CPSC 490 Number Theory Primes, Factoring and Euler Phi-function Mar.31 st, 2006 Sam Chan

Clarifications The Euclidean Algorithm runs in logarithmic time. Finding modular inverses can be done using the extended Euclidean algorithm. Ex. 5x = 1 (mod 7) is equivalent to writing 5x – 7y = 1 or 5x + 7(-y) = 1. Use extended Euclidean Algorithm to find x.

Primes Def: a positive integer p > 1 is prime if and only if it has exactly two divisors, 1 and p. Ex. 2, 3, 5, 7, 11, 13, 17, 19, 23, 29 are the fist 10 primes. How many primes are there exactly?

Euclid’s Proof Euclid first proved that there exists an infinite number of primes. (300 BC) Assume there are finitely many primes. Let S be the set of all n primes, p 1 p 2 p 3 …p n Let q = p 1 p 2 p 3 …p n + 1. There must exist a prime factorization for q. We claim that this factorization does not contain an element of S. This would imply that q uses a prime outside the set S, thus there are in fact more than n primes. Assume that p i, 1 <= i <= n, is in the prime factorization of q. Then it must divide p 1 p 2 p 3 …p n + 1. Specificially p i | 1. But since primes are greater than 1, this is our contradiction.

First approach Consider the following code: bool isPrime( int n ) { for( int i = 2; i*i <= n; i++ ) if( n % i == 0 ) return true; return false; } We attempt to find divisors of n. If we find one then return false. Has a running time of O(n 1/2 ) In practice, primality testing comes in to varieties.

Primality testing Deterministic tests will determine with absolute certainty whether a given integer n is prime. Probabilistic tests will determine with a small probability of error, whether a given integer n is prime.

Example of a probabilistic test Fermat’s Little Theorem Let n be a prime and a be any positive integer such that a < n. Then a raised to the nth power is congruent to a modulo n. a n = a (mod n) or a n-1 -1 = 0 (mod n) Given an integer n, all we have to do is find the remainder of a n (mod n) and see if it equals a. We know how to compute modulo powers from our previous discussion.

Fermat’s Little Theorem If an integer n satisfies this theorem, does this imply that n is prime? NO! If a n (mod n) is not congruent to a then we are certain that n is not prime. If it is congruent to a then there is a good chance that n is prime. As it turns out, there are composite numbers that also satisfy Fermat’s Little Theorem.

Fermat’s Little Theorem A composite number n is a Carmichael number if n satisfies Fermat’s Little Theorem for every a that is relatively prime to n. Smallest Carmichael number is 561. Other examples include: 8 9 = 8 (mod 9) These are called pseudoprimes in general What can we do to avoid having our test fail?

Fermat’s Little Theorem We are free to choose any a we like, as long as a < n. Pick many integers a to test for primality. If n passes this test for a lot of different values of a, then it is highly probable that n is prime. Run this test many times to reduce our probability of error.

Running times Probabilistic tests have running times around O(logn). In 2002, Agrawal et al discovered the first algorithm for a deterministic test that is polynomial in the number of digits of n. Running time is O(log 7.5 n). However, they seem to run in O(log 3 n) in practice. Largest known prime currently is It contains digits.

Sieve of Eratosthenes What if we want a list of primes? Given n, we can find all the primes up to n by using the Sieve of Eratosthenes. Start with a list of integers from 2 to n. At iteration i, mark the smallest integer a in the set as a prime, then cross off all multiples of a in the set. Repeat until i 2 <= n.

Sieve of Eratosthenes Ex. Let n = 10, and x denote a crossed off integer. 2, 3, 4, 5, 6, 7, 8, 9, 10 2, 3, x, 5, x, 7, x, 9, x 2, 3, x, 5, x, 7, x, x, x Done! So primes up to n = 10 are 2, 3, 5, and 7.

Sieve of Eratosthenes Here is an implementation: bool prime[ ]; void sieve( int n ) { memset( prime, 1, sizeof(prime) ); prime[0] = prime[1] = 0; for( int i = 2; i <= n; i++ ) if( prime[i] ) { for( int j = i+i; j <= n; j += i ) prime[j] = 0; }

Sieve of Eratosthenes At the end of this algorithm, prime[i] = 1 if and only if i is prime, 0 otherwise. Outer loop starts at the smallest position that hasn’t been crossed off. Inner loop repeatedly crosses of multiples of i. With some analysis, we can show that this has a running time of O(nlogn). Can we improve this algorithm?

Sieve of Eratosthenes Consider after having done the first iteration in the outer loop. So i = 3. We start at i + i = 6. However, we already crossed off all multiples of 2 (all the even numbers) in the first iteration. So why are we looking here? Similarly, when we have crossed off all multiples of 3, we should not look at any multiples of 3 in any future iteration.

Sieve of Eratosthenes Improved implementation bool prime[ ]; void sieve( int n ) { memset( prime, 1, sizeof(prime) ); prime[0] = prime[1] = 0; for( int i = 2; i*i <= n; i++ ) if( prime[i] ) { for( int j = i*i; j <= n; j += i ) prime[j] = 0; } Changes are in bold.

Sieve of Eratosthenes Outer loop only goes up to the square root of n. Ex. n = 10, there is no need to check any multiples of a where a > 3. Surely they will all have been crossed off by some previous combination. (ie. 2x5 = 5x2) Inner loop starts at i*i. This prevents looking at positions that obviously is crossed off. Improved running time is still O(nlogn), but in practice the speed usually speeds it up by 50%.

Sieve of Eratosthenes For anyone interested: There are other implementations that exploit the fact that our prime[] array is just an array of 1’s and 0’s. Use bits to lower memory usage, perhaps speed things up. Other optimizations that can improve running time in practice. Sieve of Atkin, optimized version of the Sieve of Eratosthenes.

Factoring Given n, we are not interested in finding positive integers a and b such that a*b = n. Factoring is hard, when n contains 100 or more digits. Many cryptographic systems depend heavily on this assumption.

Is factoring really that hard? Consider n = (n is given as such because my calculator doesn’t like numbers that have more than 10 digits, so pretend we do not know the prime factorization of n ahead of time). How long would it take to factor this number? It turns out that we can factor this number in 193 division operations. We just divide our number by times. It was trivial to factor this number, so why is factoring considered a hard problem?

First attempt at factoring Recall our first approach in primality testing. bool isPrime( int n ) { for( int i = 2; i*i <= n; i++ ) if( n % i == 0 ) return true; return false; } We can do exactly the same thing, except instead of returning true when we have found a factor, we simply return that number that divided n.

Further optimizations of our first attempt To speed things up even further, we can only divide by primes between 2 and square root of n. How well does this work in practice? What is the worst case input?

Worst case for factoring What if we are given two 100 digit prime numbers a and b. Let n = a*b. To factor this number with our approach, we will have to check all primes between 2 and the minimum of a and b. As an exmaple, consider n = – 1. The first prime divisor is 13,821,503. Assuming that our computer can perform a billion division instructions per second, it will take more than 35,000 years to find the second largest factor of n!

Worst case for factoring As it turns out, the full factorization of n is: n = 13,821,503 * 61,654,440,233,248,340,616,559 * 14,732, 265,321,145,317,331,353,282,383. Conclusion: Factoring is hard for most cases.

RSA Factoring Challenge =2093http:// =2093 Monetary reward for successful factoring of very large integers. Latest factored number: RSA-640. An integer that is 640 bits long. To quote the website: “The effort took approximately GHz- Opteron-CPU years according to the submitters, over five months of calendar time. (This is about half the effort for RSA-20)

Factoring and the Sieve We know we can’t factor general numbers very efficiently. Here is an implementation of an augmented Sieve of Eratosthenes that will factor for us: int factors[ ]; void fsieve( int n ) { for( int i = 1; i <= n; i++ ) factors[i] = i; for( int i = 2; i <= n; i++ ) if( factors[i] == I ) { for( int j = i*i; j <= n; j += i ) if( factors[j] == j ) f[j] = i; }

Factoring Sieve Again we loop over the numbers from 2 to n. The inner loop will set factor[j] = i if i is a multiple of j. Since we loop in ascending order, it is the smallest multiple of j. We can retrieve the list o factors for any arbitrary position. Ex. n = 6 Before the first iteration, factors[]: 1, 2, 3, 4, 5, 6 After the last iteration, factors[]: 1, 2, 3, 2, 5, 2 To retrieve the factors of 6, go to factors[6]. Divide that 6 by that value and get 3, go to factors[3], divide 6 by that value and get 2, go to factors[2], divide 6 by 2 to get 1. Stop. Factors are 1, 2, 3 and 6.

Euler’s Phi Function Def: “Phi of n”, denoted as Φ(n), counts the number of integers in the range of [1,n-1] that are relatively prime to n. Def: Two positive integers a and b are said to be relatively prime if gcd(a,b) = 1. Note that the definition does not require either a or b to be prime themselves. Ex. a = 6, b = 25. (6,25) = 1

Euler Phi Function Ex. Φ(6) = 2 since 1 and 5 are relatively prime to 6. Ex. Φ(2000) = 800. How do we know this? Let’s first establish some ways we can calculate Φ(n).

Case when n is prime If n is prime, then by definition, it contains no factors other than itself and 1. Since (n,1) = 1, the number integers less than n that are relatively prime to n is just n – 1. Ex. Φ(7) = 6 since 1, 2, 3, 4, 5, 6 are all relatively prime to 7.

Case when n = p r, r > 1 If n is a power of a prime number p, can we derive a formula for Φ(n)? Let’s consider what p r is not relatively prime to. Obviously, (p,p r ) = p. In fact, all integers ap <= p r where a is some positive integer are not relatively prime to p. Also, all powers of p, up to p r-1 are not relatively prime to p.

Case when n = p r, r > 1 Thus the numbers p, 2p, 3p, … (p r-1 -1)p are all not relatively prime to p. There are p r -1 numbers less than p r. There are p r-1 -1 numbers that are not relatively prime to p r. So Φ(n) = (p r -1)-(p r-1 -1) = p r - p r-1.

General Case Given n and it’s prime factorization, can we derive a general formula for n? In general:

Looking ahead Next class, Andrew will be talking about cryptography. One of the more famous algorithms for public-key encryption is RSA. Each step of the algorithm involves something that we talked about in each of the 3 (including today) discussions. We will need to find two large prime numbers. (primality) We will need to solve linear equations such as ax + by = 1. (extended Euclidean algorithm) We will need to compute Φ(n) Try to be at least a little familiar with all 3 or otherwise, the next discussion may be hard to follow.

References t.html /86/tourist2d.htmlhttp:// /86/tourist2d.html sp?id=2093http:// sp?id= Last Year’s notes.