Basic Number Theory Divisibility Let a,b be integers with a≠0. if there exists an integer k such that b=ka, we say a divides b which is denoted by a|b 11|143, 1993| ◇ if a≠0, then a|0 and a|a; 1|b for each b a|b and b|c → a|c a|b and a|c → a|sb+tc for all s, t

Prime Numbers An integer p>1 that is divisible only by 1 and itself is called a prime number, otherwise it is called composite (P.64) primegen.c generates prime numbers Let π(x) be the number of primes less than x, then π(x) ≈x/ln(x) as x→∞ Exercise Plot π(x) vs. x for x=2 16 to 2 32

A Plot of π(x)≈x/ln(x) vs. x

Prime Factorization Theorem Every positive integer is a product of primes. This factorization into primes is unique, up to reordering the factors 49500= If a prime p|ab, then either p|a or p|b Moreover, p|x 1 x 2 … x n →p|x j for some j 7|1430,

Greatest Common Divisor gcd gcd(343, 63)=7, gcd(12345,11111)=1 gcd(1993, )=1993 Euclidean Algorithm to compute gcd(a,b) does not require the factorization of the numbers and is fast. gcd(482,1180)=2

Solving ax+by=1 when gcd(a,b)=1 Let a,b be integers with a 2 +b 2 ≠0, and gcd(a,b)=1, then ax+by=1 has an integer solution (x,y) ♪ Euclidean Algorithm Example 7(-2) + 5(3) =1 Solving ax+by=d with gcd(a,b)=d can be reduced as solving a 0 x + b 0 y = 1 where a=a 0 d, b=b 0 d

Congruences Let a,b,n be integers with n≠0. We say that a≡b (mod n) {read as a is congruent to b mod n} if n|(a-b) a=b+nk for an integer k is another description Example 32≡7 (mod 5)

Simple Properties Let a,b,c,n be integers with n≠0 (1) a≡0 (mod n) iff n|a (2) a≡a (mod n) (3) a≡b (mod n) iff b≡a (mod n) (4) a≡b and b≡c (mod n) → a≡c (mod n) (5) a≡b and c≡d (mod n) → a+c≡b+d, a−c≡b−d, ac≡bd (mod n) (6) ab≡ac (mod n) with n≠0, and gcd(a,n)=1, then b≡c (mod n)

Computational Properties Finding a -1 (mod n) Solving ax≡c (mod n) when gcd(a,n)=1 What if gcd(a,n)>1 ☺Solve 11111x≡4 (mod 12345) ☻Solve 12x≡21 (mod 39) ♫ How to solve x 2 ≡a (mod n)? □ Working with fractions (inverse ?)

The Chinese Remainder Theorem Let m 1, m 2, …, m k be integers with gcd(m i, m j ) = 1, there exists only one solution x (mod m 1 m 2 …m k ) to the simultaneous congruences [P.76-78] x≡a 1 (mod m 1 ) x≡a 2 (mod m 2 ) : : x≡a k (mod m k )

Fermat's Little Theorem How to fast evaluate (mod 789)? How to fast evaluate X a (mod n)? If p is a prime and gcd(p,a)=1, then a p-1 ≡ 1 (mod p)

Euler’s φ-Function and Theorem φ(n)= #{a | 1 ≤ a ≤ n, gcd(a,n)=1}, that is, the number of positive integers which are relatively prime to n Examples: φ(15)=8, φ(16)=8, φ(17)=16 φ(pq)=(p-1)(q-1) if p and q are primes φ(p)=p-1 if p is a prime number φ(p r )=p r -p r-1 =p r (1- 1/p) If gcd(a,n)=1, then a φ(n) ≡ 1 (mod n)

Examples and Basic Principle [Page 82] What are the last three digits ? Compute (mod 101) Let a,n,x,y be integers with n≥1 and gcd(a,n)=1. If x≡y (mod φ(n)), then a x ≡ a y (mod n) (Hint) x=y+kφ(n); by Euclidean Theorem

Primitive Roots If p is a prime, a primitive root mod p is a number g whose power yield every nonzero class mod p. {g k |0<k<p}={1,2,…,p-1} Proposition: Let g be a primitive root mod p (1)g n ≡1 (mod p) iff (p-1)|n or n≡0 (mod p-1) (2)g j ≡g k (mod p) iff j≡k (mod p-1) ♪ 3 is a primitive root mod 7 but not for mod 13

Inverting Matrices (mod n) A matrix M is invertible under (mod n) if gcd(det(M), n)=1 The inverse of A=[1 2;3 4] (mod 11) is A -1 =[9 1 ; 7 5] and det(A)= -2≡9 (mod 11) The inverse of M=[1 1 1; 1 2 3; 1 4 9] under (mod 11) is [3 3 6; ; 1 4 6], where det(M)= ½ ≡ 6 (mod 11)

Square Roots mod n (1/9) X 2 ≡71 (mod 77) has solutions ±15, ±29 How to (efficiently) solve X 2 ≡b (mod pq), where p,q are (very close) primes? Every prime p (except 2) must satisfy p≡1 (mod 4) or p≡3 (mod 4) The square roots of 5 mod 11 are ±4

Square Roots mod n (2/9) Let p≡3 (mod 4) be prime and y is an integer such that x≡y (p+1)/4 (mod p). ♪ If y has a square root mod p, then the square roots of y mod p are x and –x ♪ If y has no square roots mod p, then –y has a square root mod p, and the square roots of –y are x and –x.

Square Roots mod n (3/9) Proof: x 4 ≡ y p+1 ≡ y 2. y p-1 ≡ y 2 (mod p) → (x 2 + y ) (x 2 - y ) ≡ 0 (mod p) Suppose both y and –y are squares mod p This is impossible.

Square Roots mod n (4/9) Lemma: Let p ≡ 3 (mod 4) be prime, then X 2 ≡ -1 (mod p) has no solutions. Proof: Let p = 4q+3 X 2 ≡ -1→ X p-1 ≡ -1 (p-1)/2 ≡ -1 2q+1 ≡-1 But X p-1 ≡ 1 (Fermat’s theorem)

Square Roots mod n (5/9) Suppose both y and –y are squares mod p, say y ≡ a 2 and -y ≡ b 2. Then (a/b) 2 ≡ -1 (mod p) But according to the previous lemma, (a/b) 2 ≡ -1 (mod p) is impossible

Square Roots mod n (6/9) 2.y ≡ x 2 (mod p), the square roots of y are ± x. 3.-y ≡ x 2 (mod p), the square roots of -y are ± x.

Examples for Square Roots (7/9) x 2 ≡ 5 (mod 11) (p+1)/4 = 3 x ≡ 5 3 ≡ 4(mod 11) Since 4 3 ≡ 5 (mod 11), the square root of 5 mod 11 are ±4

Examples for Square Roots (8/9) ◎ To solve x 2 ≡ 71 (mod 77) (1)x 2 ≡ 1 (mod 7) → x ≡±1 (mod 7) (2)x 2 ≡ 5 (mod 11) → x ≡±4 (mod 11) By Chinese remainder theorem x ≡±15, x ≡±29 (mod 77)

Square Roots mod n (9/9) Suppose n=pq is the product of two primes congruent to 3 mod 4 (type 4k+3), and let y with gcd(y,n)=1 has a square root mod n. Then finding the four solutions x=±a, ±b to x 2 ≡ y (mod n) is computationally equivalent to factoring n which is regarded as extremely difficult when n is large, say n has a length of 256 bits or higher

Group Theory Let G be a nonempty set and let ⊕ be a binary operation defined on GxG. G is said to be a group if (1)For any elements a,b in G, a ⊕ b is in G (2)(a ⊕ b) ⊕ c=a ⊕ (b ⊕ c) for any a,b,c in G (3)There exists a unit element e such that e ⊕ a=a ⊕ e for any a in G (4)For each a in G, there exists an inverse a -1 such that a -1 ⊕ a=a ⊕ a -1 = e

Field (Informal Definition) (F, +, ‧ ) is a nonempty set F with two binary operations +, ‧ such that (1) (F,+) is a commutative group with unit element 0 (2) (F’, ‧ ) is a commutative group with unit element 1, where F’=F\{0} (3) a ‧ (b+c)=(a ‧ b) + (a ‧ c) for any a,b,c

Examples Groups (Z,+) is a group, Z is the set of all integers Z p ={0, 1, 2, …, p-1} with + under (mod p) Z p-1 ={1,2,…,p-1} with x under (mod p) Fields (R,+,*) (Z p,+,x) under (mod p)

Finite Fields with Applications A field with finite elements Suppose we need to work in a field whose range is 0 to Z 256 ={0,1, ‥‥, 255} is not a field since 256 is not a prime GF(4)={0,1, ω, ω 2 } Z p (p is prime) GF(p n ) (p is prime)

Galois Field GF(p n ) Z 2 [X] be the set of polynomials whose coefficients are integers mod 2. e.g., X+1, X 6 +X 3 +1 are in this set GF(p n ) has p n elements, where p is prime Z p [X] mod an irreducible polynomial whose degree is p n. GF (2 8 ) = Z 2 [X] (mod X 8 +X 4 +X 3 +X+1)

Galois Field For every power p n of a prime p, there is exactly one finite field with p n elements It can be proved that two fields with p n elements constructed by two different polynomials of degree n are isomorphic

Multiplication of GF(2 n ) (X 7 + X 6 + X 3 + X + 1) (X)=? (mod X 8 + X 4 + X 3 + X + 1) b 7 =1 Left shift one bit, we have b 6 b 5 b 4 b 3 b 2 b 1 b 0 0 = ?= = =X 7 +X 3 +X 2 +1

Linear Feedback Shift Register X n+4 ≡ X n + X n+1 (mod 2) A recurrence Eq. If the initial values are X 0 X 1 X 2 X 3 = 1101, The sequence is Associated with the recurrence Eq. is X 4 +X+1 which is irreducible (mod 2) The k-th bit can be obtained by X k (1+X+X 3 ) (mod X 4 +X+1) for k ≧ 4