Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena
Course Admin -- Homework 5 Due at 11am this Wednesday Covers the chapter on Graphs (lecture 5.*) Has a 10-pointer bonus problem too Please submit on time Lecture Number Theory
Course Admin -- Homework 4 Grades posted on BB Distributing today Solution posted Lecture Number Theory
Course Admin -- Final Exam Thursday, December 8, 10:45am- 1:15pm, lecture room Heads up! Please mark the date/time/place Emphasis on post mid-term 2 material Coverage: 65% post mid-term 2 (lectures 4.*, 5.*, 6.*), and 35% pre mid-term 2 (lecture 1.*. 2.* and 3.*) Our last lecture will be on December 6 We plan to do a final exam review then Lecture Number Theory
Outline Number Theory Modular Arithmetic Application -- cryptography
Divisors x divides y (written x | y) if the remainder is 0 when y is divided by x 1|8, 2|8, 4|8, 8|8 The divisors of y are the numbers that divide y divisors of 8: {1,2,4,8} For every number y 1|y y|y Lecture Number Theory
Prime numbers A number is prime if its only divisors are 1 and itself: 2,3,5,7,11,13,17,19, … Fundamental theorem of arithmetic: For every number x, there is a unique set of primes {p 1, …,p n } and a unique set of positive exponents {e 1, …,e n } such that How to prove? We studied it earlier! Lecture Number Theory
Common divisors The common divisors of two numbers x,y are the numbers z such that z|x and z|y common divisors of 8 and 12: intersection of {1,2,4,8} and {1,2,3,4,6,12} = {1,2,4} greatest common divisor: gcd(x,y) is the number z such that z is a common divisor of x and y no common divisor of x and y is larger than z gcd(8,12) = 4 Lecture Number Theory
10/04/2011Lecture Recursion9 Recall: Recursive Functions: gcd Euclid’s algorithm makes use of the fact that gcd(x,y ) = gcd(y, x mod y) (here we assume that x > 0)
Euclidean Algorithm: gcd(r 0,r 1 ) Main idea: If y = ax + b then gcd(x,y) = gcd(x,b) Lecture Number Theory
Example – gcd(15,37) 37 = 2 * = 2 * = 7 * gcd(15,37) = 1 Lecture Number Theory
Relative primes x and y are relatively prime if they have no common divisors, other than 1 Equivalently, x and y are relatively prime if gcd(x,y) = 1 9 and 14 are relatively prime 9 and 15 are not relatively prime Lecture Number Theory
Modular Arithmetic Definition: x is congruent to y mod m, if m divides (x-y). Equivalently, x and y have the same remainder when divided by m. Notation: Example: We work in Z m = {0, 1, 2, …, m-1}, the group of integers modulo m Example: Z 9 ={0,1,2,3,4,5,6,7,8} We abuse notation and often write = instead of Lecture Number Theory
Addition in Z m : Addition is well-defined: = 7 mod = 2 mod 9. Lecture Number Theory
Additive inverses in Z m 0 is the additive identity in Z m Additive inverse of a is -a mod m = (m-a) Every element has unique additive inverse = 0 mod 9. 4 is additive inverse of 5. Lecture Number Theory
Multiplication in Z m : Multiplication is well-defined: 3 * 4 = 3 mod 9. 3 * 8 = 6 mod 9. 3 * 3 = 0 mod 9. Lecture Number Theory
Multiplicative inverses in Z m 1 is the multiplicative identity in Z m Multiplicative inverse (x*x -1 =1 mod m) SOME, but not ALL elements have unique multiplicative inverse. In Z 9 : 3*0=0, 3*1=3, 3*2=6, 3*3=0, 3*4=3, 3*5=6, …, so 3 does not have a multiplicative inverse (mod 9) On the other hand, 4*2=8, 4*3=3, 4*4=7, 4*5=2, 4*6=6, 4*7=1, so 4 -1 =7 (mod 9) Lecture Number Theory
Which numbers have inverses? In Z m, x has a multiplicative inverse if and only if x and m are relatively prime or gcd(x,m)=1 E.g., 4 in Z 9 Lecture Number Theory
Extended Euclidian: a -1 mod n Main Idea: Looking for inverse of a mod n means looking for x such that x * a – y * n = 1. To compute inverse of a mod n, do the following: Compute gcd(a, n) using Euclidean algorithm. Since a is relatively prime to m (else there will be no inverse) gcd(a, n) = 1. So you can obtain linear combination of r m and r m-1 that yields 1. Work backwards getting linear combination of r i and r i-1 that yields 1. When you get to linear combination of r 0 and r 1 you are done as r 0 =n and r 1 = a. Lecture Number Theory
Example – mod = 2 * = 2 * = 7 * Now, 15 – 2 * 7 = 1 15 – 2 (37 – 2 * 15) = 1 5 * 15 – 2 * 37 = 1 So, mod 37 is 5. Lecture Number Theory
Modular Exponentiation: Square and Multiply method Usual approach to computing x c mod n is inefficient when c is large. Instead, represent c as bit string b k-1 … b 0 and use the following algorithm: z = 1 For i = k-1 downto 0 do z = z 2 mod n if b i = 1 then z = z* x mod n Lecture Number Theory
Example: mod 77 z = z 2 mod n if b i = 1 then z = z* x mod n i b z =1*1*30 mod =30*30 mod =53*53 mod =37*37*30 mod =29*29 mod =71*71*30 mod 77 Lecture Number Theory
Euler’s totient function Given positive integer n, Euler’s totient function is the number of positive numbers less than n that are relatively prime to n Fact: If p is prime then {1,2,3,…,p-1} are relatively prime to p. Lecture Number Theory
Euler’s totient function Fact: If p and q are prime and n=pq then Each number that is not divisible by p or by q is relatively prime to pq. E.g. p=5, q=7: {1,2,3,4,-,6,-,8,9,-,11,12,13,-,-,16,17,18,19,-,-,22,23,24,-,26,27,-,29,-,31,32,33,34,-} pq-p-(q-1) = (p-1)(q-1) Lecture Number Theory
Euler’s Theorem and Fermat’s Theorem If a is relatively prime to n then If a is relatively prime to p then a p-1 = 1 mod p Proof : follows from a well-known theorem -- Lagrange’s Theorem (we won’t study in this course) Lecture Number Theory
Euler’s Theorem and Fermat’s Theorem EG: Compute mod 17: p =17, so p-1 = = 6·16+4. Therefore, =9 6·16+4 =(9 16 ) 6 (9) 4. So mod 17 we have (9 16 ) 6 (9) 4 (mod 17) (1) 6 (9) 4 (mod 17) (81) 2 (mod 17) 16 Lecture Number Theory
An Application of Number Theory Cryptography: foundation of secure communication. EX: Public-Key Cryptography Lecture Number Theory
RSA Crypto: Key Generation Alice wants people to be able to send her encrypted messages. She chooses two (large) prime numbers, p and q and computes n=pq and. [“large” =512 bits +] She chooses a number e such that e is relatively prime to and computes d, the inverse of e in (i.e., ed =1 mod ) She publicizes the pair (e,n) as her public key.(e is called RSA exponent, n is called RSA modulus). She keeps d secret and destroys p, q, and Plaintext and ciphertext messages are elements of Z n and e is the encryption key. Lecture Number Theory
RSA: Encryption Bob wants to send a message x (a number relatively prime to n) to Alice. He looks up her encryption key, (e,n), in a directory. The encrypted message is Bob sends y to Alice. Lecture Number Theory
RSA: Decryption To decrypt the message she’s received from Bob, Alice computes Claim: D(y) = x Lecture Number Theory
Why does it all work? Because From Euler’s Theorem Lecture Number Theory
Tiny RSA example. Let p = 7, q = 11. Then n = 77 and Choose e = 13. Then d = mod 60 = 37. Let message = 2. E(2) = 2 13 mod 77 = 30. D(30) = mod 77=2 Lecture Number Theory
Today’s Reading Rosen 4 Lecture Number Theory