Chapter 3 3.7 Applications of Number Theory Some Useful Results Linear Congruences The Chinese Remainder Theorem Computer Arithmetic with Large Integers Pseudoprimes Public Key Cryptography

Some Useful Results Theorem 1: If a and b are positive integers, then there exist integers s and t such that gcd(a ,b) = sa+tb . Example 1: express gcd(252 , 198) =18 as a linear combination of 252 and 198 .

Some Useful Results Lemma 1: If a, b, and c are positive integers such that gcd(a , b) = 1 and a|bc, then a|c . Lemma 2 : If p is a prime and p|a1a2. . .an, where each ai is an integer , then p|ai for some i. Theorem 2: Let m be a positive integer and let a, b ,and c be integers. If ac≡ bc (mod m) and gcd(c, m) = 1 , then a≡b (mod m).

Linear Congruences A congruence of the form ax≡b (mod m) where m is a positive integer , a and b are integers , and x is variable, is called a linear congruence. Such congruences arise throughout number theory and its applications. How can we solve the linear congruence ax≡b (mod m) ? That is, find the x that satisfy this congruence. One method that we will describe uses an integer ā such that aā≡1 (mod m), if such an integer exist. Such an integer ā is said to be an inverse of a modulo m. Theorem 3 guarantees that an inverse of a modulo m exists whenever a and m are relatively prime.

Linear Congruences Theorem 3: If a and m are relatively prime integers and m>1, then an inverse of a modulo m exist. Furthermore, this inverse is unique modulo m. (there is a unique positive integer ā less than m that is an inverse of a modulo m and every other inverse of a modulo m is congruent to ā modulo m.) When we have an inverse of a modulo m, that is, ax≡1 (mod m) , we can easily solve the congruence ax≡b (mod m).

The Chinese Remainder Theorem Example 3: Find an inverse of 3 modulo 7? Theorem 5, section 3.4, p204. Let m be a positive integer. If a≡b (mod m) and c≡d (mod m), then a+c≡b+d (mod m) and ac≡bd (mod m). Example 4: What are the solutions of the liner congruence 3x ≡4 ( mod 7)? Example 5: In the first century, the Chinese mathematician Sun-Tsu asked: There are certain things whose number is unknown. When divided by 3, the remainder is 2; when divided by 5, the remainder is 3; and when divided by 7 , the remainder is 2. What will be the number of things?

The Chinese Remainder Theorem Theorem 4: The Chinese Remainder Theorem Let m1, m2, . . . ,mn be pairwise relative prime positive integers and a1, a2,. . . ,an arbitrary integers. Then the system x≡a1 ( mod m1) x≡a2 ( mod m2) … x≡an ( mod mn) has a unique solution modulo m= m1, m2, . . . ,mn . (That is , there is solution x with 0 ≦x ＜m, and all other solutions are congruent modulo m to this solution.)

射雕英雄傳 第一千四百二十七頁 瑛姑說道: 『. . . 今有物不知其數，三三數支謄二，五五數之謄三，七七數之謄二，問物幾何?』 黃蓉笑道: 『這容易得緊，以三三數之，餘數乘以七十; 五五數之，餘數乘以二十一，七七數之，餘數乘以十五。三者相加，如不大於一百零五，即為答數; 否則須減去一百零五或其倍數。』 黃蓉道: 『也不用這般硬記，我念一首詩給你聽，那就容易記了:三人同行七十稀，五樹梅花二一枝，七子團員正半月，餘百零五便得知。』

The Chinese Remainder Theorem Assign values to ai an mi. Find value for m=m1*m2*…*mn; Mi=m/mi. Find yi, the inverse of Mi module mi. Find the value x=a1M1y1+ … + anMnyn. Find x ≡ b (mod m), where 0 <= b <m

The Chinese Remainder Theorem Example 6: Solve the system of congruences in Example 5 by using theorem 4. Example 5:there are certain things whose number is unknown. When divided by 3, the remainder is 2; when divided by 5, the remainder is 3; and when divided by 7 , the remainder is 2. What will be the number of things?

Computer Arithmetic with Large Integers Suppose that m1, m2, . . . ,mn are pairwise relatively prime integers greater than or equal to 2 and let m be their product. By the Chinese Remainder Theorem, we can show that an integer a with 0≤ a < m can be uniquely represented by the n-tuple consisting of its remainders upon division by mi , i= 1, 2,. . .,n. We can uniquely represent a by (a mod m1, a mod m2, . . ., a mod mn)

Computer Arithmetic with Large Integers Example 7: What are the pairs used to represent the nonnegative integers less than 12 when they are represented by the ordered pair where the first component is the remainder of the integer upon division by 3 and the second component is the remainder of the integer upon division by 4?

Pseudoprimes Theorem 5: Fermat’s Little Theorem If p is prime and a is an integer not divisible by p, then ap-1 ≡1 (mod p) Furthermore, for every integer a we have ap ≡a (mod p) Unfortunately, there are composite integer n, such that 2n-1≡1 (mod p). Such integers are called pseudoprimes to the base 2. Example 9: Explain why the integer 341 is a pseudoprime to the base 2.

Computer Arithmetic with Large Integers Definition 1: Let b be a positive integer. If n is a composite positive integer, and bn-1 ≡1 (mod n), then n is called a pseudoprime to the base b. Definition 2: A composite integer n that satisfies the congruence bn-1 ≡1 (mod n) for all positive integers b with gcd(b , n)=1 is called a Carmichael number. (This numbers are named after Robert Carmichael, who studied them in the early twentieth century) Example 10: The integer 561 is a Carmichael number.

Private Key Cryptography Private key cryptosystems (Section 3.4, Example 9, p207) c=(p+k) mod 26, where p, c represent a letter, k is an encryption key. Everybody knowing this (private) key can both encrypt and decrypt messages easily. Two people need to securely exchange the key in advance.

Public Key Cryptography In 1976, three researchers at M.I.T. – Ronald Rivest, Adi Shamir, and Leonard Adleman – introduced to the world a public key cryptosystem, known as the RSA system. The RSA cryptosystem is based on modular exponentiation modulo the product of two large primes, which can be done rapidly using Algorithm 5 in section 3.6. Each individual has an encryption key consisting of a modulus n=pq, where p and q are large primes, say, with 200 digits each, and an exponent e that is relatively prime to (p-1)(q-1).

Public Key Cryptography To produce a usable key, two large primes must be found. This can be done quickly on a computer using probabilistic primality test. (Example 16, Section 6.2, p 412-413 text book) However, the product of these primes n=pq, with approximately 400 digits, cannot be factored in a reasonable length of time. This is an important reason why decryption cannot be done quickly without a separate decryption key.

RSA Encryption In the RSA encryption method, messages are translated into sequences of integers. These integers are grouped together to form larger integers, each representing a block of letters. The encryption proceeds by transforming the integer M, representing the plaintext (the original message), to an integer C, representing the ciphertext (the encryption message), using the function C=Me mod n.

Gcd(e, (p-1)(q-1)) = gcd(13, 42 x 58)=1. RSA Encryption Example 11: Encrypt the message STOP using the RSA cryptosystem with p=43 and q=59, so that n=43 x 59 = 2537, and with e=13. Note that Gcd(e, (p-1)(q-1)) = gcd(13, 42 x 58)=1.

RSA Decryption The plaintext message can be quickly recovered when the decryption key d, an inverse of e modulo (p-1)(q-1), is known. Such inverse exist because gcd(e, (p-1)(q-1))=1). de≡1 (mod (p-1)(q-1)), there exist an integer k, such that de=k(p-1)(q-1)+1. It follows that Cd≡(Me)d=Mde=M1+k(p-1)(q-1) (mod n). By Fermat’s Little Theorem (theorem 5)[assuming that gcd(M,p)=gcd(M,q)=1, which holds except in rare cases], it follows that Mp-1≡1 (mod p) and Mq-1 ≡1 (mod q).

RSA Decryption Consequently, Cd ≡M(Mp-1)k(q-1) ≡M (mod p) and Cd ≡M(Mq-1)k(p-1) ≡M (mod q) Because gcd(p,q)=1, it follows by the Chinese Remainder Theorem that Cd ≡M (mod pq)

RSA Decryption Example 12: We receive the encrypted message 0981 0461. What is the decrypted message if it was encrypted using the RSA cipher form example 11.