1. Introduction to Number Theory
NUIST
School of Computer and Software
Jian Shen, PhD, Professor

2. Outline Prime Numbers Fermat’s and Euler’s Theorems
Testing for Primality
The Chinese Remainder Theorem
Discrete Logarithms

3. Prime Numbers (1/4) Primes numbers
An integer p > 1 is a prime number if and only if it is divisible by only 1 and p.
< Primes under 2000>

4. Prime Numbers (2/4) 91 = 7 × 13 Integer factorization
Any integer a > 1 can be factored in a unique way as
where p1 < p2 < … < pt are prime numbers and each ai is a positive integer.
Another integer factorization
If P is the set of all prime numbers, then any positive integer can be written uniquely in the following form:
The right side is the product over all possible prime numbers p.
Most of the exponents ap will be 0.
91 = 7 × 13
11101 = 7 × 112 ×13
3600 = 24×32×52×70×110×….

5. Prime Numbers (3/4) Another integer factorization Multiplication
The value of any given positive integer can be specified by listing all the nonzero exponents.
Multiplication
Multiplication of two numbers is adding the corresponding exponents.
The integer 12 =22×31 is represented by {a2=2, a3=1}.
The integer 18 =21×32 is represented by {a2=1, a3=2}.
The integer 91= 72×131 is represented by {a7= 2, a13= 1}.
k = 12 × 18 = 216
12 = 22 × 31
18 = 21 × 32
216 = 23 × 33

6. Prime Numbers (4/4) Divisibility a = 12; b= 36; 12|36 12 = 22×3;
a|b → ap ≤ bp for all p
GCD (Greatest common divisor)
k = gcd (a, b) → kp = min(ap, bp) for all p
a = 12; b= 36; 12|36
12 = 22×3;
36 = 22×32
a2 = 2 = b2
a3 = 1 ≤ 2 = b3
300 = 22×31×52
18 = 21×32×50
gcd (18, 300) = 21×31×50 = 6

7. Fermat’s and Euler’s Theorems (1/7)
Fermat’s theorem
If p is prime and a is a positive integer not divisible by p, then
ap-1 ≡ 1 (mod p)
Proof of Fermat’s theorem.
{1, 2, 3, …, p-1} is positive integer.
{a, 2a, 3a …, (p-1)a} and p are the relatively prime because p is prime.
a×0 ≡ 0 mod p
So, {1, 2, …, p-1}={1a mod p, 2a mod p, …, (p-1)a mod p}
Show a×2a× … ×(p-1)a ≡ {(a mod p) ×(2a mod p) × … ×((p-1)a mod p)} mod p
≡ (p-1)! mod p
And a×2a× … ×(p-1)a = (p-1)ap-1
(p-1)ap-1 ≡ (p-1)! mod p
P is prime so (p-1) and p are the relatively prime.
Therefore divide by (p-1), ap-1 ≡ 1 (mod p)

8. Fermat’s and Euler’s Theorems (2/7)
Another Fermat’s theorem
If p is prime and a is a positive integer, then
ap ≡ a (mod p)
a = 7, p = 19
72 ≡ ≡ 11 mod ≡ ≡ 11 mod 19
74 ≡ 121 ≡ 7 mod ≡ 121 ≡ 7 mod 19
ap-1 = 718 = 716×72 ≡ 7×11 ≡ 1 mod 19
p = 5, a = 3 35 = 243 ≡ 3 mod 5
p = 5, a = = ≡ 10 mod 5 ≡ 0 mod 5

9. Fermat’s and Euler’s Theorems (3/7)
Euler’s Totient Function
The number of positive integers less than n and relatively prime to n.
For a prime n, (Zn = {1,2,…, n-1})
ø(n) = n-1
For n = pq, p and q are prime numbers and p≠ q
ø(n) = (p-1) ×(q-1)
ø(37)= 36
37 is prime, so all the positive number from 1 to 36
are relatively prime to 37.
ø(35)= 24
35 = 5×7
1, 2, 3, 4, 6, 8, 9,11, 12, 13, 16, 17, 18, 19, 22,
23, 24, 26, 27, 29, 31, 32, 33, 34

10. Fermat’s and Euler’s Theorems (4/7)
Proof of ø(n) = (p-1) ×(q-1)
ø(n) is the number of positive integers less than pq that are relatively prime to pq.
ø(n) can be computed by subtract from pq – 1 the number of positive integers in {1, …, pq – 1} that are not relatively prime to pq.
The positive integers that are not relatively prime to pq are a multiple of either p or q.
{ p, 2p,…,(q – 1)p}, {q, 2q, …,(p – 1)q} and 0
There is no same elements in the two sets.
So, there are p + q – 2 elements that are not relatively prime to pq.
Hence, ø(n) = pq – 1– (p + q – 2)
= pq – p – q +1
= (p – 1)(q – 1)
ø(21) = ø (3)×ø (7) = (3-1)×(7-1) = 2 ×6 = 12
Z21={1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20}
ø(3)={3,6,9,12,15,18}
ø(7)={7,14}
where the 12 integers are {1,2,4,5,8,10,11,13,16,17,19,20}

11. Fermat’s and Euler’s Theorems (5/7)
For every a and n that are relatively prime: aØ(n) ≡ 1 mod n
Proof of Euler’s theorem
If n is prime, it holds due to Fermat’s theorem.
an-1 ≡ 1 mod n
Otherwise (If n is not prime),
define two sets R and S.
show the sets R and S are the same.
then, show a Ø(n) ≡ 1 mod n
Ø(n) = (p-1)(q-1) = 1 × 4 = 4
a = 3; n = 10; ø(10) = 4; 34 = ≡ 1 mod 10
a = 2; n = 11; ø(11) = 10; 210 = 1024 ≡ 1 mod 11
Ø(n) = p-1 = 10

12. Fermat’s and Euler’s Theorems (6/7)
Proof of Euler’s theorem
Set R
The elements are positive integers less than n and relatively prime to n.
The number of elements is ø(n)
R={x1, x2,…, xØ(n)} where x1< x2<…< xΦ(n)
Set S
Multiplying each element of R by a∈R modulo n
S ={(ax1 mod n), (ax2 mod n),…(axØ(n) mod n)}
The sets R and S are the same.
We show S has all integers less than n and relatively prime to n.
All the elements of S are integers less than n that are relatively prime to n because a is relatively prime to n and xi is relatively prime to n, axi must also be relatively prime to n.
There are no duplicates in S. If axi mod n = axj mod n, then xi = xj. by cancellation law.
(a×b) = (a × c) mod n, b = c mod n (a and n is relative prime)

13. Fermat’s and Euler’s Theorems (7/7)
Proof of Euler’s theorem
Since R and S are the same sets,
Alternative form of the theorem
If a and n are relatively prime, it is true due to Euler’s theorem.

14. Testing for Primality (1/5)
We often need to find large prime numbers
Traditionally sieve using trial division
ie. divide by all numbers (primes) in turn less than the square root of the number
only works for small numbers
Alternatively can use statistical primality tests based on properties of primes
for which all primes numbers satisfy property
but some composite numbers, called pseudo-primes, also satisfy the property
A slower deterministic primality test can be used
Miller-Ravin primality test
Can be used to determine if a large number is prime
Based on the following theorem
If p is an odd prime, then the equation
x2 ≡ 1 (mod p)
has only two solutions – namely, x ≡ 1 (mod p) and x ≡ 1 (mod p)
If there exist solutions to x2 ≡ 1 (mod n) other than  1, then n is not prime

15. Testing for Primality (2/5)
Miller Rabin Algorithm
a test based on Fermat’s Theorem
algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq
2. Select a random integer a, 1<a<n–1
3. if aq mod n = 1 then return (“maybe prime");
4. for j = 0 to k – 1 do
5. if (a2jq mod n = n-1)
then return(" maybe prime ")
6. return ("composite")

16. Testing for Primality (3/5)
Sample of Miller Rabin Algorithm
n = 29
1. (n-1) = 28 = 22(7) 2kq, so K = 2, q = 7
2. Select a random integer a 1<a<n–1 so Let’s a = 10
3. if aq mod n = 1 → (107)2 mod 29 = 28 so we can’t decide
4. Let’s reselecting a=2
5. 27 mod 29 = 12, (27)2 mod 29 = 28 so we also can’t decide
If result is a same from 1 to 28, we can’t decide about prime.
N=13 × 17 = 221
(n-1)=220 = 22(55) = skq
If a =5
555 mod 221 =112 (1 ~ 220)
(555)2 mod 221 = 168
If result is a same from 1 to 220, we can’t decide about prime.

17. Testing for Primality (4/5)
Sample of Miller Rabin Algorithm
a=21
2155 mod 221 = 200
(2155)2 mod 221 = 220
Maybe 221 is prime.
In fact, of the 218 integers from 2 through 219, four of these will return an inconclusive result, namely 21, 47, 174, and 200.

18. Testing for Primality (5/5)
Repeated Use of the Miller-Rabin Algorithm
If Miller-Rabin returns “composite” the number is definitely not prime
Otherwise is a prime or a pseudo-prime
chance it detects a pseudo-prime is < 1/4
hence if repeat test with different random a then chance n is prime after t tests is:
Pr(n prime after t tests) = 1-4-t
eg. for t=10 this probability is >
Prime Distribution
prime number theorem states that primes occur roughly every (ln n) integers
but can immediately ignore evens
so in practice need only test 0.5 ln(n) numbers of size n to locate a prime
note this is only the “average”
sometimes primes are close together
other times are quite far apart

19. The Chinese Remainder Theorem
Used to speed up modulo computations.
If working modulo a product of numbers.
eg. mod M = m1m2..mk
Chinese Remainder theorem lets us work in each modulo mi separately .
The 10 integers in Z10, that is the integers 0 through 9, can be reconstructed from their two residues modulo 2 and 5 (the relatively prime factors of 10). Say the known residues of a decimal digit x are r2 = 0 and r5 = 3; that is, x mod 2 =0 and x mod 5 = 3. Therefore, x is an even integer in Z10 whose remainder, on division by 5, is 3.
The unique solution is x = 8.
mi are pairwise relatively prime.
gcd(mi, mj) = 1, 1 ≤ i, j ≤ k, i ≠ j,
A ↔ (a1, a2, …, an)
A ∈ ZM, ai ∈ Zmi, ai = A mod mi 1 ≤ I ≤ k

20. The Chinese Remainder Theorem
The CRT makes two assertions.
The mapping of A ↔ (a1, a2, …, an) is a one-to-one correspondence between ZM and the Cartesian product Zm1 × Zm2 × ... × Zmk.
A ↔ (a1, a2, …, ak)
ai = A mod mi
1 ≤ i ≤ k, Mi = M / mi
Mi = m1 × m2 × … × mi-1 × mi+1 × … × mk
So that Mi ≡ 0(mod mj) for all j≠i.
By the definition of Mi it is relatively prime to mi and therefore has a unique multiplicative inverse mod mi

21. The Chinese Remainder Theorem
The CRT makes two assertions.
Operations performed on the elements of ZM can be equivalently performed on the corresponding k-tuples by performing the operation independently in each coordinate position
ex) A ↔ (a1, a2, ... ,ak), B ↔ (b1, b2, … ,bk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
(A  B) mod M ↔ ((a1  b1) mod m1, … ,(ak  bk) mod mk)
CRT provides a way to manipulate (potentially large) numbers mod M in term of tuples of smaller numbers

22. The Chinese Remainder Theorem
To represent 973 mod 1813 as a pair of numbers mod 37 and 49
m1 = 37, m2 = 49, M = 1813, A=973
M1=49, M2=37
Using the extended Euclidean algorithm : M1-1=34, M2-1=4
973 mod 37 = 11, 973 mod 49 = 42 → (11, 42)
Now suppose we want to add 678 to 973.
(678) ↔ (678 mod 37, 678 mod 49) = (12, 41)
( mod 37, mod 49) = (23, 34)
(23, 34) ↔ a1M1M a2M2M2-1 mod M = [(23)49)(34) + (34)(37)(4)] mod 1813
= mod 1813
= 1651
check that it is equal to ( ) mod 1813 = 1651
Suppose we want to multiply 1651 (mod 1813) by 73
(23 × 73 mod 37, 34 × 73 mod 49) = (14, 32) = (23 × 73 mod 37, 34 × 73 mod 49) = (14, 32)
= (14, 32) ↔ [(14)(49)(34) + (32)(37)(4)] mod 1813
= 865
= 1651 × 73 mod 1813

23. Discrete Logarithms (1/9)
Consider the powers of an integer a, modulo n
a mod n, a2 mod n, a3 mod n, …, am mod n, …
The least positive exponent m for which am ≡ 1 mod n is referred to:
The order of a (mod n)
The exponent to which a belongs (mod n)
The length of the period generated by a
If a and m are relatively prime, there is at least one integer m that satisfies
am ≡ 1 mod n, namely m = f(n)

24. Discrete Logarithms (2/9)
To see this last point, consider the powers of 7, modulo 19:
71 = 7 mod 19
72 = 49 = 2 × = 11 mod 19
73 = 343 = 18 × = 1 mod 19
74 = 2401 = 126 × = 7 mod 19
75 = = 884 × = 11 mod 19
The sequence is repeating
73 = 1 (mod 19), 73+j = 737j = 7j (mod 19)
Any two powers of 7 whose exponents differ by 3 are congruent to each other (mod 19)
The sequence is periodic, and the length of the period is the smallest positive exponent m
such that 7m = 1 (mod 19)

25. Discrete Logarithms (3/9)
Powers of Integers, Modulo 19
a : primitive root

26. Discrete Logarithms (4/9)
Powers of Integers, Modulo 19
All sequences end in 1. This is consistent with the reasoning of the preceding few paragraphs.
The length of a sequence divides f(19) = 18. That is, an integral number of sequences occur in each row of the table.
Some of the sequences are of length 18. In this case, it is said that the base integer a generates (via powers) the set of
nonzero integers modulo 19. Each such integer is called a primitive root of the modulus 19.

27. Discrete Logarithms (5/9)
Logarithms for Modular Arithmetic
The logarithm function is the inverse of exponentiation.
y = xlogx(y)
Properties of logarithms
logx(1) = 0
logx(x) = 1
logx(xz) = logx(y) + logx(z)
logx(yr) = r × logx(y)
We know that the powers of a from 1 through (p-1) produce each integer from 1 through (p-1) exactly once.
b ≡ r mod p, any integer b and some r, where 0 ≤ r ≤ (p-1)
It follows that for any integer b and a primitive root a of prime number p, we can find a unique exponent i such that
b ≡ ai mod p , any integer b and some r, where 0 ≤ r ≤ (p-1)

28. Discrete Logarithms (6/9)
Logarithms for Modular Arithmetic
This exponent i is referred to as the discrete logarithm of the number b for the base a (mod p).
dloga,p(1) = 0, because a0 mod p = 1 mod p = 1
dloga,p(a) = 1, because a1 mod p = a
The numbers with given discrete logarithms (mod 9) for the root a= 2:
The discrete logarithms of a given number, we rearrange the table
Here is an example using a nonprime modulus, n = 9. Here f(n) = 6 and a = 2 is a primitive root. We compute the various powers of a and find
20 = 1 21 = = = = = = (mod 9)
Index 1 2 3 4 5
Number 8 7
Index 1 2 3 4 5
Number 8 7

29. Discrete Logarithms (7/9)
Logarithms for Modular Arithmetic
Now consider
x = ad log a,p(x) mod p, x = ad log a,p(y) mod p, x = ad log a,p(xy) mod p
Using the rules of modular multiplication
xy mod p = [(x mod p)(y mod p)] mod p
ad log a,p(xy) mod p = [(ad log a,p(x) mod p)(ad log a,p(y) mod p)] mod p = (ad log a,p(x)+d log a,p(y)) mod p
But now consider Euler's theorem, which states that, for every a and n that are relatively prime:
af(n) ≡ 1(mod n)
Applying this to the foregoing equality, we have
d log a,p(x,y) ≡ [d log a,p(x) + d log a,p(y)] (mod f(p))
d log a,p(yr) ≡ [r × + d log a,p(y)] (mod f(n))
This demonstrates the analogy between true logarithms and discrete logarithms.
Keep in mind that unique discrete logarithms mod m to some base a exist only if a is a primitive root of m.

30. Discrete Logarithms (8/9)
Tables of Discrete Logarithms, Modulo 19 a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
log2,19(a) a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
log3,19(a) a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
log10,19(a) a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
log13,19(a)

31. Discrete Logarithms (9/9)
Calculation of Discrete Logarithms
y = gx mod p
Given g, x, p, it is a straightforward matter to calculate y.
Given g, y, p, it is very difficult to calculate to x. (discrete logarithm)
The asymptotically fast.est known algorithm for taking discrete logarithms.
Time complexity: O(e((ln p)1/3 ln(ln p))2/3)

32. Are there any questions?
Thank you for your Attention.