sends y to Alice.
nxxEy e mod)(
Lecture 6.1 -- Number Theory
RSA: Decryption To decrypt the message
she’s received from Bob, Alice
computes
Claim: D(y) = x
nyyD d mod)(
nxxEy e mod)(
Lecture 6.1 -- Number Theory
Why does it all work?
nxnx
nxx
nx
nx
nx
nx
nyyD
t
tn
nt
ed
de
de
d
modmod1
mod)(
mod
mod
mod)(
)mod(
mod)(
)(
1)(
Because
From Euler’s Theorem
)(mod1 ned
Lecture 6.1 -- Number Theory
Tiny RSA example. Let p = 7, q = 11. Then n = 77 and
Choose e = 13. Then d = 13-1 mod 60 = 37.
Let message = 2. E(2) = 213 mod 77 = 30. D(30) = 3037 mod 77=2
60)( n
Lecture 6.1 -- Number Theory
Today’s Reading Rosen 4
Lecture 6.1 -- Number Theory
Recommended