Secure Schemes for Secret Sharing and KeyDistribution using Number Theory
byDr. N. Chandramowliswaran
ProfessorSchool of Advanced Sciences, VIT
FEB. 12, 2013
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 1 / 38
The principle of induction
If Q is set of integers such that
1 ∈ Q
n ∈ Q ⇒ n+ 1 ∈ Q then
all integers ≥ 1 belongs to Q
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 2 / 38
The well-ordering principle
If A is a nonempty set of positive integers, then A contains asmallest member
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 3 / 38
Divisibility
We say d divides n and d ∣ n whenever n = cd for some c(n is multiple of d, that d is a divisor of n, or that d is a factor of n)
If d does not divide n we write d ∤ n
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 4 / 38
Properties
n ∣ n (reflexive)
d ∣ n and n ∣ m then d ∣ m (transitive)
d ∣ n and d ∣ m then d ∣ an+ bm (linearity)
d ∣ n then ad ∣ an (multiplication)
ad ∣ an and a ∕= 0 then d ∣ n (cancellation)
1 ∣ n
n ∣ 0
0 ∣ n ⇒ n = 0
d ∣ n and n ∕= 0 ⇒∣ d ∣≤∣ d ∣ (comparison)
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 5 / 38
Greatest common divisor
If d divides two integers a and b, then d is called a common divisorof a and b.
Theorem Given any two integers a and b, there is a commondivisor d of a and b of the form
d = ax+ by,where x and y are integers. Moreover every common divisor of aand b divides this d.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 6 / 38
Theorem Given any two integers a and b, there is one and onlyone number d with the following properties:
(a) d ≥ 0(b) d ∣ a and d ∣ b(c) e ∣ a and e ∣ b implies e ∣ d
Note. d = 0 if, and only if a = b = 0. Otherwise d ≥ 1
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 7 / 38
The number d of the above theorem is called the greatestcommon divisor (gcd) of a and b.
It is denoted by (a, b)
If (a, b) = 1 then a and b are said to be relatively prime
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 8 / 38
The gcd has the following properties
(a, b) = (b, a) (commutative)
(a, (b, c)) = ((a, b), c) (associative)
(ac, bc) =∣ c ∣ (a, b) (distributive)
(a, 1) = (1, a) = 1 and (a, 0) = (0, a) = 0
If a ∣ bc and if (a, b) = 1, then a ∣ c
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 9 / 38
Defnition . An integer n is called prime if n > 1 and if the only positivedivisors of n are 1 and n. When an integer n is not prime, we say that nis composite
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 10 / 38
If a prime p does not divide a, then (p, a) = 1,
If a prime p divides ab, then p ∣ a or p ∣ b
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 11 / 38
Fundamental theorem of arithmetic
in only one way, apart from the order of the factors.
Every integer n > 1 can be represented as a product of prime factors
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 12 / 38
The division algorithm
Given integers a and b with b > 0, there exist a unique pair of integers qand r such that
a = bq + r, with 0 ≤ r < b.
Moreover, r = 0 if, and only if, b ∣ a
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 13 / 38
Mobius function �(n)
Definition : The mobius function � is defined as follows:
�(1) = 1
If n > 1, write n = pa11 pa22 . . . pakk . Then�(n) = (−1)k if a1 = a2 = ⋅ ⋅ ⋅ = ak = 1�(n) = 0 otherwise
Note: �(n) = 0 if and only if n has a square factor
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 14 / 38
Euler’s totient function �(n)
Let n ≥ 1 the Euler’s totient �(n) is defined to be the number ofpositive integers not exceeding n which are relatively prime to n.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 15 / 38
Divisor sum
Euler classical formula∑
d∣n �(d) = n,
where the sum is over all positive divisors d of n.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 16 / 38
�(d) is also equal to the number of possible generators of thecyclic group Cd, specifically, if Cd =< g >, then gk is a generatorfor every k coprime to d. Since every element of Cn generates acyclic subgroup, and all �(d) subgroups of Cd ≤ Cn are generatedby some element of Cn.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 17 / 38
�(n) =∣ {k : 1 ≤ k ≤ n, gcd(n, k) = 1} ∣
�(n) = n∏
p∣n
(
1− 1p
)
, where the product is over the distinct
prime numbers dividing n
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 18 / 38
Properties
�(pk) = pk − pk−1 = pk−1(p− 1) = pk(
1− 1p
)
.
�(mn) = �(m)�(n) if (m,n) = 1
�(mn) = �(m)�(n)( d�(d)) if (m,n) = d
a ∣ b implies �(a) ∣ �(b)
�(n) is even for n ≥ 3. Moreover, if n has r distinct odd primefactors, then 2r ∣ �(n)
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 19 / 38
Congruences
Definition: Given integers a, b,m with m > 0. We say a iscongruent to b modulo m, and we write
a ≡ b(mod m) ⇐⇒ m ∣ (a− b)
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 20 / 38
Properties
Congruence is an equivalence relation
If a ≡ b(mod m) and � ≡ �(mod m), then we have(a) ax+ �y ≡ bx+ �y(mod m) for all integers x and y
(b) a� ≡ b�(mod m)
(c) an ≡ bn(mod m) for every positive integer
(d) f(a) ≡ f(b)(mod m) for every polynomial f with integercoefficients
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 21 / 38
Theorem: If c > 0 then a ≡ b(mod m) if, and only if,ac ≡ bc(mod m)
Theorem: If ac ≡ bc(mod m) and if d = (m, c), then a ≡ b(mod md)
Theorem: If a ≡ b(mod m). If d ∣ m and d ∣ a d ∣ b
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 22 / 38
Theorem: If a ≡ b(mod m) (a,m) = (b,m)
Theorem: If a ≡ b(mod m) and if 0 ≤∣ b− a ∣< m, then a = b
Theorem: If a ≡ b(mod m) and a ≡ b(mod n) where (m,n) = 1,then a ≡ b(mod mn)
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 23 / 38
Theorem: Assume (a,m) = 1. Then the linear congruenceax ≡ b(mod m)has exactly one solution
Theorem: Assume (a,m) = d. Then the linear congruenceax ≡ b(mod m)has solutions if, and only if, d ∣ b
Theorem: Assume (a, b) = d there exists integers x and y suchthat ax+ by = d
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 24 / 38
Euler-Fermat Theorem: Assume (a,m) = 1. Then we havea�(m) ≡ 1 (mod m)
Theorem: If a prime p does not divide a thenap−1 ≡ 1 (mod m)
Little Fermat Theorem: For any integer a and any prime p wehave
ap ≡ a (mod m)
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 25 / 38
CRT
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 26 / 38
Problem : Let n be a composite positive integer and let p be the
smallest prime divisor of n with np= n1. Prove that if q > n
1
3
1 thenn1
qis prime where q be the smallest prime divisor of n1.
Solution: Suppose n1
q= ab where 1 < a, b < n1
q
Let r and s be the prime divisors of a and b respectively, then rand s are also prime divisors of n1, so that
r ≥ q and s ≥ q.This implies thatq3 = q.q.q ≤ q.r.s ≤ q.a.b,that is, q3 ≤ n1 which is a contradiction. Therefore, n1
qis prime.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 27 / 38
Problem : Let n be a composite positive integer and let p be thesmallest prime divisor of n such that p2 ∣ n. Prove that if p2 > n
p2
then np2
is prime.
Solution: Suppose np2
= ab where 1 < a, b < np2
Let r and s be the prime divisors of a and b respectively, then rand s are also prime divisors of n, so that
r ≥ p and s ≥ p.This implies thatp4 = p2.p.p ≤ p2.r.s ≤ p2.a.b,that is, p4 ≤ n which is a contradiction. Therefore, n
p2is prime.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 28 / 38
Group theory
Definition: Given sets X and Y, the cartesian product of X and Yis
X × Y = {(x, y) ∣x ∈ X and y ∈ Y }.
Definition: Given a set A, a binary relation ∼ on A is a subset R ofA × A. If (u, v) ∈ R, we say that u is related to v and we writeu ∼ v. If (u, v) /∈ R, we say that u is not related to v.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 29 / 38
Definition: A binary relation ∼ on A is said to be an equivalencerelation on A if for all a, b, c ∈ A1. a ∼ a (reflexivity),2. a ∼ b ⇒ b ∼ a (symmetry),3. a ∼ b and b ∼ c ⇒ a ∼ c (transitivity).
For a ∈ A, the equivalence class of a is the setcl(a) = {x ∈ A ∣ a ∼ x}.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 30 / 38
Theorem : The distinct equivalence classes of an equivalencerelation on A provide us with a decomposition of A as a union ofmutually disjoint subsets.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 31 / 38
Definition : Given any set A we call a mapping of A × A into A abinary operation on A. If ∗ : A × A → A is a binary operation onA, then ∗((a′, a′′)), the image of the ordered pair (a′, a′′) under ∗, isdenoted by a′ ∗ a′′.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 32 / 38
Definition of a group
Definition : A nonempty set of elements G is said to form a groupif in G there is defined a binary operation, called the product anddenoted by ⋅, such that1. a, b ∈ G ⇒ a ⋅ b ∈ G (closure).2. a, b, c ∈ G ⇒ a ⋅ ( b ⋅ c) = ( a ⋅ b ) ⋅ c (associative law).3. There exists an element e ∈ G such that a ⋅ e = a = e ⋅ a forall a ∈ G(the existence of an identity element in G).4. For every a ∈ G there exists an element a−1 ∈ G such thata ⋅ a−1 = e = a−1 ⋅ a (the existence of inverses in G).
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 33 / 38
Properties
If G is a group, then1. The identity element of G is unique.2. Every a ∈ G has a unique inverse in G.3. For any a ∈ G, (a−1)−1 = a.4. For all a, b ∈ G, (a ⋅ b)−1 = b−1 ⋅ a−1.5. If elements a, b, c ∈ G satisfy ab = ac or ba = ca, then b = c
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 34 / 38
definition : A group G is said to be abelian (or commutative) if forevery a, b ∈ G, a ⋅ b = b ⋅ a.
A group which is not abelian is called non-abelian.
The number of elements in G is called the order of G and it isdenoted by o(G).
If o(G) is finite, then we say that G is a finite group.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 35 / 38
Definition : A nonempty subset H of a group G is said to be asubgroup of G if, under the product in G, H itself forms a group.
Let K ⊆ H ⊆ G. If H is a subgroup of G and K is a subgroup ofH, then K is a subgroup of G.
Theorem A nonempty subset H of a group G is a subgroup of G ifand only if1. a, b ∈ H ⇒ ab ∈ H.2. a ∈ H ⇒ a−1 ∈ H.
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 36 / 38
Powers of an element
If a ∈ G we define an for any positive integer na0 = e, an = aan−1, a−n = (a−1)
n
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 37 / 38
If a ∈ G, any two powers of a commute, and for all integers m andn we haveaman = am+n, (am)n = amn = (an)m
Moreover, if a and b commute we have anbn = (ab)n
Dr. N. Chandramowliswaran (VIT) INVITED TALK FEB. 12, 2013 38 / 38