Number Theory

Integers and Division Definition 1: Let a and b be integers where a0. We say a divides b, denoted by a|b, if there is an integer c such that b=ac. If a does not divide b, we write ab. When a|b, we say a is a factor of b or b is a multiple of of a. Examples: 7 | 56, 1 | 56, 8 | 56. 1, 7 and 8 are factors of 56. 7 | 53, 17 | 53. Number Theory 23/11/61

Properties of Divisibility Theorem 1: Let a, b and c be any integers. a|0, 1|a and a|a. If a|b and a|c then a|(b+c). If a|b then a|bc. If a|b and b|c then a|c. Example: 7|0, 1|7 and 7|7. 3|12 and 3|9. Then, 3|(12+9). 3|12. Then, 3|(127). 3|21 and 21|189. Then, 3|(189). Number Theory 23/11/61

Properties of Divisibility Theorem 1: Let a, b and c be any integers. a|0, 1|a and a|a. If a|b and a|c then a|(b+c). Proof: Let a, b and c be any integers. Since 0=a0, a|0. Since a=1a, 1|a. Since a=a1, a|a. Let a|b and a|c. Then, there are integers k1 and k2 such that b=k1a and c=k2a. Thus, b+c=k1a+k2a = a(k1+k2). Therefore, a|(b+c). Number Theory 23/11/61

Properties of Divisibility Theorem 1: Let a, b and c be any integers. If a|b then a|bc. If a|b and b|c then a|c. Proof: Let a, b and c be any integers. Let a|b. Then, there is an integer k such that b=ka. Thus, b c=kac. Therefore, a|(bc). Let a|b and b|c. Then, there are integers k1 and k2 such that b=k1a and c=k2b. Thus, c=k1k2a. Therefore, a|c. Number Theory 23/11/61

Corollary 1 If a, b and c are integers such that a|b and a|c, then a|mb+nc whenever m and n are integers. Proof: Let a, b and c be integers, and a|b and a|c. Since a|b, a|mb for any integer m. (from a|bc if a|b) Since a|c, a|nc for any integer n. Since a|mb and a|nc, a|mb+nc. (from if a|b and a|c then a|b+c). Q.E.D. Number Theory 23/11/61

Division Algorithm Theorem 2: Let a be an integer and d be a positive integer. Then, there are unique q and r, with 0 r<d, such that a=dq+r. Proof: Let a be an integer and d be a positive integer. Let S ={r | rZ, r>0, and r = a-dq where q is an integer}. S is not empty because we can choose q as needed. By the well-ordering property, there is the smallest element, say r0, in S. Then, there is q0 such that r0 = a-dq0. If r0  d, there is a smaller integer a-dq0-d in S, which contradicts to the fact that r0 is the smallest element in S. Thus, r < d. Number Theory 23/11/61

Division Algorithm Now, we proved that there are q and r, with 0 r <d, such that a=dq+r. Next, we will prove that q and r are unique. Assume there exist q, q', r and r' such that a = dq+r = dq'+r', with 0  r, r' <d. Then, d(q - q') =r - r'. That is, d | (r - r'). Since 0  r, r' <d, -d  r - r' < d. From d | (r - r') and -d  r - r' < d, r - r' = 0, which means r = r'. Then, q = q'. Therefore, there are unique q and r such that a=dq+r. Number Theory 23/11/61

Division Algorithm Definition 2: Let a be an integer and d be a positive integer, such that there exist integers q and 0  r < d where a=dq+r. a is called the dividend, d is called the divisor, q is called the quotient, and r is called the remainder. q = a div d r = a mod d Number Theory 23/11/61

Modular Arithmetic Definition 3: If a and b are integers and m is a positive integer, then a is congruent to b modulo m (denoted by a  b (mod m) ) if m divides a-b. If a is not congruent to b modulo m , we write a  b (mod m). (a  b (mod m) means the residues of a/m and b/m are equal) Example: 26  14 (mod 12), 26  14 (mod 4), 26  14 (mod 3) Number Theory 23/11/61

Theorem 3.1 Let a and b be integers and m be a positive integer. a  b (mod m) if a mod m = b mod m. Proof: Let a and b be integers and m be a positive integer such that a mod m = b mod m. Then, there exist integers q1, q2 and r such that a = q1m+r, and b = q2m+r (from division algorithm). That is, a-b = (q1-q2)m. Then, m|a-b. Thus, a  b (mod m). Number Theory 23/11/61

Theorem 3.2 Let a and b be integers and m be a positive integer. If a  b (mod m) then a mod m = b mod m. Proof: Let a and b be integers and m be a positive integer such that a  b (mod m). Then, m|a-b. That is, there exists an integer c such that a-b = cm. There exist integers q1-q2=c, and a-b = m(q1-q2). Then, there is an integer r such that r = a-q1m = b-q2m. As a result, a = q1m+r, and b = q2m+r. Thus, a mod m = b mod m. Number Theory 23/11/61

Theorem 4 Let a and b be integers, and m be a positive integer. a  b (mod m) iff there is an integer k such that a = b + km. Proof: () If a  b (mod m) then m | (a-b). This means there is an integer k such that a -b = km. Then, a = b + km. () If there is an integer k such that a = b + km, then a-b = km. Then, m | (a-b). That is, a  b (mod m). Number Theory 23/11/61

Theorem 5 Let m be a positive integer. If a  b (mod m) and c  d (mod m) then a+c  b+d (mod m) and ac  bd (mod m). Proof: Let a  b (mod m) and c  d (mod m). Then, there are integers s and t such that b = a + sm and d = c + tm. Then, b+d = a+c+(s+t)m and bd = ac+(sc+at+stm)m. That is, a+c  b+d (mod m) and ac  bd (mod m). Number Theory 23/11/61

Corollary 2 Let m be a positive integer and let a and b be integers. Then, (a+b) mod m  ((a mod m)+(b mod m))(mod m), and (ab) mod m  ((a mod m)(b mod m)) (mod m). Proof: By the definitions of mod m and congruence, a mod m(a mod m)(mod m), and b mod m(b mod m)(mod m). From Theorem 5, Number Theory 23/11/61

Applications of Congruences Hashing functions h(k) = k mod m Pseudorandom numbers xn+1 = (axn + c) mod m Caesar’s cipher f(p) = (p + k) mod 26 Number Theory 23/11/61

Primes

Primes Definition 1: A positive integer p greater than 1 is called prime if the only positive factors of p are 1 and p. A positive integer p greater than 1 is called composite if it is not prime. Examples: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, … are prime. Number Theory 23/11/61

Sieve of Eratostheses 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Number Theory 23/11/61

Theorem 1 Fundamental Theorem of Arithmetic Every positive integer greater than 1 can be written uniquely as a prime or as the product of two or more primes where the prime factors are written in the order of non-decreasing size. Meaning Any integer k = 2d2  3d3  5d5  7d7  11d11  13d13 …, where d2, d3, d5, d7, d11, d13, …  0. Examples: 365 = 20  30  51  70  110  130  170  190  230  290  310  370  410  430  470  530  590  610  670  710  731 Number Theory 23/11/61

Theorem 2 If n is a composite integer, then n has a prime divisor d n. Proof: If n is composite, then there is a factor 1 < a < n. Then, there is integer b greater than 1 such that ab = n. There are 5 possible cases of a and b. If a <n and b <n, then ab <nn. But ab  n, which contradicts to our prior information. If a >n and b >n, then ab >nn=n. But ab  n, which contradicts to our prior information. If a > n and b <n , then ab is possibly equal to n. If a < n and b >n , then ab is possibly equal to n. If a = n and b =n, then ab=n. Number Theory 23/11/61

Theorem 2 That is, a  n or b n . Then, if a (or b) is not a prime, a (or b) itself has a prime factor, say a', which is a divisor of n and a' n. Therefore, n has a prime divisor d n Number Theory 23/11/61

Applications of Theorem 2 To test is a number n is prime, we need only to find prime divisors less than or equal to n. Example: Show that 271 is prime. Since 271<17, we only need to find prime divisors which are  16. That is, we need to consider 2, 3, 5, 7, 11 and 13. All of them do not divides 271. Thus, 271 is prime. Number Theory 23/11/61

Applications of Theorem 2 To find the prime factorization of a composite n, we need only to consider prime divisors less than or equal to n, as shown in the following example. Example: Find the prime factorization of 3003. 3003 < 55. We only need to try 2, 3, 5, 7, 11, 13, … , 47 and 53. 3003/3=1001. 1001 < 32. We only need to try 2, 3, 5, 7, 11, 13, … and 31. 1001/7=143. 143 < 12. We only need to try 2, 3, 5, 7, and 11. None divides 143. Then, 143 is prime. That is, the prime factorization of 3003 is 3  7  143. Number Theory 23/11/61

Theorem 3 There are infinitely many primes. Proof: Assume there are finite primes p1, p2, …, pn. Let Q = p1 p2  …  pn +1. Assume Q is not prime. Then, there is a prime pi, for some 1  i  n, such that pi divides Q (Q = c  pi). Then, pi divides Q - p1 p2  …  pn, which is 1 (from the way we set Q). That is a contradiction. Thus, Q is prime. Since Q is prime and Q > pn , it contradicts to our assumption. That is, there are infinitely many primes. Number Theory 23/11/61

Prime Number Theorem The ratio of the number of primes not exceeding x and x/ln x approaches 1 as x grows without bound. In other words, Let (x) be the number of primes not exceeding x. lim (x) = 1 x   x/ln x That is, (x)  x/ln x. x x/ln(x) 10.00 4.34 1000.00 144.76 100000.00 8685.89 10000000.00 620420.69 1000000000.00 48254942.43 100000000000.00 3948131653.67 10000000000000.00 334072678387.12 1000000000000000.00 28952965460216.80 100000000000000000.00 2554673422960300.00 Number Theory 23/11/61

Greatest Common Divisors Definition 2: Let a and b be integers, not both zero. The largest integer d such that d | a and d | b is called the greatest common divisor of a and b, denoted by gcd(a, b). Examples: Find gcd(125, 75) = 25. (125 = 555, 75 = 355) Find gcd(23, 161) = 23. (161 = 23  7) Find gcd(23, 127) = 1. (23 and 127 are primes.) Find gcd(69, 194) = 1. (69 = 323, 194 = 297) Number Theory 23/11/61

Relatively Prime Definition 3: The integers a and b are relatively prime if gcd(a, b) = 1. Example: gcd(69, 194) = 1. (69=323, 194=297) Then, 69 and 194 are relatively prime. Definition 4: The integers a1, a2, …, an are pairwise relatively prime if gcd(ai, aj) = 1, for all 1 i, j  n. Example: gcd(21, 25)=1, gcd(25, 32)=1, gcd(21,32)=1. Then, 21, 25, and 32 are relatively prime. Number Theory 23/11/61

Least Common Multiples Definition 5: Let a and b be positive integers. The smallest integer d such that a | d and b | d is called the least common multiple of a and b denoted by lcm(a, b). Example: lcm(23 52 11, 22 33 53 132) = 23  33  53 11 132. Number Theory 23/11/61

gcd and lcm Theorem 5: Let a and b be positive integers. Then, a b = gcd(a, b)lcm(a, b). Number Theory 23/11/61

Integer Representation & Algorithms

THEOREM 1 Let b be a positive integer greater than 1. Then, if n is a positive integer, it can be expressed uniquely in the form n = akbk + ak-1bk-1 + … + a1b + a0, where k is a nonnegative integer, ak, ak-1 , …, a1 , a0 are nonnegative integers less than b, and ak  0. This is called base b expansion of n. Examples: Let b = 10. 30251 = 3104 + 0103 + 2102 + 5101 + 1. Let b = 2. 100101 = 125 + 0 24 + 0 23 + 1 22 + 0 21 + 1 Number Theory 23/11/61

THEOREM 1 Let b be a positive integer greater than 1. Then, if n is a positive integer, it can be expressed uniquely in the form n = akbk + ak-1bk-1 + … + a1b + a0, where k is a nonnegative integer, ak, ak-1, …, a1, a0 are nonnegative integers less than b, and ak  0. Proof: Basis: Consider 0 < k < b. n can be expressed as k. Induction hypothesis: For n < bk, n can be expressed as ak-1bk-1 + … + a1b + a0. Induction Step: For bk  n < bk+1, let m = n – abk, for largest possible a which makes m positive. m < bk, and m can be expressed as ak-1bk-1 + … + a1b + a0 (from the induction hypothesis.) Since m = n – abk, we have n = abk + ak-1bk-1 + … + a1b + a0.  Number Theory 23/11/61

Constructing Base b Expansion procedure expand(b, n: positive integers) q := n k := 0 while q  0 begin ak := q mod b q := q/b k := k+1 end Number Theory 23/11/61

Base b Expansion Base 16 (Hexadecimal) digits 0 1 2 3 4 5 6 7 8 9 A B C D E F (5A)16 = (516 +10)10 = (90)10 Base 8 (Octal) digits 0 1 2 3 4 5 6 7 (403)8=(4 82+08+3)10=(259)10 Number Theory 23/11/61

Base 2 Addition Let a = (an-1 an-2 … a1 a0)2 and b = (bn-1 bn-2 … b1 b0)2. s = a + b. a0 + b0 = 2c0 + s0 a1 + b1 + c0= 2c1 + s1 … an + bn + cn-1= 2cn + sn a b s 1 0 0 1 1 0 1 0 1 1 + 1 1 1 1 0 Number Theory 23/11/61

Base 2 Addition Let a = (an-1 an-2 … a1 a0)2 and b = (bn-1 bn-2 … b1 b0)2. procedure add (a, b: positive integers) c := 0 for j := 0 to n-1 begin d := (aj + bj + c) / 2 si := aj + bj + c – 2d c := d end sn := c Number Theory 23/11/61

Base 2 Multiplication Let a = (an-1 an-2 … a1 a0)2 and b = (bn-1 bn-2 … b1 b0)2. ab = a (bn-1 bn-2 … b1 b0)2 = a (2n-1bn-1 + 2n-2bn-2 + … + 21b1 + 20b0) = a(2n-1bn-1) + a(2n-2bn-2) + … + a(21b1)+ a(20b0) 1 0 0 1 1 1 0 1 1  0 0 0 0 0 1 1 0 1 0 0 0 1 Number Theory 23/11/61

Base 2 Multiplication Let a = (an-1 an-2 … a1 a0)2 and b = (bn-1 bn-2 … b1 b0)2. procedure multiply (a, b: positive integers) for j := 0 to n-1 begin if bj = 1 then cj := a << j {<< means shift} else cj := 0 end p := 0 p := p + cj Number Theory 23/11/61

Base 2 Multiplication a = (1001)2 = (9)10 b = (1011)2 = (11)10 Let a = (an-1 an-2 … a1 a0)2 and b = (bn-1 bn-2 … b1 b0)2. procedure multiply (a, b: positive integers) p := 0 for j := 0 to n-1 begin if bj = 1 then p := p + a a := a << 1 end bj p a 1 (1001)2 = 9 9 (10010)2 = 18 27 (100100)2 = 36 (1001000)2 = 72 99 (10010000)2 = 144 a = (1001)2 = (9)10 b = (1011)2 = (11)10 Number Theory 23/11/61

Division d = 3 procedure division (a, d: positive integers) q := 0 r := a while r  d begin r := r - d q := q + 1 end {r is a div d, q is a mod d} d = 3 q r 19 1 16 2 13 3 10 4 7 5 6 Number Theory 23/11/61

Modular Exponentiation Let a = (an-1 an-2 … a1 a0)2 = (2n-1an-1 + 2n-2an-2 + … + 21a1 + a0) ba = b2n-1an-1  b2n-2an-2  …  b23a3  b22a2  b2a1  ba0 From (ab) mod m  ((a mod m)(b mod m)) (mod m) , ba mod m = (b2n-1an-1 mod m)(b2n-2an-2 mod m)…(b23a3 mod m)(b22a2 mod m) (b2a1 mod m)(ba0 mod m) 0 or 1 square square square square Number Theory 23/11/61

Modular Exponentiation procedure exp (b, n , m : positive integers) x := 1 power := b for j := 0 to k-1 (k-bit binary a) begin if ai = 1 then x := (x  power) mod m power := (power  power) mod m end {x is bn mod m} Number Theory 23/11/61

LEMMA 1: Euclidean Algorithm Let a = bq+r, where a, b, q and r are integers. Then, gcd(a,b) = gcd(b,r). Proof: Let a, b, q and r be integers such that a = bq+r. Suppose d is a common divisor of a and b. Then, d divides both a and b. Then, d divides r = a – bq. Thus, d is also a common divisor of b and r. Suppose d is a common divisor of b and r. Then, d divides both b and r. Then, d divides a = bq + r. Thus, d is a common divisor of a and b. Therefore, d is a common divisor of a and b iff it is a common divisor of b and r. That is, gcd(a,b) = gcd(b,r).  Number Theory 23/11/61

Euclidean Algorithm procedure gcd (a, b: positive integers) x := a y := b while y  0 begin r := x mod y x := y y := r end {x is gcd(a, b)} x y 165 70 15 10 5 mod mod mod mod Number Theory 23/11/61

THEOREM If a and b are positive integers, then there exist integers s and t such that gcd(a, b) = sa + tb. y3= x2-y2 x3= y2 y2= x1-4y1 x2= y1 y1= x0-2y0 x1= y0 y3 = x2-y2 = y1 -(x1 -4y1) = 5y1 - x1 = 5(x0-2y0) -y0 = 5x0-11y0 (x0 = a, y0 = b)  gcd(a, b) = 5a – 11b  i x y 165 70 1 y0= 70 x0-2y0 = 15 2 y1= 15 x1-4y1 = 10 3 y2= 10 x2- y2 = 5 4 y3= 5 x3-2y3 = 0 Number Theory 23/11/61

LEMMA 1 If a, b and c are positive integers such that gcd(a,b)=1 and a | bc, then a | c. Proof: Let a, b and c be positive integers such that gcd(a,b)=1 . By Theorem 1, there are integers s and t such that sa +tb = gcd(a,b) = 1. Then, sac + tbc = c. s = (c – tbc)/a Therefore, a|c.  Number Theory 23/11/61

LEMMA 2 If p is a prime and p | a1 a2 … an, where each ai is an integer, then p | ai for some i. Number Theory 23/11/61

THEOREM Let m be a positive integer and let a, b, and c be integers. If ac  bc (mod m) and gcd(c,m) = 1, then a  b (mod m). Proof: Let m be a positive integer and a, b, and c be integers such that ac  bc (mod m) and gcd(c,m) = 1. Since ac  bc (mod m) , m | ac – bc. From gcd(c,m) = 1, m does not divide c. Then, m | a – b. That is, a  b (mod m).  Number Theory 23/11/61

Linear Congruence Let m be a positive integer, a and b be integers and x be a variable. ax  b (mod m) is called a linear congruence. Example: 3x  4 (mod 7) x  6 (mod 7) x 3x 3x mod 7 1 3 2 6 9 4 12 5 15 18 7 21 8 24 Number Theory 23/11/61

Inverse of a modulo m Let m be a positive integer, a and b be integers and x be a variable. If ax  1 (mod m), a is an inverse of x modulo m. Example: From 3x  1 (mod 7) , x  5 (mod 7) Then, 3 is an inverse of 5 modulo 7. Number Theory 23/11/61

Theorem 3 If a and m are relatively prime integers, and m > 1, then an inverse of a modulo m exists. Proof: Let a and m are relatively prime integers, and m > 1. Then, gcd(a, m) =1. From Theorem 1, there exist integers s and t such that sa + tm = 1. Therefore, sa + tm  1 (mod m). Since tm  0 (mod m), sa  1 (mod m). Thus, s is an inverse of a modulo m.   Number Theory 23/11/61

Chinese Remainder Theorem Let m1, m2, …, mn be pairwise relatively prime positive integers and a1, a2, …, an be arbitrary integers. Then, the system x  a1 (mod m1), x  a2 (mod m2), … x  an (mod mn) has a unique solution modulo m = m1 m2…  mn.  Number Theory 23/11/61

Chinese Remainder Theorem: Proof Let m1, m2, …, mn be pairwise relatively prime positive integers, m = m1 m2…  mn, and a1, a2, …, an be arbitrary integers. Let Mk = m/mk, for k = 1, 2, …, n. gcd(mk, Mk) = 1 because m1, m2, …, mn are pairwise relatively prime. From Theorem 3, there is an integer yk, an inverse of Mk modulo mk. That is, Mk yk  1 (mod mk). Let x = a1 M1 y1 + a2 M2 y2 + … + an Mn yn. Since Mk yk  1 (mod mk), x  akMk yk  ak (mod mk). Then, x is a simultaneous solution to the n congruences. The rest is to prove the uniqueness. Number Theory 23/11/61

Chinese Remainder Theorem : Example Find x such that x  2 (mod 3), x  3 (mod 5), x  2 (mod 7). Since 3,5 and 7 are pairwise relatively prime, from Chinese Remainder Theorem x = a1 M1 y1 + a2 M2 y/ + … + a3 M3 y3, where a1=2, a2=3, a3=2, m1=3, m2=5, m3=7. Then, m = m1 m2 m3= 357 = 105. M1= m/m1= 357/3 = 35, M2= m/m2= 357/5 = 21, M3= m/m3= 357/7 = 15. Then, we need to solve the following linear congruence Mk yk  1 (mod mk), for k = 1,2,3. 35 y1  1 (mod 3) 21 y2  1 (mod 5) 15 y3  1 (mod 7) We have y1 = 2, y2 = 1, y3 = 1. Thus, x = 2352 + 3211 + 2151 = 233  23 (mod 105). Number Theory 23/11/61

Large Integer Representation Let m1, m2, …, mn be pairwise relatively prime positive integers greater than 1, and m = m1 m2…  mn. An integer a with 0  a  m can be uniquely represented by the n-tuple (a mod m1, a mod m2, …, a mod mn). Example: 3 and 4 are pairwise relatively prime. Any integer not greater than 34 = 12 can be represented uniquely by an order pair. 0 = (0 mod 3, 0 mod 4) = (0, 0) 6 = ( 6 mod 3, 6 mod 4) = (0, 2) 1 = (1 mod 3, 1 mod 4) = (1, 1) 7 = ( 7 mod 3, 7 mod 4) = (1, 3) 2 = (2 mod 3, 2 mod 4) = (2, 2) 8 = ( 8 mod 3, 8 mod 4) = (2, 0) 3 = (3 mod 3, 3 mod 4) = (0, 3) 9 = ( 9 mod 3, 9 mod 4) = (0, 1) 4 = (4 mod 3, 4 mod 4) = (1, 0) 10 = (10 mod 3, 10 mod 4) = (1, 2) 5 = (5 mod 3, 5 mod 4) = (2, 1) 11 = (11 mod 3, 11 mod 4) = (2, 3) Number Theory 23/11/61

Computer Arithmetic with Large Integers Example: 99, 98, 97, and 95 are pairwise relatively prime, and 123684 and 413456 are less than 99989795. 123684 can be represented by (123684 mod 99, 123684 mod 98, 123684 mod 97 , 123684 mod 95) = (33,8,9,89). 413456 can be represented by (413456 mod 99, 413456 mod 98, 413456 mod 97 , 413456 mod 95) = (32,92,42,16). Number Theory 23/11/61

Computer Arithmetic with Large Integers 123684 + 413456 = (33,8,9,89) + (32,92,42,16) = (65 mod 99, 100 mod 98, 51 mod 97 , 105 mod 95) = (65, 2, 51, 10) x  65 (mod 99) x  2 (mod 98) x  51 (mod 97) x  10 (mod 95) From the system of linear congruences, x = 537140. Number Theory 23/11/61

Fermat’s Little Theorem If p is prime and a is an integer not divisible by p, then ap-1  1 (mod p). For every integer a, ap  a (mod p). Example: Since 2 is prime, and 341 is not divisible by 2, 2340  1 (mod 341).  Number Theory 23/11/61

Psuedoprime Definition Let b be a positive integer. If n is a composite positive integer, and bn-1  1 (mod n), then n is called a pseudoprime to the base b. Number Theory 23/11/61

Cryptography An Introduction

Cryptography receiver sender eavesdropper My password is 3791. Number Theory 23/11/61

Cryptography plaintext plaintext decryption encryption ciphertext AOD4BNU6DRTU7O TYTBPTJODE9AOF My password is 3791. decryption encryption ciphertext AOD4BNU6DRTU7O TYTBPTJODE9AOF My password is 3791. receiver sender eavesdropper Number Theory 23/11/61

Keys plaintext ciphertext plaintext Decryption key Encryption key Number Theory 23/11/61

Cryptography plaintext plaintext encryption decryption ciphertext receiver sender eavesdropper Number Theory 23/11/61

Private Key Encryption plaintext plaintext KEY = a KEY = a Easy to find decryption, when encryption key is known. encryption decryption ciphertext KEY = a receiver sender The key a must be a secret kept between the sender and the receiver. What if the eavesdropper gets the key? eavesdropper Number Theory 23/11/61

Public Key Encryption key b key a key a plaintext plaintext KEY = a, b public KEY = a encryption decryption key b secret ciphertext key a key a receiver sender Eavesdroppers can only encrypt messages, but cannot decrypt any message. eavesdropper Number Theory 23/11/61

RSA Cryptosystem Let C denote a ciphertext and M denote a plaintext. Let p and q be large primes, and n=pq. Let e be an integer that is relatively prime to (p-1)(q-1). Let d be an inverse of e modulo (p-1)(q-1). Encryption: C = Me mod n. Decryption: M  Cd (mod n). Number Theory 23/11/61

RSA Cryptosystem Let p and q be large primes, and n=pq. Let e be an integer which is relatively prime to (p-1)(q-1), and d be an inverse of e modulo (p-1)(q-1). Prove that if C = Me mod n, then Cd  M (mod n) Proof: Since d is an inverse of e modulo (p-1)(q-1), de  1 (mod (p-1)(q-1)) Cd  (Me)d = Mde = M1+k(p-1)(q-1) (mod n) Thus, Cd  M1+k(p-1)(q-1) = M (Mq-1)k(p-1) (mod p), and Cd  M1+k(p-1)(q-1) = M (Mp-1)k(q-1) (mod q) Number Theory 23/11/61

RSA Cryptosystem From Cd  M1+k(p-1)(q-1) = M (Mq-1)k(p-1) (mod p), and Cd  M1+k(p-1)(q-1) = M (Mp-1)k(q-1) (mod q) By Fermat’s Little Theorem, if gcd(M, p) = gcd(M,q) =1 then Mp-11 (mod p) and Mq-11 (mod q). Then, Cd  M (Mq-1)k(p-1)  M1  M (mod p) Cd  M (Mq-1)k(p-1)  M1  M (mod q) By the Chinese Remainder Theorem, Cd  M (mod pq) Number Theory 23/11/61

Example: RSA Cryptosystem Let p = 3, and q = 19, n = 319 = 57. Let e = 23, which is relatively prime to 218=36. Since an inverse of 23 mod 36 = 11, d = 11. Encryption: C = M 23 mod 57. Given a plaintext M = 2, C = 223 mod 57 = 32. Decryption: B = C 11. B = 3211 mod 57 = 2. Number Theory 23/11/61

Example: RSA Cryptosystem Let p = 43, and q = 59, n = 4359 = 2537. Let e = 13, which is relatively prime to 4258=2436. Since an inverse of 13 mod 2436 = 937, d = 937. Encryption: C = M13 mod 2537. Given a plaintext M = 1819, C = 181913 mod 2537 = 2081. Decryption: B = C 937. B = 2081937 mod 2537 =1819. Number Theory 23/11/61