204. PART II Public-Key Encryption & Hash Function
CHAPTER 8 Introduction to Number Theory
8.1 Prime Numbers
8.2 Fermat’s and Euler’s Theorems
8.3 Testing for Primality
8.4 The Chinese Remainder Theorem
8.5 Discrete Logarithms
Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 4/e, by William Stallings, Chapter 1 “Introduction”.

205. 8.1 Prime Numbers Prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime numbers are central to number theory
Prime factorisation : Any integer a > 1 can be factored
in a unique way as: hard problem
where p1 < p2 < … < pk are primes
Another expression : P = set of all primes
11011 = 7  112  13
a7 = 1, a11 = 2, a13 = 1
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

206. 8.1 Prime Numbers Multiplication : k = a  b
Example : a = 12 = 22  3, b = 90 = 2  32  5
k = a  b = 1080 = 23  33  5
k2(3) = a2(2)+b2(1); k3(3)= a3(1)+b3(2);
k5(1) = a5(0)+b5(1)
Given a and b, If a | b, then ap  bp for all p
Example : a = 12 = 22  3, b = 180 = 22  32  5
a2 = 2 = 2 =b2, a3 = 1 < 2 = b3,
a5 = 0 < 1 = b5
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

207. 8.1 Prime Numbers If k = gcd(a, b), then kp = min(ap, bp) for all p
Example :
a = 12 = 22  3 : a2= 2, a3 = 1
b = 180 = 22  32  5 : b2= 2, b3 = 2, b5 = 1
k = gcd(a, b) = ?
k2 = min(a2, b2) = 2, k3 = min(a3, b3) = 1,
k5 = min(a5, b5) = 0
k = 2k2  3k3  5k5 = 22  31  50 = 12
k = gcd(a, b) = gcd(12, 180) = 12 :
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

208. 8.2 Fermat’s and Euler’s Theorems
Fermat’s Theorem; Fermat’s Little Theorm
If p is prime and a is a positive integer not divisible by p, (gcd(a, p)=1), then
ap1  1 (mod p)
Example : a = 7, p = 19(prime)
72 = 49  11 (mod 19); 74 = 121  7 (mod 19);
78 = 49  11 (mod 19); 716 = 121  7 (mod 19);
ap1 = 718 = 716  72 = 7  11  1 (mod 19)
useful in public key and primality testing
An alternative form of Fermat’s Theorem:
If p is prime and a is a positive integer, then
ap  a (mod p)
Example : p = 5, a =10; ap = 105  0 (mod 5)  a (mod 5)
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

209. 8.2 Fermat’s and Euler’s Theorems
Euler’s Totient Function
For a positive integer n,
complete set of residues = { 0, 1, , n1}
reduced set of residues = { x | 0 x  n1, gcd(x, n) = 1}
Example : n = 10
complete set of residues = { 0, 1, 2, , 8, 9 }
reduced set of residues = { 1, 3, 7, 9 }
Euler Totient Function (n) = # of elements in reduced
set of residues
Example : n = 10  (n) = (10) = | {1, 3, 7, 9} | = 4
For a prime p, (p) = p – 1
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

210. 8.2 Fermat’s and Euler’s Theorems
Euler’s Totient Function
Table 8.2 Some Values of Euler’s Totient Function (n)
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

211. 8.2 Fermat’s and Euler’s Theorems
Euler’s Totient Function
Suppose that we have two primes p and q, n = pq
(n) = (pq) = (p)  (q) = (p – 1)(q – 1)
Why? The integers that are not relatively prime to n
{ p, 2p, , (q 1)p }, { q, 2q, , ( p – 1)q }
Therefore, (n) = (pq – 1) – [(q – 1) + (p – 1)]
= pq – (p + q) – 1
= (p – 1)(q – 1) = (p)  (q)
Example : (21) = (37) = (3)(7) = (31)(71)= 12
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

212. 8.2 Fermat’s and Euler’s Theorems
A generalization of Fermat's Theorem
For every a and n such that gcd(a, n) = 1,
a(n)  1 (mod n)
Example : a = 3, n = 10; (10) = 4
a(n) = 34 = 81  1 (mod 10)  1 (mod n)
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

213. 8.3 Testing for Primality Often need to find large prime numbers
Traditionally sieve using trial division
divide by all numbers (primes) in turn less than the
square root of the number
only works for small numbers
Alternatively can use statistical primality tests based on
properties of primes
for which all primes numbers satisfy property
but some composite numbers, called pseudo-primes,
also satisfy the property
Can use a slower deterministic primality test
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

214. 8.3 Testing for Primality Miller-Rabin Algorithm
Two Properties of Prime Numbers
The first property :
If p is a prime and a is a positive integer less than p, then
a2 mod p = 1  a mod p = 1 or a mod p = 1 = p – 1
The second property :
Let p be a prime number greater than 2. We can write
p – 1 = 2kq with k > 0, q odd. Let a be any integer in the
range 1< a < p – 1. Then one of the two following
conditions is true:
 aq mod p = 1 i.e. aq  1 (mod p)
 one of the numbers aq, a2q, a4q, …, a2k1q is congruent
to 1 mod p, i.e.  j (1  j  k) a2j–1q = 1 (mod p)
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

215. 8.3 Testing for Primality Details of the Miller-Rabin Algorithm
A test based on Fermat’s Theorem
Algorithm is :
TEST (n)
(1) Find integers k, q; k > 0, q odd, so that (n – 1)=2kq
(2) Select a random integer a, 1< a < (n – 1)
(3) if aq mod n = 1 then return (“maybe prime");
(4) for j = 0 to k – 1 do
if (a2jq mod n = n 1)
then return(" maybe prime ")
(5) return ("composite")
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

216. 8.3 Testing for Primality Repeated Use of the Miller-Robin Algorithm
If Miller-Rabin algorithm returns “composite”
the number is definitely not prime, otherwise is a prime
or a pseudo-prime
Probability it detects a pseudo-prime is < 1/4
Hence, if repeat test with different random a, then chance
n is prime after t tests is:
Pr( n is a prime after t tests ) = 1  4 t
eg. for t =10, this probability is >
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

217. 8.3 Testing for Primality A Deterministic Primality Algorithm
AKS (Agrawal, Kayal, Saxena, 2002) algorithm :
relatively simple deterministic algorithm that efficiently
determines whether a given large number is a prime.
The AKS algorithm does not appear to be as efficient as
the Miller-Rabin algorithm
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

218. 8.3 Testing for Primality Distribution of Primes
The prime number theorem states that primes near n
are spaced on the average one every (ln n) integers, i.e.
the density of prime numbers among the integers in the
neighborhood of n is around 1 in ln n
Let (n) denote the number of primes p  n.
(n)  n/(ln n – 1 ),
On average, one would have to test on the order of ln n
integers before a prime is found. Because all even can be
rejected, so in practice need only test 0.5*ln(n) numbers of
size n to locate a prime
A central concern of number theory is the study of prime numbers. Indeed, whole books have been written on the subject. An integer p>1 is a prime number if and only if its only divisors are 1 and itself. Prime numbers play a critical role in number theory and in the techniques discussed in this chapter. Stallings Table 8.1 (excerpt above) shows the primes less than Note the way the primes are distributed. In particular note the number of primes in each range of 100 numbers.

219. 8.4 Chinese Remainder Theorem
Used to speed up modulo computations: A (mod M)
Let M = m1  m2 … mk where gcd(mi, mj) = 1
Chinese Remainder theorem lets us work in each moduli mi separately: ai = A mod mi 1  i  k
where A  ZM, ai Zmi
Since computational cost is proportional to size, this is faster than working in the full modulus M
To compute A (mod M)
first compute all ai = A mod mi separately
determine constants ci below, where Mi = M/mi
One of the most useful results of number theory is the Chinese remainder theorem (CRT), so called because it is believed to have been discovered by the Chinese mathematician Sun-Tse in around 100 AD. It is very useful in speeding up some operations in the RSA public-key scheme, since it allows you to do perform calculations modulo factors of your modulus, and then combine the answers to get the actual result. Since the computational cost is proportional to size, this is faster than working in the full modulus sized modulus.

220. 8.5 Discrete Logarithms The Powers of an Integer, Modulo n
From Euler’s theorem, for gcd(a, n) = 1, aø(n) mod n = 1
where ø(n) Euler’s totient function: # of positive integers
less than n and relatively prime to n.
Consider am =1 (mod n), gcd(a, n) = 1
must exist for m = ø(n), least m = order of a
once powers reach m, cycle will repeat
If smallest is m = ø(n),
then a is called a primitive root of n
If p is prime, then successive powers of a "generate" the
group mod p: Zp = { a, a2, …, ap1}
For the prime p = 19, primitive roots = 2, 3,10, 13, 14, 15
Refer to : page 249 Table 8.3
One of the most useful results of number theory is the Chinese remainder theorem (CRT), so called because it is believed to have been discovered by the Chinese mathematician Sun-Tse in around 100 AD. It is very useful in speeding up some operations in the RSA public-key scheme, since it allows you to do perform calculations modulo factors of your modulus, and then combine the answers to get the actual result. Since the computational cost is proportional to size, this is faster than working in the full modulus sized modulus.

221. 8.5 Discrete Logarithms Logarithms for Modular Arithmetic
The discrete logarithm of a modulo p is to find an
integer x such that y = gx (mod p); written as x = loggy
(mod p)
If g is a primitive root, then it always exists,
otherwise it may not. Table 8.4
x = log34 mod 13 has no answer; 3x = 4 (mod 13)
x = log23 mod 13 = 4 by trying successive powers
The properties of logarithms :
log x(1) = 0, log x(x) = 1
log x(yz) = log x(y) + log x(z)
log x(y r) = r  log x(y)
One of the most useful results of number theory is the Chinese remainder theorem (CRT), so called because it is believed to have been discovered by the Chinese mathematician Sun-Tse in around 100 AD. It is very useful in speeding up some operations in the RSA public-key scheme, since it allows you to do perform calculations modulo factors of your modulus, and then combine the answers to get the actual result. Since the computational cost is proportional to size, this is faster than working in the full modulus sized modulus.

222. 8.5 Discrete Logarithms Calculation of Discrete Logarithm
Consider the equation
y = gx mod p
Given g, x, and p, it is a straightforward matter to
calculate y; just exponentiation
However, given g, y, and p, it is very difficult to
calculate x. Hard problem
The fastest known algorithm for taking DL modulo a
prime number is on the order of
which is not feasible for large primes.
One of the most useful results of number theory is the Chinese remainder theorem (CRT), so called because it is believed to have been discovered by the Chinese mathematician Sun-Tse in around 100 AD. It is very useful in speeding up some operations in the RSA public-key scheme, since it allows you to do perform calculations modulo factors of your modulus, and then combine the answers to get the actual result. Since the computational cost is proportional to size, this is faster than working in the full modulus sized modulus.

223. Summary have considered: prime numbers
Fermat’s and Euler’s Theorems & ø(n)
Primality Testing
Chinese Remainder Theorem
Discrete Logarithms
Chapter 8 summary.