Introduction to Number Theory Department of Computer Engineering Sharif University of Technology 3/8/2006

Prime Numbers Any integer a > 1 can be factored in a unique way a = p 1 p 2 … p t (p 1 > p 2 > … > p t, α i > 0) a = Π P (p a p ) (P: the set all of prime numbers) Thus k = mn  k p = m p + n p for all p a|b  a p ≤ b p for all p k = gcd(a, b)  k p = min(a p, b p ) for all p

Modular Arithmetic a = qn + r  a  r mod n a  b mod n and b  c mod n  a  c mod n [(a mod n) + (b mod n)] mod n = (a + b) mod n [(a mod n) - (b mod n)] mod n = (a - b) mod n [(a mod n) * (b mod n)] mod n = (a * b) mod n (a + b)  (a + c) mod n  b  c mod n

Modular Arithmetic (cont’d) If a is relatively prime to n (a * b)  (a * c) mod n  b  c mod n Z n = {0, 1, …, (n – 1)} For each a relatively prime to n, there is b in Z n a * b  1 mod n  b = a -1 = Multiplicative inverse of a Proof key : [(a * Z n ) mod n] = Z n permuted {0 mod n, a mod n, 2a mod n, …, (n – 1)a mod n} = Z n

Fermat’s Theorem If p is prime and a is a positive integer not divisible by p a p-1  1 mod p (a p  a mod p) Proof : a * 2a * … * (p – 1)a  (p – 1)! a p-1 mod p (a * {1, 2, …, p – 1}) mod p = {1, 2, …, (p – 1)}  a * 2a * … * (p – 1)a  (p – 1)! mod p (p – 1)! a p-1  (p – 1)! mod p  a p-1  1 mod p

Euler’s Totient Function  (n) = number of positive integers less than n and relatively prime to n For a prime number p  (p) = p – 1 For n = pq where p and q are prime  (n) = (p – 1)(q – 1)

Euler’s Theorem For every a and n that are relatively prime a  (n)  1 mod n (a  (n)+1  a mod n) Proof : The set of positive integers less than n and relatively prime to n = R = {x 1, x 2, …, x  (n) } S  (a * R) mod n = {ax i mod n | 1 <= i <=  (n) } S  R because S’s elements are relatively prime to n No duplication in S

Euler’s Theorem (cont’d) Proof (cont’d) : S = R  Π R = Π S  Π(ax i )  Π(x i ) (mod n)  a  (n) * Π(x i )  Π(x i ) (mod n)  a  (n)  1 mod n Corollary useful in RSA : For n = pq where p and q are prime and 0 < m < n :  m  (n) + 1  m mod n (also m k  (n) + 1  m )

Euler’s Theorem (cont’d) Proof of corollary : gcd(m, n) = 1  clear gcd(m, n) = p (or q)  p | m  gcd(m, q) = 1  m  (q)  1 mod q  m  (n)  1 mod q  m  (n)  1 + kq  m  (n) + 1  m + kq * k’p  m  (n) + 1  m mod n

Testing for Primality x 2  1 mod p (p is an odd prime)  only two solutions x  1 and x  -1 mod p Corollary : A solution except ±1  n is not prime WITNESS(a, n) (textbook) True  n is definitely not prime False  n may be prime returns false with a prob. < 0.5 Repeatedly invoke it (until returns true) after s times, n is prime with a prob. >= (1 – 2 -s )

Discrete Logarithms a m  1 mod n (gcd(a, n) = 1) At least one integer m (namely  (n)) Least positive m is called The order of a (mod n) The exponent to which a belongs (mod n) The length of the period generated by a m is at most  (n), if m =  (n) a is a primitive root of n a, a 2, …, a  (n) (mod n) are distinct and rel. prime to n

Discrete Logarithms (cont’d) For any integer b and a primitive root a of prime number p A unique i satisfies b  a i mod n (0 <= i <=  (n) – 1) i is the index of b for the base a (mod n) = ind a,n (b) ind a,n (1) = 0 ind a,n (a) = 1 Example: n = 9   (n) = 6 a = 2 (a primitive root) ind 2, 9 (7) = 4 index number124875

Discrete Logarithms (cont’d) Any z can be expressed as z = q + k  (n) a  (n)  1 mod n  a z  a q mod n x = a mod n, y = a mod n (a mod n) (a mod n) = xy = a mod n = a mod n ind a,n (y)ind a,n (x) ind a,n (y) ind a,n (x) + ind a,n (y)ind a,n (xy)   ind a,n (xy)  [ind a,n (x) + ind a,n (y)] mod  (n)   ind a,n (x r )  [r * ind a,n (x)] mod  (n)