7.1 CompSci 102© Michael Frank Today’s topics Integers & Number TheoryIntegers & Number Theory – –Integers – –Division, GCD – –Euclidean Alg – –Mod! Reading: Sections 2.4,3,2Reading: Sections 2.4,3,2 UpcomingUpcoming –Sequences, Summations, & Induction

7.2 CompSci 102© Michael Frank §2.4: The Integers and Division Of course, you already know what the integers are, and what division is…Of course, you already know what the integers are, and what division is… But: There are some specific notations, terminology, and theorems associated with these concepts which you may not know.But: There are some specific notations, terminology, and theorems associated with these concepts which you may not know. These form the basics of number theory.These form the basics of number theory. –Vital in many important algorithms today (hash functions, cryptography, digital signatures). What are the basic axioms of the natural numbers and elementary school operations?What are the basic axioms of the natural numbers and elementary school operations?

7.3 CompSci 102© Michael Frank Divides, Factor, Multiple Let a,b  Z with a  0.Let a,b  Z with a  0. Def.: a|b  “a divides b” :  (  c  Z: b=ac) “There is an integer c such that c times a equals b.”Def.: a|b  “a divides b” :  (  c  Z: b=ac) “There is an integer c such that c times a equals b.” –Example: 3   12  True, but 3  7  False. Iff a divides b, then we say a is a factor or a divisor of b, and b is a multiple of a.Iff a divides b, then we say a is a factor or a divisor of b, and b is a multiple of a. Ex.: “b is even” :≡ 2|b. Is 0 even? Is −4?Ex.: “b is even” :≡ 2|b. Is 0 even? Is −4?

7.4 CompSci 102© Michael Frank Facts re: the Divides Relation Theorem:  a,b,c  Z:Theorem:  a,b,c  Z: 1. a|0 2. (a|b  a|c)  a | (b + c) 3. a|b  a|bc 4. (a|b  b|c)  a|c Proof of (2): a|b means there is an s such that b=as, and a|c means that there is a t such that c=at, so b+c = as+at = a(s+t), so a|(b+c) also.■Proof of (2): a|b means there is an s such that b=as, and a|c means that there is a t such that c=at, so b+c = as+at = a(s+t), so a|(b+c) also.■

7.5 CompSci 102© Michael Frank Prime Numbers An integer p>1 is prime iff it is not the product of two integers greater than 1: p>1   a,b  N: a>1, b>1, ab=p.An integer p>1 is prime iff it is not the product of two integers greater than 1: p>1   a,b  N: a>1, b>1, ab=p. The only positive factors of a prime p are 1 and p itself. Some primes: 2,3,5,7,11,13...The only positive factors of a prime p are 1 and p itself. Some primes: 2,3,5,7,11,13... Non-prime integers greater than 1 are called composite, because they can be composed by multiplying two integers greater than 1.Non-prime integers greater than 1 are called composite, because they can be composed by multiplying two integers greater than 1.

7.6 CompSci 102© Michael Frank Review of §2.4 So Far a|b  “a divides b”   c  Z: b=aca|b  “a divides b”   c  Z: b=ac “p is prime”  p>1   a  N: (1 1   a  N: (1 < a < p  a|p) Terms factor, divisor, multiple, composite.Terms factor, divisor, multiple, composite.

7.7 CompSci 102© Michael Frank Fundamental Theorem of Arithmetic Every positive integer has a unique representation as the product of a non- decreasing series of zero or more primes.Every positive integer has a unique representation as the product of a non- decreasing series of zero or more primes. –Some examples: 1 = (product of empty series) = 11 = (product of empty series) = 1 2 = 2 (product of series with one element 2)2 = 2 (product of series with one element 2) 4 = 2·2 (product of series 2,2)4 = 2·2 (product of series 2,2) 2000 = 2·2·2·2·5·5·5; 2001 = 3·23·29; 2002 = 2·7·11·13; 2003 = 2003 (no clear pattern!)2000 = 2·2·2·2·5·5·5; 2001 = 3·23·29; 2002 = 2·7·11·13; 2003 = 2003 (no clear pattern!) Later, we will see how to rigorously prove the Fundamental Theorem of Arithmetic, starting from scratch!

7.8 CompSci 102© Michael Frank An Application of Primes! When you visit a secure web site ( https: … address, indicated by padlock icon in IE, key icon in Netscape), the browser and web site may be using a technology called RSA encryption.When you visit a secure web site ( https: … address, indicated by padlock icon in IE, key icon in Netscape), the browser and web site may be using a technology called RSA encryption. This public-key cryptography scheme involves exchanging public keys containing the product pq of two random large primes p and q (a private key) which must be kept secret by a given party.This public-key cryptography scheme involves exchanging public keys containing the product pq of two random large primes p and q (a private key) which must be kept secret by a given party. So, the security of your day-to-day web transactions depends critically on the fact that all known factoring algorithms are intractable!So, the security of your day-to-day web transactions depends critically on the fact that all known factoring algorithms are intractable! –Note: There is a tractable quantum algorithm for factoring; so if we can ever build big quantum computers, then RSA is not secure.

7.9 CompSci 102© Michael Frank The Division “Algorithm” It’s really just a theorem, not an algorithm…It’s really just a theorem, not an algorithm… –Only called an “algorithm” for historical reasons. Theorem: For any integer dividend a and divisor d≠0, there is a unique integer quotient q and remainder r  N such that a = dq + r and 0  r < |d|. Formally, the theorem is:  a,d  Z, d≠0:  !q,r  Z: 0  r<|d|, a=dq+r.Theorem: For any integer dividend a and divisor d≠0, there is a unique integer quotient q and remainder r  N such that a = dq + r and 0  r < |d|. Formally, the theorem is:  a,d  Z, d≠0:  !q,r  Z: 0  r<|d|, a=dq+r. We can find q and r by: q=  a  d , r=a  qd.We can find q and r by: q=  a  d , r=a  qd.

7.10 CompSci 102© Michael Frank Greatest Common Divisor The greatest common divisor gcd(a,b) of integers a,b (not both 0) is the largest (most positive) integer d that is a divisor both of a and of b.The greatest common divisor gcd(a,b) of integers a,b (not both 0) is the largest (most positive) integer d that is a divisor both of a and of b. d = gcd(a,b) = max(d: d|a  d|b)  d|a  d|b   e  Z, (e|a  e|b) → d ≥ e Example: gcd(24,36)=? Positive common divisors: 1,2,3,4,6,12. The largest one of these is 12.Example: gcd(24,36)=? Positive common divisors: 1,2,3,4,6,12. The largest one of these is 12.

7.11 CompSci 102© Michael Frank GCD shortcut If the prime factorizations are written as and, then the GCD is given by:If the prime factorizations are written as and, then the GCD is given by: Example of using the shortcut:Example of using the shortcut: –a=84=2·2·3·7 = 2 2 ·3 1 ·7 1 –b=96=2·2·2·2·2·3 = 2 5 ·3 1 ·7 0 –gcd(84,96) = 2 2 ·3 1 ·7 0 = 2·2·3 = 12.

7.12 CompSci 102© Michael Frank Relative Primality Integers a and b are called relatively prime or coprime iff their gcd = 1.Integers a and b are called relatively prime or coprime iff their gcd = 1. –Example: Neither 21 nor 10 is prime, but they are coprime. 21=3·7 and 10=2·5, so they have no common factors > 1, so their gcd = 1. A set of integers {a 1,a 2,…} is (pairwise) relatively prime if all pairs (a i, a j ), for i  j, are relatively prime.A set of integers {a 1,a 2,…} is (pairwise) relatively prime if all pairs (a i, a j ), for i  j, are relatively prime.

7.13 CompSci 102© Michael Frank Least Common Multiple lcm(a,b) of positive integers a, b, is the smallest positive integer that is a multiple both of a and of b. E.g. lcm(6,10)=30lcm(a,b) of positive integers a, b, is the smallest positive integer that is a multiple both of a and of b. E.g. lcm(6,10)=30 m = lcm(a,b) = min(m: a|m  b|m)  a|m  b|m   n  Z: (a|n  b|n) → (m ≤ n) If the prime factorizations are written as and, then the LCM is given byIf the prime factorizations are written as and, then the LCM is given by

7.14 CompSci 102© Michael Frank The mod operator An integer “division remainder” operator.An integer “division remainder” operator. Let a,d  Z with d>1. Then a mod d denotes the remainder r from the division “algorithm” with dividend a and divisor d; i.e. the remainder when a is divided by d.Let a,d  Z with d>1. Then a mod d denotes the remainder r from the division “algorithm” with dividend a and divisor d; i.e. the remainder when a is divided by d. –Using e.g. long division. We can compute (a mod d) by: a  d·  a/d .We can compute (a mod d) by: a  d·  a/d . In C/C++/Java languages, “ % ” = mod.In C/C++/Java languages, “ % ” = mod.

7.15 CompSci 102© Michael Frank Modular Congruence Let a,b  Z, m  Z +.Let a,b  Z, m  Z +. Where Z + ={n  Z | n>0}=N−{0} (the + integers). Then a is congruent to b modulo m, written “a  b (mod m)”, iff m | a  b.Then a is congruent to b modulo m, written “a  b (mod m)”, iff m | a  b. –Note: this is a different use of “  ” than the meaning “is defined as” I’ve used before. It’s also equivalent to: (a  b) mod m = 0.It’s also equivalent to: (a  b) mod m = 0.

7.16 CompSci 102© Michael Frank Spiral Visualization of mod ≡ 3 (mod 5) ≡ 2 (mod 5) ≡ 1 (mod 5) ≡ 0 (mod 5) ≡ 4 (mod 5) Example shown: modulo-5 arithmetic

7.17 CompSci 102© Michael Frank Useful Congruence Theorems Theorem: Let a,b  Z, m  Z +. Then: a  b (mod m)   k  Z a=b+km.Theorem: Let a,b  Z, m  Z +. Then: a  b (mod m)   k  Z a=b+km. Theorem: Let a,b,c,d  Z, m  Z +. Then if a  b (mod m) and c  d (mod m), then:Theorem: Let a,b,c,d  Z, m  Z +. Then if a  b (mod m) and c  d (mod m), then: ▪ a+c  b+d (mod m), and ▪ ac  bd (mod m)

7.18 CompSci 102© Michael Frank Some Misc. Results Theorem 0 (Euclid):Theorem 0 (Euclid): –  a,b > 0: gcd(a,b) = gcd(b, a mod b) Theorem 1:Theorem 1: –  a,b>0:  s,t: gcd(a,b) = sa + tb Lemma 1:Lemma 1: –  a,b,c>0: gcd(a,b)=1  a | bc → a|c Lemma 2:Lemma 2: –If p is prime and p|a 1 a 2 …a n (integers a i ) then  i: p|a i. Theorem 2:Theorem 2: –If ac ≡ bc (mod m) and gcd(c,m)=1, then a ≡ b (mod m).

7.19 CompSci 102© Michael Frank Proof Euclid’s Algorithm Works Theorem 0: gcd(a,b) = gcd(b,c) if c = a mod b. Proof: First, c = a mod b implies  t: a = bt + c. Let g = gcd(a,b), and g′ = gcd(b,c). Since g|a and g|b (thus g|bt) we know g|(a−bt), i.e. g|c. Since g|b  g|c, it follows that g ≤ gcd(b,c) = g′. Now, since g′|b (thus g′|bt) and g′|c, we know g′|(bt+c), i.e., g′|a. Since g′|a  g′|b, it follows that g′ ≤ gcd(a,b) = g. Since we have shown that both g≤g′ and g′≤g, it must be the case that g=g′. ■

7.20 CompSci 102© Michael Frank Proof of Theorem 1 Theorem 1:  a≥b≥0  st: gcd(a,b) = sa + tb Proof: (By induction over the value of the larger argument a.) From theorem 0, we know that gcd(a,b) = gcd(b,c) if c = a mod b, in which case a = kb + c for some integer k, so c = a − kb. Now, since b<a and c<b, by inductive hypothesis, we can assume that  uv: gcd(b,c) = ub + vc. Substituting for c, this is ub+v(a−kb), which we can regroup to get va + (u−vk)b. So now let s = v, and let t = u−vk, and we’re finished. The base case is solved by s=1, t=0, which works for gcd(a,0), or if a=b originally. ■

7.21 CompSci 102© Michael Frank Proof of Lemma 1 Lemma 1: gcd(a,b)=1  a|bc → a|c Proof: Applying theorem 1,  st: sa+tb=1. Multiplying through by c, we have that sac + tbc = c. Since a|bc is given, we know that a|tbc, and obviously a|sac. Thus (using the theorem on p.154), it follows that a|(sac+tbc); in other words, that a|c. ■

7.22 CompSci 102© Michael Frank Proof of Lemma 2 Lemma 2: Prime p|a 1 …a n →  i: p|a i. Proof: If n=1, this is immediate since p|a 0 → p|a 0. Suppose the lemma is true for all n<k and suppose p|a 1 …a k. If p|m where m=a 1 …a k-1 then we have it inductively. Otherwise, we have p|ma k but ¬(p|m). Since m is not a multiple of p, and p has no factors, m has no common factors with p, thus gcd(m,p)=1. So by applying lemma 1, p|a k. ■

7.23 CompSci 102© Michael Frank Uniqueness of Prime Factorizations “The prime factorization of any number n is unique.” Theorem: If p 1 …p s = q 1 …q t are equal products of two nondecreasing sequences of primes, then s=t and p i = q i for all i. Proof: Assume (without loss of generality) that all primes in common have already been divided out, so that  ij: p i ≠ q j. But since p 1 …p s = q 1 …q t, we have that p 1 |q 1 …q t, since p 1 ·(p 2 …p s ) = q 1 …q t. Then applying lemma 2,  j: p 1 |q j. Since q j is prime, it has no divisors other than itself and 1, so it must be that p i =q j. This contradicts the assumption  ij: p i ≠ q j. The only resolution is that after the common primes are divided out, both lists of primes were empty, so we couldn’t pick out p 1. In other words, the two lists must have been identical to begin with! ■ The “hard” part of proving the Fundamental Theorem of Arithmetic.

7.24 CompSci 102© Michael Frank Proof of Theorem 2 Theorem 2: If ac ≡ bc (mod m) and gcd(c,m)=1, then a ≡ b (mod m). Proof: Since ac ≡ bc (mod m), this means m | ac−bc. Factoring the right side, we get m | c(a − b). Since gcd(c,m)=1, lemma 1 implies that m | a−b, in other words, that a ≡ b (mod m). ■